Merge pull request #4777 from easyops-cn/janice/feat/brick_next_v3/token

feat(): brick_next_v3 组件支持服务鉴权

Author: stallman-cui

.pkgbuild/@easyops/PKGBUILD

@@ -25,6 +25,7 @@ check() {
 
 package() {
     cd next-core
+    cp -arf conf ${pkgdir}
     cp -arf packages/brick-container/deploy ${pkgdir}
     cp -arf --parents packages/brick-container/dist ${pkgdir}
     cp -arf --parents packages/brick-container/conf ${pkgdir}

conf/config.yaml

@@ -0,0 +1,6 @@
+appId: brick_next_v3
+exampleFile: "examples/application.properties"
+
+namespaces: ~
+
+relatedNamespaces: ~

conf/examples/application.properties

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# easyops 安装根目录
+install_base="/usr/local/easyops"
+
+plugin_name='brick_next_v3'
+
+install_path="${install_base}/${plugin_name}"
+
+deploy_init_path="/usr/local/easyops/deploy_init"
+config_tool="${deploy_init_path}/tools/config_tool"
+
+export LD_LIBRARY_PATH=/usr/local/easyops/ens_client/sdk:${LD_LIBRARY_PATH}
+
+
+value=$(${config_tool} get --appID "deploy_init" --namespaceName "common" --key "check_auth_token.enable")
+if [[ ${value} == "true" ]]; then
+    # 初始化默认命名空间，并生成 clientId 和 secret
+    ${config_tool} init -f "${install_path}/conf/config.yaml"
+    if [[ $? -ne 0 ]];then
+       echo "init brick_next_v3 config namespace error, exit"
+       exit 1
+    fi
+fi
+
+

packages/brick-container/deploy/install_postscripts.sh

@@ -7,6 +7,10 @@ plugin_name='brick_next_v3'
 
 install_path="${install_base}/${plugin_name}"
 
+deploy_init_path="/usr/local/easyops/deploy_init"
+config_tool="${deploy_init_path}/tools/config_tool"
+
+
 function check_service_availability() {
   services=$1
   for service in ${services[*]}; do
@@ -45,12 +49,26 @@ function report_package() {
   fi
 }
 
+export LD_LIBRARY_PATH=/usr/local/easyops/ens_client/sdk:${LD_LIBRARY_PATH}
+
 # 优先取环境变量里面的org
 if [[ ${org}X == X ]]; then
     org=$(/usr/local/easyops/deploy_init/tools/get_env.py common org)
     [[ $? -ne 0 ]] && echo "get org error, exit" && exit 1
 fi
 
+
+value=$(${config_tool} get --appID "deploy_init" --namespaceName "common" --key "check_auth_token.enable")
+if [[ ${value} == "true" ]]; then
+    # 初始化默认命名空间，并生成 clientId 和 secret
+    ${config_tool} init -f "${install_path}/conf/config.yaml"
+    if [[ $? -ne 0 ]];then
+       echo "import brick_next_v3 config namespace error, exit"
+       exit 1
+    fi
+fi
+
+
 # 上报当前安装小产品
 check_service
 report_package ${install_base} ${org} ${install_path}

packages/brick-container/deploy/update_postscript.sh

@@ -11,6 +11,9 @@
 reload(sys)
 sys.setdefaultencoding("utf-8")
 
+sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))  # 将 tools 目录加入 path
+from utils.get_headers import get_headers
+
 # 公共路径
 _INSTALL_BASE_PATH = "/usr/local/easyops"
 _APPLICATIONS_SA_FOLDER = "applications_sa"
@@ -50,7 +53,7 @@ def get_version(install_path):
 def collect_app_info(app_path, report_app_id, version):
     if not os.path.exists(app_path):
         print u"could not find app path {}".format(app_path)
-        return 
+        return
     bootstrap_file_name = ""
     for f in os.listdir(app_path):
         if f.startswith("bootstrap-mini.") and f.endswith(".json"):
@@ -99,7 +102,7 @@ def report(org, app):
 
 
 def create_or_update_micro_app_sa(org, app):
-    headers = {"org": str(org), "user": "defaultUser"}
+    headers = get_headers(org)
     url = "http://{}/api/v1/micro_app_standalone/report".format(MICRO_APP_SA_ADDR)
     rsp = requests.post(url, json=app, headers=headers)
     rsp.raise_for_status()
@@ -115,7 +118,7 @@ def import_micro_app_permissions(org, permission_path):
     if not os.path.exists(permission_path):
         print "permission path {} does not exist, return...".format(permission_path)
         return
-    headers = {"org": str(org), "user": "defaultUser"}
+    headers = get_headers(org)
     url = "http://{}/api/micro_app/v1/permission/import".format(MICRO_APP_ADDR)
 
     print "permission path is {}, will start import permissions".format(permission_path)

packages/brick-container/tools/package-union/report_union_micro_app.py

@@ -10,6 +10,9 @@
 
 from copy import deepcopy
 
+sys.path.append(os.path.dirname(os.path.abspath(__file__)))
+from utils.get_headers import get_headers
+
 reload(sys)
 sys.setdefaultencoding("utf-8")
 
@@ -239,7 +242,7 @@ def collect(install_path):
 
 def report_bricks_atom(org, nb_targz_path, package_name, package_version, bricks_content, stories_content,
                        snippets_content):
-    headers = {"org": str(org), "user": "defaultUser"}
+    headers = get_headers(org)
     # report atom
     atom_url = "http://{}/api/v1/brick/atom/import".format(MICRO_APP_ADDR)
     data_dict = {"stories": stories_content, "bricks": bricks_content}
@@ -258,7 +261,8 @@ def report_bricks_atom(org, nb_targz_path, package_name, package_version, bricks
 
 def report_brick_next_package(org, brick_targz_path, package_name, package_version):
     # report brick_next or NT
-    headers = {"org": str(org), "user": "defaultUser"}
+    headers = get_headers(org)
+
     # report atom
     atom_url = "http://{}/api/v1/brick_next/report".format(MICRO_APP_ADDR)
     data = {"packageName": package_name, "packageVersion": package_version}
@@ -268,7 +272,8 @@ def report_brick_next_package(org, brick_targz_path, package_name, package_versi
 
 
 def report_provider_into_contract(org, package_name, contract_content):
-    headers = {"org": str(org), "user": "defaultUser"}
+    headers = get_headers(org)
+
     # report contract
     url = "http://{}/api/v1/brick/provider/import_into_contract".format(MICRO_APP_ADDR)
     param = {"packageName": package_name, "data": {

packages/brick-container/tools/report_installed_brick_next_package.py

@@ -5,6 +5,10 @@
 import requests
 import ens_api
 
+sys.path.append(os.path.dirname(os.path.abspath(__file__)))
+from utils.get_headers import get_headers
+
+
 def collect(install_path):
   if not os.path.exists(install_path):
     raise Exception("could not find install path {}".format(install_path))
@@ -22,7 +26,7 @@ def create_or_update_theme_template_data(data, org):
   if session_id <= 0:
     raise Exception("get nameservice logic.micro_app_service error, session_id={}".format(session_id))
   address = "{}:{}".format(ip, port)
-  headers = {"org": str(org), "user": "defaultUser"}
+  headers = get_headers(org)  
   url = "http://{}/api/v1/next-builder/theme-data-import".format(address)
   param = {"themeData": data}
   rsp = requests.post(url, json=param, headers=headers)

packages/brick-container/tools/report_installed_theme_template.py

@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+
+import sys
+import os
+
+TOOLS_DIR = "/usr/local/easyops/deploy_init/tools"
+sys.path.append(TOOLS_DIR)
+get_token = None
+token_util_path = os.path.join(TOOLS_DIR, "get_token_util.py")
+if os.path.exists(token_util_path):
+    from get_token_util import get_token
+
+APP_ID = "brick_next_v3"
+DEFAULT_USER = "defaultUser"
+
+
+def get_headers(org, user=DEFAULT_USER):
+    headers = {"org": str(org), "user": user}
+    if get_token is None:
+        return headers
+
+    token = get_token(user=user, org=int(org), app_id=APP_ID)
+    if not token:
+        return headers
+
+    headers["Authorization"] = "Bearer {}".format(token)
+    return headers