From 55aed44061331efa6125192d517819c417bede57 Mon Sep 17 00:00:00 2001 From: bryanhe-bupt Date: Thu, 23 Apr 2020 21:59:00 +0800 Subject: [PATCH] feature: bcs-client supports bcs-user-manager api. issue #434 --- bcs-services/bcs-client/cmd/add/cidr.go | 67 ++++++++ bcs-services/bcs-client/cmd/add/init.go | 60 +++++++ bcs-services/bcs-client/cmd/create/create.go | 14 +- bcs-services/bcs-client/cmd/create/user.go | 41 +++++ bcs-services/bcs-client/cmd/get/get.go | 63 +++++++- bcs-services/bcs-client/cmd/grant/grant.go | 56 +++++++ .../bcs-client/cmd/grant/permission.go | 50 ++++++ bcs-services/bcs-client/cmd/main.go | 8 + .../bcs-client/cmd/refresh/refresh.go | 61 ++++++++ .../bcs-client/cmd/refresh/usertoken.go | 40 +++++ .../bcs-client/cmd/revoke/permission.go | 50 ++++++ bcs-services/bcs-client/cmd/revoke/revoke.go | 56 +++++++ bcs-services/bcs-client/cmd/utils/types.go | 4 + .../bcs-client/pkg/usermanager/v1/lib.go | 40 +++++ .../bcs-client/pkg/usermanager/v1/types.go | 21 +++ .../bcs-client/pkg/usermanager/v1/user.go | 146 ++++++++++++++++++ bcs-services/bcs-client/pkg/utils/api.go | 3 +- 17 files changed, 773 insertions(+), 7 deletions(-) create mode 100644 bcs-services/bcs-client/cmd/add/cidr.go create mode 100644 bcs-services/bcs-client/cmd/add/init.go create mode 100644 bcs-services/bcs-client/cmd/create/user.go create mode 100644 bcs-services/bcs-client/cmd/grant/grant.go create mode 100644 bcs-services/bcs-client/cmd/grant/permission.go create mode 100644 bcs-services/bcs-client/cmd/refresh/refresh.go create mode 100644 bcs-services/bcs-client/cmd/refresh/usertoken.go create mode 100644 bcs-services/bcs-client/cmd/revoke/permission.go create mode 100644 bcs-services/bcs-client/cmd/revoke/revoke.go create mode 100644 bcs-services/bcs-client/pkg/usermanager/v1/lib.go create mode 100644 bcs-services/bcs-client/pkg/usermanager/v1/types.go create mode 100644 bcs-services/bcs-client/pkg/usermanager/v1/user.go diff --git a/bcs-services/bcs-client/cmd/add/cidr.go b/bcs-services/bcs-client/cmd/add/cidr.go new file mode 100644 index 0000000000..79f0c83a41 --- /dev/null +++ b/bcs-services/bcs-client/cmd/add/cidr.go @@ -0,0 +1,67 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package add + +import ( + "bk-bcs/bcs-services/bcs-client/cmd/utils" + v1 "bk-bcs/bcs-services/bcs-client/pkg/usermanager/v1" + "bk-bcs/bcs-services/bcs-user-manager/app/user-manager/v1http" + "encoding/json" + "fmt" + "io/ioutil" + "os" +) + +func initVpcCidr(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionVpc); err != nil { + return err + } + + var data []byte + var err error + if !c.IsSet(utils.OptionFile) { + //reading all data from stdin + data, err = ioutil.ReadAll(os.Stdin) + } else { + data, err = c.FileData() + } + if err != nil { + return err + } + if len(data) == 0 { + return fmt.Errorf("failed to grant: no available resource datas") + } + + var cidrs []v1http.TkeCidr + err = json.Unmarshal(data, &cidrs) + if err != nil { + return err + } + form := v1http.AddTkeCidrForm{ + Vpc: c.String(utils.OptionVpc), + TkeCidrs: cidrs, + } + data, err = json.Marshal(form) + if err != nil { + return err + } + userManager := v1.NewBcsUserManager(utils.GetClientOption()) + err = userManager.AddVpcCidrs(data) + if err != nil { + return fmt.Errorf("failed to init cidr to vpc %s: %v", c.String(utils.OptionVpc), err) + } + + fmt.Printf("success to init cidr\n") + return nil +} diff --git a/bcs-services/bcs-client/cmd/add/init.go b/bcs-services/bcs-client/cmd/add/init.go new file mode 100644 index 0000000000..329346cb70 --- /dev/null +++ b/bcs-services/bcs-client/cmd/add/init.go @@ -0,0 +1,60 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package add + +import ( + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "fmt" + "github.com/urfave/cli" +) + +//NewAddCommand sub command add registration +func NewAddCommand() cli.Command { + return cli.Command{ + Name: "add", + Usage: "add cidr", + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "type, t", + Usage: "add type, value can be cidr", + }, + cli.StringFlag{ + Name: "from-file, f", + Usage: "reading with configuration `FILE`", + }, + cli.StringFlag{ + Name: "vpcid", + Usage: "vpc id", + }, + }, + Action: func(c *cli.Context) error { + return add(utils.NewClientContext(c)) + }, + } +} + +func add(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionType); err != nil { + return err + } + + resourceType := c.String(utils.OptionType) + + switch resourceType { + case "cidr": + return initVpcCidr(c) + default: + return fmt.Errorf("invalid type: %s", resourceType) + } +} diff --git a/bcs-services/bcs-client/cmd/create/create.go b/bcs-services/bcs-client/cmd/create/create.go index 468d1be994..65647639ae 100644 --- a/bcs-services/bcs-client/cmd/create/create.go +++ b/bcs-services/bcs-client/cmd/create/create.go @@ -23,7 +23,7 @@ import ( func NewCreateCommand() cli.Command { return cli.Command{ Name: "create", - Usage: "create new application/process/service/secret/configmap/deployment", + Usage: "create new application/process/service/secret/configmap/deployment/user", Flags: []cli.Flag{ cli.StringFlag{ Name: "from-file, f", @@ -35,7 +35,15 @@ func NewCreateCommand() cli.Command { }, cli.StringFlag{ Name: "type, t", - Usage: "Create type, value can be app/service/secret/configmap/deployment", + Usage: "Create type, value can be app/service/secret/configmap/deployment/user", + }, + cli.StringFlag{ + Name: "usertype", + Usage: "user type, value can be admin/saas/plain", + }, + cli.StringFlag{ + Name: "username", + Usage: "user name", }, }, Action: func(c *cli.Context) error { @@ -66,6 +74,8 @@ func create(c *utils.ClientContext) error { return createDeployment(c) case "crd", "customresourcedefinition": return createCustomResourceDefinition(c) + case "user": + return createUser(c) default: //unkown type, try CustomResource return createCustomResource(c) diff --git a/bcs-services/bcs-client/cmd/create/user.go b/bcs-services/bcs-client/cmd/create/user.go new file mode 100644 index 0000000000..0e0dd8b3da --- /dev/null +++ b/bcs-services/bcs-client/cmd/create/user.go @@ -0,0 +1,41 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package create + +import ( + "fmt" + "net/http" + + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "bk-bcs/bcs-services/bcs-client/pkg/usermanager/v1" +) + +func createUser(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionUserName, utils.OptionUserType); err != nil { + return err + } + + userManager := v1.NewBcsUserManager(utils.GetClientOption()) + user, err := userManager.CreateOrGetUser(c.String(utils.OptionUserType), c.String(utils.OptionUserName), http.MethodPost) + if err != nil { + return fmt.Errorf("failed to create user: %v", err) + } + + return printResult(user) +} + +func printResult(single interface{}) error { + fmt.Printf("%s\n", utils.TryIndent(single)) + return nil +} diff --git a/bcs-services/bcs-client/cmd/get/get.go b/bcs-services/bcs-client/cmd/get/get.go index d7123d31c9..77547935f9 100644 --- a/bcs-services/bcs-client/cmd/get/get.go +++ b/bcs-services/bcs-client/cmd/get/get.go @@ -14,11 +14,14 @@ package get import ( - "fmt" - "bk-bcs/bcs-services/bcs-client/cmd/utils" "bk-bcs/bcs-services/bcs-client/pkg/scheduler/v4" "bk-bcs/bcs-services/bcs-client/pkg/storage/v1" + userV1 "bk-bcs/bcs-services/bcs-client/pkg/usermanager/v1" + "bk-bcs/bcs-services/bcs-user-manager/app/user-manager/v1http" + "encoding/json" + "fmt" + "net/http" "github.com/urfave/cli" ) @@ -26,11 +29,11 @@ import ( func NewGetCommand() cli.Command { return cli.Command{ Name: "get", - Usage: "get the original definition of application/process/deployment/ippoolstatic/ippoolstatic-detail", + Usage: "get the original definition of application/process/deployment/ippoolstatic/ippoolstatic-detail/user/permission", Flags: []cli.Flag{ cli.StringFlag{ Name: "type, t", - Usage: "Get type, application(app)/process/deployment(deploy)/ippoolstatic(ipps)/ippoolstatic-detail(ippsd)", + Usage: "Get type, application(app)/process/deployment(deploy)/ippoolstatic(ipps)/ippoolstatic-detail(ippsd)/user/permission", }, cli.StringFlag{ Name: "clusterid", @@ -45,6 +48,18 @@ func NewGetCommand() cli.Command { Name: "name, n", Usage: "Name", }, + cli.StringFlag{ + Name: "usertype", + Usage: "user type, value can be admin/saas/plain", + }, + cli.StringFlag{ + Name: "username", + Usage: "user name", + }, + cli.StringFlag{ + Name: "resourcetype", + Usage: "resource type, value can be cluster/storage/network-detection...", + }, }, Action: func(c *cli.Context) error { if err := get(utils.NewClientContext(c)); err != nil { @@ -73,6 +88,10 @@ func get(c *utils.ClientContext) error { return getIPPoolStatic(c) case "ippsd", "ippoolstatic-detail": return getIPPoolStaticDetail(c) + case "user": + return getUser(c) + case "permission": + return getPermission(c) default: return fmt.Errorf("invalid type: %s", resourceType) } @@ -158,6 +177,42 @@ func getIPPoolStaticDetail(c *utils.ClientContext) error { return printGet(result[0].Data) } +func getUser(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionUserName, utils.OptionUserType); err != nil { + return err + } + + userManager := userV1.NewBcsUserManager(utils.GetClientOption()) + user, err := userManager.CreateOrGetUser(c.String(utils.OptionUserType), c.String(utils.OptionUserName), http.MethodGet) + if err != nil { + return fmt.Errorf("failed to create user: %v", err) + } + + return printGet(user) +} + +func getPermission(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionUserName, utils.OptionResourceType); err != nil { + return err + } + + userManager := userV1.NewBcsUserManager(utils.GetClientOption()) + pf := v1http.GetPermissionForm{ + UserName: c.String(utils.OptionUserName), + ResourceType: c.String(utils.OptionResourceType), + } + data, err := json.Marshal(pf) + if err != nil { + return err + } + permissions, err := userManager.ActPermission(http.MethodGet, data) + if err != nil { + return fmt.Errorf("failed to grant permission: %v", err) + } + + return printGet(permissions) +} + func printGet(single interface{}) error { fmt.Printf("%s\n", utils.TryIndent(single)) return nil diff --git a/bcs-services/bcs-client/cmd/grant/grant.go b/bcs-services/bcs-client/cmd/grant/grant.go new file mode 100644 index 0000000000..bd8ae87fc0 --- /dev/null +++ b/bcs-services/bcs-client/cmd/grant/grant.go @@ -0,0 +1,56 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package grant + +import ( + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "fmt" + "github.com/urfave/cli" +) + +//NewGrantCommand sub command grant registration +func NewGrantCommand() cli.Command { + return cli.Command{ + Name: "grant", + Usage: "grant permission", + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "type, t", + Usage: "grant type, value can be permission", + }, + cli.StringFlag{ + Name: "from-file, f", + Usage: "reading with configuration `FILE`", + }, + }, + Action: func(c *cli.Context) error { + return grant(utils.NewClientContext(c)) + }, + } +} + +func grant(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionType); err != nil { + return err + } + + resourceType := c.String(utils.OptionType) + + switch resourceType { + case "permission": + return grantPermission(c) + default: + return fmt.Errorf("invalid type: %s", resourceType) + } +} diff --git a/bcs-services/bcs-client/cmd/grant/permission.go b/bcs-services/bcs-client/cmd/grant/permission.go new file mode 100644 index 0000000000..29f0665ae6 --- /dev/null +++ b/bcs-services/bcs-client/cmd/grant/permission.go @@ -0,0 +1,50 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package grant + +import ( + "fmt" + "io/ioutil" + "net/http" + "os" + + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "bk-bcs/bcs-services/bcs-client/pkg/usermanager/v1" +) + +func grantPermission(c *utils.ClientContext) error { + var data []byte + var err error + if !c.IsSet(utils.OptionFile) { + //reading all data from stdin + data, err = ioutil.ReadAll(os.Stdin) + } else { + data, err = c.FileData() + } + if err != nil { + return err + } + if len(data) == 0 { + return fmt.Errorf("failed to grant: no available resource datas") + } + + userManager := v1.NewBcsUserManager(utils.GetClientOption()) + _, err = userManager.ActPermission(http.MethodPost, data) + if err != nil { + return fmt.Errorf("failed to grant permission: %v", err) + } + + fmt.Printf("success to grant permission\n") + return nil +} diff --git a/bcs-services/bcs-client/cmd/main.go b/bcs-services/bcs-client/cmd/main.go index a6e897d1cc..d3ce0ca9c4 100644 --- a/bcs-services/bcs-client/cmd/main.go +++ b/bcs-services/bcs-client/cmd/main.go @@ -18,6 +18,7 @@ import ( "os" "bk-bcs/bcs-common/common/version" + "bk-bcs/bcs-services/bcs-client/cmd/add" "bk-bcs/bcs-services/bcs-client/cmd/agent" "bk-bcs/bcs-services/bcs-client/cmd/application" "bk-bcs/bcs-services/bcs-client/cmd/available" @@ -27,9 +28,12 @@ import ( "bk-bcs/bcs-services/bcs-client/cmd/deployment" "bk-bcs/bcs-services/bcs-client/cmd/env" "bk-bcs/bcs-services/bcs-client/cmd/get" + "bk-bcs/bcs-services/bcs-client/cmd/grant" "bk-bcs/bcs-services/bcs-client/cmd/inspect" "bk-bcs/bcs-services/bcs-client/cmd/list" "bk-bcs/bcs-services/bcs-client/cmd/offer" + "bk-bcs/bcs-services/bcs-client/cmd/refresh" + "bk-bcs/bcs-services/bcs-client/cmd/revoke" "bk-bcs/bcs-services/bcs-client/cmd/template" "bk-bcs/bcs-services/bcs-client/cmd/update" "bk-bcs/bcs-services/bcs-client/cmd/utils" @@ -66,6 +70,10 @@ func main() { template.NewTemplateCommand(), batch.NewApplyCommand(), batch.NewCleanCommand(), + refresh.NewRefreshCommand(), + grant.NewGrantCommand(), + revoke.NewRevokeCommand(), + add.NewAddCommand(), } if err := utils.InitCfg(); err != nil { diff --git a/bcs-services/bcs-client/cmd/refresh/refresh.go b/bcs-services/bcs-client/cmd/refresh/refresh.go new file mode 100644 index 0000000000..9609decd99 --- /dev/null +++ b/bcs-services/bcs-client/cmd/refresh/refresh.go @@ -0,0 +1,61 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package refresh + +import ( + "fmt" + + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "github.com/urfave/cli" +) + +//NewRefreshCommand sub command refresh registration +func NewRefreshCommand() cli.Command { + return cli.Command{ + Name: "refresh", + Usage: "refresh usertoken", + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "type, t", + Usage: "Refresh type, value can be usertoken", + }, + cli.StringFlag{ + Name: "usertype", + Usage: "user type, value can be saas/plain", + }, + cli.StringFlag{ + Name: "username", + Usage: "user name", + }, + }, + Action: func(c *cli.Context) error { + return refresh(utils.NewClientContext(c)) + }, + } +} + +func refresh(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionType); err != nil { + return err + } + + resourceType := c.String(utils.OptionType) + + switch resourceType { + case "usertoken": + return refreshUsertoken(c) + default: + return fmt.Errorf("invalid type: %s", resourceType) + } +} diff --git a/bcs-services/bcs-client/cmd/refresh/usertoken.go b/bcs-services/bcs-client/cmd/refresh/usertoken.go new file mode 100644 index 0000000000..cefae03c45 --- /dev/null +++ b/bcs-services/bcs-client/cmd/refresh/usertoken.go @@ -0,0 +1,40 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package refresh + +import ( + "fmt" + + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "bk-bcs/bcs-services/bcs-client/pkg/usermanager/v1" +) + +func refreshUsertoken(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionUserName, utils.OptionUserType); err != nil { + return err + } + + userManager := v1.NewBcsUserManager(utils.GetClientOption()) + user, err := userManager.RefreshUsertoken(c.String(utils.OptionUserType), c.String(utils.OptionUserName)) + if err != nil { + return fmt.Errorf("failed to refresh usertoken: %v", err) + } + + return printResult(user) +} + +func printResult(single interface{}) error { + fmt.Printf("%s\n", utils.TryIndent(single)) + return nil +} diff --git a/bcs-services/bcs-client/cmd/revoke/permission.go b/bcs-services/bcs-client/cmd/revoke/permission.go new file mode 100644 index 0000000000..150ca97e91 --- /dev/null +++ b/bcs-services/bcs-client/cmd/revoke/permission.go @@ -0,0 +1,50 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package revoke + +import ( + "fmt" + "io/ioutil" + "net/http" + "os" + + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "bk-bcs/bcs-services/bcs-client/pkg/usermanager/v1" +) + +func revokePermission(c *utils.ClientContext) error { + var data []byte + var err error + if !c.IsSet(utils.OptionFile) { + //reading all data from stdin + data, err = ioutil.ReadAll(os.Stdin) + } else { + data, err = c.FileData() + } + if err != nil { + return err + } + if len(data) == 0 { + return fmt.Errorf("failed to revoke: no available resource datas") + } + + userManager := v1.NewBcsUserManager(utils.GetClientOption()) + _, err = userManager.ActPermission(http.MethodDelete, data) + if err != nil { + return fmt.Errorf("failed to grant permission: %v", err) + } + + fmt.Printf("success to revoke permission\n") + return nil +} diff --git a/bcs-services/bcs-client/cmd/revoke/revoke.go b/bcs-services/bcs-client/cmd/revoke/revoke.go new file mode 100644 index 0000000000..525dcdab7c --- /dev/null +++ b/bcs-services/bcs-client/cmd/revoke/revoke.go @@ -0,0 +1,56 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package revoke + +import ( + "bk-bcs/bcs-services/bcs-client/cmd/utils" + "fmt" + "github.com/urfave/cli" +) + +//NewRevokeCommand sub command revoke registration +func NewRevokeCommand() cli.Command { + return cli.Command{ + Name: "revoke", + Usage: "revoke permission", + Flags: []cli.Flag{ + cli.StringFlag{ + Name: "type, t", + Usage: "revoke type, value can be permission", + }, + cli.StringFlag{ + Name: "from-file, f", + Usage: "reading with configuration `FILE`", + }, + }, + Action: func(c *cli.Context) error { + return revoke(utils.NewClientContext(c)) + }, + } +} + +func revoke(c *utils.ClientContext) error { + if err := c.MustSpecified(utils.OptionType); err != nil { + return err + } + + resourceType := c.String(utils.OptionType) + + switch resourceType { + case "permission": + return revokePermission(c) + default: + return fmt.Errorf("invalid type: %s", resourceType) + } +} diff --git a/bcs-services/bcs-client/cmd/utils/types.go b/bcs-services/bcs-client/cmd/utils/types.go index a901e1e7e6..705fb0ff10 100644 --- a/bcs-services/bcs-client/cmd/utils/types.go +++ b/bcs-services/bcs-client/cmd/utils/types.go @@ -43,6 +43,10 @@ const ( OptionString = "string" OptionScalar = "scalar" OptionAll = "all" + OptionUserType = "usertype" + OptionUserName = "username" + OptionResourceType = "resourcetype" + OptionVpc = "vpcid" ) //ValidateCustomResourceType check if speicifed CustomResource was registered before. diff --git a/bcs-services/bcs-client/pkg/usermanager/v1/lib.go b/bcs-services/bcs-client/pkg/usermanager/v1/lib.go new file mode 100644 index 0000000000..a9d5622de7 --- /dev/null +++ b/bcs-services/bcs-client/pkg/usermanager/v1/lib.go @@ -0,0 +1,40 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package v1 + +import ( + "fmt" + "github.com/bitly/go-simplejson" +) + +func parseResponse(resp []byte) (code int, msg string, data []byte, err error) { + var js *simplejson.Json + js, err = simplejson.NewJson(resp) + if err != nil { + return -1, fmt.Sprintf("decode response failed, raw resp: %s", string(resp)), nil, err + } + + msg, _ = js.Get("message").String() + code, err = js.Get("code").Int() + if err != nil { + return -1, fmt.Sprintf("decode response failed, raw resp: %s", string(resp)), nil, err + } + + data, err = js.Get("data").Encode() + if err != nil { + return -1, fmt.Sprintf("decode response failed, raw resp: %s", string(resp)), nil, err + } + + return +} diff --git a/bcs-services/bcs-client/pkg/usermanager/v1/types.go b/bcs-services/bcs-client/pkg/usermanager/v1/types.go new file mode 100644 index 0000000000..99dd5c6678 --- /dev/null +++ b/bcs-services/bcs-client/pkg/usermanager/v1/types.go @@ -0,0 +1,21 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package v1 + +const ( + BcsUserManagerUserURI = "%s/bcsapi/v4/usermanager/v1/users/%s/%s" + BcsUserManagerUserRefreshURI = "%s/bcsapi/v4/usermanager/v1/users/%s/%s/refresh" + BcsUserManagerPermissionURI = "%s/bcsapi/v4/usermanager/v1/permissions" + BcsUserManagerAddCidrUri = "%s/bcsapi/v4/usermanager/v1/tke/cidr/add_cidr" +) diff --git a/bcs-services/bcs-client/pkg/usermanager/v1/user.go b/bcs-services/bcs-client/pkg/usermanager/v1/user.go new file mode 100644 index 0000000000..c629074bbd --- /dev/null +++ b/bcs-services/bcs-client/pkg/usermanager/v1/user.go @@ -0,0 +1,146 @@ +/* + * Tencent is pleased to support the open source community by making Blueking Container Service available. + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * Licensed under the MIT License (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, software distributed under + * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package v1 + +import ( + "fmt" + "net/http" + + "bk-bcs/bcs-common/common/codec" + "bk-bcs/bcs-services/bcs-client/pkg/types" + "bk-bcs/bcs-services/bcs-client/pkg/utils" + "bk-bcs/bcs-services/bcs-user-manager/app/user-manager/models" + "bk-bcs/bcs-services/bcs-user-manager/app/user-manager/v1http" +) + +type UserManager interface { + CreateOrGetUser(userType string, userName string, method string) (*models.BcsUser, error) + RefreshUsertoken(userType string, userName string) (*models.BcsUser, error) + ActPermission(method string, data []byte) ([]v1http.PermissionsResp, error) + AddVpcCidrs(data []byte) error +} + +type bcsUserManager struct { + bcsAPIAddress string + requester utils.ApiRequester +} + +//NewBcsUserManager create bcs-user-manager api implemenation +func NewBcsUserManager(options types.ClientOptions) UserManager { + return &bcsUserManager{ + bcsAPIAddress: options.BcsApiAddress, + requester: utils.NewApiRequester(options.ClientSSL, options.BcsToken), + } +} + +func (b *bcsUserManager) CreateOrGetUser(userType string, userName string, method string) (*models.BcsUser, error) { + resp, err := b.requester.Do( + fmt.Sprintf(BcsUserManagerUserURI, b.bcsAPIAddress, userType, userName), + method, + nil, + ) + + if err != nil { + return nil, err + } + + code, msg, data, err := parseResponse(resp) + if err != nil { + return nil, err + } + + if code != 0 { + return nil, fmt.Errorf("create or get %s user %s failed: %s", userType, userName, msg) + } + + var result models.BcsUser + err = codec.DecJson(data, &result) + return &result, err +} + +func (b *bcsUserManager) RefreshUsertoken(userType string, userName string) (*models.BcsUser, error) { + method := http.MethodPut + resp, err := b.requester.Do( + fmt.Sprintf(BcsUserManagerUserRefreshURI, b.bcsAPIAddress, userType, userName), + method, + nil, + ) + + if err != nil { + return nil, err + } + + code, msg, data, err := parseResponse(resp) + if err != nil { + return nil, err + } + + if code != 0 { + return nil, fmt.Errorf("refresh usertoken for %s user %s failed: %s", userType, userName, msg) + } + + var result models.BcsUser + err = codec.DecJson(data, &result) + return &result, err +} + +func (b *bcsUserManager) ActPermission(method string, data []byte) ([]v1http.PermissionsResp, error) { + resp, err := b.requester.Do( + fmt.Sprintf(BcsUserManagerPermissionURI, b.bcsAPIAddress), + method, + data, + ) + + if err != nil { + return nil, err + } + + code, msg, data, err := parseResponse(resp) + if err != nil { + return nil, err + } + + if code != 0 { + return nil, fmt.Errorf("failed to act permission: %s", msg) + } + + var result []v1http.PermissionsResp + err = codec.DecJson(data, &result) + return result, err +} + +func (b *bcsUserManager) AddVpcCidrs(data []byte) error { + resp, err := b.requester.Do( + fmt.Sprintf(BcsUserManagerAddCidrUri, b.bcsAPIAddress), + http.MethodPost, + data, + ) + + if err != nil { + return err + } + + code, msg, data, err := parseResponse(resp) + if err != nil { + return err + } + + if code != 0 { + return fmt.Errorf("failed to add cidr: %s", msg) + } + + var result []v1http.PermissionsResp + err = codec.DecJson(data, &result) + return err +} diff --git a/bcs-services/bcs-client/pkg/utils/api.go b/bcs-services/bcs-client/pkg/utils/api.go index 1bc442701f..95ae897a6e 100644 --- a/bcs-services/bcs-client/pkg/utils/api.go +++ b/bcs-services/bcs-client/pkg/utils/api.go @@ -42,7 +42,8 @@ func (b *bcsApiRequester) Do(uri, method string, data []byte, header ...*http.He httpCli := httpclient.NewHttpClient() httpCli.SetHeader("Content-Type", "application/json") httpCli.SetHeader("Accept", "application/json") - httpCli.SetHeader("X-Bcs-User-Token", b.bcsToken) + httpCli.SetHeader("Authorization", "Bearer "+b.bcsToken) + //httpCli.SetHeader("X-Bcs-User-Token", b.bcsToken) if header != nil { httpCli.SetBatchHeader(header)