TencentBlueKing · AlkaidChan · Jul 9, 2024 · Jul 9, 2024
diff --git a/bcs-services/bcs-bscp/cmd/auth-server/service/service.go b/bcs-services/bcs-bscp/cmd/auth-server/service/service.go
@@ -40,6 +40,7 @@ import (
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/cc"
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/components/bkpaas"
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/criteria/errf"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/apigw"
 	iamauth "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/auth"
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/client"
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/iam/meta"
@@ -76,6 +77,7 @@ type Service struct {
 	// auth logic module.
 	auth     *auth.Auth
 	spaceMgr *space.Manager
+	pubKey   string
 }
 
 // NewService create a service instance.
@@ -110,13 +112,39 @@ func NewService(sd serviced.Discover, iamSettings cc.IAM, disableAuth bool,
 		spaceMgr:        spaceMgr,
 	}
 
+	if errH := s.handlerAutoRegister(); errH != nil {
+		return nil, errH
+	}
+
 	if err = s.initLogicModule(); err != nil {
 		return nil, err
 	}
 
 	return s, nil
 }
 
+// 注册网关
+func (s *Service) handlerAutoRegister() error {
+	s.pubKey = cc.AuthServer().LoginAuth.GWPubKey
+	if cc.AuthServer().ApiGateway.AutoRegister {
+		gw, err := apigw.NewApiGw(cc.AuthServer().Esb)
+		if err != nil {
+			return err
+		}
+
+		result, err := gw.GetApigwPublicKey(apigw.Name)
+		if err != nil {
+			return err
+		}
+		if result.Code != 0 && result.Data.PublicKey == "" {
+			return fmt.Errorf("get the gateway public key failed, err: %s", result.Message)
+		}
+		s.pubKey = result.Data.PublicKey
+	}
+
+	return nil
+}
+
 // Handler return service's handler.
 func (s *Service) Handler() (http.Handler, error) {
 	if s.gateway == nil {
@@ -255,12 +283,13 @@ func (s *Service) InitAuthCenter(ctx context.Context, req *pbas.InitAuthCenterRe
 // GetAuthConf get auth login conf
 func (s *Service) GetAuthConf(_ context.Context,
 	_ *pbas.GetAuthConfReq) (*pbas.GetAuthConfResp, error) {
+
 	resp := &pbas.GetAuthConfResp{
 		LoginAuth: &pbas.LoginAuth{
 			Host:      cc.AuthServer().LoginAuth.Host,
 			InnerHost: cc.AuthServer().LoginAuth.InnerHost,
 			Provider:  cc.AuthServer().LoginAuth.Provider,
-			GwPubkey:  cc.AuthServer().LoginAuth.GWPubKey,
+			GwPubkey:  s.pubKey,
 			UseEsb:    false,
 		},
 		Esb: &pbas.ESB{

diff --git a/bcs-services/bcs-bscp/pkg/cc/service.go b/bcs-services/bcs-bscp/pkg/cc/service.go
@@ -120,12 +120,13 @@ func (s ApiServerSetting) Validate() error {
 
 // AuthServerSetting defines auth server used setting options.
 type AuthServerSetting struct {
-	Network   Network           `yaml:"network"`
-	Service   Service           `yaml:"service"`
-	Log       LogOption         `yaml:"log"`
-	LoginAuth LoginAuthSettings `yaml:"loginAuth"`
-	IAM       IAM               `yaml:"iam"`
-	Esb       Esb               `yaml:"esb"`
+	Network    Network           `yaml:"network"`
+	Service    Service           `yaml:"service"`
+	Log        LogOption         `yaml:"log"`
+	LoginAuth  LoginAuthSettings `yaml:"loginAuth"`
+	IAM        IAM               `yaml:"iam"`
+	Esb        Esb               `yaml:"esb"`
+	ApiGateway ApiGateway        `yaml:"apiGateway"`
 }
 
 // LoginAuthSettings login conf
@@ -137,6 +138,13 @@ type LoginAuthSettings struct {
 	GWPubKey  string `yaml:"gwPubkey"`
 }
 
+// ApiGateway gateway conf
+type ApiGateway struct {
+	// AutoRegister 是否自动注册
+	AutoRegister bool   `yaml:"autoRegister"`
+	GWPubKey     string `yaml:"gwPubkey"`
+}
+
 // trySetFlagBindIP try set flag bind ip.
 func (s *AuthServerSetting) trySetFlagBindIP(ip net.IP) error {
 	return s.Network.trySetFlagBindIP(ip)

diff --git a/bcs-services/bcs-bscp/pkg/cc/types.go b/bcs-services/bcs-bscp/pkg/cc/types.go
@@ -768,8 +768,9 @@ type Esb struct {
 	// AppSecret is the blueking app secret of bscp to request esb.
 	AppSecret string `yaml:"appSecret"`
 	// User is the blueking user of bscp to request esb.
-	User string    `yaml:"user"`
-	TLS  TLSConfig `yaml:"tls"`
+	User     string    `yaml:"user"`
+	TLS      TLSConfig `yaml:"tls"`
+	BscpHost string    `yaml:"bscpHost"`
 }
 
 // validate esb runtime.

diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go b/bcs-services/bcs-bscp/pkg/iam/apigw/apigw.go
@@ -60,7 +60,7 @@ type ApiGw interface {
 }
 
 // NewApiGw 初始化网关
-func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) {
+func NewApiGw(opt cc.Esb) (ApiGw, error) {
 
 	c, err := client.NewClient(nil)
 	if err != nil {
@@ -70,11 +70,12 @@ func NewApiGw(opt cc.ApiServerSetting) (ApiGw, error) {
 		client: c,
 		opt:    opt,
 	}, nil
+
 }
 
 type apiGw struct {
 	client *http.Client
-	opt    cc.ApiServerSetting
+	opt    cc.Esb
 }
 
 // SyncApi 同步网关，如果网关不存在，创建网关，如果网关已存在，更新网关
@@ -359,7 +360,7 @@ func (a *apiGw) newRequest(method, url string, body []byte) (*http.Request, erro
 
 	// 设置请求头
 	req.Header.Set("X-Bkapi-Authorization", fmt.Sprintf(`{"bk_app_code": "%s", "bk_app_secret": "%s"}`,
-		a.opt.Esb.AppCode, a.opt.Esb.AppSecret))
+		a.opt.AppCode, a.opt.AppSecret))
 	req.Header.Set("Content-Type", "application/json")
 
 	return req, nil

diff --git a/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go b/bcs-services/bcs-bscp/pkg/iam/apigw/sync_docs.go
@@ -21,27 +21,29 @@ import (
 )
 
 const (
-	name        = "bk-bscp-test"
+	// Name 网关名
+	Name        = "bk-bscp"
 	env         = "prod"
-	description = "bk-bscp-test 网关描述"
-	host        = "http://bscp-api.sit.bktencent.com"
+	description = "服务配置平台（bk_bscp）API 网关，包含了服务、配置项/模板、版本、分组、发布等相关资源的查询和操作接口"
 )
 
 // ReleaseSwagger 导入swagge 文档
-func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { // nolint
+// nolint:funlen
+func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error {
+
 	// 获取需要导入的文档
 	swaggerData, err := docs.Assets.ReadFile("swagger/bkapigw.swagger.json")
 	if err != nil {
 		return fmt.Errorf("reads and returns the content of the named file failed, err: %s", err.Error())
 	}
 	// 初始化网关
-	gw, err := NewApiGw(opt)
+	gw, err := NewApiGw(opt.Esb)
 	if err != nil {
 		return fmt.Errorf("init api gateway failed, err: %s", err.Error())
 	}
 
 	// 创建或者更新网关
-	syncApiResp, err := gw.SyncApi(name, &SyncApiReq{
+	syncApiResp, err := gw.SyncApi(Name, &SyncApiReq{
 		Description: description,
 		Maintainers: []string{"admin"},
 		IsPublic:    true,
@@ -62,7 +64,7 @@ func ReleaseSwagger(opt cc.ApiServerSetting, language, version string) error { /
 			Upstreams: Upstreams{
 				Loadbalance: "roundrobin",
 				Hosts: []Host{{
-					Host:   host,
+					Host:   opt.Esb.BscpHost,
 					Weight: 100,
 				}},
 			},