feat: sync apigateway automatically for bk-user (#2024)

src/bk-login/support-files/apidocs/en/get_bk_token_userinfo.md

@@ -4,64 +4,50 @@ Query user's information corresponding to bk_token
 
 ### Parameters
 
-| Name | Type | Required | Description                                                       |
-|------|------|----------|-------------------------------------------------------------------|
+| Name     | Type   | Required | Description                                                       |
+|----------|--------|----------|-------------------------------------------------------------------|
 | bk_token | string | Yes      | User login state ticket, which needs to be retrieved from Cookies |
 
 ### Request Example
-Example: Use curl to carry the authorization header:
-```shell
-curl -X GET -H 'X-Bkapi-Authorization: {"bk_app_code": "x", "bk_app_secret": "y"}' "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/userinfo/?bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"
-```
-Example: Use Python and the **requests** module:
-``` python
-import json
-import requests
 
-result = requests.get(
-    "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/userinfo/",
-    headers={
-        "X-Bkapi-Authorization": json.dumps(
-            {"bk_app_code": "x", "bk_app_secret": "y"})
-    },
-    params={
-        "bk_token": "bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"},
-)
+```json5
+// URL Query Parameter
+bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D
 ```
 
 ### Response Example for Status Code 200
 
 ```json5
 {
-    "data": {
-        "bk_username": "nteuuhzxlh0jcanw",
-        "tenant_id": "system",
-        "display_name": "admin",
-        "language": "zh-cn",
-        "time_zone": "Asia/Shanghai"
-    }
+  "data": {
+    "bk_username": "nteuuhzxlh0jcanw",
+    "tenant_id": "system",
+    "display_name": "admin",
+    "language": "zh-cn",
+    "time_zone": "Asia/Shanghai"
+  }
 }
 
 ```
 
 ### Response Parameters Description
 
-| Name  | Type | Description                                         |
-|--------|------|-----------------------------------------------------|
-| bk_username | string | User unique identifier, globally unique             |
-| tenant_id | string | User's tenant ID                                   |
-| display_name | string | User display name                                   |
-| language | string | User language, enumerated values: zh-cn / en      |
-| time_zone | string | User's time zone                                   |
+| Name         | Type   | Description                                  |
+|--------------|--------|----------------------------------------------|
+| bk_username  | string | User unique identifier, globally unique      |
+| tenant_id    | string | User's tenant ID                             |
+| display_name | string | User display name                            |
+| language     | string | User language, enumerated values: zh-cn / en |
+| time_zone    | string | User's time zone                             |
 
 ### Response Example for Non-200 Status Code
 
 ```json5
 // status_code = 400
 {
-    "error": {
-        "code": "VALIDATION_ERROR",
-        "message": "Login session has expired"
-    }
+  "error": {
+    "code": "VALIDATION_ERROR",
+    "message": "Login session has expired"
+  }
 }
 ```

src/bk-login/support-files/apidocs/en/verify_bk_token.md

@@ -4,58 +4,44 @@ Verify bk_token
 
 ### Parameters
 
-| Name | Type | Required | Description                                                                     |
-|------|------|----------|---------------------------------------------------------------------------------|
+| Name     | Type   | Required | Description                                                       |
+|----------|--------|----------|-------------------------------------------------------------------|
 | bk_token | string | Yes      | User login state ticket, which needs to be retrieved from Cookies |
 
 ### Request Example
-Example: Use curl to carry the authorization header:
-```shell
-curl -X GET -H 'X-Bkapi-Authorization: {"bk_app_code": "x", "bk_app_secret": "y"}' "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/verify/?bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"
-```
-Example: Use Python and the **requests** module:
-``` python
-import json
-import requests
-
-result = requests.get(
-    "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/verify/",
-    headers={
-        "X-Bkapi-Authorization": json.dumps(
-            {"bk_app_code": "x", "bk_app_secret": "y"})
-    },
-    params={
-        "bk_token": "bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"},
-)
+
+```json5
+// URL Query Parameter
+bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D
 ```
 
 ### Response Example for Status Code 200
 
 ```json5
 {
-    "data": {
-        "bk_username": "nteuuhzxlh0jcanw",
-        "tenant_id": "system"
-    }
+  "data": {
+    "bk_username": "nteuuhzxlh0jcanw",
+    "tenant_id": "system"
+  }
 }
 
 ```
 
 ### Response Parameters Description
 
-| Name  | Type | Description                                         |
-|--------|------|-----------------------------------------------------|
-| bk_username | string | User unique identifier, globally unique             |
-| tenant_id | string | User's tenant ID                                   |
+| Name        | Type   | Description                             |
+|-------------|--------|-----------------------------------------|
+| bk_username | string | User unique identifier, globally unique |
+| tenant_id   | string | User's tenant ID                        |
 
 ### Response Example for Non-200 Status Code
 
 ```json5
 // status_code = 400
 {
-    "error": {
-        "code": "VALIDATION_ERROR",
-        "message": "Login session has expired"
-    }
+  "error": {
+    "code": "VALIDATION_ERROR",
+    "message": "Login session has expired"
+  }
 }
 ```

src/bk-login/support-files/apidocs/zh/get_bk_token_userinfo.md

@@ -4,64 +4,50 @@
 
 ### 输入参数
 
-| 参数名称 | 参数类型 | 必选 | 描述                                                      |
-| -------- | -------- | ---- | --------------------------------------------------------- |
-| bk_token | string   | 是   | 用户登录态票据，需要从 Cookies 中获取 |
+| 参数名称     | 参数类型   | 必选 | 描述                      |
+|----------|--------|----|-------------------------|
+| bk_token | string | 是  | 用户登录态票据，需要从 Cookies 中获取 |
 
 ### 调用示例
-示例：使用 curl 命令，请求时携带认证请求头：
-```shell
-curl -X GET -H 'X-Bkapi-Authorization: {"bk_app_code": "x", "bk_app_secret": "y"}' "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/userinfo/?bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"
-```
-示例：使用 Python 语言和 **requests** 模块：
-``` python
-import json
-import requests
 
-result = requests.get(
-    "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/userinfo/",
-    headers={
-        "X-Bkapi-Authorization": json.dumps(
-            {"bk_app_code": "x", "bk_app_secret": "y"})
-    },
-    params={
-        "bk_token": "bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"},
-)
+```json5
+// URL Query 参数
+bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D
 ```
 
 ### 状态码 200 的响应示例
 
 ```json5
 {
-    "data": {
-        "bk_username": "nteuuhzxlh0jcanw",
-        "tenant_id": "system",
-        "display_name": "admin",
-        "language": "zh-cn",
-        "time_zone": "Asia/Shanghai"
-    }
+  "data": {
+    "bk_username": "nteuuhzxlh0jcanw",
+    "tenant_id": "system",
+    "display_name": "admin",
+    "language": "zh-cn",
+    "time_zone": "Asia/Shanghai"
+  }
 }
 
 ```
 
 ### 响应参数说明
 
-| 参数名称     | 参数类型 | 描述                         |
-| ------------ | -------- | ---------------------------- |
-| bk_username  | string   | 用户唯一标识，全局唯一       |
-| tenant_id    | string   | 用户所属租户 ID              |
-| display_name | string   | 用户展示名                   |
-| language     | string   | 用户语言，枚举值：zh-cn / en |
-| time_zone    | string   | 用户所在时区                 |
+| 参数名称         | 参数类型   | 描述                  |
+|--------------|--------|---------------------|
+| bk_username  | string | 用户唯一标识，全局唯一         |
+| tenant_id    | string | 用户所属租户 ID           |
+| display_name | string | 用户展示名               |
+| language     | string | 用户语言，枚举值：zh-cn / en |
+| time_zone    | string | 用户所在时区              |
 
 ### 状态码 非 200 的响应示例
 
 ```json5
 // status_code = 400
 {
-    "error": {
-        "code": "VALIDATION_ERROR",
-        "message": "登录态已过期"
-    }
+  "error": {
+    "code": "VALIDATION_ERROR",
+    "message": "登录态已过期"
+  }
 }
 ```

src/bk-login/support-files/apidocs/zh/verify_bk_token.md

@@ -4,58 +4,44 @@
 
 ### 输入参数
 
-| 参数名称 | 参数类型 | 必选 | 描述                                                         |
-| -------- | -------- | ---- | ------------------------------------------------------------ |
-| bk_token | string   | 是   | 用户登录态票据，需要从 Cookies 中获取 |
+| 参数名称     | 参数类型   | 必选 | 描述                      |
+|----------|--------|----|-------------------------|
+| bk_token | string | 是  | 用户登录态票据，需要从 Cookies 中获取 |
 
 ### 调用示例
-示例：使用 curl 命令，请求时携带认证请求头：
-```shell
-curl -X GET -H 'X-Bkapi-Authorization: {"bk_app_code": "x", "bk_app_secret": "y"}' "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/verify/?bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"
-```
-示例：使用 Python 语言和 **requests** 模块：
-``` python
-import json
-import requests
-
-result = requests.get(
-    "https://bkapi.example.com/api/bk-login/prod/login/api/v3/open/bk-tokens/verify/",
-    headers={
-        "X-Bkapi-Authorization": json.dumps(
-            {"bk_app_code": "x", "bk_app_secret": "y"})
-    },
-    params={
-        "bk_token": "bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D"},
-)
+
+```json5
+// URL Query 参数
+bk_token=bkcrypt%24gAAAAABnWEIbW4BC9VrczvN5pE-ga9fjq0JvT-ZbbjRRIYeVpGsRWWR3NASAzEDHGvPSjshkK-lqgUnqkDSNao58xTrbtCrDIQFrPlDmKXfXPvu2aLOVGz1mrzftygyAEHQ0G1HFXEexfn3CjkwedW5j2-Yu-GU5XA%3D%3D
 ```
 
 ### 状态码 200 的响应示例
 
 ```json5
 {
-    "data": {
-        "bk_username": "nteuuhzxlh0jcanw",
-        "tenant_id": "system"
-    }
+  "data": {
+    "bk_username": "nteuuhzxlh0jcanw",
+    "tenant_id": "system"
+  }
 }
 
 ```
 
 ### 响应参数说明
 
-| 参数名称    | 参数类型 | 描述                   |
-| ----------- | -------- | ---------------------- |
-| bk_username | string   | 用户唯一标识，全局唯一 |
-| tenant_id   | string   | 用户所属租户 ID        |
+| 参数名称        | 参数类型   | 描述          |
+|-------------|--------|-------------|
+| bk_username | string | 用户唯一标识，全局唯一 |
+| tenant_id   | string | 用户所属租户 ID   |
 
 ### 状态码 非 200 的响应示例
 
 ```json5
 // status_code = 400
 {
-    "error": {
-        "code": "VALIDATION_ERROR",
-        "message": "登录态已过期"
-    }
+  "error": {
+    "code": "VALIDATION_ERROR",
+    "message": "登录态已过期"
+  }
 }
 ```

src/bk-login/support-files/definition.yaml

@@ -11,6 +11,7 @@ apigateway:
   description_en: "Login OpenAPI Gateway"
   allow_delete_sensitive_params: false
   is_public: true
+  api_type: 1
   maintainers:
     - "admin"
 

src/bk-user/Dockerfile

@@ -38,6 +38,7 @@ COPY src/bk-user/version_log /app/version_log
 COPY src/bk-user/locale /app/locale
 COPY src/bk-user/manage.py /app
 COPY src/idp-plugins/idp_plugins /app/bkuser/idp_plugins
+COPY src/bk-user/support-files /app/support-files
 
 COPY --from=StaticBuilding /dist /app/staticfiles
 COPY --from=StaticBuilding /dist/index.html /app/templates/index.html

src/bk-user/bin/post_migrate.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# 如果任何命令返回一个非零退出状态（错误），脚本将会立即终止执行
+set -e
+
+# 自动化同步网关
+if [ "$ENABLE_SYNC_APIGW" = true ]; then
+  sh ./support-files/bin/sync-apigateway.sh
+fi
+
+# 注册到蓝鲸通知中心
+if [ "$ENABLE_BK_NOTICE" = true ]; then
+  python manage.py register_application
+fi

src/bk-user/bkuser/settings.py

@@ -236,6 +236,8 @@
 BK_APIGW_NAME = env.str("BK_APIGW_NAME", default="bk-user")
 # 与网关内部调用的认证 Token
 BK_APIGW_TO_BK_USER_INNER_BEARER_TOKEN = env.str("BK_APIGW_TO_BK_USER_INNER_BEARER_TOKEN", default="")
+# 是否自动同步网关
+ENABLE_SYNC_APIGW = env.bool("ENABLE_SYNC_APIGW", default=False)
 
 # 版本日志
 VERSION_LOG_FILES_DIR = BASE_DIR / "version_log"