Skip to content

Commit

Permalink
feat(plugins/bk-default-tenant.lua): add plugin bk-default-tenant (#92)…
Browse files Browse the repository at this point in the history 
… (#95)
  • Loading branch information
@wklken
wklken authored Dec 27, 2024
1 parent 2ff26d1 commit 54c8c0d
Show file tree
Hide file tree
Showing 11 changed files with 108 additions and 63 deletions.
38 changes: 28 additions & 10 deletions src/apisix/editions/ee/plugins/bk-components/bklogin.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,15 @@ local bk_components_utils = require("apisix.plugins.bk-components.utils")

local string_format = string.format

local VERIFY_BK_TOKEN_URL = "/api/v3/apigw/bk-tokens/verify/"
local VERIFY_BK_TOKEN_URL = "/login/api/v3/apigw/bk-tokens/verify/"

local BKLOGIN_TIMEOUT_MS = 5 * 1000

local err_status_400 = "status 400, bk_token is not valid"

local _M = {
host = bk_core.config.get_login_addr(),
token = bk_core.config.get_login_token(),
}

local function bklogin_do_request(host, path, params, request_id)
Expand All @@ -38,7 +41,7 @@ local function bklogin_do_request(host, path, params, request_id)
end

local url = bk_core.url.url_single_joining_slash(host, path)
local res, err = bk_components_utils.handle_request(url, params, BKLOGIN_TIMEOUT_MS, true)
local res, err = bk_components_utils.handle_request(url, params, BKLOGIN_TIMEOUT_MS, false)
if err ~= nil then
-- if connection refused, return directly, without wrap(for the fallback cache upon layer)
if err == "connection refused" then
Expand All @@ -54,6 +57,21 @@ local function bklogin_do_request(host, path, params, request_id)
return nil, new_err
end

-- 响应格式正常,错误码 400,表示 bk_token 非法
-- note: here we return an {} instead of err, because the lrucache should cache this result as well
if res.status == 400 then
return nil, err_status_400
end

if res.status ~= 200 then
local new_err = string_format(
"failed to request third-party api, url: %s, request_id: %s, status!=200, status: %s, response: %s",
url, request_id, res.status, res.body
)
core.log.error(new_err)
return nil, new_err
end

local result
result, err = bk_components_utils.parse_response_json(res.body)
if err ~= nil then
Expand Down Expand Up @@ -81,24 +99,24 @@ function _M.get_username_by_bk_token(bk_token)
ssl_verify = false,
headers = {
["Content-Type"] = "application/x-www-form-urlencoded",
-- use bearer token to connect bklogin
["Authorization"] = "Bearer " .. _M.token,
},
}

local result, err = bklogin_do_request(_M.host, path, params, request_id)
if err ~= nil then
return nil, err
end
if err == err_status_400 then
return {error_message="bk_token is not valid"}, nil
end

if result.bk_error_code ~= 0 then
return {
error_message = string_format("bk_token is invalid,host: %s, path: %s, code: %s",
_M.host, path, result.bk_error_code),
}
return nil, err
end
-- {"data": {"bk_username": "cpyjg3xo3ta0op6t", "tenant_id": "system"}}

return {
username = result.data.bk_username,
}
}, nil
end

return _M
45 changes: 45 additions & 0 deletions src/apisix/editions/ee/tests/bk-components/test-bklogin.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,50 @@ describe(
end
)


it(
"status 400", function()
response = {
status = 400,
body = core.json.encode(
{
bk_error_code = 400,
bk_error_msg = "bk_token is not valid",
}
),
}
response_err = nil

local result, err = bklogin.get_username_by_bk_token("fake-bk-token")
assert.is_same(
result, {
error_message = "bk_token is not valid",
}
)
assert.is_nil(err)
end
)

it(
"status not 200", function()
response = {
status = 500,
body = core.json.encode(
{
bk_error_code = 500,
bk_error_msg = "internal server error",
}
),
}
response_err = nil

local result, err = bklogin.get_username_by_bk_token("fake-bk-token")
assert.is_nil(result)
assert.is_true(core.string.has_prefix(err, "failed to request third-party api"))
assert.is_true(core.string.find(err, "request_id") ~= nil)
end
)

it(
"success", function()
response = {
Expand All @@ -88,6 +132,7 @@ describe(
assert.is_nil(err)
end
)

end
)
end
Expand Down
4 changes: 2 additions & 2 deletions src/apisix/plugins/bk-cache/user-tenant-info.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
-- to the current version of the project delivered to anyone in the future.
--
local core = require("apisix.core")
local bkauth_component = require("apisix.plugins.bk-components.bkauth")
local bkuser_component = require("apisix.plugins.bk-components.bkuser")
local lru_new = require("resty.lrucache").new

local USER_TENANT_ID_CACHE_TTL = 600
Expand All @@ -39,7 +39,7 @@ local _M = {}
function _M.get_user_tenant_info(username)
local key = username

local result, err = user_tenant_info_lrucache(key, nil, bkauth_component.get_user_tenant_info, username)
local result, err = user_tenant_info_lrucache(key, nil, bkuser_component.get_user_tenant_info, username)
if result == nil then
-- if the service is down(100% down), we can use the fallback cache, make the dp robust
if err == "connection refused" then
Expand Down
4 changes: 2 additions & 2 deletions src/apisix/plugins/bk-components/bkauth.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,8 +199,8 @@ function _M.get_app_tenant_info(app_code)
-- }
-- }
return {
tenant_mode=result.data.tenant.mode,
tenant_id=result.data.tenant.id,
tenant_mode=result.data.bk_tenant.mode,
tenant_id=result.data.bk_tenant.id,
error_message=nil,
}, nil
end
Expand Down
20 changes: 6 additions & 14 deletions src/apisix/plugins/bk-components/bkuser.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,7 @@ local bk_core = require("apisix.plugins.bk-core.init")
local bk_components_utils = require("apisix.plugins.bk-components.utils")
local string_format = string.format

-- FIXME: change to api/v3
local GET_USER_URL = "/api/v2/profiles/%s"
local GET_USER_URL = "/api/v3/apigw/tenant-users/%s/"
local BKUSER_TIMEOUT_MS = 3 * 1000

local bkapp = bk_core.config.get_bkapp() or {}
Expand Down Expand Up @@ -78,34 +77,27 @@ local function bkuser_do_request(host, path, params, request_id)
return nil, new_err
end

-- FIXME: api/v3 would not check result.code
if result.code ~= 0 then
local new_err = string_format(
"failed to request third-party api, %s, request_id: %s, result.code!=0, status: %s, response: %s",
url, request_id, res.status, res.body
)
core.log.error(new_err)
return nil, new_err
end

return result, nil
end

local _M = {
host = bk_core.config.get_bkuser_addr(),
token = bk_core.config.get_bkuser_token(),
app_code = bkapp.bk_app_code,
app_secret = bkapp.bk_app_secret,
}

function _M.get_user_tenant_info(app_code)
local path = string_format(GET_USER_URL, app_code)
function _M.get_user_tenant_info(username)
local path = string_format(GET_USER_URL, username)
local request_id = uuid.generate_v4()
local params = {
method = "GET",
ssl_verify = false,
headers = {
["X-Request-Id"] = request_id,
["Content-Type"] = "application/json",
-- use bearer token to connect bkuser
["Authorization"] = "Bearer " .. _M.token,
},
}
local result, err = bkuser_do_request(_M.host, path, params, request_id)
Expand Down
2 changes: 1 addition & 1 deletion src/apisix/plugins/bk-components/utils.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ local function handle_request(url, params, timeout, raise_for_status)
return nil, err .. ", response: nil"
end

if raise_for_status and res.status ~= ngx.HTTP_OK then
if raise_for_status and res.status ~= ngx.HTTP_OK then
return nil, string_format("status is %s, not 200", res.status)
end

Expand Down
10 changes: 10 additions & 0 deletions src/apisix/plugins/bk-core/config.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,11 @@ function _M.get_login_addr()
return core.table.try_read_attr(conf, "bk_gateway", "hosts", "login", "addr")
end

function _M.get_login_token()
local conf = core.config.local_conf()
return core.table.try_read_attr(conf, "bk_gateway", "hosts", "login", "token")
end

function _M.get_login_tencent_addr()
local conf = core.config.local_conf()
return core.table.try_read_attr(conf, "bk_gateway", "hosts", "login-tencent", "addr")
Expand All @@ -84,6 +89,11 @@ function _M.get_bkuser_addr()
return core.table.try_read_attr(conf, "bk_gateway", "hosts", "bkuser", "addr")
end

function _M.get_bkuser_token()
local conf = core.config.local_conf()
return core.table.try_read_attr(conf, "bk_gateway", "hosts", "bkuser", "token")
end

function _M.get_bkauth_legacy_addr()
local conf = core.config.local_conf()
return core.table.try_read_attr(conf, "bk_gateway", "hosts", "bkauth-legacy", "addr")
Expand Down
22 changes: 11 additions & 11 deletions src/apisix/tests/bk-cache/test-user-tenant-info.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
--

local user_tenant_info_cache = require("apisix.plugins.bk-cache.user-tenant-info")
local bkauth_component = require("apisix.plugins.bk-components.bkauth")
local bkuser_component = require("apisix.plugins.bk-components.bkuser")
local uuid = require("resty.jit-uuid")

describe(
Expand All @@ -32,7 +32,7 @@ describe(
get_user_tenant_info_err = nil

stub(
bkauth_component, "get_user_tenant_info", function()
bkuser_component, "get_user_tenant_info", function()
return get_user_tenant_info_result, get_user_tenant_info_err
end
)
Expand All @@ -41,7 +41,7 @@ describe(

after_each(
function()
bkauth_component.get_user_tenant_info:revert()
bkuser_component.get_user_tenant_info:revert()
end
)

Expand All @@ -61,15 +61,15 @@ describe(
tenant_id = "tenant-123",
}
)
assert.stub(bkauth_component.get_user_tenant_info).was_called_with(username)
assert.stub(bkuser_component.get_user_tenant_info).was_called_with(username)

-- get from cache
user_tenant_info_cache.get_user_tenant_info(username)
assert.stub(bkauth_component.get_user_tenant_info).was_called(1)
assert.stub(bkuser_component.get_user_tenant_info).was_called(1)

-- get from func
user_tenant_info_cache.get_user_tenant_info(uuid.generate_v4())
assert.stub(bkauth_component.get_user_tenant_info).was_called(2)
assert.stub(bkuser_component.get_user_tenant_info).was_called(2)
end
)

Expand All @@ -82,15 +82,15 @@ describe(
local result, err = user_tenant_info_cache.get_user_tenant_info(username)
assert.is_nil(result)
assert.is_equal(err, "error")
assert.stub(bkauth_component.get_user_tenant_info).was_called_with(username)
assert.stub(bkuser_component.get_user_tenant_info).was_called_with(username)

-- has err, no cache
user_tenant_info_cache.get_user_tenant_info(username)
assert.stub(bkauth_component.get_user_tenant_info).was_called(2)
assert.stub(bkuser_component.get_user_tenant_info).was_called(2)

-- get from func
user_tenant_info_cache.get_user_tenant_info(uuid.generate_v4())
assert.stub(bkauth_component.get_user_tenant_info).was_called(3)
assert.stub(bkuser_component.get_user_tenant_info).was_called(3)
end
)

Expand All @@ -103,7 +103,7 @@ describe(
local result, err = user_tenant_info_cache.get_user_tenant_info(username)
assert.is_nil(result)
assert.is_equal(err, 'get_user_tenant_info failed, error: connection refused')
assert.stub(bkauth_component.get_user_tenant_info).was_called_with(username)
assert.stub(bkuser_component.get_user_tenant_info).was_called_with(username)
end
)

Expand All @@ -123,7 +123,7 @@ describe(
local result, err = user_tenant_info_cache.get_user_tenant_info(username)
assert.is_same(result, cached_get_user_tenant_info_result)
assert.is_nil(err)
assert.stub(bkauth_component.get_user_tenant_info).was_called_with(username)
assert.stub(bkuser_component.get_user_tenant_info).was_called_with(username)
end
)
end
Expand Down
2 changes: 1 addition & 1 deletion src/apisix/tests/bk-components/test-bkauth.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -435,7 +435,7 @@ describe(
{
code = 0,
data = {
tenant = {
bk_tenant = {
mode = "single",
id = "tenant-id",
},
Expand Down
22 changes: 0 additions & 22 deletions src/apisix/tests/bk-components/test-bkuser.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,28 +107,6 @@ describe(
end
)

it(
"code is not equal to 0", function()
response = {
status = 200,
body = core.json.encode(
{
code = 1,
message = "error",
data = {
tenant_id = nil,
},
}
),
}
response_err = nil

local result, err = bkuser.get_user_tenant_info("fake-app-code")
assert.is_nil(result)
assert.is_true(core.string.has_prefix(err, "failed to request third-party api"))
assert.is_true(core.string.find(err, "request_id") ~= nil)
end
)

it(
"status is not 200", function()
Expand Down
2 changes: 2 additions & 0 deletions src/apisix/tests/conf/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,11 @@ bk_gateway:
addr: "http://login-tencent.example.com"
login:
addr: "http://login.example"
token: "abcdefg"
ssm:
addr: "http://ssm.example.com"
bkcore:
addr: "http://bkcore.example.com"
bkuser:
addr: "http://bkuser.example.com"
token: "abcdefg"

0 comments on commit 54c8c0d

Please sign in to comment.