Merge pull request #81 from TencentBlueKing/develop

v1.3.1
TencentBlueKing · May 15, 2023 · 081c25f · 081c25f
2 parents a313b3a + 3678cde
commit 081c25f
Show file tree

Hide file tree

Showing 7 changed files with 75 additions and 9 deletions.
diff --git a/docs/usage.md b/docs/usage.md
@@ -874,3 +874,11 @@ IAM(app_code, app_secret, bk_apigateway_url="http://bk-iam.{APIGATEWAY_DOMAIN}/p
 
 - `BK_IAM_USE_APIGATEWAY = True`
 - `BK_IAM_APIGATEWAY_URL = "http://bk-iam.{APIGATEWAY_DOMAIN}/{env}"`
+
+## 5. 使用 v1 鉴权 api
+
+当前SDK默认使用 v2 鉴权 api, 如果开发者环境的权限中心后台版本小于 v1.2.6, 则不支持直接使用v2 api, 需要配置`api_version`指定使用v1 api
+
+```python
+IAM(APP_CODE, APP_SECRET, BK_IAM_HOST, BK_PAAS_HOST, api_version="v1")
+```
diff --git a/iam/__version__.py b/iam/__version__.py
@@ -1,3 +1,3 @@
 # -*- coding: utf-8 -*-
 
-__version__ = "1.2.2"
+__version__ = "1.3.1"
diff --git a/iam/api/client.py b/iam/api/client.py
@@ -59,11 +59,13 @@ def __init__(self, app_code, app_secret, bk_iam_host=None, bk_paas_host=None, bk
             self._bk_paas_host = bk_paas_host
 
         # will add ?debug=true in url, for debug api/policy, show the details
-        is_api_debug_enabled = (os.environ.get("IAM_API_DEBUG") == "true"
-                                or os.environ.get("BKAPP_IAM_API_DEBUG") == "true")
+        is_api_debug_enabled = (
+            os.environ.get("IAM_API_DEBUG") == "true" or os.environ.get("BKAPP_IAM_API_DEBUG") == "true"
+        )
         # will add ?force=true in url, for api/policy run without cache(all data from database)
-        is_api_force_enabled = (os.environ.get("IAM_API_FORCE") == "true"
-                                or os.environ.get("BKAPP_IAM_API_FORCE") == "true")
+        is_api_force_enabled = (
+            os.environ.get("IAM_API_FORCE") == "true" or os.environ.get("BKAPP_IAM_API_FORCE") == "true"
+        )
 
         self._extra_url_params = {}
         if is_api_debug_enabled:
@@ -322,11 +324,22 @@ def policy_query(self, data):
         ok, message, data = self._call_iam_api(http_post, path, data)
         return ok, message, data
 
+    # --------- policy v2
+    def v2_policy_query(self, system_id, data):
+        path = f"/api/v2/policy/systems/{system_id}/query/"
+        ok, message, data = self._call_iam_api(http_post, path, data)
+        return ok, message, data
+
     def policy_query_by_actions(self, data):
         path = "/api/v1/policy/query_by_actions"
         ok, message, data = self._call_iam_api(http_post, path, data)
         return ok, message, data
 
+    def v2_policy_query_by_actions(self, system_id, data):
+        path = f"/api/v2/policy/systems/{system_id}/query_by_actions/"
+        ok, message, data = self._call_iam_api(http_post, path, data)
+        return ok, message, data
+
     def get_token(self, system_id):
         path = "/api/v1/model/systems/{system_id}/token".format(system_id=system_id)
         ok, message, _data = self._call_iam_api(http_get, path, {})

diff --git a/iam/iam.py b/iam/iam.py
@@ -37,7 +37,9 @@ class IAM(object):
     input: object
     """
 
-    def __init__(self, app_code, app_secret, bk_iam_host=None, bk_paas_host=None, bk_apigateway_url=None):
+    def __init__(
+        self, app_code, app_secret, bk_iam_host=None, bk_paas_host=None, bk_apigateway_url=None, api_version="v2"
+    ):
         """
         如果有 APIGateway 且权限中心网关接入, 则可以统一API请求全部走APIGateway
         - 没有APIGateway的用法: IAM(app_code, app_secret, bk_iam_host, bk_paas_host)
@@ -48,6 +50,8 @@ def __init__(self, app_code, app_secret, bk_iam_host=None, bk_paas_host=None, bk
         """
         self._client = Client(app_code, app_secret, bk_iam_host, bk_paas_host, bk_apigateway_url)
 
+        self._api_version = api_version
+
     def _do_policy_query(self, request, with_resources=True):
         data = request.to_dict()
         logger.debug("the request: %s", data)
@@ -57,7 +61,10 @@ def _do_policy_query(self, request, with_resources=True):
         if not with_resources:
             data["resources"] = []
 
-        ok, message, policies = self._client.policy_query(data)
+        if self._api_version == "v2":
+            ok, message, policies = self._client.v2_policy_query(request.system, data)
+        else:
+            ok, message, policies = self._client.policy_query(data)
         if not ok:
             raise AuthAPIError(message)
         return policies
@@ -75,7 +82,10 @@ def _do_policy_query_by_actions(self, request, with_resources=True):
         if not with_resources:
             data["resources"] = []
 
-        ok, message, action_policies = self._client.policy_query_by_actions(data)
+        if self._api_version == "v2":
+            ok, message, action_policies = self._client.v2_policy_query_by_actions(request.system, data)
+        else:
+            ok, message, action_policies = self._client.policy_query_by_actions(data)
         if not ok:
             raise AuthAPIError(message)
         return action_policies
@@ -401,7 +411,7 @@ def make_filter(self, request, converter_class=DjangoQuerySetConverter, key_mapp
 
     # TODO: add the register model apis
     def get_token(self, system):
-        """ 获取token
+        """获取token
         return bool, message, token
         """
         return self._client.get_token(system)

diff --git a/readme.md b/readme.md
@@ -47,6 +47,7 @@ $ pip install bk-iam
 - [TencentBlueKing/iam-python-sdk](https://github.com/TencentBlueKing/iam-python-sdk)
 - [TencentBlueKing/iam-go-sdk](https://github.com/TencentBlueKing/iam-go-sdk)
 - [TencentBlueKing/iam-php-sdk](https://github.com/TencentBlueKing/iam-php-sdk)
+- [TencentBlueKing/iam-java-sdk](https://github.com/TencentBlueKing/iam-java-sdk)
 
 ## Support
 

diff --git a/release.md b/release.md
@@ -1,6 +1,10 @@
 版本日志
 ===============
 
+# v1.3.1
+
+- add: 支持权限中心后台v2鉴权api
+
 # v1.2.2
 
 - add: fetch_instance_list/fetch_resource_type_schema in ResourceProvider

diff --git a/tests/api/test_client.py b/tests/api/test_client.py
@@ -41,6 +41,27 @@ def _test_ok_message_data(mock_request, call_func):
     assert data[1] == 1
 
 
+def _test_v2_ok_message_data(mock_request, call_func):
+    # 1. request fail
+    mock_request.return_value = (False, "error", {})
+    ok, message, data = call_func("system", {})
+
+    assert not ok
+
+    # 2. request success, code not 0
+    mock_request.return_value = (True, "error status_code != 200", {"code": 404, "message": "not found"})
+    ok, message, data = call_func("system", {})
+    assert not ok
+
+    # 3. request success, code 0
+    mock_request.return_value = (True, "ok", {"code": 0, "message": "ok", "data": {1: 1}})
+    ok, message, data = call_func("system", {})
+    assert ok
+    assert message == "ok"
+    assert data
+    assert data[1] == 1
+
+
 @patch("iam.api.client.http_post")
 def test_client_policy_query(mock_post):
     c = Client("bk_paas", "", "http://127.0.0.1:1234", "http://127.0.0.1:8000")
@@ -50,6 +71,15 @@ def test_client_policy_query(mock_post):
     _test_ok_message_data(mock_post, c.policy_query_by_actions)
 
 
+@patch("iam.api.client.http_post")
+def test_v2_client_policy_query(mock_post):
+    c = Client("bk_paas", "", "http://127.0.0.1:1234", "http://127.0.0.1:8000")
+
+    _test_v2_ok_message_data(mock_post, c.v2_policy_query)
+
+    _test_v2_ok_message_data(mock_post, c.v2_policy_query_by_actions)
+
+
 def _test_ok_message(mock_request, call_func, kwargs):
     # 1. request fail
     mock_request.return_value = (False, "error", {})