Merge pull request #114 from TencentBlueKing/development

update version to 2.3.0

.github/workflows/python-ci.yml

@@ -12,7 +12,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: [3.6]
+        python-version: [3.6.14]
         poetry-version: [1.1.7]
         os: [ubuntu-18.04]
     runs-on: ${{ matrix.os }}

.github/workflows/unittest.yml

@@ -0,0 +1,59 @@
+name: Unittest
+
+on:
+  push:
+    branches: [ master, development ]
+  pull_request:
+    branches: [ master, development ]
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [3.6.14]
+        poetry-version: [1.1.7]
+        os: [ubuntu-18.04]
+    runs-on: ${{ matrix.os }}
+
+    env:
+      DB_DATABASE: bk_user_api_test
+      DB_USER: root
+      DB_PASSWORD: root
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up MySQL
+      run: |
+        sudo /etc/init.d/mysql start
+        mysql -e 'CREATE DATABASE ${{ env.DB_DATABASE }};' -u${{ env.DB_USER }} -p${{ env.DB_PASSWORD }}
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Set up Poetry
+      uses: abatilo/actions-poetry@v2.1.0
+      with:
+        poetry-version: ${{ matrix.poetry-version }}
+    - name: Install dependencies
+      run: |
+        cd src/api/
+        poetry config virtualenvs.create false && poetry install
+    - name: Run api unittest
+      env:
+        DJANGO_SETTINGS_MODULE: "bkuser_core.config.overlays.unittest"
+        BK_PAAS_URL: "http://bkpaas.example.com"
+        BK_IAM_V3_INNER_HOST: "http://bkiam.example.com"
+        BK_APP_CODE: "bk-user"
+        BK_APP_SECRET: "some-default-token"
+        CELERY_BROKER_URL: "redis://:passwordG@localhost:32768/0"
+        CELERY_RESULT_BACKEND: "redis://:passwordG@localhost:32768/0"
+        DB_NAME: ${{ env.DB_DATABASE }}
+        DB_USER: ${{ env.DB_USER }}
+        DB_PASSWORD: ${{ env.DB_PASSWORD }}
+        DB_HOST: "127.0.0.1"
+        DB_PORT: "3306"
+      run: |
+        make link
+        cd src/api
+        poetry run pytest bkuser_core/tests --disable-pytest-warnings

.gitignore

@@ -226,3 +226,4 @@ deploy/helm/dist/
 
 deploy/helm/api/templates/c_*.*
 deploy/helm/saas/templates/c_*.*
+deploy/helm/bk-user-stack/templates/c_*.*

Makefile

@@ -1,7 +1,9 @@
-version ?= "v2.3.0"
+version ?= "development"
 values ?=
 image_repo ?= "ccr.ccs.tencentyun.com/bk.io"
 chart_repo ?=
+namespace ?= "bk-user"
+test_release_name ?= "bk-user-test"
 
 generate-release-md:
 	cd src/saas/ && poetry run python manage.py generate_release_md > release.md
@@ -16,37 +18,37 @@ generate-sdk:
 	cd src/ && swagger-codegen generate -i http://localhost:8004/redoc/\?format\=openapi -l python -o sdk/ -c config.json
 
 build-api:
-	docker build -f src/api/Dockerfile . -t ccr.ccs.tencentyun.com/bk.io/bk-user-api:${version}
+	docker build -f src/api/Dockerfile . -t ${image_repo}/bk-user-api:${version}
 
 build-saas:
-	docker build -f src/saas/Dockerfile . -t ccr.ccs.tencentyun.com/bk.io/bk-user-saas:${version}
+	docker build -f src/saas/Dockerfile . -t ${image_repo}/bk-user-saas:${version}
 
 build-all: build-api build-saas
 
 push:
-	docker push ${image_repo}/bk.io/bk-user-api:${version}
-	docker push ${image_repo}/bk.io/bk-user-saas:${version}
+	docker push ${image_repo}/bk-user-api:${version}
+	docker push ${image_repo}/bk-user-saas:${version}
 
 helm-sync:
+	mkdir -p deploy/helm/api/templates/
+	mkdir -p deploy/helm/saas/templates/
 	ln -s ${PWD}/deploy/helm/chartty/* deploy/helm/api/templates/ || true
 	ln -s ${PWD}/deploy/helm/chartty/* deploy/helm/saas/templates/ || true
 
+	ln -s ${PWD}/deploy/helm/chartty/c_*.tpl deploy/helm/bk-user-stack/templates/ || true
+
 helm-refresh: helm-sync
 	cd deploy/helm && helm dependency update bk-user-stack --skip-refresh
 
 helm-debug: helm-refresh
-	cd deploy/helm && helm install bk-user-test bk-user-stack --debug --dry-run
+	cd deploy/helm && helm install ${test_release_name} bk-user-stack --debug --dry-run -f local_values.yaml
 
 helm-install: helm-refresh
-	kubectl create ns bk-user || true
-	cd deploy/helm && helm install bk-user-test bk-user-stack --namespace bk-user -f local_values.yaml
-
-helm-upgrade: helm-refresh
-	cd deploy/helm && helm upgrade bk-user-test bk-user-stack -n bk-user
+	cd deploy/helm && helm upgrade --install ${test_release_name} bk-user-stack -n ${namespace} -f local_values.yaml
 
 helm-uninstall:
-	helm uninstall bk-user-test -n bk-user
-	kubectl delete ns bk-user
+	helm uninstall ${test_release_name} -n ${namespace} || true
+	kubectl delete deploy,sts,cronjob,pod,svc,ingress,secret,cm,sa,pvc -n ${namespace} -l app.kubernetes.io/instance=${test_release_name}
 
 helm-package: helm-refresh
 	cd deploy/helm && helm package bk-user-stack -d dist/

deploy/helm/api/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: v2.3.0
 description: A Helm chart for bk user api
 name: bkuserapi
 type: application
-version: 0.1.0
+version: 1.0.0

deploy/helm/api/values.yaml

@@ -13,6 +13,12 @@ global:
     registry: ""
     username: ""
     name: ""
+
+  # 全局镜像配置
+  image:
+    registry: "ccr.ccs.tencentyun.com/bk.io"
+    pullPolicy: Always
+
   # 全局环境变量，当 `env` 指定时，`global.env` 内相同 key 值变量将被覆盖
   env: {}
 
@@ -23,10 +29,7 @@ global:
 replicaCount: 1
 
 image:
-  registry: ""
-  repository: bk-user-api
-  pullPolicy: IfNotPresent
-  tag: ""
+  name: bk-user-api
 
 # 用来覆盖 Chart 名
 nameOverride: ""
@@ -69,25 +72,30 @@ affinity: {}
 
 # key-value 结构渲染
 env:
+  # -------------
+  # 默认配置，不了解详情时请不要修改
+  # -------------
+  BK_APP_CODE: "bk-user"
   DJANGO_SETTINGS_MODULE: "bkuser_core.config.overlays.prod"
   # -------------
   # 权限中心相关配置
   # -------------
-  BK_IAM_SYSTEM_ID: "bk-user"
+  BK_IAM_SYSTEM_ID: "bk_usermgr"
   # 权限中心后台访问地址
-  BK_IAM_V3_INNER_HOST: ""
-  # 默认我们会按照 BK_PAAS_HOST/o/bk_iam 拼接权限中心 SaaS 访问地址，可以通过以下值覆盖
+  BK_IAM_V3_INNER_HOST: "http://bkiam-web"
+  # 默认我们会按照 BK_PAAS_URL/o/bk_iam 拼接权限中心 SaaS 访问地址，可以通过以下值覆盖
   # BK_IAM_SAAS_HOST: "http://apps.bktencent-example.com/bkapp-bk-iam-saas-prod/"
 
 envFrom: []
 
-# 提供原生的 env 写法，
+# 提供原生的 env 写法
 extrasEnv: []
 
 # 额外提供一种基于 sharedDomain 自动生成的 URL 类型环境变量
-sharedUrlEnvMap: {}
-  # BK_JOB_HOST:
-  #   value: "jobee-test"
+sharedUrlEnvMap:
+   SAAS_URL: "http://bkuser.{{ .Values.global.sharedDomain }}"
+   # 使容器可以自我感知访问地址
+   BK_USER_API_URL: "http://bkuser-api.{{ .Values.global.sharedDomain }}"
 
 # 标识必填的环境变量列表
 requiredEnvList: []

deploy/helm/bk-user-stack/Chart.lock

@@ -1,15 +1,15 @@
 dependencies:
 - name: bkuserapi
   repository: file://../api
-  version: 0.1.0
+  version: 1.0.0
 - name: bkusersaas
   repository: file://../saas
-  version: 0.1.0
+  version: 1.0.0
 - name: mariadb
   repository: https://charts.bitnami.com/bitnami
   version: 9.4.0
 - name: redis
   repository: https://charts.bitnami.com/bitnami
   version: 14.8.7
-digest: sha256:81b85758a4dc4dabd567c4df1ed842b007bd03708841bbde8fb10c0bab66ac3f
-generated: "2021-08-18T20:49:45.848239+08:00"
+digest: sha256:5f5c69a6e9e9f002d5897f19c2de8ad441ae65aaa09b641880bb044b1b9cdda1
+generated: "2021-09-01T15:22:58.235089+08:00"

deploy/helm/bk-user-stack/Chart.yaml

@@ -2,17 +2,17 @@ apiVersion: v2
 name: bk-user-stack
 description: A Helm chart for bk-user
 type: application
-version: 0.5.0
+version: 0.5.4
 appVersion: v2.3.0
 
 dependencies:
 - name: bkuserapi
-  version: "0.1.0"
+  version: "1.0.0"
   repository: "file://../api"
   condition: bkuserapi.enabled
 
 - name: bkusersaas
-  version: "0.1.0"
+  version: "1.0.0"
   repository: "file://../saas"
   condition: bkusersaas.enabled
 

deploy/helm/bk-user-stack/README.md

@@ -27,27 +27,27 @@ helm repo update
 ### 准备 `values.yaml`
 
 #### 1. 获取蓝鲸平台访问地址 
-首先，你需要获取到蓝鲸平台的访问地址，例如 `https://paas.bktencent-example.com`，确保 `https://paas.bktencent-example.com/login` 可以访问蓝鲸登录，然后将该值的内容填入全局环境变量中。
+首先，你需要获取到蓝鲸平台的访问地址，例如 `https://paas.example.com`，确保 `https://paas.example.com/login` 可以访问蓝鲸登录，然后将该值的内容填入全局环境变量中。
 
 配置示例：
 ```yaml
 global:
   env:
     # 蓝鲸平台域名
-    BK_PAAS_HOST: "https://paas.bktencent-example.com"
+    BK_PAAS_URL: "https://paas.example.com"
 ```
 
 #### 2. 确定用户管理访问地址
 
-你需要为用户管理提供一个访问根域，类似 `bktencent-example.com`，配置示例:
+你需要为用户管理提供一个访问根域，类似 `example.com`，配置示例:
 ```yaml
 global:
-  sharedDomain: "bktencent-example.com"
+  sharedDomain: "example.com"
 ```
 
 默认地，我们会为 `Api` & `SaaS` 分别创建两个访问入口(Ingress)：
-- `bkuser.bktencent-example.com` SaaS 页面访问入口
-- `bkuser-api.bktencent-example.com` Api 访问入口
+- `bkuser.example.com` SaaS 页面访问入口
+- `bkuser-api.example.com` Api 访问入口
 
 #### 3. 准备用户管理镜像
 
@@ -60,18 +60,12 @@ ccr.ccs.tencentyun.com/bk.io/bk-user-saas:${version}
 
 如果你想使用官方其他版本或者自己构建的镜像，也可以在 `values.yaml` 中修改，配置示例：
 ```yaml
-bkuserapi:
-  enabeld: true
+global:
   image:
     # 修改镜像地址，我们会按照 {registry}/{repository} 方式拼接
     registry: any-mirrors-you-want.com/any-group
-    repository: bk-user-api
     # 修改用户管理版本，从 https://github.com/TencentBlueKing/bk-user/releases 获取
-    tag: "v2.2.0"
-
-# 使用官方最新镜像则无需修改该部分
-bkusersaas:
-  enabled: true
+    tag: "v2.3.0"
 ```
 
 #### 4. 数据库依赖
@@ -89,7 +83,7 @@ mariadb:
     username: "bk-user"
     password: "root"
   primary:
-    # 默认我们未开启持久化，如有需求可以参考: https://kubernetes.io/docs/user-guide/persistent-volumes/ 
+    # 默认我们未开启持久化，如有需求可以参考: https://kubernetes.io/docs/user-guide/persistent-volumes/
     persistence:
       enabled: false
   initdbScriptsConfigMap: "bk-user-mariadb-init
@@ -101,11 +95,17 @@ mariadb:
 bkuserapi:
   enabeld: true
   env:
+    # 手动指定外部 DB ，仅支持 MySQL/MariaDB
     DB_NAME: "your-db-name"
     DB_USER: "your-db-user"
     DB_PASSWORD: "your-db-password"
     DB_HOST: "your-db-host"
     DB_PORT: "your-db-port"
+    # 外部 Celery Broker，任意符合要求的 Broker 存储均可
+    CELERY_BROKER_URL: "your-broker-url"
+    CELERY_RESULT_BACKEND: "your-broker-url"
+  # 手动取消内建存储挂载
+  envFrom: []
 
 bkusersaas:
   enabled: true
@@ -115,9 +115,14 @@ bkusersaas:
     DB_PASSWORD: "your-db-password"
     DB_HOST: "your-db-host"
     DB_PORT: "your-db-port"
+  # 手动取消内建存储挂载 
+  envFrom: []
 
 mariadb:
   enabled: false
+  
+redis:
+  enabled: false
 ```
 
 #### 5. 权限中心
@@ -126,7 +131,7 @@ mariadb:
 bkuserapi:
   env:
     # 填充权限中心相关变量
-    BK_IAM_V3_INNER_HOST: "http://iam-backend-url.com" 
+    BK_IAM_V3_INNER_HOST: "https://iam.example.com" 
   # 打开权限中心模型注册，每次重新部署即会运行
   preRunHooks:
     bkiam-migrate:
@@ -175,8 +180,10 @@ helm install bk-user bk-user-stack -n bk-user -f values.yaml \
 # 卸载资源
 helm uninstall bk-user -n bk-user
 
-# 已安装的 mariadb 并不会被删除，防止没有开启持久化期间产生的数据被销毁
-# 如果确认已不再需要相关内容，可以手动删除
-kubectl delete sts bk-user-mariadb -n bk-user 
-kubectl delete svc bk-user-mariadb -n bk-user 
+# 已安装的 mariadb & redis 并不会被删除，防止没有开启持久化期间产生的数据被销毁
+# 如果确认已不再需要相关内容，可以手动删除命名空间内的资源
+# 独立命名空间时
+kubectl delete ns bk-user
+# 非独立命名空间时
+kubectl delete deploy,sts,cronjob,pod,svc,ingress,secret,cm,sa,role,rolebinding,pvc -l app.kubernetes.io/instance=bk-user -n bk-user 
 ```

deploy/helm/bk-user-stack/templates/mariadb-env-configmap.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.mariadb.enabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -8,13 +9,11 @@ metadata:
     "helm.sh/hook": pre-install
     "helm.sh/hook-weight": "-1"
 data:
-  {{- if .Values.mariadb.enabled }}
   DB_NAME: "{{ .Values.bkuserapi.database.preferName }}"
   DB_USER: "{{ .Values.mariadb.auth.username }}"
   DB_PASSWORD: "{{ .Values.mariadb.auth.password }}"
   DB_HOST: "{{ .Release.Name }}-mariadb"
   DB_PORT: "3306"
-  {{- end -}}
 # Another configmap
 ---
 apiVersion: v1
@@ -27,10 +26,9 @@ metadata:
     "helm.sh/hook": pre-install
     "helm.sh/hook-weight": "-1"
 data:
-  {{- if .Values.mariadb.enabled }}
   DB_NAME: "{{ .Values.bkusersaas.database.preferName }}"
   DB_USER: "{{ .Values.mariadb.auth.username }}"
   DB_PASSWORD: "{{ .Values.mariadb.auth.password }}"
   DB_HOST: "{{ .Release.Name }}-mariadb"
   DB_PORT: "3306"
-  {{- end -}}
+{{- end -}}