manager

package module
v0.0.0-...-c6c43e1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 4, 2022 License: MIT Imports: 14 Imported by: 0

README

apigw-manager

蓝鲸 API 网关管理 SDK,提供了基本的注册,同步,发布等功能。

功能

  • 根据预定义的 YAML 文件进行网关创建,更新,发布及资源同步操作;
  • 提供了 JWT token 解析工具,校验接口请求来自于 APIGateway;

根据 YAML 同步网关配置

definition.yaml

用于定义网关资源,为了简化使用,使用以下模型进行处理:

+---------------------------------+                +--------------------------------+
|                                 |                |                                |
|                                 |                |  +----------------------+      |
|   ns1:                          |                |  |ns1:                  |      |
|     key: {{data.key}}           |                |  |  key: value_from_data+--+   |             +------------------------------+
|                                 |     Render     |  |                      |  |   |    Load     |                              |
|                                 +--------------->+  +----------------------+  +---------------->+  api(key="value_from_data")  |
|   ns2:                          |                |   ns2:                         |             |                              |
|     key: {{environ.THE_KEY}}    |                |     key: value_from_environ    |             +------------------------------+
|                                 |                |                                |
|                                 |                |                                |
|           Template              |                |              YAML              |
+---------------------------------+                +--------------------------------+

definition.yaml 中可以使用 Django 模块语法引用和渲染变量,内置以下变量:

  • environ:环境变量;
  • data:命令行自定义变量;

推荐在一个文件中统一进行定义,用命名空间来区分不同资源间的定义:

  • apigateway:定义网关基本信息;
  • stage:定义环境信息;
  • plugin_configs:定义网关插件配置;
  • apply_permissions:申请网关权限;
  • grant_permissions:应用主动授权;
  • resource_version:资源版本信息;
  • release:定义发布内容;
  • resource_docs:定义资源文档;
使用示例
manager, err := NewManagerFrom(
    "my-api",
    bkapi.ClientConfig0{
        Endpoint: "http://bkapi.example.com",
        AppCode: "my-app-code",
        AppSecret: "my-app-secret",
    },
    "/path/to/definition.yaml",
    map[string]interface{}{
        "key": "value",
    },
)

manager.SyncBasicInfo("apigateway")  // 同步网关基本信息
manager.SyncStageConfig("stage")       // 同步环境信息
manager.SyncPluginConfig("plugin_configs")  // 同步网关插件配置
manager.SyncResourcesConfig("resources")  // 同步资源配置
manager.SyncResourceDocByArchive("resource_docs")  // 同步资源文档
manager.ApplyPermissions("apply_permissions")  // 申请网关权限
manager.GrantPermissions("grant_permissions")  // 应用主动授权
manager.CreateResourceVersion("resource_version")  // 创建资源版本
manager.Release("release")  // 发布资源
manager.GetPublicKey()  // 获取网关公钥
manager.GetPublicKeyString()  // 获取网关公钥字符串

解析网关 JWT token

选择获取网关公钥方式

解析 JWT token 需要使用网关公钥,内置两种方式:

  • PublicKeySimpleProvider:直接返回预定义的公钥;
  • PublicKeyMemoryCache:调用网关接口获取公钥,并缓存一段时间;

此外,可以自行实现 PublicKeyProvider 接口,自定义获取网关公钥的方式。

解析

选择合适的 PublicKeyProvider 实现创建 RsaJwtTokenParser

jwtParser, err := NewRsaJwtTokenParser(getMyPublicKeyProvider())
claims, err := jwtParser.Parse(jwtToken)

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNotFound                            = errors.New("not found")
	ErrApigatewayRequest                   = errors.New("apigateway request error")
	ErrApiGatewayPublicKeyNotFound         = errors.New("public key not found")
	ErrApiGatewayPublicKeyTypeNotSupported = errors.New("public key type not supported")
)
View Source
var (
	ErrKidInvalid = errors.New("kid is invalid")
)

Functions

This section is empty.

Types

type ApigatewayJwtApp

type ApigatewayJwtApp struct {
	AppCode   string `json:"app_code"`
	BkAppCode string `json:"bk_app_code"`
	Verified  bool   `json:"verified"`
}

ApigatewayJwtApp represents the request app.

type ApigatewayJwtClaims

type ApigatewayJwtClaims struct {
	jwt.StandardClaims
	ApiName string             `json:"-"`
	App     *ApigatewayJwtApp  `json:"app,omitempty"`
	User    *ApigatewayJwtUser `json:"user,omitempty"`
}

ApigatewayJwtClaims is the jwt token payload, which carries the information of the request.

type ApigatewayJwtUser

type ApigatewayJwtUser struct {
	Username   string `json:"bk_username"`
	SourceType string `json:"source_type"`
	Verified   bool   `json:"verified"`
}

ApigatewayJwtUser represents the request user.

type Definition

type Definition struct {
	// contains filtered or unexported fields
}

Definition represents a definition of a api gateway.

func NewDefinition

func NewDefinition(definition map[string]interface{}) *Definition

NewDefinition creates a new definition from the given map.

func NewDefinitionFromYaml

func NewDefinitionFromYaml(content []byte) (*Definition, error)

NewDefinitionFromYaml unmarshal the given yaml string to a definition.

func (*Definition) Get

func (d *Definition) Get(namespace string) (map[string]interface{}, error)

Get sub definition.

type DefintionContext

type DefintionContext struct {
	// contains filtered or unexported fields
}

DefintionContext for defintion template engine

func NewDefinitionContext

func NewDefinitionContext(apiName string, config *bkapi.ClientConfig) *DefintionContext

NewDefinitionContext return new defintion context

func (*DefintionContext) Context

func (c *DefintionContext) Context(data interface{}) pongo2.Context

Context return pongo2 context

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager is the manager of apigw, it helps to sync apigw configs and get apigw infomations.

func NewDefaultManager

func NewDefaultManager(apiName string, config bkapi.ClientConfig) (*Manager, error)

NewDefaultManager create a new default manager.

func NewManager

func NewManager(
	apiName string,
	config bkapi.ClientConfig,
	definition *Definition,
	clientFactory func(
		configProvider define.ClientConfigProvider, opts ...define.BkApiClientOption,
	) (*apigateway.Client, error),
) (*Manager, error)

NewManager create a new manager.

func NewManagerFrom

func NewManagerFrom(
	apiName string,
	config bkapi.ClientConfig,
	path string,
	data interface{},
) (*Manager, error)

NewManagerFrom file will create a new manager from the file.

func (*Manager) ApplyPermissions

func (m *Manager) ApplyPermissions(namespace string) (map[string]interface{}, error)

ApplyPermissions apply the permissions under the namespace to apigw.

func (*Manager) CreateResourceVersion

func (m *Manager) CreateResourceVersion(namespace string) (map[string]interface{}, error)

CreateResourceVersion create a resource version defined in the namespace.

func (*Manager) GetDefinition

func (m *Manager) GetDefinition() *Definition

GetDefinition return the definition.

func (*Manager) GetLatestResourceVersion

func (m *Manager) GetLatestResourceVersion() (map[string]interface{}, error)

GetLatestResourceVersion get the latest resource version from apigw.

func (*Manager) GetPublicKey

func (m *Manager) GetPublicKey() (map[string]interface{}, error)

GetPublicKey fetch the public key info from apigw.

func (*Manager) GetPublicKeyString

func (m *Manager) GetPublicKeyString() (string, error)

GetPublicKey fetch the public key from apigw.

func (*Manager) GrantPermissions

func (m *Manager) GrantPermissions(namespace string) (map[string]interface{}, error)

GrantPermissions grant the permissions under the namespace to apigw.

func (*Manager) LoadDefinition

func (m *Manager) LoadDefinition(path string, data interface{}) error

LoadDefinition will load the definition from the file.

func (*Manager) Release

func (m *Manager) Release(namespace string) (map[string]interface{}, error)

Release release the resource version defined in the namespace.

func (*Manager) SyncBasicInfo

func (m *Manager) SyncBasicInfo(namespace string) (map[string]interface{}, error)

SyncBasicInfo sync the basic info from definition under the namespace to apigw.

func (*Manager) SyncPluginConfig

func (m *Manager) SyncPluginConfig(namespace string) (map[string]interface{}, error)

SyncPluginConfig sync the plugin config from definition under the namespace to apigw.

func (*Manager) SyncResourceDocByArchive

func (m *Manager) SyncResourceDocByArchive(namespace string) (map[string]interface{}, error)

SyncResourceDocByArchive sync the resource doc from archive to apigw.

func (*Manager) SyncResourcesConfig

func (m *Manager) SyncResourcesConfig(namespace string) (map[string]interface{}, error)

SyncResourcesConfig sync the resources config from definition under the namespace to apigw.

func (*Manager) SyncStageConfig

func (m *Manager) SyncStageConfig(namespace string) (map[string]interface{}, error)

SyncStageConfig sync the stage config from definition under the namespace to apigw.

type PublicKeyMemoryCache

type PublicKeyMemoryCache struct {
	// contains filtered or unexported fields
}

PublicKeyMemoryCache will cache public key in memory.

func NewDefaultPublicKeyMemoryCache

func NewDefaultPublicKeyMemoryCache(config bkapi.ClientConfig) *PublicKeyMemoryCache

NewDefaultPublicKeyMemoryCache creates a default memory cache for public key.

func NewPublicKeyMemoryCache

func NewPublicKeyMemoryCache(
	config bkapi.ClientConfig,
	expiration time.Duration,
	clientFactory func(apiName string, config bkapi.ClientConfig) (*Manager, error),
) *PublicKeyMemoryCache

NewPublicKeyMemoryCache creates a memory cache for public key.

func (*PublicKeyMemoryCache) ProvidePublicKey

func (c *PublicKeyMemoryCache) ProvidePublicKey(apiName string) (string, error)

ProvidePublicKey gets public key from cache.

type PublicKeyProvider

type PublicKeyProvider interface {
	ProvidePublicKey(apiName string) (string, error)
}

PublicKeyProvider is the interface for public key provider.

type PublicKeySimpleProvider

type PublicKeySimpleProvider struct {
	// contains filtered or unexported fields
}

PublicKeySimpleProvider provides some predefined public keys.

func NewPublicKeySimpleProvider

func NewPublicKeySimpleProvider(publicKeys map[string]string) *PublicKeySimpleProvider

NewPublicKeySimpleProvider creates a simple public key provider.

func (*PublicKeySimpleProvider) ProvidePublicKey

func (p *PublicKeySimpleProvider) ProvidePublicKey(apiName string) (string, error)

ProvidePublicKey returns public key for given api name.

type RsaJwtTokenParser

type RsaJwtTokenParser struct {
	// contains filtered or unexported fields
}

RsaJwtTokenParser can parse jwt token by rsa algorithm.

func NewRsaJwtTokenParser

func NewRsaJwtTokenParser(provider PublicKeyProvider) *RsaJwtTokenParser

NewRsaJwtTokenParser creates a new rsa jwt token parser.

func (*RsaJwtTokenParser) Parse

func (p *RsaJwtTokenParser) Parse(tokenString string) (ApigatewayJwtClaims, error)

Parse the jwt token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL