diff --git a/bcs-services/bcs-helm-manager/internal/app/app.go b/bcs-services/bcs-helm-manager/internal/app/app.go index e5fac9fcf7..cf4a960209 100644 --- a/bcs-services/bcs-helm-manager/internal/app/app.go +++ b/bcs-services/bcs-helm-manager/internal/app/app.go @@ -143,6 +143,7 @@ func (hm *HelmManager) Init() error { hm.initRegistry, hm.initJWTClient, hm.initIAMClient, + hm.initSharedClusterConf, hm.InitComponentConfig, hm.initDiscovery, hm.initMicro, @@ -604,6 +605,14 @@ func (hm *HelmManager) initIAMClient() error { return nil } +// initSharedClusterConf init conf value for shared cluster +func (hm *HelmManager) initSharedClusterConf() error { + if hm.opt.SharedCluster.AnnotationKeyProjCode == "" { + hm.opt.SharedCluster.AnnotationKeyProjCode = common.AnnotationKeyProjectCode + } + return nil +} + func (hm *HelmManager) initCryptor() error { if !hm.opt.Encrypt.Enable { return nil diff --git a/bcs-services/bcs-helm-manager/internal/auth/iam.go b/bcs-services/bcs-helm-manager/internal/auth/iam.go index 22eb2a8e54..6a285d1ef2 100644 --- a/bcs-services/bcs-helm-manager/internal/auth/iam.go +++ b/bcs-services/bcs-helm-manager/internal/auth/iam.go @@ -26,6 +26,7 @@ import ( "k8s.io/client-go/kubernetes" "github.com/Tencent/bk-bcs/bcs-services/bcs-helm-manager/internal/component" + "github.com/Tencent/bk-bcs/bcs-services/bcs-helm-manager/internal/options" ) var ( @@ -37,9 +38,6 @@ var ( ClusterIamClient *cluster.BCSClusterPerm // NamespaceIamClient namespace iam client NamespaceIamClient *namespace.BCSNamespacePerm - - // ProjCodeAnnoKey 项目 Code 在命名空间 Annotations 中的 Key - ProjCodeAnnoKey = "io.tencent.bcs.projectcode" ) // InitPermClient new a perm client @@ -105,7 +103,7 @@ func ReleaseResourcePermCheck(projectCode, clusterID string, namespaceCreated, c if err != nil { return false, "", nil, err } - if ns.Annotations[ProjCodeAnnoKey] != projectCode { + if ns.Annotations[options.GlobalOptions.SharedCluster.AnnotationKeyProjCode] != projectCode { return false, "", nil, fmt.Errorf("命名空间 %s 在该共享集群中不属于指定项目", v) } } diff --git a/bcs-services/bcs-helm-manager/internal/common/constant.go b/bcs-services/bcs-helm-manager/internal/common/constant.go index 318bcc3ea4..370b0ae26b 100644 --- a/bcs-services/bcs-helm-manager/internal/common/constant.go +++ b/bcs-services/bcs-helm-manager/internal/common/constant.go @@ -51,3 +51,9 @@ const ( // LangCookieName 语言版本 Cookie 名称 LangCookieName = "blueking_language" ) + +// shared cluster +const ( + // AnnotationKeyProjectCode namespace 的 projectcode 注解 key 默认值 + AnnotationKeyProjectCode = "io.tencent.bcs.projectcode" +) diff --git a/bcs-services/bcs-helm-manager/internal/options/options.go b/bcs-services/bcs-helm-manager/internal/options/options.go index b39721fd11..b86da14009 100644 --- a/bcs-services/bcs-helm-manager/internal/options/options.go +++ b/bcs-services/bcs-helm-manager/internal/options/options.go @@ -160,21 +160,27 @@ type EncryptSecret struct { Secret string `json:"secret" yaml:"secret"` } +// SharedClusterConfig options of shared cluster config +type SharedClusterConfig struct { + AnnotationKeyProjCode string `json:"annotationKeyProjCode" yaml:"annotationKeyProjCode"` +} + // HelmManagerOptions options of helm manager type HelmManagerOptions struct { - Etcd EtcdOption `json:"etcd" yaml:"etcd"` - BcsLog LogConfig `json:"log" yaml:"log"` - Swagger SwaggerConfig `json:"swagger" yaml:"swagger"` - Mongo MongoConfig `json:"mongo" yaml:"mongo"` - Repo RepoConfig `json:"repo" yaml:"repo"` - Release ReleaseConfig `json:"release" yaml:"release"` - IAM IAMConfig `json:"iam" yaml:"iam"` - JWT JWTConfig `json:"jwt" yaml:"jwt"` - Credentials []Credential `json:"credentials" yaml:"credentials"` - Encrypt Encrypt `json:"encrypt" yaml:"encrypt"` - Debug bool `json:"debug" yaml:"debug"` - TLS TLS `json:"tls" yaml:"tls"` - TracingConfig conf.TracingConfig `json:"tracingConfig" yaml:"tracingConfig"` + Etcd EtcdOption `json:"etcd" yaml:"etcd"` + BcsLog LogConfig `json:"log" yaml:"log"` + Swagger SwaggerConfig `json:"swagger" yaml:"swagger"` + Mongo MongoConfig `json:"mongo" yaml:"mongo"` + Repo RepoConfig `json:"repo" yaml:"repo"` + Release ReleaseConfig `json:"release" yaml:"release"` + IAM IAMConfig `json:"iam" yaml:"iam"` + JWT JWTConfig `json:"jwt" yaml:"jwt"` + Credentials []Credential `json:"credentials" yaml:"credentials"` + Encrypt Encrypt `json:"encrypt" yaml:"encrypt"` + Debug bool `json:"debug" yaml:"debug"` + TLS TLS `json:"tls" yaml:"tls"` + TracingConfig conf.TracingConfig `json:"tracingConfig" yaml:"tracingConfig"` + SharedCluster SharedClusterConfig `json:"sharedCluster" yaml:"sharedCluster"` ServerConfig }