/
conf.go
445 lines (374 loc) · 12.2 KB
/
conf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
// Copyright (c) 2021 Terminus, Inc.
//
// This program is free software: you can use, redistribute, and/or modify
// it under the terms of the GNU Affero General Public License, version 3
// or later ("AGPL"), as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// Package conf 定义配置选项
package conf
import (
"encoding/json"
"fmt"
"io/ioutil"
"strings"
"github.com/c2h5oh/datasize"
"gopkg.in/yaml.v3"
"github.com/erda-project/erda/apistructs"
"github.com/erda-project/erda/modules/core-services/model"
"github.com/erda-project/erda/pkg/envconf"
"github.com/erda-project/erda/pkg/strutil"
)
// Conf 定义基于环境变量的配置项
type Conf struct {
LocalMode bool `env:"LOCAL_MODE" default:"false"`
Debug bool `env:"DEBUG" default:"false"`
ListenAddr string `env:"LISTEN_ADDR" default:":9526"`
MySQLHost string `env:"MYSQL_HOST"`
MySQLPort string `env:"MYSQL_PORT"`
MySQLUsername string `env:"MYSQL_USERNAME"`
MySQLPassword string `env:"MYSQL_PASSWORD"`
MySQLDatabase string `env:"MYSQL_DATABASE"`
MySQLLoc string `env:"MYSQL_LOC" default:"Local"`
GittarOutterURL string `env:"GITTAR_PUBLIC_URL"`
UCClientID string `env:"UC_CLIENT_ID"`
UCClientSecret string `env:"UC_CLIENT_SECRET"`
RootDomain string `env:"DICE_ROOT_DOMAIN"`
UIPublicURL string `env:"UI_PUBLIC_URL"`
UIDomain string `env:"UI_PUBLIC_ADDR"`
OpenAPIDomain string `env:"OPENAPI_PUBLIC_ADDR"` // Deprecated: after cli refactored
AvatarStorageURL string `env:"AVATAR_STORAGE_URL"` // file:///avatars or oss://appkey:appsecret@endpoint/bucket
LicenseKey string `env:"LICENSE_KEY"`
AuditCleanCron string `env:"AUDIT_CLEAN_CRON" default:"0 0 3 * * ?"` // 审计软删除任务执行周期
AuditArchiveCron string `env:"AUDIT_ARCHIVE_CRON" default:"0 0 4 * * ?"` // 审计归档任务执行周期
SysAuditCleanIterval int `env:"SYS_AUDIT_CLEAN_ITERVAL" default:"-7"` // 系统审计清除周期
RedisMasterName string `default:"my-master" env:"REDIS_MASTER_NAME"`
RedisSentinelAddrs string `default:"" env:"REDIS_SENTINELS_ADDR"`
RedisAddr string `default:"127.0.0.1:6379" env:"REDIS_ADDR"`
RedisPwd string `default:"anywhere" env:"REDIS_PASSWORD"`
ProjectStatsCacheCron string `env:"PROJECT_STATS_CACHE_CRON" default:"0 0 1 * * ?"`
EnableProjectNS bool `env:"ENABLE_PROJECT_NS" default:"true"`
LegacyUIDomain string `env:"LEGACY_UI_PUBLIC_ADDR"`
// ory/kratos config
OryEnabled bool `default:"false" env:"ORY_ENABLED"`
OryKratosAddr string `default:"kratos:4433" env:"KRATOS_ADDR"`
OryKratosPrivateAddr string `default:"kratos:4434" env:"KRATOS_PRIVATE_ADDR"`
// Allow people who are not admin to create org
CreateOrgEnabled bool `default:"false" env:"CREATE_ORG_ENABLED"`
// --- 文件管理 begin ---
FileMaxUploadSizeStr string `env:"FILE_MAX_UPLOAD_SIZE" default:"300MB"` // 文件上传限制大小,默认 300MB
FileMaxUploadSize datasize.ByteSize
// the size of the file parts stored in memory, the default value 32M refer to https://github.com/golang/go/blob/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a/src/net/http/request.go
FileMaxMemorySizeStr string `env:"FILE_MAX_MEMORY_SIZE" default:"32MB"`
FileMaxMemorySize datasize.ByteSize
// disable file download permission validate temporarily for multi-domain
DisableFileDownloadPermissionValidate bool `env:"DISABLE_FILE_DOWNLOAD_PERMISSION_VALIDATE" default:"false"`
// fs
// 修改该值的话,注意同步修改 dice.yml 中 '<%$.Storage.MountPoint%>/dice/cmdb/files:/files:rw' 容器内挂载点的值
StorageMountPointInContainer string `env:"STORAGE_MOUNT_POINT_IN_CONTAINER" default:"/files"`
// oss
OSSEndpoint string `env:"OSS_ENDPOINT"`
OSSAccessID string `env:"OSS_ACCESS_ID"`
OSSAccessSecret string `env:"OSS_ACCESS_SECRET"`
OSSBucket string `env:"OSS_BUCKET"`
OSSPathPrefix string `env:"OSS_PATH_PREFIX" default:"/dice/cmdb/files"`
// --- 文件管理 end ---
}
var (
cfg Conf
// 存储权限配置
permissions []model.RolePermission
// 审计模版配置
auditsTemplate apistructs.AuditTemplateMap
// 域名白名单
OrgWhiteList map[string]bool
// legacy redirect paths
RedirectPathList map[string]bool
)
func initPermissions() {
permissions = getAllFiles("erda-configs/permission", permissions)
}
func initAuditTemplate() {
auditsTemplate = genTempFromFiles("erda-configs/audit/template.json")
}
func genTempFromFiles(fileName string) apistructs.AuditTemplateMap {
templateJSON, err := ioutil.ReadFile(fileName)
if err != nil {
panic(err)
}
var result apistructs.AuditTemplateMap
if err := json.Unmarshal(templateJSON, &result); err != nil {
panic(err)
}
for _, v := range result {
v.ConvertContent2GoTemplateFormart()
}
return result
}
func getAllFiles(pathname string, perms []model.RolePermission) []model.RolePermission {
rd, err := ioutil.ReadDir(pathname)
if err != nil {
panic(err)
}
for _, fi := range rd {
if fi.IsDir() {
fullDir := pathname + "/" + fi.Name()
perms = getAllFiles(fullDir, perms)
} else {
fullName := pathname + "/" + fi.Name()
yamlFile, err := ioutil.ReadFile(fullName)
if err != nil {
panic(err)
}
var per []model.RolePermission
if err := yaml.Unmarshal(yamlFile, &per); err != nil {
panic(err)
}
perms = append(perms, per...)
}
}
return perms
}
// Load 加载配置项.
func Load() {
initPermissions()
initAuditTemplate()
envconf.MustLoad(&cfg)
// parse FileMaxUploadSize
var fileMaxUploadByte datasize.ByteSize
if err := fileMaxUploadByte.UnmarshalText([]byte(cfg.FileMaxUploadSizeStr)); err != nil {
panic(fmt.Sprintf("failed to parse FILE_MAX_UPLOAD_SIZE, err: %v", err))
}
fmt.Println(fileMaxUploadByte.String())
cfg.FileMaxUploadSize = fileMaxUploadByte
// parse FileMaxMemorySize
var fileMaxMemoryByte datasize.ByteSize
if err := fileMaxMemoryByte.UnmarshalText([]byte(cfg.FileMaxMemorySizeStr)); err != nil {
panic(fmt.Sprintf("failed to parse FILE_MAX_MEMORY_SIZE, err: %v", err))
}
cfg.FileMaxMemorySize = fileMaxMemoryByte
OrgWhiteList = map[string]bool{
UIDomain(): true,
LegacyUIDomain(): true,
OpenAPIDomain(): true,
"openapi.default.svc.cluster.local": true,
}
RedirectPathList = map[string]bool{
"/microService": true,
"/workBench": true,
"/dataCenter": true,
"/orgCenter": true,
"/edge": true,
"/sysAdmin": true,
"/org-list": true,
"/noAuth": true,
"/freshMan": true,
"/inviteToOrg": true,
"/perm": true,
}
}
// AuditTemplate 返回权限列表
func AuditTemplate() apistructs.AuditTemplateMap {
return auditsTemplate
}
// Permissions 获取权限配置
func Permissions() map[string]model.RolePermission {
pm := make(map[string]model.RolePermission, len(permissions))
for _, v := range permissions {
k := strutil.Concat(v.Scope, v.Resource, v.Action)
pm[k] = v
}
return pm
}
// RolePermissions 获取角色对应的权限配置
func RolePermissions(roles []string) (map[string]model.RolePermission, []model.RolePermission) {
pm := make(map[string]model.RolePermission, len(permissions))
resourceRoles := make([]model.RolePermission, 0)
for _, v := range permissions {
for _, role := range roles {
confRoles := strings.SplitN(v.Role, ",", -1)
for _, cR := range confRoles {
if role == cR {
k := strutil.Concat(v.Scope, v.Resource, v.Action)
pm[k] = v
}
}
if v.ResourceRole != "" {
resourceRoles = append(resourceRoles, v)
}
}
}
return pm, resourceRoles
}
// ListenAddr 返回 ListenAddr 选项.
func ListenAddr() string {
return cfg.ListenAddr
}
// LocalMode 本地调试模式
func LocalMode() bool {
return cfg.LocalMode
}
// Debug 返回 Debug 选项.
func Debug() bool {
return cfg.Debug
}
// MySQLHost 返回 MySQLHost 选项.
func MySQLHost() string {
return cfg.MySQLHost
}
// MySQLPort 返回 MySQLPort 选项.
func MySQLPort() string {
return cfg.MySQLPort
}
// MySQLUsername 返回 MySQLUsername 选项.
func MySQLUsername() string {
return cfg.MySQLUsername
}
// MySQLPassword 返回 MySQLPassword 选项.
func MySQLPassword() string {
return cfg.MySQLPassword
}
// MySQLDatabase 返回 MySQLDatabase 选项.
func MySQLDatabase() string {
return cfg.MySQLDatabase
}
// MySQLLoc 返回 MySQLLoc 选项.
func MySQLLoc() string {
return cfg.MySQLLoc
}
// GittarOutterURL 返回 GittarOutterURL 选项.
func GittarOutterURL() string {
return cfg.GittarOutterURL
}
// UCClientID 返回 UCClientID 选项.
func UCClientID() string {
return cfg.UCClientID
}
// UCClientSecret 返回 UCClientSecret 选项.
func UCClientSecret() string {
return cfg.UCClientSecret
}
// RootDomain 返回 RootDomain 选项
func RootDomain() string {
return RootDomainList()[0]
}
// Multiple domain
func RootDomainList() []string {
return strutil.Split(cfg.RootDomain, ",")
}
// UIPublicURL 返回 UIPublicURL 选项
func UIPublicURL() string {
return cfg.UIPublicURL
}
// UIDomain 返回 UIDomain 选项
func UIDomain() string {
return cfg.UIDomain
}
// LegacyUIDomain
func LegacyUIDomain() string {
return cfg.LegacyUIDomain
}
// OpenAPIDomain 返回 OpenAPIDomain 选项
func OpenAPIDomain() string {
return cfg.OpenAPIDomain
}
// AvatarStorageURL 返回 OSSUsage 选项
func AvatarStorageURL() string {
return cfg.AvatarStorageURL
}
// LicenseKey 返回 LicenseKey 选项.
func LicenseKey() string {
return cfg.LicenseKey
}
// AuditCleanCron 返回审计事件软删除周期
func AuditCleanCron() string {
return cfg.AuditCleanCron
}
// AuditArchiveCron 返回审计事件归档周期
func AuditArchiveCron() string {
return cfg.AuditArchiveCron
}
// SysAuditCleanIterval 返回 sys scope 审计事件软删除周期
func SysAuditCleanIterval() int {
return cfg.SysAuditCleanIterval
}
// RedisMasterName 返回redis master name
func RedisMasterName() string {
return cfg.RedisMasterName
}
// RedisSentinelAddrs 返回 redis 哨兵地址
func RedisSentinelAddrs() string {
return cfg.RedisSentinelAddrs
}
// RedisAddr 返回 redis 地址
func RedisAddr() string {
return cfg.RedisAddr
}
// RedisPwd 返回 redis 密码
func RedisPwd() string {
return cfg.RedisPwd
}
// ProjectStatsCacheCron 项目状态缓存刷新周期
func ProjectStatsCacheCron() string {
return cfg.ProjectStatsCacheCron
}
// EnableNS 是否打开项目级命名空间
func EnableNS() bool {
return cfg.EnableProjectNS
}
func OryEnabled() bool {
return cfg.OryEnabled
}
func OryKratosPrivateAddr() string {
return cfg.OryKratosPrivateAddr
}
func OryCompatibleClientID() string {
return "kratos"
}
func OryCompatibleClientSecret() string {
return ""
}
func CreateOrgEnabled() bool {
return cfg.CreateOrgEnabled
}
// FileMaxUploadSize 返回 文件上传的大小限制.
func FileMaxUploadSize() datasize.ByteSize {
return cfg.FileMaxUploadSize
}
// FileMaxMemorySize return the size of the file parts stored in memory
func FileMaxMemorySize() datasize.ByteSize {
return cfg.FileMaxMemorySize
}
// OSSEndpoint 返回 oss endpoint.
func OSSEndpoint() string {
return cfg.OSSEndpoint
}
// OSSAccessID 返回 oss access id.
func OSSAccessID() string {
return cfg.OSSAccessID
}
// OSSAccessSecret 返回 oss access secret
func OSSAccessSecret() string {
return cfg.OSSAccessSecret
}
// OSSBucket 返回 oss bucket.
func OSSBucket() string {
return cfg.OSSBucket
}
// OSSPathPrefix 返回 文件在指定 bucket 下的路径前缀.
func OSSPathPrefix() string {
return cfg.OSSPathPrefix
}
// StorageMountPointInContainer 返回 files 在容器内的挂载点.
func StorageMountPointInContainer() string {
return cfg.StorageMountPointInContainer
}
// DisableFileDownloadPermissionValidate return switch for file download permission check.
func DisableFileDownloadPermissionValidate() bool {
return cfg.DisableFileDownloadPermissionValidate
}