Merge remote-tracking branch 'github-bk-bcs/master'

* github-bk-bcs/master:
  build: bscp dockerfile增加vault相关镜像构建 (#3000)
  refactor: 模板下载文件名带上最新版本号&特性开关配置key修改 (#2999)
  feat: add biz resource limit config (#2991)
  feat: 文件型配置支持动态配置上传文件大小限制 (#2996)
  feat: 服务密钥体验优化--story=116237018 (#2998)
  feat: bscp api return latest tmpl revision name (#2997)
  feat:  前端支持变量提示功能--task=74870924 (#2994)
  refactor: 更新前端icon资源 (#2993)
  fix: 统一调整二次确认框样式问题 (#2992)
  feat: 配置模板支持单个文件下载 (#2987)
  1. 服务密钥列表支持关联规则模糊搜索 (#2985)
  fix: 修复编辑后的配置文件撤回bug (#2990)
  fix: create hook with first revision failed if no revision name provided (#2989)
  feat:  未命名版本支持撤销修改和删除恢复 --story=116041117 (#2986)

bcs-services/bcs-bscp/Dockerfile

@@ -7,5 +7,9 @@ COPY build/bk-bscp/bk-bscp-cacheservice/bk-bscp-cacheservice /bk-bscp/
 COPY build/bk-bscp/bk-bscp-configserver/bk-bscp-configserver /bk-bscp/
 COPY build/bk-bscp/bk-bscp-dataservice/bk-bscp-dataservice /bk-bscp/
 COPY build/bk-bscp/bk-bscp-feedserver/bk-bscp-feedserver /bk-bscp/
+COPY build/bk-bscp/bk-bscp-vaultserver/bk-bscp-vaultserver /bk-bscp/
+COPY build/bk-bscp/bk-bscp-vaultserver/vault /bk-bscp/
+COPY build/bk-bscp/bk-bscp-vaultserver/vault-sidecar /bk-bscp/
+COPY build/bk-bscp/bk-bscp-vaultserver/vault-plugins/bk-bscp-secret /bk-bscp/
 ENTRYPOINT ["/bscp-ui"]
 CMD []

bcs-services/bcs-bscp/api/api-docs/api-server/docs/zh/list_template_revision_name_by_template_id.md

@@ -33,8 +33,9 @@
           "template_id": 1,
           "template_name": "template001",
           "latest_template_revision_id": 2,
+          "latest_revision_name": "v1",
           "latest_signature": "11e3a57c479ebfae641c5821ee70bf61dca74b8e6596b78950526c397a3b1234",
-          "latest_byte_size": "2067",
+          "latest_byte_size": 2067,
           "template_revisions": [
             {
               "template_revision_id": 1,
@@ -52,8 +53,9 @@
           "template_id": 2,
           "template_name": "template002",
           "latest_template_revision_id": 4,
+          "latest_revision_name": "v2",
           "latest_signature": "22e3a57c479ebfae641c5821ee70bf61dca74b8e6596b78950526c397a3b1253",
-          "latest_byte_size": "1023",          
+          "latest_byte_size": 1023,
           "template_revisions": [
             {
               "template_revision_id": 3,

bcs-services/bcs-bscp/cmd/api-server/service/handler.go

@@ -67,28 +67,34 @@ func UserInfoHandler(w http.ResponseWriter, r *http.Request) {
 	render.Render(w, r, rest.OKRender(user))
 }
 
-// FeatureFlags map of feature flags
-type FeatureFlags map[cc.FeatureFlag]bool
+// FeatureFlags feature flags
+type FeatureFlags struct {
+	// BizView 是否开启业务体验
+	BizView bool `json:"BIZ_VIEW"`
+	// ResourceLimit 业务资源限制
+	ResourceLimit cc.ResourceLimit `json:"RESOURCE_LIMIT"`
+}
 
 // FeatureFlagsHandler 特性开关接口
 func FeatureFlagsHandler(w http.ResponseWriter, r *http.Request) {
 	featureFlags := FeatureFlags{}
 
 	biz := r.URL.Query().Get("biz")
-	for k, v := range cc.ApiServer().FeatureFlags {
-		// 默认和开关开启保持一致
-		featureFlags[k] = v.Enabled
-
-		if biz == "" {
-			continue
-		}
+	// set biz_view feature flag
+	bizViewConf := cc.ApiServer().FeatureFlags.BizView
+	featureFlags.BizView = bizViewConf.Default
+	if enable, ok := bizViewConf.Spec[biz]; ok {
+		featureFlags.BizView = enable
+	}
+	// set biz resource limit
+	resourceLimitConf := cc.ApiServer().FeatureFlags.ResourceLimit
+	featureFlags.ResourceLimit = resourceLimitConf.Default
 
-		// 默认未开启, 设置是白名单模式，否则取反
-		for _, w := range v.List {
-			if biz == w {
-				featureFlags[k] = !v.Enabled
-			}
+	if resource, ok := resourceLimitConf.Spec[biz]; ok {
+		if resource.MaxFileSize != 0 {
+			featureFlags.ResourceLimit.MaxFileSize = resource.MaxFileSize
 		}
+		// TODO：其他资源限制
 	}
 
 	render.Render(w, r, rest.OKRender(featureFlags))

bcs-services/bcs-bscp/cmd/config-server/service/config_item.go

@@ -568,13 +568,12 @@ func (s *Service) UndoConfigItem(ctx context.Context, req *pbcs.UndoConfigItemRe
 		{Basic: meta.Basic{Type: meta.Biz, Action: meta.FindBusinessResource}, BizID: req.BizId},
 		{Basic: meta.Basic{Type: meta.App, Action: meta.Update, ResourceID: req.AppId}, BizID: req.BizId},
 	}
-
 	err := s.authorizer.Authorize(grpcKit, res...)
 	if err != nil {
 		return nil, err
 	}
 
-	_, err = s.client.DS.UndoConfigItem(grpcKit.Ctx, &pbds.UndoConfigItemReq{
+	_, err = s.client.DS.UndoConfigItem(grpcKit.RpcCtx(), &pbds.UndoConfigItemReq{
 		Id: req.Id,
 		Attachment: &pbci.ConfigItemAttachment{
 			BizId: req.BizId,

bcs-services/bcs-bscp/cmd/config-server/service/credential.go

@@ -190,3 +190,29 @@ func (s *Service) UpdateCredential(ctx context.Context,
 
 	return resp, nil
 }
+
+// CheckCredentialName Check if the credential name exists
+func (s *Service) CheckCredentialName(ctx context.Context, req *pbcs.CheckCredentialNameReq) (
+	*pbcs.CheckCredentialNameResp, error) {
+	grpcKit := kit.FromGrpcContext(ctx)
+
+	res := []*meta.ResourceAttribute{
+		{Basic: meta.Basic{Type: meta.Biz, Action: meta.FindBusinessResource}, BizID: req.BizId},
+		{Basic: meta.Basic{Type: meta.Credential, Action: meta.View}, BizID: req.BizId},
+	}
+
+	err := s.authorizer.Authorize(grpcKit, res...)
+	if err != nil {
+		return nil, err
+	}
+
+	credential, err := s.client.DS.CheckCredentialName(grpcKit.Ctx, &pbds.CheckCredentialNameReq{
+		BizId:          req.BizId,
+		CredentialName: req.CredentialName,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &pbcs.CheckCredentialNameResp{Exist: credential.Exist}, nil
+}

bcs-services/bcs-bscp/cmd/data-service/service/credential.go

@@ -75,10 +75,36 @@ func (s *Service) ListCredentials(ctx context.Context, req *pbds.ListCredentialR
 		logs.Errorf("list credential failed, err: %v, rid: %s", err, kt.Rid)
 		return nil, err
 	}
+	credentialScopes := map[uint32][]string{}
+	if count > 0 {
+		credentialID := []uint32{}
+		for _, v := range details {
+			credentialID = append(credentialID, v.ID)
+		}
+		// 获取关联规则
+		item, err := s.dao.CredentialScope().ListByCredentialIDs(kt, credentialID, req.BizId)
+		if err != nil {
+			return nil, err
+		}
+		for _, v := range item {
+			app, scope, err := v.Spec.CredentialScope.Split()
+			if err != nil {
+				return nil, err
+			}
+			credentialScopes[v.Attachment.CredentialId] = append(credentialScopes[v.Attachment.CredentialId],
+				fmt.Sprintf("%s%s", app, scope))
+		}
+	}
+
+	data := pbcredential.PbCredentials(details)
+
+	for _, v := range data {
+		v.CredentialScopes = credentialScopes[v.Id]
+	}
 
 	resp := &pbds.ListCredentialResp{
 		Count:   uint32(count),
-		Details: pbcredential.PbCredentials(details),
+		Details: data,
 	}
 	return resp, nil
 }
@@ -142,3 +168,22 @@ func (s *Service) UpdateCredential(ctx context.Context, req *pbds.UpdateCredenti
 
 	return new(pbbase.EmptyResp), nil
 }
+
+// CheckCredentialName Check if the credential name exists
+func (s *Service) CheckCredentialName(ctx context.Context, req *pbds.CheckCredentialNameReq) (
+	*pbds.CheckCredentialNameResp, error) {
+	kt := kit.FromGrpcContext(ctx)
+
+	credential, err := s.dao.Credential().GetByName(kt, req.BizId, req.CredentialName)
+	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		return nil, err
+	}
+
+	var exist bool
+	if credential != nil && credential.ID != 0 {
+		exist = true
+	}
+	return &pbds.CheckCredentialNameResp{
+		Exist: exist,
+	}, nil
+}

bcs-services/bcs-bscp/cmd/data-service/service/hook.go

@@ -25,6 +25,7 @@ import (
 	pbbase "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/base"
 	pbhook "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/hook"
 	pbds "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/data-service"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/tools"
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/types"
 )
 
@@ -68,6 +69,10 @@ func (s *Service) CreateHook(ctx context.Context, req *pbds.CreateHookReq) (*pbd
 	}
 
 	// 2. create hook revision
+	// it must be the first hook revision, so no need to check the revision name uniqueness
+	if req.Spec.RevisionName == "" {
+		req.Spec.RevisionName = tools.GenerateRevisionName()
+	}
 	revision := &table.HookRevision{
 		Spec: &table.HookRevisionSpec{
 			Name:    req.Spec.RevisionName,

bcs-services/bcs-bscp/cmd/data-service/service/hook_revision.go

@@ -40,7 +40,7 @@ func (s *Service) CreateHookRevision(ctx context.Context,
 
 	if _, err := s.dao.HookRevision().GetByName(kt, req.Attachment.BizId, req.Attachment.HookId,
 		req.Spec.Name); err == nil {
-		return nil, fmt.Errorf("hook name %s already exists", req.Spec.Name)
+		return nil, fmt.Errorf("hook revision name %s already exists", req.Spec.Name)
 	}
 
 	spec, err := req.Spec.HookRevisionSpec()

bcs-services/bcs-bscp/cmd/data-service/service/template_revision.go

@@ -214,6 +214,7 @@ func (s *Service) ListTmplRevisionNamesByTmplIDs(ctx context.Context,
 			TemplateId:               t.ID,
 			TemplateName:             t.Spec.Name,
 			LatestTemplateRevisionId: latestRevisionMap[t.ID].ID,
+			LatestRevisionName:       latestRevisionMap[t.ID].Spec.RevisionName,
 			LatestSignature:          latestRevisionMap[t.ID].Spec.ContentSpec.Signature,
 			LatestByteSize:           latestRevisionMap[t.ID].Spec.ContentSpec.ByteSize,
 			TemplateRevisions:        tmplRevisionMap[t.ID].TemplateRevisions,

bcs-services/bcs-bscp/pkg/cc/service.go

@@ -68,13 +68,13 @@ type Setting interface {
 
 // ApiServerSetting defines api server used setting options.
 type ApiServerSetting struct {
-	Network      Network                           `yaml:"network"`
-	Service      Service                           `yaml:"service"`
-	Log          LogOption                         `yaml:"log"`
-	Repo         Repository                        `yaml:"repository"`
-	BKNotice     BKNotice                          `yaml:"bkNotice"`
-	Esb          Esb                               `yaml:"esb"`
-	FeatureFlags map[FeatureFlag]FeatureFlagOption `yaml:"featureFlags"`
+	Network      Network      `yaml:"network"`
+	Service      Service      `yaml:"service"`
+	Log          LogOption    `yaml:"log"`
+	Repo         Repository   `yaml:"repository"`
+	BKNotice     BKNotice     `yaml:"bkNotice"`
+	Esb          Esb          `yaml:"esb"`
+	FeatureFlags FeatureFlags `yaml:"featureFlags"`
 }
 
 // trySetFlagBindIP try set flag bind ip.

bcs-services/bcs-bscp/pkg/cc/types.go

@@ -37,13 +37,33 @@ const (
 	RedisClusterMode = "cluster"
 )
 
-// FeatureFlag 枚举类型, 常量使用全部大写表示
-type FeatureFlag string
+// FeatureFlags 特性配置
+type FeatureFlags struct {
+	// BizView 业务白名单
+	BizView FeatureBizView `json:"biz_view" yaml:"BIZ_VIEW"`
+	// ResourceLimit 业务资源限制
+	ResourceLimit FeatureResourceLimit `json:"resource_limit" yaml:"RESOURCE_LIMIT"`
+}
 
-const (
-	// BizViewFlag 业务白名单
-	BizViewFlag FeatureFlag = "BIZ_VIEW"
-)
+// FeatureBizView 业务白名单
+type FeatureBizView struct {
+	Default bool `yaml:"default"`
+	// map[bizID]true/false
+	Spec map[string]bool `yaml:"spec"`
+}
+
+// FeatureResourceLimit 业务资源限制
+type FeatureResourceLimit struct {
+	Default ResourceLimit `json:"default" yaml:"default"`
+	// map[bizID]ResourceLimit
+	Spec map[string]ResourceLimit `json:"spec" yaml:"spec"`
+}
+
+// ResourceLimit 资源限制配置项
+type ResourceLimit struct {
+	// 配置文件大小上限，单位 Mb
+	MaxFileSize uint `json:"maxFileSize" yaml:"maxFileSize"`
+}
 
 // Service defines Setting related runtime.
 type Service struct {

bcs-services/bcs-bscp/pkg/dal/dao/credential.go

@@ -195,12 +195,31 @@ func (dao *credentialDao) List(kit *kit.Kit, bizID uint32, searchKey string, opt
 	topIds []uint32) ([]*table.Credential, int64, error) {
 	m := dao.genQ.Credential
 	q := dao.genQ.Credential.WithContext(kit.Ctx)
+	cs := dao.genQ.CredentialScope
 
 	var conds []rawgen.Condition
 	if searchKey != "" {
 		searchVal := "%" + searchKey + "%"
-		conds = append(conds, q.Where(m.Memo.Like(searchVal)).Or(m.Reviser.Like(searchVal)).
-			Or(m.Name.Like(searchVal)))
+
+		var item []struct {
+			CredentialID uint32
+		}
+		err := cs.WithContext(kit.Ctx).Select(cs.CredentialId).
+			Where(cs.BizID.Eq(bizID), cs.CredentialScope.Like(searchVal)).Group(cs.CredentialId).Scan(&item)
+		if err != nil {
+			return nil, 0, err
+		}
+		if len(item) > 0 {
+			credentialID := []uint32{}
+			for _, v := range item {
+				credentialID = append(credentialID, v.CredentialID)
+			}
+			conds = append(conds, q.Where(m.Memo.Like(searchVal)).Or(m.Reviser.Like(searchVal)).
+				Or(m.Name.Like(searchVal)).Or(m.ID.In(credentialID...)))
+		} else {
+			conds = append(conds, q.Where(m.Memo.Like(searchVal)).Or(m.Reviser.Like(searchVal)).
+				Or(m.Name.Like(searchVal)))
+		}
 	}
 
 	if len(topIds) != 0 {

bcs-services/bcs-bscp/pkg/dal/dao/credential_scope.go

@@ -36,6 +36,8 @@ type CredentialScope interface {
 	DeleteByCredentialIDWithTx(kit *kit.Kit, tx *gen.QueryTx, bizID, credentialID uint32) error
 	// BatchDeleteWithTx batch delete credential scope with transaction
 	BatchDeleteWithTx(kit *kit.Kit, tx *gen.QueryTx, bizID uint32, ids []uint32) error
+	// ListByCredentialIDs 按多个凭据 ID 列出
+	ListByCredentialIDs(kit *kit.Kit, credentialIDs []uint32, bizID uint32) ([]*table.CredentialScope, error)
 }
 
 var _ CredentialScope = new(credentialScopeDao)
@@ -46,6 +48,16 @@ type credentialScopeDao struct {
 	auditDao AuditDao
 }
 
+// ListByCredentialIDs 按多个凭据 ID 列出
+func (dao *credentialScopeDao) ListByCredentialIDs(kit *kit.Kit, credentialIDs []uint32, bizID uint32) (
+	[]*table.CredentialScope, error) {
+	if bizID == 0 {
+		return nil, errors.New("biz id is 0")
+	}
+	m := dao.genQ.CredentialScope
+	return m.WithContext(kit.Ctx).Where(m.BizID.Eq(bizID), m.CredentialId.In(credentialIDs...)).Find()
+}
+
 // CreateWithTx create credential scope with transaction
 func (dao *credentialScopeDao) CreateWithTx(kit *kit.Kit, tx *gen.QueryTx, g *table.CredentialScope) (uint32, error) {
 	if err := g.ValidateCreate(); err != nil {