chore: 合并 1.1.x 的 ReleaseNotes.md
diff --git a/ReleaseNotes.md b/ReleaseNotes.md
index a95b6d3..9619a24 100644
--- a/ReleaseNotes.md
+++ b/ReleaseNotes.md
@@ -16,6 +16,25 @@
第三方接口代理服务
+#### develop
+
+##### 1.3.0 (SNAPSHOT)
+
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.1 (SNAPSHOT)
+
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
+##### 1.2.0
+
+chore: 发布版本 1.2.0-RELEASE
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
+
#### 0.0.x
@@ -38,8 +57,104 @@
#### develop
-##### 1.2.0(SNAPSHOT)
+##### 1.3.0 (SNAPSHOT)
+fix: 操作日志接口新增查询字段
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.3 (SNAPSHOT)
+
+chore: 升级版本 1.2.3-SNAPSHOT
+
+
+##### 1.2.2
+
+chore: 发布修复版本,1.2.2-RELEASE
+feat: 新增密码验证接口
+feat: 对用户组下的帐号,按组织机构统计人数;用户组下人员的接口,增加组织机构Id的查询条件
+fix: 密码策略验证 %特殊字符bug
+feat: 更新poa api-docs,transout account 接口返回扩展信息
+docs: 整理帐号临时表,扩展属性的sql
+feat: 帐号数据同步(批量读取)接口,增加扩展属性
+feat: 帐号数据推送至消息队列,增加扩展属性的推送
+feat: 帐号同步接口,支持扩展属性的写入
+feat: 扩展属性通用管理功能
+chore: 升级版本 1.2.2-SNAPSHOT
+
+
+##### 1.2.1
+
+chore: 发布版本,1.2.1-RELEASE
+fix: 修正证件号码的替换后的内容格式
+fix: 修正biz-api 中更新岗位人员后,须更新 security 下的redis 缓存
+fix: 修正证件号码的编码,统一代码
+fix: 修正关联用户组接口修改后,导致原用户组保存功能无效的问题
+refactor: 将TransLogEventListener的处理线程独立
+fix: 修正批量刷新redis缓存(account groupIds)的逻辑
+fix: 修正证件信息保存的逻辑错误
+fix: 一人多帐号的数据同步时,只对已存在的帐号的用户信息可以更新;对于新增帐号时,已存在的用户信息不可更新
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
+##### 1.2.0
+
+chore: 发布版本,1.2.0-RELEASE
+feat: 将system log 的保存事件监听,采用独立线程池
+fix: 修正eventListenerExecutor 线程池配置,调整队列大小
+fix: 修正用户帐号创建时,证件类型的数据缺失的问题
+fix: 关联用户组(岗位)的组织机构-帐号,修改单个组织机构可关联
+style: 整理用户安全手机、安全邮箱的相关接口
+fix: 修正接口请求报错
+fix: 修正帐号删除时,未删除user、safety 等信息 的问题
+fix: BUG #149618 【用户管理-人员管理】编辑人员,鼠标光标放在预留手机号或邮箱,未进行任何操作,点击确定无反应
+chore: 支持api-docs-installer的自动化构建
+docs: api docs 更新,新增组织机构接口
+refactor: 仅在获取组织机构树时,可根据层级获取,且返回 组织机构的level 字段
+chore: 完善构建脚本,读取pom的version
+docs: api docs 更新
+feat: 新增接口 按层级获取学校组织机构、按部门查询 该部门下的所有子部门、按多部门查询 这些部门下的岗位、按多部门 + 岗位 查询部门岗位下的人员
+fix: 添加账号-用户组关系
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
+fix: 完善安全信息的更新
+refactor: 完善访客帐号实名绑定的逻辑
+feat: 新增清理帐号redis缓存接口
+fix: 修正帐号删除时,redis 无法清空的问题
+fix: 修正手机号自动注册帐号,缓存未写入的问题
+fix: 增加pageSize 的参数校验
+feat: 处理异常响应
+fix: 修正数据同步对接接口、文档等问题
+fix: 人员详情bug
+refactor: 修正接口path 命名,保留错误path,用于历史版本兼容
+feat: 认证后台配置sql、实名认证-访客账号绑定实名用户接口
+fix: 调整日志处理配置
+fix: 新增异步处理的相关配置
+fix: 增加ApplicationEvent 事件的异步处理
+fix: 修正参数为空的判断错误问题
+fix: 将配置项设置为 可编辑状态
+fix: 用户组列表bug
+feat: 获取岗位组织机构设置接口,增加接口参数
+fix: 修正rabbitmq 配置错误,导致启动失败
+feat: 新增SecurityFederation,提供给认证调用
+fix: 账户、用户组 新增查询条件
+feat: 使用手机号创建临时帐号
+fix: 修正联合登录信息不存在时,读取异常的问题
+refactor: 将accountExpiryDate 变更为 timestamp
+fix: 修正按时间戳查询时,SQL语法错误
+feat: 新增用户信息完善的配置项
+docs: 更新api-docs 文档
+feat: 新增根据accountName读取数据的接口
+fix: 修正组织机构返回null,enable 为false 的问题
+refactor: 修正接口path 命名
+feat: 新增保存默认帐号接口,认证适用
+fix: 修正用户信息更新后,更新缓存
+fix: 修正默认帐号保存
+feat: 多账号设置默认登录账号
+feat: 新增数据同步的开放接口(完善帐号数据接口)
+fix: 修正用户保存时,字典类字典仅有id信息
+feat: 将Group、AccountGroup 数据推送到jobs rabbitmq
refactor: 联合登录绑定、删除,兼容 uid(userNo)
fix: 账号-用户组关系接口返回字段新增 是否公共、描述、系统名称
docs: 更新poa api-docs yaml,补全 schema 的 type
@@ -314,8 +429,60 @@
#### develop
-##### 1.2.0(SNAPSHOT)
+##### 1.3.0 (SNAPSHOT)
+fix: 授权监控bug修复
+fix: 授权监控联调 修复bug
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.3 (SNAPSHOT)
+
+chore: 升级版本 1.2.3-SNAPSHOT
+
+
+##### 1.2.2
+
+chore: 发布修复版本,1.2.2-RELEASE
+fix: 修正获取角色下的用户组时,包含了已删除的数据 的问题
+chore: 升级版本 1.2.2-SNAPSHOT
+
+
+##### 1.2.1
+
+chore: 发布版本,1.2.1-RELEASE
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
+##### 1.2.0
+
+chore: 发布版本,1.2.0-RELEASE
+fix:用户组授权信息bug
+fix: 角色组授权审计-获取角色组包含角色bug
+fix: BUG #138716 【授权管理-分级授权管理】A授予B某一个角色的管理权限,B授予C这个角色的管理权限,C授予D管理权限时页面报错
+fix: 角色授权审计bug
+fix: 角色/角色组授权审计bug
+chore: 支持api-docs-installer的自动化构建
+chore: 完善构建脚本,读取pom的version
+fix: 授权审计bug
+feat: 更新用户授权相关角色的所属应用
+style: 将 登录用接口,获取所有角色、获取应用下的角色 迁移至 SecurityRoleService
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
+fix: 用户组授权信息bug
+fix: 授权审计bug
+fix: 修正根据角色获取帐号列表,部分数据缺失的问题
+fix: 授权审计bug
+feat: 用户组授权审计
+fix: 权限操作审计角色组名称赋值bug
+fix: 修正代码合并后的代码错误
+refactor: 修正接口path 命名
+feat: 订阅用户服务的数据变更(帐号用户组)
+fix: 修正帐号数据的读取错误
+feat: 订阅用户服务的数据变更(用户组)
+feat: 连接多个rabbitmq 的配置方案
+feat: 订阅用户服务的数据变更
fix: 角色授权审计、角色组授权审计接口调整新增查询条件
docs: 更新poa api-docs yaml,补全 schema 的 type
feat: 新增api-docs-installer,服务独立维护
@@ -432,8 +599,57 @@
#### develop
-##### 1.2.0 (SNAPSHOT)
+##### 1.3.0 (SNAPSHOT)
+fix: 日志管理接口新增查询字段
+fix: 登录日志 AuthenticationLogNumberDao 表名bug
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.2 (SNAPSHOT)
+
+chore: 升级版本 1.2.2-SNAPSHOT
+
+
+##### 1.2.1
+
+chore: 发布修复版本,1.2.1-RELEASE
+feat: 对接密码验证接口(支持外部接口适配)
+fix: 修正帐号的安全手机读取错误的问题(源接口调整)
+fix: 修正passwordless 登录时,重复记录日志的问题
+fix: 修正登录日志记录时,登录帐号未正确读取问题
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
+##### 1.2.0
+
+chore: 发布版本,1.2.0-RELEASE
+fix: BUG #155191 【认证管理-锁定管理】V1.2:锁定原因显示不正确
+fix: 修正帐号选择后,无法提交的问题
+fix: 完善登录验证码显示、重置的逻辑
+style: 修改方法命名
+fix: BUG #154281 【认证管理-登录页面】cas认证:多账号选择页面显示不全
+fix: 修正配置为空 时,显示默认提示
+style: 显示登录帐号名
+feat: 优化多帐号选择时,可设置默认帐号
+style: 整理配置
+fix: 统一PC端、移动端 联合登录开关配置
+chore: 支持cas-server-site scheme的自动化构建
+chore: 完善构建脚本,读取pom的version
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
+feat: 登录页面,输入框(用户名)支持文本框提示语 可配置
+refactor: 对接用户服务下联合登录绑定接口 SecurityFederation
+feat: 将Emoji 替换为 *
+feat: 支持{SSHA} 密码 匹配
+fix: 认证用户后台配置数据
+feat: 将scheme 镜像的依赖放入 基础镜像harbor.supwisdom.com/institute/element-theme,提高镜像打包速度
+feat: 认证用户后台配置数据
+fix: 锁定管理列表按锁定时间排序
+feat: 一人多帐号,支持默认帐号直接登录
+feat: 登录时,保存默认帐号
+feat: sql,新增部署脚本
feat: 对接新的联合登录帐号管理接口
feat: 『记住我』时长,支持动态配置
fix: 根据id解锁账号、新增锁定状态后代码调整
@@ -795,8 +1011,40 @@
#### develop
-##### 1.1.0 (SNAPSHOT)
+##### 1.3.0 (SNAPSHOT)
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.2 (SNAPSHOT)
+
+chore: 升级版本 1.2.2-SNAPSHOT
+
+
+##### 1.2.1
+
+chore: 发布修复版本,1.2.1-RELEASE
+feat: 对接密码验证接口(支持外部接口适配)
+feat: 支持 workweixinmobile、dingtalkmobile
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
+##### 1.2.0
+
+chore: 发布版本 1.2.0-RELEASE
+feat: 增加个推对接配置项
+feat: 新增,移动端QQ登录的对接
+fix: 登录配置 增加“输入框提示信息”配置项
+fix: 修正空指针异常
+feat: 更新提示信息配置
+feat: 提示信息的国际化处理
+fix: 登录方式配置接口
+fix: 统一PC端、移动端 联合登录开关配置
+chore: 完善构建脚本,读取pom的version
+chore: 增加api-docs-installer
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
fix: 修正个推 个验接口对接错误
feat: 对接个推 个验 一键登录接口
fix: 修正手机+验证码登录时,手机号注册帐号的逻辑
@@ -945,9 +1193,62 @@
#### develop
-##### 1.1.0 (SNAPSHOT)
+##### 1.3.0 (SNAPSHOT)
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.3 (SNAPSHOT)
+
+chore: 升级版本 1.2.3-SNAPSHOT
+
+
+##### 1.2.2
+
+chore: 发布修复版本,1.2.2-RELEASE
+feat: 对接密码验证接口(支持外部接口适配)
+refactor: 包名password 更名为 passwordencoder
+fix: 密码策略验证 %特殊字符bug
+fix: 获取当前用户的联合登录信息 增加钉钉
+chore: 升级版本 1.2.2-SNAPSHOT
+
+
+##### 1.2.1
+
+chore: 发布版本,1.2.1-RELEASE
+合并了 1.0.12 的修复
+fix: 统一 checkPassword 方法,便于兼容各种密码算法
+fix: 修正配置项读取错误
+fix: 修正Merge 后的代码错误
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
+##### 1.2.0
+
+chore: 发布版本,1.2.0-RELEASE
+feat: 处理mobile、emailAddress 绑定时,进行唯一性校验,支持配置(security.setting.binding.user)
+fix: 实名认证-判断是否设有登录密码、设置密码并激活账号 修复
+feat: 调整帐号激活,基本信息的验证逻辑,根据配置开关 处理
+fix: 信息完善-验证码输入错误过多,提示信息修改
+BUG #149604 【认证管理-账号安全配置】V1.2:安全设置与用户绑定关系配置,安全手机、安全邮箱已关闭,仍不允许一个手机、邮箱绑定多个用户
+fix: APP信息完善
+style: 整理配置项
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
+refactor: 完善实名认证逻辑;整理代码
+fix: 预留手机号验证bug
+fix: 实名认证安全信息bug
+fix: 实名认证-是否有登录密码接口修复
+fix: 实名认证-证件号码验证bug
+fix: APP信息完善接口修改
+feat: APP个人信息完善
+fix: 用户完善配置
+feat: 个人信息完善
+feat: 多账号设置默认登录账号
feat: 新增联合登录 钉钉开关配置
+refactor: 帐号激活、找回密码时,根据securityAccount api 获取帐号数据,以便得到证件号码等隐私数据
+feat: API调用时,响应头中增加服务名、版本号信息,方便问题排查
chore: 升级版本,1.1.0-SNAPSHOT
@@ -1178,8 +1479,44 @@
#### develop
+##### 1.3.0 (SNAPSHOT)
+
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.3 (SNAPSHOT)
+
+chore: 升级版本 1.2.3-SNAPSHOT
+
+
+##### 1.2.2
+
+chore: 发布修复版本,1.2.2-RELEASE
+fix: 绑定QQ
+chore: 升级版本 1.2.2-SNAPSHOT
+
+
+##### 1.2.1
+
+chore: 发布版本,1.2.1-RELEASE
+合并了 1.1.3 的修复
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
##### 1.2.0
+chore: 发布版本,1.2.0-RELEASE
+fix:安全手机安全邮箱设置
+安全设置邮箱,手机号校验
+fix: 安全设置,手机邮箱验证
+安全中心,新增默认账号设置
+fix:邮箱发送验证码按钮样式修改
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
+fix: 图片地址修改
+fix:未预留手机号,身份证跳转到绑定手机,邮箱
+fix:用户不存在时,数据恢复初始状态
chore: 整理k8s脚本
chore: 调整docker 镜像构建脚本、配置
feat: 支持uniauth idtoken 认证对接
@@ -1270,6 +1607,37 @@
数据同步服务
+#### develop
+
+##### 1.3.0 (SNAPSHOT)
+
+增加一个同步密码的job,增加一个逻辑,如果更新成功就把更新时间设置为空
+chore: 升级版本,1.3.0-SNAPSHOT
+
+
+#### 1.2.x
+
+##### 1.2.2 (SNAPSHOT)
+
+chore: 升级版本 1.2.2-SNAPSHOT
+
+
+##### 1.2.1
+
+chore: 发布版本 1.2.1-RELEASE
+fix: 支持同步帐号,初始化帐号的密码
+增加成都理工同步
+更新集美密码同步
+更新集美同步到ldap
+更accountV4Password2UserSvcJob2同步到认证后把数据源数据标志为同步过
+chore: 升级版本 1.2.1-SNAPSHOT
+
+
+##### 1.2.0
+
+chore: 发布版本 1.2.0-RELEASE
+chore: 新分支1.2.x,预发布,版本号 1.2.0-SNAPSHOT
+
#### 1.0.x
diff --git "a/deploy-manifests/charts/1.2.0000.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214\357\274\210\345\237\272\344\272\216\345\272\224\347\224\250\345\225\206\345\272\227\357\274\211.md" "b/deploy-manifests/charts/1.2.0000.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214\357\274\210\345\237\272\344\272\216\345\272\224\347\224\250\345\225\206\345\272\227\357\274\211.md"
new file mode 100644
index 0000000..cd9be48
--- /dev/null
+++ "b/deploy-manifests/charts/1.2.0000.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\256\211\350\243\205\351\203\250\347\275\262\346\211\213\345\206\214\357\274\210\345\237\272\344\272\216\345\272\224\347\224\250\345\225\206\345\272\227\357\274\211.md"
@@ -0,0 +1,643 @@
+
+# 安装部署手册
+
+**业务中台之认证授权服务**
+
+
+* 修订历史
+
+版本 | 作者 | 日期 | 备注
+- | - | - | -
+v1 | 刘洪青 | 2021-05-15 | 初稿
+
+
+[TOC]
+
+
+## 安装准备
+
+### MySQL 初始配置及相关基础命令
+
+数据文件目录:/var/lib/mysql
+
+* 安装完成后,调整 mysql 服务的配置参数
+
+ 查看当前配置:show variables;
+
+ 最大连接数 max_connections
+ 操作日志的保留时长 binlog_expire_logs_seconds
+
+ 参考命令:
+ ```
+ set global max_connections = 1000;
+ set persist max_connections = 1000;
+
+ // 7天 86400 * 7
+ // 1天 86400
+ set global binlog_expire_logs_seconds = 86400 * 7;
+ set persist binlog_expire_logs_seconds = 86400 * 7;
+ ```
+
+ 时区设置
+
+ 确保MySQL 的时区设置为 GMT+8
+
+
+* 创建数据库帐号
+
+ 参考命令:
+ ```
+ create user 'user'@'%' identified with mysql_native_password by 'your_password';
+ ```
+
+
+* 创建 database
+
+ 参考命令:
+ ```
+ create database `user` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ ```
+
+
+* 授予权限
+
+ 将 database 的权限授予对应的帐号
+
+ 参考命令:
+ ```
+ grant all privileges on `user`.* to 'user'@'%' with grant option;
+ ```
+
+
+* 授予 SUPER 权限
+ 由于 部分帐号 需要创建 触发器,故,需要 SUPER 权限
+ 涉及帐号有 user、user_authz、cas_server
+
+ 参考命令:
+ ```
+ grant SUPER on *.* to 'user'@'%';
+ grant SUPER on *.* to 'user_authz'@'%';
+ grant SUPER on *.* to 'cas_server'@'%';
+
+ grant SUPER on *.* to 'tmp_data'@'%';
+ ```
+
+
+* 备份与还原
+
+ 参考命令:
+ 备份:
+ ```
+ mysqldump -u root -p cas_server > cas_server.sql
+ mysqldump -u root -p token_server > token_server.sql
+ mysqldump -u root -p user > user.sql
+ mysqldump -u root -p user_authz > user_authz.sql
+ mysqldump -u root -p agent_service > agent_service.sql
+ ```
+
+ 还原:
+ ```
+ mysql -u root -p cas_server < cas_server.sql
+ mysql -u root -p token_server < token_server.sql
+ mysql -u root -p user < user.sql
+ mysql -u root -p user_authz < user_authz.sql
+ mysql -u root -p agent_service < agent_service.sql
+ ```
+
+
+### Harbor 准备及相关说明
+
+* 创建 devops 帐号
+
+ 用于 rancher 部署时拉取镜像
+
+ 用户管理 下 创建用户
+ 如 devops
+
+
+* 镜像同步
+
+ 从 https://harbor.supwisdom.com 中同步镜像
+
+ 仓库管理 下 新建目标
+ ```
+ supwisdom https://harbor.supwisdom.com rancher.devops / PWMgP85qiLFC
+ ```
+
+ 同步管理 下 新建规则
+
+ ```
+ thirdparty-agent-service thirdparty-agent-service/*
+
+ authx-service authx-service/*
+
+ user-data-service goa/*
+ user-authorization-service user-authorization-service/*
+ personal-security-center personal-security-center/*
+
+ jobs-server jobs-server/*
+
+ cas-server cas-server/*
+ token-server token-server/*
+ ```
+
+ 同步规则,创建完成后,进行镜像同步
+
+ 选择某个同步规则,点击 同步,等待任务完成
+
+
+* 授予 devops 帐号 对各个项目的 访客 权限
+
+ 项目 下,点击 项目名称,进入到 成员,添加用户,查找用户 devops,选择角色 访客,确定,添加即可
+
+
+### Rancher 准备及相关说明
+
+* 商店设置
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 工具 - 商店设置,添加应用商店
+
+ 名称:`supwisdom`
+ 商店URL地址:`https://e.coding.net/supwisdom/charts/charts.git`
+ 分支:`master`
+ 范围:选择`cluster`
+
+
+* 创建项目
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目/命名空间,添加项目
+
+ 输入 项目名称,保存
+
+ 本产品所须创建的项目名称为:`authx-platform`
+
+
+* 启动应用
+
+ 进入 全局 - 集群(具体名称视项目安装而定) - 项目(某个项目)
+
+ 进入 应用商店
+
+ 点击 启动,在应用列表中 找到 相关应用
+
+ 点击 该应用,选择模板版本(一般选择最新的版本),根据情况设置 配置选项,启动 即可
+
+ 本产品所须的相关应用清单:
+ ```
+ minio Minio文件服务
+
+ agent-service Agent Service 代理服务
+
+ authx-service 用户授权相关服务
+
+ jobs-server 同步服务
+
+ cas-server 认证(CAS 认证 + Token Server)
+ ```
+
+* 确定命名空间
+
+ 本产品安装过程中所须的命名空间如下:
+
+ ```
+ authx-minio Minio文件服务
+
+ agent-service Agent Service 代理服务
+
+ authx-service 用户授权相关服务
+
+ jobs-server 同步服务
+
+ cas-server 认证(CAS 认证 + Token Server)
+ ```
+
+
+### 域名准备
+
+* 确定域名
+
+ 首先明确是否使用泛域名,如:`*.paas.xxx.edu.cn`,或 直接使用学校域名 `xxx.edu.cn`
+
+ 本产品安装需要的域名如下:
+ ```
+ authx-minio.paas.xxx.edu.cn 文件服务
+
+ security-center.paas.xxx.edu.cn 安全中心
+
+ cas.paas.xxx.edu.cn CAS 认证(视具体情况,可调整)
+ token.paas.xxx.edu.cn Token 认证(APP适用)
+ ```
+
+ 如果使用 学校域名,则去除 .paas 即可,同时申请开通相关域名
+
+
+
+## 开始安装
+
+### 数据库安装(略)
+
+* 确定服务地址、端口
+
+ 明确MySQL 数据库的 IP、端口
+
+
+### 数据库创建
+
+* 数据库帐号
+
+ 以下是 各服务对应的数据库帐号
+
+ 服务 | 数据库帐号
+ - | -
+ 第三方代理服务 thridparty-agent-service | agent_service
+ - | -
+ 用户服务 user-data-service | user
+ 授权服务 user-authorization-service | user_authz
+ - | -
+ 认证服务 cas-server | cas_server
+ 认证服务(APP适用) token-server | token_server
+ - | -
+ v4认证迁移数据 | tmp_data
+
+ 命令:
+ **请修改命令中的 `your_password` 为实际的数据库用户的密码**
+ ```
+ create user 'agent_service'@'%' identified with mysql_native_password by 'your_password';
+
+ create user 'user'@'%' identified with mysql_native_password by 'your_password';
+ create user 'user_authz'@'%' identified with mysql_native_password by 'your_password';
+ create user 'cas_server'@'%' identified with mysql_native_password by 'your_password';
+ create user 'token_server'@'%' identified with mysql_native_password by 'your_password';
+
+ create user 'tmp_data'@'%' identified with mysql_native_password by 'your_password';
+ ```
+
+
+* 数据库
+
+ 以下是 各服务对应的数据库
+
+ 服务 | 数据库
+ - | -
+ 第三方代理服务 thridparty-agent-service | agent_service
+ - | -
+ 用户服务 user-data-service | user
+ 授权服务 user-authorization-service | user_authz
+ - | -
+ 认证服务 cas-server | cas_server
+ 认证服务(APP适用) token-server | token_server
+ - | -
+ v4认证迁移数据 | tmp_data
+
+ 命令:
+ ```
+ create database `agent_service` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+
+ create database `user` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ create database `user_authz` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ create database `cas_server` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ create database `token_server` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+
+ create database `tmp_data` DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
+ ```
+
+
+* 数据库权限授予
+
+ 将 database 的权限授予对应的帐号
+
+ 命令:
+ ```
+ grant all privileges on `agent_service`.* to 'agent_service'@'%' with grant option;
+
+ grant all privileges on `user`.* to 'user'@'%' with grant option;
+ grant all privileges on `user_authz`.* to 'user_authz'@'%' with grant option;
+ grant all privileges on `cas_server`.* to 'cas_server'@'%' with grant option;
+ grant all privileges on `token_server`.* to 'token_server'@'%' with grant option;
+
+ grant all privileges on `tmp_data`.* to 'tmp_data'@'%' with grant option;
+ ```
+
+
+* SUPER 权限授予
+
+ 由于 部分帐号 需要创建 触发器,故,需要 SUPER 权限
+ 涉及帐号有 user、user_authz、cas_server
+
+ 命令:
+ ```
+ grant SUPER on *.* to 'user'@'%';
+ grant SUPER on *.* to 'user_authz'@'%';
+ grant SUPER on *.* to 'cas_server'@'%';
+
+ grant SUPER on *.* to 'tmp_data'@'%';
+ ```
+
+
+* 用户数据的交换帐号
+
+ **待部署完成后操作**
+
+ 如果,存在数据交换 须将组织机构数据、帐号数据 同步到用户服务的数据库的
+ 则,需要创建一个 交换用的数据库帐号(user_trans),并为该帐号授予 表 user.TMP_ORGANIZATION_ORIGIN、user.TMP_ACCOUNT_ORIGIN 的读写操作的权限
+
+ 命令:
+ ```
+ create user 'user_trans'@'%' identified with mysql_native_password by 'your_password';
+
+ grant select on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ORGANIZATION_ORIGIN` to 'user_trans'@'%';
+
+ grant select on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ACCOUNT_ORIGIN` to 'user_trans'@'%';
+
+ grant select on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ORGANIZATION_TRANS` to 'user_trans'@'%';
+
+ grant select on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ grant insert on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ grant update on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ grant delete on `user`.`TMP_ACCOUNT_TRANS` to 'user_trans'@'%';
+ ```
+
+
+### rancher 部署(应用商店)
+
+#### minio
+
+命名空间: authx-minio
+
+* MINIO配置
+ 模式: standalone
+
+ Access Key: `1y8N@8R@a_2u`
+ Secret Key: `8pxlIe9#lN7Q`
+
+ 域名: `authx-minio.paas.xxx.edu.cn` ,请修改为实际的学校域名
+
+ Default storageClass: <请选择存储类>
+
+
+#### agent-service
+
+命名空间: agent-service
+
+* 外部MYSQL-连接配置
+ 外部MySQL host: <请填写数据库服务的IP地址>
+ 外部MySQL port: <请填写数据库服务的端口>
+
+* AGENT SERVICE - MYSQL数据库配置
+ 用户名: `agent_service` ,固定值、或按实际情况修改
+ 密码: <请填写创建的数据库用户的密码>
+ 数据库名: `agent_service` ,固定值、或按实际情况修改
+
+* 文件服务设置
+ Minio Url: `http://minio.authx-minio.svc.cluster.local:9000` ,若 minio 的命名空间有调整,请修改
+ Minio Access Key: `1y8N@8R@a_2u`
+ Minio Secret Key: `8pxlIe9#lN7Q`
+
+* 邮箱服务配置
+ 邮件发送模式: smtp
+ SMTP Host:
+ SMTP Port:
+ SMTP Secure Mode:
+ SMTP 用户名:
+ SMTP 密码:
+ SMTP 发件人名称:
+
+* 短信服务配置
+ 短信发送模式: aliyun 对接阿里云的短信服务
+ 阿里云短信接口地域: cn-hangzhou
+ 阿里云短信接口Access Key:
+ 阿里云短信接口Access Secret:
+
+
+#### authx-service
+
+命名空间: authx-service
+
+* REDIS配置 - 安全配置
+ Redis密码: `8KuwoslOiuw7H`
+
+ Default Storage Class: <请选择存储类>
+
+* RABBITMQ配置 - 安全配置
+ 用户名: guest
+ 密码: guest
+
+
+* MYSQL数据库配置 - 服务地址
+ MySQL服务 host: <请填写数据库服务的IP地址>
+ MySQL服务 port: <请填写数据库服务的端口>
+
+* MYSQL数据库配置 - 用户服务
+
+ 用户名: `user` ,固定值、或按实际情况修改
+ 密码: <请填写创建的数据库用户的密码>
+ 数据库名: `user` ,固定值、或按实际情况修改
+
+* MYSQL数据库配置 - 授权服务
+
+ 用户名: `user_authz` ,固定值、或按实际情况修改
+ 密码: <请填写创建的数据库用户的密码>
+ 数据库名: `user_authz` ,固定值、或按实际情况修改
+
+
+* 域名全局设置
+
+ 根域名: `paas.<school>.edu.cn` ,请修改为实际的学校域名
+
+* 域名配置 - 安全中心
+
+ 子域名: `security-center` ,若须修改,根据实际情况修改即可
+
+
+* POA 设置
+
+ POA网关地址: `http://poa.paas.<school>.edu.cn` ,请设置为 poa 网关的外网地址
+ POA SA地址: 请设置为 poa-sa 管理接口的 k8s 内部地址(根据实际部署的 POA 进行调整)
+
+
+* 依赖服务 - 文件服务设置
+
+ Minio外网地址: `http://authx-minio.paas.<school>.edu.cn` ,请设置为 minio 的外网地址
+
+* 依赖服务 - 认证设置
+
+ CAS认证地址: `http://cas.paas.<school>.edu.cn/cas` ,请设置为 cas 认证的外网地址
+
+
+* 依赖 API - AGENT SERVICE
+
+ Agent Service API内部地址: `http://agent-service.agent-service.svc.cluster.local:8080` ,固定值,若 agent-service 的命名空间有调整,请修改
+
+ Agent Service 文件上传路径: `/api/v1/tpas/file/minio` ,一般不用修改
+ Agent Service 邮件发送路径: `/api/v1/tpas/mail/smtp` ,一般不用修改
+ Agent Service 短信发送路径: `/api/v1/tpas/sms/aliyun` , 若不使用阿里云短信服务,须修改
+
+* 依赖 API - CAS SERVER
+
+ CAS内部地址: `http://cas-server-webapp.cas-server.svc.cluster.local:8080/cas` ,固定值,若 cas-server 的命名空间有调整,请修改
+ CAS SA API内部地址: `http://cas-server-sa.cas-server.svc.cluster.local:8080` ,固定值,若 cas-server 的命名空间有调整,请修改
+
+
+
+#### jobs-server
+
+命名空间: jobs-server
+
+* 外部RABBITMQ - 连接配置
+
+ 外部RabbitMQ host: `authx-service-rabbitmq.authx-service.svc.cluster.local` ,连接 authx-service 的rabbitmq, 若 authx-service 的命名空间有调整,请修改
+ 外部RabbitMQ port: 5672
+
+* RABBITMQ配置 - 安全配置
+
+ 用户名: guest
+ 密码: guest
+
+* 用户数据 - 数据源配置
+
+ JDBC URL: `jdbc:mysql://authx-service-mysql-server.authx-service.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai` ,连接 authx-service 的mysql,若 authx-service 的命名空间有调整,请修改
+ JDBC用户名: user
+ JDBC密码: <请填写创建的数据库用户的密码>
+
+* 用户数据 - API设置
+
+ GOA API地址: `http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080` ,固定值,若 authx-service 的命名空间有调整,请修改
+
+
+#### cas-server
+
+命名空间: cas-server
+
+* REDIS配置 - 安全配置
+ Redis密码: `8KuwoslOiuw7H`
+
+ Default Storage Class: <请选择存储类>
+
+* RABBITMQ配置 - 安全配置
+ 用户名: guest
+ 密码: guest
+
+
+* MYSQL数据库配置 - 服务地址
+ MySQL服务 host: <请填写数据库服务的IP地址>
+ MySQL服务 port: <请填写数据库服务的端口>
+
+* MYSQL数据库配置 - CAS 认证
+
+ 用户名: `cas_server` ,固定值、或按实际情况修改
+ 密码: <请填写创建的数据库用户的密码>
+ 数据库名: `cas_server` ,固定值、或按实际情况修改
+
+* MYSQL数据库配置 - Token Server
+
+ 用户名: `token_server` ,固定值、或按实际情况修改
+ 密码: <请填写创建的数据库用户的密码>
+ 数据库名: `token_server` ,固定值、或按实际情况修改
+
+
+* 域名全局设置
+
+ 根域名: `paas.<school>.edu.cn` ,请修改为实际的学校域名
+
+* 域名配置 - CAS 认证
+
+ 子域名: `cas` ,若须修改,根据实际情况修改即可
+
+* 域名配置 - Token Server
+
+ 子域名: `token` ,若须修改,根据实际情况修改即可
+
+
+* POA 设置
+
+ POA网关地址: `http://poa.paas.<school>.edu.cn` ,请设置为 poa 网关的外网地址
+ POA SA地址: 请设置为 poa-sa 管理接口的 k8s 内部地址(根据实际部署的 POA 进行调整)
+
+
+* 依赖 API - AGENT SERVICE
+
+ Agent Service 内部地址: `http://agent-service.agent-service.svc.cluster.local:8080` ,固定值,若 agent-service 的命名空间有调整,请修改
+
+ Agent Service 文件上传路径: `/api/v1/tpas/file/minio` ,一般不用修改
+ Agent Service 邮件发送路径: `/api/v1/tpas/mail/smtp` ,一般不用修改
+ Agent Service 短信发送路径: `/api/v1/tpas/sms/aliyun` , 若不使用阿里云短信服务,须修改
+
+* 依赖 API - 用户服务
+
+ 用户数据API内部地址: `http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080` ,固定值,若 authx-service 的命名空间有调整,请修改
+
+* 依赖 API - 授权服务
+
+ 用户授权API内部地址: `http://authx-service-user-authz-service-sa.authx-service.svc.cluster.local:8080` ,固定值,若 authx-service 的命名空间有调整,请修改
+
+
+
+* 动态密码
+
+ 动态密码短信标题: 认证中心,固定值
+ 动态密码短信模板: 请修改为合适的短信模板
+
+* JWT 公私钥
+
+ 参考 certs/jwt/readme.md 生成公私钥pem,修改相关配置(请使用与 token-server 一致的公私钥)
+
+ JWT私钥:
+ JWT公钥:
+
+
+* CAS认证 - 图片验证码
+
+ 启用图片验证码: 是 or 否
+
+
+* CAS认证 - 持久卷
+
+ Default Storage Class: <请选择存储类>
+
+
+* CAS认证 - DATAX数据库配置
+
+ 数据源JdbcUrl: `jdbc:mysql://authx-service-mysql-server.authx-service.svc.cluster.local:3306/user?serverTimezone=Asia/Shanghai` ,连接 authx-service 的mysql,若 authx-service 的命名空间有调整,请修改
+ 数据源用户名: user
+ 数据源密码: <请填写创建的数据库用户的密码>
+
+
+
+* TOKEN SERVER - 消息服务
+
+ 是否开启消息服务: true or false,默认 false
+ 消息服务应用ID: 由消息服务提供
+
+
+* TOKEN SERVER - POA CLIENT
+
+ Client Id: 从 POA 进行申请
+ Client Secret: 从 POA 进行申请
+
+
+* TOKEN SERVER - 人脸服务配置
+ 可与 新开普人脸平台 或 百度人脸服务 进行对接
+
+ 人脸登录类型: aiface: 新开普人脸, aipface: 百度人脸
+
+ **以下配置从 新开普人脸平台 申请**
+ 新开普人脸登录Url:
+ 新开普人脸登录App Key:
+ 新开普人脸登录App Secret:
+ 新开普人脸登录Secret Key:
+ 新开普人脸登录Term Code:
+
+ **以下配置从 百度开放平台 申请**
+ 百度人脸登录App Id:
+ 百度人脸登录Api Key:
+ 百度人脸登录Secret Key:
+
diff --git "a/deploy-manifests/charts/1.2.0001.\350\256\244\350\257\201\346\216\210\346\235\203-\350\256\244\350\257\201\345\257\271\346\216\245\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\345\256\211\345\205\250\344\270\255\345\277\203\357\274\211.md" "b/deploy-manifests/charts/1.2.0001.\350\256\244\350\257\201\346\216\210\346\235\203-\350\256\244\350\257\201\345\257\271\346\216\245\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\345\256\211\345\205\250\344\270\255\345\277\203\357\274\211.md"
new file mode 100644
index 0000000..8e6f6ed
--- /dev/null
+++ "b/deploy-manifests/charts/1.2.0001.\350\256\244\350\257\201\346\216\210\346\235\203-\350\256\244\350\257\201\345\257\271\346\216\245\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\345\256\211\345\205\250\344\270\255\345\277\203\357\274\211.md"
@@ -0,0 +1,69 @@
+
+# 认证授权 - 认证对接数据初始化.md
+
+
+[TOC]
+
+
+## 文档说明
+
+
+
+## 操作指南
+
+
+
+
+## 初始化数据
+
+
+### 创建认证对接应用
+
+为了支持 安全中心 能够实现单点登录,需要在认证 的 TB_SERVICE 里初始化配置信息
+
+
+#### 方式,SQL脚本
+
+连接至 cas_server 数据库,执行以下 SQL脚本
+
+```sql
+
+-- 更新 服务 personal-security-center 的信息(废弃)
+update TB_SERVICE
+set
+ INFORMATION_URL='http://personal-security-center.paas.example.com',
+ LOGOUT_URL='http://personal-security-center.paas.example.com/slo?redirect_uri=http://security-center.paas.example.com/?clearCertification=clearCertification',
+ SERVICE_ID='http://personal-security-center.paas.example.com/cas/(.*)'
+where ID='2'; -- todo, modify
+
+
+-- security-center-ui 认证对接信息
+INSERT INTO `TB_SERVICE` (`ID`, `COMPANY_ID`, `DELETED`, `ADD_ACCOUNT`, `ADD_TIME`,
+ `NAME`, `DESCRIPTION`, `INFORMATION_URL`, `LOGOUT_URL`,
+ `RESPONSE_TYPE`, `LOGOUT_TYPE`,
+ `EVALUATION_ORDER`, `FRIENDLY_NAME`, `REGISTERED_SERVICE_ID`, `SERVICE_ID`,
+ `ENABLED`, `SSO_ENABLED`, `REQUIRE_ALL_ATTRIBUTES`,
+ `APPLICATION_ID`, `EXTERNAL_ID`)
+VALUES ('22', '1', 0, 'admin', '2020-07-01 00:00:00',
+ '安全中心', '安全中心', 'https://security-center.paas.example.com', 'https://security-center.paas.example.com/?clearCertification=clearCertification',
+ 'REDIRECT', 'FRONT_CHANNEL',
+ 22, '安全中心', 22, 'https://security-center.paas.example.com/(.*)',
+ 1, 1, 1,
+ '22', '22');
+
+commit;
+
+-- 修改根域名
+update TB_SERVICE
+set
+ INFORMATION_URL='http://security-center.paas.example.com',
+ LOGOUT_URL='http://security-center.paas.example.com/?clearCertification=clearCertification',
+ SERVICE_ID='http://security-center.paas.example.com/(.*)',
+ ID_TOKEN_ENABLED=1,
+ JWT_AS_SERVICE_TICKET=1,
+ APPLICATION_DOMAIN='security-center.paas.example.com'
+where ID='22'; -- todo, modify
+
+commit;
+
+```
\ No newline at end of file
diff --git "a/deploy-manifests/charts/1.2.0002.\350\256\244\350\257\201\346\216\210\346\235\203-\346\216\210\346\235\203\346\234\215\345\212\241\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\350\247\222\350\211\262\357\274\211.md" "b/deploy-manifests/charts/1.2.0002.\350\256\244\350\257\201\346\216\210\346\235\203-\346\216\210\346\235\203\346\234\215\345\212\241\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\350\247\222\350\211\262\357\274\211.md"
new file mode 100644
index 0000000..ae3dd4b
--- /dev/null
+++ "b/deploy-manifests/charts/1.2.0002.\350\256\244\350\257\201\346\216\210\346\235\203-\346\216\210\346\235\203\346\234\215\345\212\241\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210\350\247\222\350\211\262\357\274\211.md"
@@ -0,0 +1,83 @@
+
+# 认证授权 - 授权服务数据初始化.md
+
+
+[TOC]
+
+
+## 文档说明
+
+
+
+## 操作指南
+
+
+
+
+## 初始化数据
+
+
+### 创建授权应用
+
+#### 方式,SQL脚本
+
+连接至 user_authz 数据库,执行以下 SQL脚本
+
+```sql
+INSERT INTO TB_R_SYSTEM (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME,
+ BUSINESS_DOMAIN_ID,
+ CODE, NAME, ENABLED)
+VALUES ('10', '1', 0, 'admin', '2019-07-01 00:00:00',
+ '1',
+ '10', '用户授权', 1);
+
+INSERT INTO TB_APPLICATION (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME,
+ BUSINESS_DOMAIN_ID, SYSTEM_ID,
+ NAME, APPLICATION_ID, SYNC_URL, ENABLED)
+VALUES ('10', '1', 0, 'admin', '2019-07-01 00:00:00',
+ '1', '10',
+ '用户授权', '10', '', 1);
+
+commit;
+```
+
+
+### 创建应用角色
+
+#### 方式,SQL脚本
+
+连接至 user_authz 数据库,执行以下 SQL脚本
+
+```sql
+use user_authz;
+
+INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID)
+VALUES ('20', '1', 0, 'admin', '2019-07-01 00:00:00', '10', 'cas-admin', '认证管理员', '认证管理员', 1, '20');
+
+INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID)
+VALUES ('30', '1', 0, 'admin', '2019-07-01 00:00:00', '10', 'user-admin', '用户管理员', '用户管理员', 1, '30');
+
+INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID)
+VALUES ('40', '1', 0, 'admin', '2019-07-01 00:00:00', '10', 'user-authz-admin', '授权管理员', '授权管理员', 1, '40');
+INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID)
+VALUES ('41', '1', 0, 'admin', '2019-07-01 00:00:00', '10', 'user-authz-grant-admin', '用户授权管理员', '用户授权管理员', 1, '41');
+INSERT INTO TB_ROLE (ID, COMPANY_ID, DELETED, ADD_ACCOUNT, ADD_TIME, APPLICATION_ID, CODE, NAME, DESCRIPTION, ENABLED, EXTERNAL_ID)
+VALUES ('42', '1', 0, 'admin', '2019-07-01 00:00:00', '10', 'user-authz-man-grant-admin', '分级授权管理员', '分级授权管理员', 1, '42');
+
+commit;
+```
+
+若角色已经存在,更新
+
+```sql
+use user_authz;
+
+UPDATE TB_ROLE SET APPLICATION_ID='10' WHERE ID IN ('20', '30', '40', '41', '42');
+
+commit;
+```
+
+
+
+
+
diff --git "a/deploy-manifests/charts/1.2.0003.\350\256\244\350\257\201\346\216\210\346\235\203-\344\272\221\345\271\263\345\217\260\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210API\350\267\257\347\224\261\343\200\201\345\272\224\347\224\250\343\200\201\350\217\234\345\215\225\343\200\201\350\247\222\350\211\262\346\235\203\351\231\220\357\274\211.md" "b/deploy-manifests/charts/1.2.0003.\350\256\244\350\257\201\346\216\210\346\235\203-\344\272\221\345\271\263\345\217\260\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210API\350\267\257\347\224\261\343\200\201\345\272\224\347\224\250\343\200\201\350\217\234\345\215\225\343\200\201\350\247\222\350\211\262\346\235\203\351\231\220\357\274\211.md"
new file mode 100644
index 0000000..7087298
--- /dev/null
+++ "b/deploy-manifests/charts/1.2.0003.\350\256\244\350\257\201\346\216\210\346\235\203-\344\272\221\345\271\263\345\217\260\346\225\260\346\215\256\345\210\235\345\247\213\345\214\226\357\274\210API\350\267\257\347\224\261\343\200\201\345\272\224\347\224\250\343\200\201\350\217\234\345\215\225\343\200\201\350\247\222\350\211\262\346\235\203\351\231\220\357\274\211.md"
@@ -0,0 +1,803 @@
+
+# 认证授权-云平台数据初始化
+
+
+[TOC]
+
+
+## 文档说明
+
+
+
+## 操作指南
+
+
+
+
+## 初始化数据
+
+
+### 创建路由
+
+#### 方式一,手动添加
+
+进入 云平台 - 基础管理 - 路由管理,添加路由记录
+
+注:
+* 路由前缀 如:`/api/v1/sample/**`,确保与其他路由信息 **不存在冲突**
+* 后端服务地址 如:`http://xxx.sample.edu.cn`
+* 是否丢弃前缀,若是,转发到后端服务时的请求为 `http://xxx.sample.edu.cn/**`,否则为 `http://xxx.sample.edu.cn/api/v1/sample/**`
+
+
+代码 | 名称 | 描述 | 是否启用 | 路由前缀 | 路由服务地址 | 是否丢弃前缀
+- | - | - | - | - | - | - | -
+authx-service-user-api | 认证授权 - 用户接口 | | 是 | /api/v1/base | http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080 | 否
+authx-service-personal-api | 认证授权 - 个人信息接口 | | 是 | /api/v1/personal | http://authx-service-personal-security-center-bff.authx-service.svc.cluster.local:8080/api/v1 | 是
+authx-service-admin-api | 认证授权 - 聚合接口(认证、授权) | | 是 | /api/v2/admin | http://authx-service-bff.authx-service.svc.cluster.local:8080 | 否
+authx-service-open-api | 认证授权 - 聚合接口(公开) | | 是 | /api/v2/open | http://authx-service-bff.authx-service.svc.cluster.local:8080 | 否
+
+
+#### 方式二,bash脚本
+
+```json
+{"id": "20", "code": "authx-service-user-api", "name":"认证授权 - 用户接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/base", "url":"http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080", "stripPrefix":false}
+
+{"id": "40", "code": "authx-service-personal-api", "name":"认证授权 - 个人信息接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/personal", "url":"http://authx-service-personal-security-center-bff.authx-service.svc.cluster.local:8080/api/v1", "stripPrefix":true}
+
+{"id": "21", "code": "authx-service-admin-api", "name":"认证授权 - 聚合接口(认证、授权)", "memo":"", "status":"1", "pathPrefix":"/api/v2/admin", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false}
+{"id": "22", "code": "authx-service-open-api", "name":"认证授权 - 聚合接口(公开)", "memo":"", "status":"1", "pathPrefix":"/api/v2/open", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false}
+```
+
+```bash
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \
+-d \
+'
+{"id": "20", "code": "authx-service-user-api", "name":"认证授权 - 用户接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/base", "url":"http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080", "stripPrefix":false}
+'
+
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \
+-d \
+'
+{"id": "40", "code": "authx-service-personal-api", "name":"认证授权 - 个人信息接口", "memo":"", "status":"1", "pathPrefix":"/api/v1/personal", "url":"http://authx-service-personal-security-center-bff.authx-service.svc.cluster.local:8080/api/v1", "stripPrefix":true}
+'
+
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \
+-d \
+'
+{"id": "21", "code": "authx-service-admin-api", "name":"认证授权 - 聚合接口(认证、授权)", "memo":"", "status":"1", "pathPrefix":"/api/v2/admin", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false}
+'
+
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/routes" -H 'Content-Type: application/json' \
+-d \
+'
+{"id": "22", "code": "authx-service-open-api", "name":"认证授权 - 聚合接口(公开)", "memo":"", "status":"1", "pathPrefix":"/api/v2/open", "url":"http://authx-service-bff-svc.authx-service.svc.cluster.local:8080", "stripPrefix":false}
+'
+```
+
+
+#### 方式三,SQL脚本
+
+连接至 admin_center 数据库,执行以下 SQL脚本
+
+```sql
+use admin_center;
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('20', 0, 'authx-service-user-api', '认证授权 - 用户接口', '1', '/api/v1/base', 'https://localhost:8022', 0);
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('40', 0, 'authx-service-personal-api', '认证授权 - 个人信息接口', '1', '/api/v1/personal', 'http://localhost:8041/api/v1', 1);
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('21', 0, 'authx-service-admin-api', '认证授权 - 聚合接口(认证、授权)', '1', '/api/v2/admin', 'http://localhost:8009', 0);
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('22', 0, 'authx-service-open-api', '认证授权 - 聚合接口(公开)', '1', '/api/v2/open', 'http://localhost:8009', 0);
+
+commit;
+
+update TB_MGT_ROUTE set URL='http://authx-service-user-data-service-goa.authx-service.svc.cluster.local:8080' where ID='20';
+
+update TB_MGT_ROUTE set URL='http://authx-service-personal-security-center-bff.authx-service.svc.cluster.local:8080/api/v1' where ID='40';
+
+update TB_MGT_ROUTE set URL='http://authx-service-bff-svc.authx-service.svc.cluster.local:8080' where ID='21';
+update TB_MGT_ROUTE set URL='http://authx-service-bff-svc.authx-service.svc.cluster.local:8080' where ID='22';
+
+commit;
+```
+
+
+### 创建应用
+
+#### 方式一,手动添加
+
+进入 云平台 - 基础管理 - 应用管理,添加应用
+
+应用标识 | 名称 | 描述 | 是否启用 | 应用访问地址
+- | - | - | - | -
+20 | 用户授权 | | 是 |
+
+
+#### 方式二,bash脚本
+
+```json
+{"id": "10", "code": "10", "name":"用户授权", "memo":"", "status":"1", "url":""}
+```
+
+
+```bash
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/applications" -H 'Content-Type: application/json' \
+-d \
+'
+{"id": "10", "code": "10", "name":"用户授权", "memo":"", "status":"1", "url":""}
+'
+```
+
+
+#### 方式三,SQL脚本
+
+连接至 admin_center 数据库,执行以下 SQL脚本
+
+```sql
+use admin_center;
+
+insert into TB_MGT_APPLICATION (ID, DELETED, CODE, NAME, STATUS)
+values ('10', 0, '10', '用户授权', '1');
+
+commit;
+```
+
+
+### 创建菜单
+
+#### 方式一,手动导入
+
+进入 云平台 - 基础管理 - 菜单管理,导入
+
+所属应用 选择 用户授权
+
+菜单列表(JSON)如下,(复制后粘贴)
+
+* 认证管理
+
+```json
+[
+ {
+ "id": "20000", "parentIdOrCode":"1", "code": "cas-server", "name": "认证管理", "memo": "", "status": "1",
+ "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "",
+ "order": 20000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20100", "parentIdOrCode":"20000", "code": "loginConfig", "name": "登录方式配置", "memo": "", "status": "1",
+ "icon": "su-icon-denglupeizhi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/loginConfig", "target": "",
+ "order": 20100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20200", "parentIdOrCode":"20000", "code": "safeLoginConfig", "name": "账号安全配置", "memo": "", "status": "1",
+ "icon": "su-icon-config-security", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/safeLoginConfig", "target": "",
+ "order": 20200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20300", "parentIdOrCode":"20000", "code": "accountActivationConfiguration", "name": "账号激活配置", "memo": "", "status": "1",
+ "icon": "su-icon-bulb", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/accountActivationConfiguration", "target": "",
+ "order": 20300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20400", "parentIdOrCode":"20000", "code": "safeConfig", "name": "安全策略配置", "memo": "", "status": "1",
+ "icon": "su-icon-celuepeizhi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/safeConfig", "target": "",
+ "order": 20400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20500", "parentIdOrCode":"20000", "code": "passwordConfig", "name": "密码策略配置", "memo": "", "status": "1",
+ "icon": "su-icon-mimacelue", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/passwordConfig", "target": "",
+ "order": 20500, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20600", "parentIdOrCode":"20000", "code": "serverManagement", "name": "应用对接配置", "memo": "", "status": "1",
+ "icon": "el-icon-service", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/serverManagement", "target": "",
+ "order": 20600, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20700", "parentIdOrCode":"20000", "code": "loginPageConfig", "name": "登录页面配置", "memo": "", "status": "1",
+ "icon": "su-icon-tongxunxinxi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/loginPageConfig", "target": "",
+ "order": 20700, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20800", "parentIdOrCode":"20000", "code": "linkLoginConfig", "name": "联合登录配置", "memo": "", "status": "1",
+ "icon": "su-icon-test", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/linkLoginConfig", "target": "",
+ "order": 20800, "resourceIdOrCodes": []
+ },
+ {
+ "id": "21000", "parentIdOrCode":"20000", "code": "lockManagement", "name": "认证锁定管理", "memo": "", "status": "1",
+ "icon": "su-icon-shouquanjiguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/lockManagement", "target": "",
+ "order": 21000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "21100", "parentIdOrCode":"20000", "code": "analyze", "name": "认证统计分析", "memo": "", "status": "1",
+ "icon": "su-icon-renzhengtongjifenxi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/analyze", "target": "",
+ "order": 21100, "resourceIdOrCodes": []
+ }
+]
+```
+
+* 用户管理
+
+```json
+[
+ {
+ "id": "30000", "parentIdOrCode":"1", "code": "user-server", "name": "用户管理", "memo": "", "status": "1",
+ "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "",
+ "order": 30000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30100", "parentIdOrCode":"30000", "code": "dictionary", "name": "字典管理", "memo": "", "status": "1",
+ "icon": "su-icon-zidian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/dictionary", "target": "",
+ "order": 30100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30200", "parentIdOrCode":"30000", "code": "identity", "name": "身份管理", "memo": "", "status": "1",
+ "icon": "su-icon-shenfen", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/identity", "target": "",
+ "order": 30200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30300", "parentIdOrCode":"30000", "code": "mechanism", "name": "组织机构管理", "memo": "", "status": "1",
+ "icon": "su-icon-department", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/mechanism", "target": "",
+ "order": 30300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30400", "parentIdOrCode":"30000", "code": "person", "name": "人员管理", "memo": "", "status": "1",
+ "icon": "su-icon-people", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/person", "target": "",
+ "order": 30400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30500", "parentIdOrCode":"30000", "code": "label", "name": "标签管理", "memo": "", "status": "1",
+ "icon": "su-icon-biaoqian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/label", "target": "",
+ "order": 30500, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30600", "parentIdOrCode":"30000", "code": "simpleUserGroupManage", "name": "普通用户组管理", "memo": "", "status": "1",
+ "icon": "su-icon-portrait", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/simpleUserGroupManage", "target": "",
+ "order": 30600, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30700", "parentIdOrCode":"30000", "code": "postUserGroupManage", "name": "岗位用户组管理", "memo": "", "status": "1",
+ "icon": "su-icon-personnel", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/postUserGroupManage", "target": "",
+ "order": 30700, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30750", "parentIdOrCode":"30000", "code": "userScope", "name": "用户规则", "memo": "", "status": "1",
+ "icon": "el-icon-guide", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/userScope", "target": "",
+ "order": 30750, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30800", "parentIdOrCode":"30000", "code": "assignation", "name": "人员分配", "memo": "", "status": "1",
+ "icon": "su-icon-tihuanbanliren", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/assignation", "target": "",
+ "order": 30800, "resourceIdOrCodes": []
+ },
+ {
+ "id": "31000", "parentIdOrCode":"30000", "code": "activateAccount", "name": "账号激活审核", "memo": "", "status": "1",
+ "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/activateAccount", "target": "",
+ "order": 31000, "resourceIdOrCodes": []
+ }
+]
+```
+
+* 授权管理
+
+```json
+[
+ {
+ "id": "40000", "parentIdOrCode":"1", "code": "authorization-server", "name": "授权管理", "memo": "", "status": "1",
+ "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "",
+ "order": 40000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40100", "parentIdOrCode":"40000", "code": "applicationRole", "name": "角色授权", "memo": "", "status": "1",
+ "icon": "su-icon-yingyongjuese", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/applicationRole", "target": "",
+ "order": 40100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40200", "parentIdOrCode":"40000", "code": "authorizationRoleComponent", "name": "角色组授权", "memo": "", "status": "1",
+ "icon": "su-icon-juesezu", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationRoleComponent", "target": "",
+ "order": 40200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40300", "parentIdOrCode":"40000", "code": "userAuthManagePeople", "name": "用户授权", "memo": "", "status": "1",
+ "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAuthManagePeople", "target": "",
+ "order": 40300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40400", "parentIdOrCode":"40000", "code": "roleAuthManagement", "name": "用户规则授权", "memo": "", "status": "1",
+ "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/roleAuthManagement", "target": "",
+ "order": 40400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40500", "parentIdOrCode":"40000", "code": "userGroupAuth", "name": "用户组授权", "memo": "", "status": "1",
+ "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userGroupAuth", "target": "",
+ "order": 40500, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40900", "parentIdOrCode":"40000", "code": "authorizationAndManagement", "name": "分级授权管理", "memo": "", "status": "1",
+ "icon": "su-icon-shouquanjiguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationAndManagement", "target": "",
+ "order": 40900, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41100", "parentIdOrCode":"40000", "code": "accountAuthorizationAudit", "name": "账号授权审计", "memo": "", "status": "1",
+ "icon": "su-icon-zhsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/accountAuthorizationAudit", "target": "",
+ "order": 41100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41200", "parentIdOrCode":"40000", "code": "userAudit", "name": "用户规则权限审计", "memo": "", "status": "1",
+ "icon": "su-icon-yhgzqxsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAudit", "target": "",
+ "order": 41200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41300", "parentIdOrCode":"40000", "code": "rolePermissionAudit", "name": "角色/组授权审计", "memo": "", "status": "1",
+ "icon": "su-icon-jszsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/rolePermissionAudit", "target": "",
+ "order": 41300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41400", "parentIdOrCode":"40000", "code": "authOperationsAudit", "name": "权限操作审计", "memo": "", "status": "1",
+ "icon": "su-icon-qxczsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authOperationsAudit", "target": "",
+ "order": 41400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41500", "parentIdOrCode":"40000", "code": "authStatisticalMonitor", "name": "授权统计监控", "memo": "", "status": "1",
+ "icon": "su-icon-sqtjjk", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authStatisticalMonitor", "target": "",
+ "order": 41500, "resourceIdOrCodes": []
+ }
+]
+```
+
+
+#### 方式二,bash脚本
+
+* 认证管理
+
+```bash
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \
+-d \
+'
+{
+ "applicationId": "10",
+ "menuList":
+ [
+ {
+ "id": "20000", "parentIdOrCode":"1", "code": "cas-server", "name": "认证管理", "memo": "", "status": "1",
+ "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "",
+ "order": 20000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20100", "parentIdOrCode":"20000", "code": "loginConfig", "name": "登录方式配置", "memo": "", "status": "1",
+ "icon": "su-icon-denglupeizhi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/loginConfig", "target": "",
+ "order": 20100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20200", "parentIdOrCode":"20000", "code": "safeLoginConfig", "name": "账号安全配置", "memo": "", "status": "1",
+ "icon": "su-icon-config-security", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/safeLoginConfig", "target": "",
+ "order": 20200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20300", "parentIdOrCode":"20000", "code": "accountActivationConfiguration", "name": "账号激活配置", "memo": "", "status": "1",
+ "icon": "su-icon-bulb", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/accountActivationConfiguration", "target": "",
+ "order": 20300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20400", "parentIdOrCode":"20000", "code": "safeConfig", "name": "安全策略配置", "memo": "", "status": "1",
+ "icon": "su-icon-celuepeizhi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/safeConfig", "target": "",
+ "order": 20400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20500", "parentIdOrCode":"20000", "code": "passwordConfig", "name": "密码策略配置", "memo": "", "status": "1",
+ "icon": "su-icon-mimacelue", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/passwordConfig", "target": "",
+ "order": 20500, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20600", "parentIdOrCode":"20000", "code": "serverManagement", "name": "应用对接配置", "memo": "", "status": "1",
+ "icon": "el-icon-service", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/serverManagement", "target": "",
+ "order": 20600, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20700", "parentIdOrCode":"20000", "code": "loginPageConfig", "name": "登录页面配置", "memo": "", "status": "1",
+ "icon": "su-icon-tongxunxinxi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/loginPageConfig", "target": "",
+ "order": 20700, "resourceIdOrCodes": []
+ },
+ {
+ "id": "20800", "parentIdOrCode":"20000", "code": "linkLoginConfig", "name": "联合登录配置", "memo": "", "status": "1",
+ "icon": "su-icon-test", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/linkLoginConfig", "target": "",
+ "order": 20800, "resourceIdOrCodes": []
+ },
+ {
+ "id": "21000", "parentIdOrCode":"20000", "code": "lockManagement", "name": "认证锁定管理", "memo": "", "status": "1",
+ "icon": "su-icon-shouquanjiguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/lockManagement", "target": "",
+ "order": 21000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "21100", "parentIdOrCode":"20000", "code": "analyze", "name": "认证统计分析", "memo": "", "status": "1",
+ "icon": "su-icon-renzhengtongjifenxi", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/cas-server/analyze", "target": "",
+ "order": 21100, "resourceIdOrCodes": []
+ }
+ ]
+}
+'
+```
+
+* 用户管理
+
+```bash
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \
+-d \
+'
+{
+ "applicationId": "10",
+ "menuList":
+ [
+ {
+ "id": "30000", "parentIdOrCode":"1", "code": "user-server", "name": "用户管理", "memo": "", "status": "1",
+ "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "",
+ "order": 30000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30100", "parentIdOrCode":"30000", "code": "dictionary", "name": "字典管理", "memo": "", "status": "1",
+ "icon": "su-icon-zidian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/dictionary", "target": "",
+ "order": 30100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30200", "parentIdOrCode":"30000", "code": "identity", "name": "身份管理", "memo": "", "status": "1",
+ "icon": "su-icon-shenfen", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/identity", "target": "",
+ "order": 30200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30300", "parentIdOrCode":"30000", "code": "mechanism", "name": "组织机构管理", "memo": "", "status": "1",
+ "icon": "su-icon-department", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/mechanism", "target": "",
+ "order": 30300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30400", "parentIdOrCode":"30000", "code": "person", "name": "人员管理", "memo": "", "status": "1",
+ "icon": "su-icon-people", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/person", "target": "",
+ "order": 30400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30500", "parentIdOrCode":"30000", "code": "label", "name": "标签管理", "memo": "", "status": "1",
+ "icon": "su-icon-biaoqian", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/label", "target": "",
+ "order": 30500, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30600", "parentIdOrCode":"30000", "code": "simpleUserGroupManage", "name": "普通用户组管理", "memo": "", "status": "1",
+ "icon": "su-icon-portrait", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/simpleUserGroupManage", "target": "",
+ "order": 30600, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30700", "parentIdOrCode":"30000", "code": "postUserGroupManage", "name": "岗位用户组管理", "memo": "", "status": "1",
+ "icon": "su-icon-personnel", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/postUserGroupManage", "target": "",
+ "order": 30700, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30750", "parentIdOrCode":"30000", "code": "userScope", "name": "用户规则", "memo": "", "status": "1",
+ "icon": "el-icon-guide", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/userScope", "target": "",
+ "order": 30750, "resourceIdOrCodes": []
+ },
+ {
+ "id": "30800", "parentIdOrCode":"30000", "code": "assignation", "name": "人员分配", "memo": "", "status": "1",
+ "icon": "su-icon-tihuanbanliren", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/assignation", "target": "",
+ "order": 30800, "resourceIdOrCodes": []
+ },
+ {
+ "id": "31000", "parentIdOrCode":"30000", "code": "activateAccount", "name": "账号激活审核", "memo": "", "status": "1",
+ "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/user-server/activateAccount", "target": "",
+ "order": 31000, "resourceIdOrCodes": []
+ }
+ ]
+}
+'
+```
+
+* 授权管理
+
+```bash
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/menus/importMenu" -H 'Content-Type: application/json' \
+-d \
+'
+{
+ "applicationId": "10",
+ "menuList":
+ [
+ {
+ "id": "40000", "parentIdOrCode":"1", "code": "authorization-server", "name": "授权管理", "memo": "", "status": "1",
+ "icon": "", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/", "target": "",
+ "order": 40000, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40100", "parentIdOrCode":"40000", "code": "applicationRole", "name": "角色授权", "memo": "", "status": "1",
+ "icon": "su-icon-yingyongjuese", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/applicationRole", "target": "",
+ "order": 40100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40200", "parentIdOrCode":"40000", "code": "authorizationRoleComponent", "name": "角色组授权", "memo": "", "status": "1",
+ "icon": "su-icon-juesezu", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationRoleComponent", "target": "",
+ "order": 40200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40300", "parentIdOrCode":"40000", "code": "userAuthManagePeople", "name": "用户授权", "memo": "", "status": "1",
+ "icon": "su-icon-yonghushouquan", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAuthManagePeople", "target": "",
+ "order": 40300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40400", "parentIdOrCode":"40000", "code": "roleAuthManagement", "name": "用户规则授权", "memo": "", "status": "1",
+ "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/roleAuthManagement", "target": "",
+ "order": 40400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40500", "parentIdOrCode":"40000", "code": "userGroupAuth", "name": "用户组授权", "memo": "", "status": "1",
+ "icon": "su-icon-yonghuguize", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userGroupAuth", "target": "",
+ "order": 40500, "resourceIdOrCodes": []
+ },
+ {
+ "id": "40900", "parentIdOrCode":"40000", "code": "authorizationAndManagement", "name": "分级授权管理", "memo": "", "status": "1",
+ "icon": "su-icon-shouquanjiguanli", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authorizationAndManagement", "target": "",
+ "order": 40900, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41100", "parentIdOrCode":"40000", "code": "accountAuthorizationAudit", "name": "账号授权审计", "memo": "", "status": "1",
+ "icon": "su-icon-zhsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/accountAuthorizationAudit", "target": "",
+ "order": 41100, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41200", "parentIdOrCode":"40000", "code": "userAudit", "name": "用户规则权限审计", "memo": "", "status": "1",
+ "icon": "su-icon-yhgzqxsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/userAudit", "target": "",
+ "order": 41200, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41300", "parentIdOrCode":"40000", "code": "rolePermissionAudit", "name": "角色/组授权审计", "memo": "", "status": "1",
+ "icon": "su-icon-jszsqsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/rolePermissionAudit", "target": "",
+ "order": 41300, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41400", "parentIdOrCode":"40000", "code": "authOperationsAudit", "name": "权限操作审计", "memo": "", "status": "1",
+ "icon": "su-icon-qxczsj", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authOperationsAudit", "target": "",
+ "order": 41400, "resourceIdOrCodes": []
+ },
+ {
+ "id": "41500", "parentIdOrCode":"40000", "code": "authStatisticalMonitor", "name": "授权统计监控", "memo": "", "status": "1",
+ "icon": "su-icon-sqtjjk", "origin": "http://admin-platform.paas.xxx.edu.cn", "url": "/auth-server/authStatisticalMonitor", "target": "",
+ "order": 41500, "resourceIdOrCodes": []
+ }
+ ]
+}
+'
+```
+
+
+#### 方式三,SQL脚本
+
+连接至 admin_center 数据库,执行以下 SQL脚本
+
+* 认证管理
+
+```sql
+use admin_center;
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20000', 0, 'cas-server', '认证管理', '1', '2', '', '/', '10', '1', 20000, 1, 18, 33);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20100', 0, 'loginConfig', '登录方式配置', '1', '2', 'su-icon-denglupeizhi', '/cas-server/loginConfig', '10', '20000', 20100, 2, 19, 20);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20200', 0, 'safeLoginConfig', '账号安全配置', '1', '2', 'su-icon-config-security', '/cas-server/safeLoginConfig', '10', '20000', 20200, 2, 21, 22);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20300', 0, 'accountActivationConfiguration', '账号激活配置', '1', '2', 'su-icon-bulb', '/cas-server/accountActivationConfiguration', '10', '20000', 20300, 2, 23, 24);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20400', 0, 'safeConfig', '安全策略配置', '1', '2', 'su-icon-celuepeizhi', '/cas-server/safeConfig', '10', '20000', 20400, 2, 25, 26);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20500', 0, 'passwordConfig', '密码策略配置', '1', '2', 'su-icon-mimacelue', '/cas-server/passwordConfig', '10', '20000', 20500, 2, 27, 28);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20600', 0, 'serverManagement', '应用对接配置', '1', '2', 'el-icon-service', '/cas-server/serverManagement', '10', '20000', 20600, 2, 29, 30);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20700', 0, 'loginPageConfig', '登录页面配置', '1', '2', 'su-icon-tongxunxinxi', '/cas-server/loginPageConfig', '10', '20000', 20700, 2, 29, 30);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20800', 0, 'linkLoginConfig', '联合登录配置', '1', '2', 'su-icon-test', '/cas-server/linkLoginConfig', '10', '20000', 20800, 2, 29, 30);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('21000', 0, 'lockManagement', '认证锁定管理', '1', '2', 'su-icon-shouquanjiguanli', '/cas-server/lockManagement', '10', '20000', 21000, 2, 31, 32);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('21100', 0, 'analyze', '认证统计分析', '1', '2', 'su-icon-renzhengtongjifenxi', '/cas-server/analyze', '10', '20000', 21100, 2, 31, 32);
+
+commit;
+```
+
+* 用户管理
+
+```sql
+use admin_center;
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30000', 0, 'user-server', '用户管理', '1', '2', '', '/', '10', '1', 30000, 1, 34, 53);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30100', 0, 'dictionary', '字典管理', '1', '2', 'su-icon-zidian', '/user-server/dictionary', '10', '30000', 30100, 2, 35, 36);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30200', 0, 'identity', '身份管理', '1', '2', 'su-icon-shenfen', '/user-server/identity', '10', '30000', 30200, 2, 37, 38);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30300', 0, 'mechanism', '组织机构管理', '1', '2', 'su-icon-department', '/user-server/mechanism', '10', '30000', 30300, 2, 39, 40);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30400', 0, 'person', '人员管理', '1', '2', 'su-icon-people', '/user-server/person', '10', '30000', 30400, 2, 41, 42);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30500', 0, 'label', '标签管理', '1', '2', 'su-icon-biaoqian', '/user-server/label', '10', '30000', 30500, 2, 43, 44);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30600', 0, 'simpleUserGroupManage', '普通用户组管理', '1', '2', 'su-icon-portrait', '/user-server/simpleUserGroupManage', '10', '30000', 30600, 2, 45, 46);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30700', 0, 'postUserGroupManage', '岗位用户组管理', '1', '2', 'su-icon-personnel', '/user-server/postUserGroupManage', '10', '30000', 30700, 2, 47, 48);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30750', 0, 'userScope', '用户规则', '1', '1', 'el-icon-guide', '/user-server/userScope', '1', '30000', 30750, 2, 51, 52);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30800', 0, 'assignation', '人员分配', '1', '2', 'su-icon-tihuanbanliren', '/user-server/assignation', '10', '30000', 30800, 2, 49, 50);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('31000', 0, 'activateAccount', '账号激活审核', '1', '2', 'su-icon-yonghushouquan', '/user-server/activateAccount', '10', '30000', 31000, 2, 51, 52);
+
+commit;
+```
+
+* 授权管理
+
+```sql
+use admin_center;
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40000', 0, 'authorization-server', '授权管理', '1', '2', '', '/', '10', '1', 40000, 1, 54, 77);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40100', 0, 'applicationRole', '角色授权', '1', '2', 'su-icon-yingyongjuese', '/auth-server/applicationRole', '10', '40000', 40100, 2, 55, 56);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40200', 0, 'authorizationRoleComponent', '角色组授权', '1', '2', 'su-icon-juesezu', '/auth-server/authorizationRoleComponent', '10', '40000', 40200, 2, 57, 58);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40300', 0, 'userAuthManagePeople', '用户授权', '1', '2', 'su-icon-yonghushouquan', '/auth-server/userAuthManagePeople', '10', '40000', 40300, 2, 59, 60);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40400', 0, 'roleAuthManagement', '用户规则授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/roleAuthManagement', '10', '40000', 40400, 2, 61, 62);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40500', 0, 'userGroupAuth', '用户组授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/userGroupAuth', '10', '40000', 40500, 2, 63, 64);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40900', 0, 'authorizationAndManagement', '分级授权管理', '1', '2', 'su-icon-shouquanjiguanli', '/auth-server/authorizationAndManagement', '10', '40000', 40900, 2, 65, 66);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41100', 0, 'accountAuthorizationAudit', '账号授权审计', '1', '2', 'su-icon-zhsqsj', '/auth-server/accountAuthorizationAudit', '10', '40000', 41100, 2, 67, 68);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41200', 0, 'userAudit', '用户规则权限审计', '1', '2', 'su-icon-yhgzqxsj', '/auth-server/userAudit', '10', '40000', 41200, 2, 69, 70);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41300', 0, 'rolePermissionAudit', '角色/组授权审计', '1', '2', 'su-icon-jszsqsj', '/auth-server/rolePermissionAudit', '10', '40000', 41300, 2, 71, 72);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41400', 0, 'authOperationsAudit', '权限操作审计', '1', '2', 'su-icon-qxczsj', '/auth-server/authOperationsAudit', '10', '40000', 41400, 2, 73, 74);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41500', 0, 'authStatisticalMonitor', '授权统计监控', '1', '2', 'su-icon-sqtjjk', '/auth-server/authStatisticalMonitor', '10', '40000', 41500, 2, 75, 76);
+
+commit;
+```
+
+
+### 关联角色权限
+
+角色由授权服务进行初始化
+
+
+#### 方式一,手动导入
+
+进入 云平台 - 基础管理 - 菜单管理,导入
+
+所属应用 选择 用户授权
+
+菜单列表(JSON)如下,(复制后粘贴)
+
+```json
+[
+ {
+ "roleId": "20", "roleCode":"cas-admin",
+ "permissionIdOrCodes": ["20000", "20100", "20200", "20300", "20400", "20500", "20600", "20700", "20800", "21000", "21100"]
+ },
+ {
+ "roleId": "30", "roleCode": "user-admin",
+ "permissionIdOrCodes": ["30000", "30100", "30200", "30300", "30400", "30500", "30600", "30700", "30800", "31000"]
+ },
+ {
+ "roleId": "40", "roleCode": "user-authz-admin",
+ "permissionIdOrCodes": ["40000", "40100", "40200", "40300", "40400", "40500", "40900", "41100", "41200", "41300", "41400", "41500"]
+ },
+ {
+ "roleId": "41", "roleCode": "user-authz-grant-admin",
+ "permissionIdOrCodes": ["40000", "40100", "40300", "40400", "40500"]
+ },
+ {
+ "roleId": "42", "roleCode": "user-authz-man-grant-admin",
+ "permissionIdOrCodes": ["40000", "40900"]
+ }
+]
+```
+
+
+#### 方式二,bash脚本
+
+```bash
+curl -i -s -X POST "http://admin-platform-admin-center-sa.admin-platform.svc.cluster.local:8080/v1/admin/rolePermissions/importRolePermission" -H 'Content-Type: application/json' \
+-d \
+'
+{
+ "rolePermissionList":
+ [
+ {
+ "roleId": "20", "roleCode":"cas-admin",
+ "permissionIdOrCodes": ["20000", "20100", "20200", "20300", "20400", "20500", "20600", "20700", "20800", "21000", "21100"]
+ },
+ {
+ "roleId": "30", "roleCode": "user-admin",
+ "permissionIdOrCodes": ["30000", "30100", "30200", "30300", "30400", "30500", "30600", "30700", "30800", "31000"]
+ },
+ {
+ "roleId": "40", "roleCode": "user-authz-admin",
+ "permissionIdOrCodes": ["40000", "40100", "40200", "40300", "40400", "40500", "40900", "41100", "41200", "41300", "41400", "41500"]
+ },
+ {
+ "roleId": "41", "roleCode": "user-authz-grant-admin",
+ "permissionIdOrCodes": ["40000", "40100", "40300", "40400", "40500"]
+ },
+ {
+ "roleId": "42", "roleCode": "user-authz-man-grant-admin",
+ "permissionIdOrCodes": ["40000", "40900"]
+ }
+ ]
+}
+'
+```
+
+
+#### 方式三,SQL脚本
+
+连接至 admin_center 数据库,执行以下 SQL脚本
+
+```sql
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('20_', ID) as ID, 0 as DELETED, '20' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '2____' or ID='1'
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('30_', ID) as ID, 0 as DELETED, '30' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '3____' or ID='1'
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('40_', ID) as ID, 0 as DELETED, '40' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '4____' or ID='1'
+;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('41_', ID) as ID, 0 as DELETED, '41' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID in ('40000', '40100', '40300', '40400', '40500') or ID='1'
+;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('42_', ID) as ID, 0 as DELETED, '41' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID in ('40000', '40900') or ID='1'
+;
+
+commit;
+
+```
+
diff --git a/deploy-manifests/charts/certs/jwt/jwt_private_key.pem b/deploy-manifests/charts/certs/jwt/jwt_private_key.pem
new file mode 100644
index 0000000..e1c0db0
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/jwt_private_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAyor3CX6A6U4EoSHawtALiJoB0CkJnb/wmVkcVT5EmNupGVrV
+SeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qvrn+tdvj9Ck5k/6Tnp6HoKU/AQxA3
+tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjjzP4VQ4h4VseWNbfhXGK3vSes8oNn
+5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4O5ZcTtWnq+/qkoUB6z/52EnCMlto
+PmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K5UUH8fsxEe6oPtkvk9vVCCOZRmo0
+MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginjfwIDAQABAoIBAFbVhx3B54Cemyt9
+uS0mRpuU80wMG/xOqtcDtjrxjDVAj1m4cJLRh48swl62sulHMx0A4IgIYGR4IHbj
+NphTPqIASR0lmE6P14smZs6egksbzuCxlkCAW38TpQiBqZ5A3najTU3U75rkNpFA
+FVNciYV8NR+T5YvG26ZCJFMYW4+zLJnEmUuF2qo9Y4TlqAc7dUmRKR4A2eJvDBDA
+X4y7vv0kACFhnSZsgDXbFN1f3/w5nIEqru6ExWGYhBciak0cglRyZsiKgDgLah5C
+pyXBn3rq8FCLl+TVanWIY/yTPt5PJVw0cqMgtEAA4Z30fObl1fzp1wlQQvBgAbjD
++A2oh8kCgYEA48I7W1W/40Lq9iWLEg0tLGSN0uF/dvYFlOugMgpZ1DW0SFXDeC8o
+Z6fPnf5vfqFVepA340w57hM+01h6/eERXHnHYr3oc8UR3UZUafiIZrQrc7LT4UuX
+9FOv3ufQq8sYMVfoeYw1LLKJM3c9Wy7JwvPlYCjS9o1V6pLi5Bd0aoUCgYEA46hN
+fOlV96Ho+WJZi5qouC1RRVc6V++XTowBXPpHv0j15tdaO5Y9Tja/rfWSnMLz8fY+
+Tj1yWo22hNkMdSl80zykE+OBnaTr4rLTiUEjacdntNCuEp/+27CavvlCexbZkfoi
+b32Ktbltc+bWlSI4eYYcBbSAVt/L6DXIIQl1bzMCgYAFMEaT5RczATJDG0XYym4O
+BdhpRnPV7PLhmqCSo0O6nuKVh0altUVRXzROoB5AH0LIQQLU7cagEtYqkGh04iy4
+E5okOLlT8dhfVxvTMjNBS7d1skw7ZLJ4gXOPO264iy7o6NzF8BjCBOs1PfEq45z7
+EP1XvHZZ4YxkhKYglhwz1QKBgGcDZiTKlMrb6cbG2QwRrJzCbM76nHzj/kxdj9RZ
+sBN/WT3eXocuAYmdvnhh8bibgrUPHrxak58kFt3gNQHjBweynfAd9y21TcOj9ZJa
+9kJMJ8Iq10m4OiOAs1UNBycZfNPQIrreTODUChHy91A+Tt22cIGoXpZw6ByoEWnZ
+lNj/AoGADQW8aQ09UnciVBbisyef3FDwRczp93jRkaP0Xo10gouUqXfTqE8A4enW
+335O6VFi2B/wRSC1vfkS/LoTLfJnU1lYAyqza3WS3VlATbG/PUrfcfycJbnKoG07
+839BtIf2Yhjc8j4YBgAUa5VlWCHUvCi3U2FJLzx7BALcUfpMEwI=
+-----END RSA PRIVATE KEY-----
diff --git a/deploy-manifests/charts/certs/jwt/jwt_private_key_pkcs8.pem b/deploy-manifests/charts/certs/jwt/jwt_private_key_pkcs8.pem
new file mode 100644
index 0000000..4c9e224
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/jwt_private_key_pkcs8.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKivcJfoDpTgSh
+IdrC0AuImgHQKQmdv/CZWRxVPkSY26kZWtVJ4mjzRkDGyB31LUJlVfFNe0nteOyq
+fNHrhC+uf612+P0KTmT/pOenoegpT8BDEDe1DlmrDoPqKE87JVXjPhx0rnCPMQE0
++Em5OOPM/hVDiHhWx5Y1t+FcYre9J6zyg2flbCiv2vVRsQk/9kwesMnEBzB7QY+9
+5sCoSng7llxO1aer7+qShQHrP/nYScIyW2g+a4wL6jd9Z0gIF/irvShIMKV+6EtW
+LiZFPYrlRQfx+zER7qg+2S+T29UII5lGajQxeldmIip1k62BwHOf/SbOg13nwrF4
+jLSCKeN/AgMBAAECggEAVtWHHcHngJ6bK325LSZGm5TzTAwb/E6q1wO2OvGMNUCP
+WbhwktGHjyzCXray6UczHQDgiAhgZHggduM2mFM+ogBJHSWYTo/XiyZmzp6CSxvO
+4LGWQIBbfxOlCIGpnkDedqNNTdTvmuQ2kUAVU1yJhXw1H5Pli8bbpkIkUxhbj7Ms
+mcSZS4Xaqj1jhOWoBzt1SZEpHgDZ4m8MEMBfjLu+/SQAIWGdJmyANdsU3V/f/Dmc
+gSqu7oTFYZiEFyJqTRyCVHJmyIqAOAtqHkKnJcGfeurwUIuX5NVqdYhj/JM+3k8l
+XDRyoyC0QADhnfR85uXV/OnXCVBC8GABuMP4DaiHyQKBgQDjwjtbVb/jQur2JYsS
+DS0sZI3S4X929gWU66AyClnUNbRIVcN4Lyhnp8+d/m9+oVV6kDfjTDnuEz7TWHr9
+4RFcecdivehzxRHdRlRp+IhmtCtzstPhS5f0U6/e59CryxgxV+h5jDUssokzdz1b
+LsnC8+VgKNL2jVXqkuLkF3RqhQKBgQDjqE186VX3oej5YlmLmqi4LVFFVzpX75dO
+jAFc+ke/SPXm11o7lj1ONr+t9ZKcwvPx9j5OPXJajbaE2Qx1KXzTPKQT44GdpOvi
+stOJQSNpx2e00K4Sn/7bsJq++UJ7FtmR+iJvfYq1uW1z5taVIjh5hhwFtIBW38vo
+NcghCXVvMwKBgAUwRpPlFzMBMkMbRdjKbg4F2GlGc9Xs8uGaoJKjQ7qe4pWHRqW1
+RVFfNE6gHkAfQshBAtTtxqAS1iqQaHTiLLgTmiQ4uVPx2F9XG9MyM0FLt3WyTDtk
+sniBc487briLLujo3MXwGMIE6zU98SrjnPsQ/Ve8dlnhjGSEpiCWHDPVAoGAZwNm
+JMqUytvpxsbZDBGsnMJszvqcfOP+TF2P1FmwE39ZPd5ehy4BiZ2+eGHxuJuCtQ8e
+vFqTnyQW3eA1AeMHB7Kd8B33LbVNw6P1klr2QkwnwirXSbg6I4CzVQ0HJxl809Ai
+ut5M4NQKEfL3UD5O3bZwgahelnDoHKgRadmU2P8CgYANBbxpDT1SdyJUFuKzJ5/c
+UPBFzOn3eNGRo/RejXSCi5Spd9OoTwDh6dbffk7pUWLYH/BFILW9+RL8uhMt8mdT
+WVgDKrNrdZLdWUBNsb89St9x/JwlucqgbTvzf0G0h/ZiGNzyPhgGABRrlWVYIdS8
+KLdTYUkvPHsEAtxR+kwTAg==
+-----END PRIVATE KEY-----
diff --git a/deploy-manifests/charts/certs/jwt/jwt_public_key.pem b/deploy-manifests/charts/certs/jwt/jwt_public_key.pem
new file mode 100644
index 0000000..7523d69
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/jwt_public_key.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyor3CX6A6U4EoSHawtAL
+iJoB0CkJnb/wmVkcVT5EmNupGVrVSeJo80ZAxsgd9S1CZVXxTXtJ7XjsqnzR64Qv
+rn+tdvj9Ck5k/6Tnp6HoKU/AQxA3tQ5Zqw6D6ihPOyVV4z4cdK5wjzEBNPhJuTjj
+zP4VQ4h4VseWNbfhXGK3vSes8oNn5Wwor9r1UbEJP/ZMHrDJxAcwe0GPvebAqEp4
+O5ZcTtWnq+/qkoUB6z/52EnCMltoPmuMC+o3fWdICBf4q70oSDClfuhLVi4mRT2K
+5UUH8fsxEe6oPtkvk9vVCCOZRmo0MXpXZiIqdZOtgcBzn/0mzoNd58KxeIy0ginj
+fwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/deploy-manifests/charts/certs/jwt/readme.md b/deploy-manifests/charts/certs/jwt/readme.md
new file mode 100644
index 0000000..81ac267
--- /dev/null
+++ b/deploy-manifests/charts/certs/jwt/readme.md
@@ -0,0 +1,98 @@
+# readme.md
+
+
+## 使用 openssl 生成 公私钥
+
+
+1. 生成私钥 App Private Key
+
+必须为 RSA2(SHA256)
+
+```bash
+openssl genrsa -out jwt_private_key.pem 2048
+```
+
+2. 将私钥转换为 PKCS8 格式
+
+```bash
+openssl pkcs8 -topk8 -inform PEM -in jwt_private_key.pem -outform PEM -nocrypt -out jwt_private_key_pkcs8.pem
+```
+
+3. 导出公钥 App Public Key
+
+```bash
+openssl rsa -in jwt_private_key.pem -pubout -out jwt_public_key.pem
+```
+
+4. 将 jwt_public_key.pem 中的内容,去除换行和空格,转成字符串。
+
+处理前:
+```language
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7V
+FmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD
++vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWr
+BUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlI
+aMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdr
+lO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7P
+rQIDAQAB
+-----END PUBLIC KEY-----
+```
+处理后:
+```language
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7VFmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD+vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWrBUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlIaMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdrlO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7PrQIDAQAB
+-----END PUBLIC KEY-----
+```
+
+4. 将 jwt_private_key_pkcs8.pem 中的内容,去除换行和空格,转成字符串。
+
+处理前:
+```language
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W+
++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba3
+9FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1
+axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3
+HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQeb
+OHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQ
+IwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkK
+P/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtV
+bQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPB
+pck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+V
+S8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106
+Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30
+mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu
+6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWg
+TP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJ
+S1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu
+7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0
+TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+OR
+NuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7c
+KQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLn
+LVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaV
+m+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8
+ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5
+Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyN
+ZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0
+uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----
+```
+处理后:
+```language
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba39FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQebOHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQIwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkKP/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtVbQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPBpck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+VS8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWgTP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJS1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+ORNuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7cKQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLnLVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaVm+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyNZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----
+```
+
+
+5. (可选)将pem内容进行 base64 编码后,配置到k8s
+
+echo -n '-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwow0APEh9F91vvtAzl7VFmXRAOGhlo+22KX+rqC3ziGg4+yIk8evAL1T97XEuK1huqcAp+p4PIG2t/Rb3FBD+vVJGoXKsyLCMUmT4Sy5/TRhb3TM0CHefvMZTSMwcVzKT07DtxyGgFZj9WsUYZWrBUPcu0vD6s7m5Qe3qFJJWVeRX8NDnVAxySzrz4bI4+1qvtyey/uap3I6txxRxUlIaMyTsD8pl63u14dD2FHRM6JY3tmdEpBEMWI91qmYbl9HkH/D6Xtumg0Hmzh06bdrlO3YNscpr6iN2ug6yGNtAh4/ug4P4ZV9nxImcj8l8Pt3jio1O0IIpf4MUCMD+C7PrQIDAQAB
+-----END PUBLIC KEY-----' |base64
+
+
+echo -n '-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDCjDQA8SH0X3W++0DOXtUWZdEA4aGWj7bYpf6uoLfOIaDj7IiTx68AvVP3tcS4rWG6pwCn6ng8gba39FvcUEP69UkahcqzIsIxSZPhLLn9NGFvdMzQId5+8xlNIzBxXMpPTsO3HIaAVmP1axRhlasFQ9y7S8PqzublB7eoUklZV5Ffw0OdUDHJLOvPhsjj7Wq+3J7L+5qncjq3HFHFSUhozJOwPymXre7Xh0PYUdEzolje2Z0SkEQxYj3WqZhuX0eQf8Ppe26aDQebOHTpt2uU7dg2xymvqI3a6DrIY20CHj+6Dg/hlX2fEiZyPyXw+3eOKjU7Qgil/gxQIwP4Ls+tAgMBAAECggEAaQOlTpza5z5gIKcfZEZsX5q2JvOkddE9sdRolXrLvMkKP/39+0def9ey65OCjO2KQ2bCQ+Gc5YxfRQzySQpKp7yfqWFu+SNaD6DX4kRyYOtVbQRvSin+ICi5D5pfG9IqooSxwLX1JHF9o4wZhFN17XGkRLWxG55zpE12JbXFQiPBpck6hcMfx+r5wk7t4ret/8P/MDcyrPuUavJemd4D2jRrD7AmOGJDvElioFcOKA+VS8oe/uBdpU8cbYJvct68fHOzG9IW3hdqYV18fhNtWqp9WeuUP+F2UMmOXbAtZ106Zcd+V/jsse2G9KvGzmDA61ZGxzHUjt+JNIpN+V2HQQKBgQDkfYb8vIMc2yV0CM30mAaPIapgpw8brYS8v+azQR/jjsuHFJ1CQJAih79y2gwdjKbDl0XByjj/qiHLTPcu6dkuavdsV9MrlFfVqAXUMNDHrWEn5nMahlq3UZbflBqlavTr0gvEA8Da+ZXcRvWgTP5+g5RFrKHJVOyQ+GzgDggQawKBgQDZ+IDRthf0UHvvZsoUbeb37Wut9jdjRgLJS1X4RtH+NPN23lvtTKJmUNfrFxiOfeVBfCXmGep0ibTqDVo0zBeHSu4BFM3BsICu7xafmLafZxZqHcgWuF9keOCWjKN5fzub5xGqd2yge9hGN2zA2U9qp4mltGzeoZ/0TuLuR59GRwKBgCGga7ZUVANyKQ/rn8vod8am0LlKvMl4/vj8UQp+gh/uSvvFR+ORNuUuDznq5y+OHJjacXS0uzC9LB4MZLBtz/2p1mIGhth6C3cxNDJnQMKyPIMvwi7cKQujoU2kMUu48vSlw/+EAeT4KFrzwoBl9GpQGQkr/99udSZcuUE8L2mjAoGAPRLnLVuDTL58a3D2sFC3BcLth/nUPSmxwCsutHlLf5ngme7l/RCa9GY0ibeX9t0JrpaVm+qpCexH18jT/LUu5oa1N3JX0Kye8eUmBqPoj7N30VX06YDRobpI24Yei/19e0p8ZbI+qpzo1YvUGhkJqo21AMwUMTFCO1cbOL6yvyMCgYAHUNBLhSOaIZpvbmyh5uz5Va/IIYU5nJcVAan8ExzdVBqeiDqlIDsUt/4xoV2sWOK1lDmL1QYeOOTOHdVcSUyNZpvB3b/9RZ1bNQZA1trBBxjY7dXNwZZp0ah/bmO+i4dPXl+bU2mUqdyb1emFwcj0uNGn7GMQXLxalpCkz4SXRg==
+-----END PRIVATE KEY-----' |base64
diff --git "a/deploy-manifests/k8s-rancher/0.1.2.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\215\207\347\272\247\346\226\207\346\241\243\357\274\210V1.0-V1.2\357\274\211.md" "b/deploy-manifests/k8s-rancher/0.1.2.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\215\207\347\272\247\346\226\207\346\241\243\357\274\210V1.0-V1.2\357\274\211.md"
new file mode 100644
index 0000000..19c7bf0
--- /dev/null
+++ "b/deploy-manifests/k8s-rancher/0.1.2.\350\256\244\350\257\201\346\216\210\346\235\203\346\234\215\345\212\241\345\215\207\347\272\247\346\226\207\346\241\243\357\274\210V1.0-V1.2\357\274\211.md"
@@ -0,0 +1,202 @@
+
+# 认证授权服务升级文档(V1.0 ~ V1.2)
+
+
+## 部署变更说明
+
+对本次升级进行的简要说明,具体的升级步骤,详见 **升级说明**
+
+1. 新增 StatefulSet authx-service/redis-server
+
+2. 新增 Deployment authx-service/rabbitmq-server , 用于将 user-data-service,user-authorization-service,jobs-server 连接的 rabbitmq-server 进行合并
+
+3. 新增 Deployment authx-service/authx-service-bff
+
+
+4. 删除 Deployment user-data-service/rabbitmq-server
+
+5. 修改 Secret user-data-service/rabbitmq-env-secret , 将 SPRING_RABBITMQ_HOST 修改为 rabbitmq-server.authx-service.svc.cluster.local
+
+6. 修改 ConfigMap user-data-service/user-data-service-goa-env , 将 JOBS_RABBITMQ_HOST 修改为 rabbitmq-server.authx-service.svc.cluster.local
+
+7. 修改 Deployment user-data-service/user-data-service-biz , 增加 环境变量 rabbitmq-env-secret
+
+
+8. 删除 Deployment user-data-service/rabbitmq-server
+
+9. 修改 Secret user-authorization-service/rabbitmq-env-secret , 将 SPRING_RABBITMQ_HOST 修改为 rabbitmq-server.authx-service.svc.cluster.local
+
+10. 修改 ConfigMap user-authorization-service/user-authorization-sa-env , 将 USER_AUTHORIZATION_SA_USER_RABBITMQ_HOST 修改为 rabbitmq-server.authx-service.svc.cluster.local
+
+
+11. 删除 Deployment jobs-server/rabbitmq-server
+
+12. 修改 Secret jobs-server/rabbitmq-env-secret , 将 SPRING_RABBITMQ_HOST 修改为 rabbitmq-server.authx-service.svc.cluster.local
+
+
+13. 变更 CronJob user-data-service/user-data-service-datax-job 的定时 schedule 为 `30 */4 * * *`
+14. 变更 CronJob user-authorization-service/user-authorization-datax-job 的定时 schedule 为 `30 */4 * * *`
+
+15. 变更 CronJob cas-server/cas-server-datax-job 的定时 schedule 为 `5 */2 * * *`
+
+
+16. 删除 Job authx-service/poa-api-docs-installer ,由各服务下独立部署
+17. 新增 Job user-data-service/api-docs-installer
+18. 新增 Job user-authorization-service/api-docs-installer
+19. 新增 Job token-server/api-docs-installer
+
+
+## 升级说明
+
+1. 将 工作负载 下的服务 升级到 1.2.x 版本
+
+2. 数据库脚本进行升级
+
+ 重新执行 Job user-data-service/user-data-service-installer
+
+ 重新执行 Job user-authorization-service/user-authorization-installer
+
+ 重新执行 Job cas-server/cas-server-installer
+
+ 重新执行 Job token-server/token-server-installer
+
+3. 部署 StatefulSet authx-service/redis-server , Deployment authx-service/rabbitmq-server
+
+ 部署yaml 位于 1.authx-service/0.authx-service/0.authx-service-base.yaml, 1.authx-service/0.authx-service/1.authx-service-env.yaml
+
+4. 部署 Deployment authx-service/authx-service-bff
+
+ 部署yaml 位于 1.authx-service/0.authx-service/4.4.authx-service-bff.yaml
+
+5. Secret user-data-service/rabbitmq-env-secret , 修改 SPRING_RABBITMQ_HOST
+
+ ```
+ SPRING_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ ```
+
+6. Secret user-authorization-service/rabbitmq-env-secret , 修改 SPRING_RABBITMQ_HOST
+
+ ```
+ SPRING_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ ```
+
+7. Secret jobs-server/rabbitmq-env-secret , 修改 SPRING_RABBITMQ_HOST
+
+ ```
+ SPRING_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ ```
+
+8. Deployment user-data-service/user-data-service-biz 下的环境变量中,引用其他资源,添加附加资源 Secret rabbitmq-env-secret
+
+9. ConfigMap user-data-service/user-data-service-goa-env 下,更新 JOBS_RABBITMQ 相关的配置
+
+ ```
+ JOBS_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ ```
+
+10. ConfigMap user-authorization-service/user-authorization-sa-env 下,新增 USER_AUTHORIZATION_SA_USER_RABBITMQ 相关的配置
+
+ ```
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_CONSUMER_ENABLED: "false"
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_HOST: rabbitmq-server.jobs-server.svc.cluster.local
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_PORT: "5672"
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_USERNAME: guest
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_PASSWORD: guest
+ ```
+
+11. 修改 x-datax-job 的定时策略
+
+ CronJob user-data-service/user-data-service-datax-job 下,修改 schedule 为 `30 */4 * * *`
+
+ CronJob user-authorization-service/user-authorization-datax-job 下,修改 schedule 为 `30 */4 * * *`
+
+ CronJob CronJob cas-server/cas-server-datax-job 下,修改 schedule 为 `5 */2 * * *`
+
+12. 更新 POA 的 api-docs
+
+ 执行 Job user-data-service/api-docs-installer
+
+ 执行 Job user-authorization-service/api-docs-installer
+
+ 执行 Job token-server/api-docs-installer
+
+
+## 初始化脚本
+
+1. 更新 接口路由、应用、菜单、角色权限
+
+ 注:如果已经存在,请忽略
+
+ ```sql
+ use admin_center;
+
+ -- 新增接口路由
+
+ insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+ values ('21', 0, 'authx-service-admin-api', '认证授权 - 聚合接口(认证、授权)', '1', '/api/v2/admin', 'http://localhost:8009', 0);
+ insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+ values ('22', 0, 'authx-service-open-api', '认证授权 - 聚合接口(公开)', '1', '/api/v2/open', 'http://localhost:8009', 0);
+
+ commit;
+
+ update TB_MGT_ROUTE set URL='http://authx-service-bff-svc.authx-service.svc.cluster.local:8080' where ID='21';
+ update TB_MGT_ROUTE set URL='http://authx-service-bff-svc.authx-service.svc.cluster.local:8080' where ID='22';
+
+ commit;
+
+ -- 新增应用
+
+ insert into TB_MGT_APPLICATION (ID, DELETED, CODE, NAME, STATUS)
+ values ('10', 0, '10', '用户授权', '1');
+
+ commit;
+
+ -- 更新现有菜单 的 所属 APPLICATION_ID
+
+ update TB_MGT_PERMISSION set APPLICATION_ID='10' where ID like '2____';
+ update TB_MGT_PERMISSION set APPLICATION_ID='10' where ID like '3____';
+ update TB_MGT_PERMISSION set APPLICATION_ID='10' where ID like '4____';
+
+ commit;
+
+ -- 新增功能菜单
+
+ update TB_MGT_PERMISSION
+ set LFT = LFT+10
+ where LFT>=35
+ ;
+
+ update TB_MGT_PERMISSION
+ set RGT = RGT+10
+ where RGT>=35
+ ;
+
+ insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+ values ('20650', 0, 'casConfig', '认证对接配置', '1', '2', 'el-icon-service', '/cas-server/casConfig', '10', '20000', 20650, 2, 35, 36);
+
+ insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+ values ('20700', 0, 'loginPageConfig', '登录页面配置', '1', '2', 'su-icon-tongxunxinxi', '/cas-server/loginPageConfig', '10', '20000', 20700, 2, 37, 38);
+ insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+ values ('20800', 0, 'linkLoginConfig', '联合登录配置', '1', '2', 'su-icon-test', '/cas-server/linkLoginConfig', '10', '20000', 20800, 2, 39, 40);
+
+ insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+ values ('20900', 0, 'infoPerfectConfig', '信息完善配置', '1', '2', 'su-icon-chongxintijiao', '/cas-server/infoPerfectConfig', '10', '20000', 20900, 2, 41, 42);
+
+ insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+ values ('21000', 0, 'lockManagement', '认证锁定管理', '1', '2', 'su-icon-shouquanjiguanli', '/cas-server/lockManagement', '10', '20000', 21000, 2, 43, 44);
+
+ commit;
+
+ insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+ select CONCAT('20_', ID) as ID, 0 as DELETED, '20' as ROLE_ID, ID as PERMISSION_ID
+ from TB_MGT_PERMISSION
+ where ID like '2____'
+ and (
+ CONCAT('20_', ID) not in (select CONCAT('20_', PERMISSION_ID) from TB_MGT_ROLE_PERMISSION)
+ or CONCAT('20_', ID) not in (select ID from TB_MGT_ROLE_PERMISSION)
+ )
+ ;
+
+ commit;
+ ```
diff --git a/deploy-manifests/k8s-rancher/0.infras/0.0.2.infras-sba.yaml b/deploy-manifests/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
index 88b0de2..783247d 100644
--- a/deploy-manifests/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
+++ b/deploy-manifests/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
@@ -4,6 +4,15 @@
---
apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: base
+ name: spring-boot-admin-env
+data:
+ SPRING_BOOT_ADMIN_UI_PUBLIC_URL: /
+
+---
+apiVersion: v1
kind: Secret
metadata:
namespace: base
@@ -65,6 +74,8 @@
envFrom:
- secretRef:
name: spring-boot-admin-env-secret
+ - configMapRef:
+ name: spring-boot-admin-env
resources:
requests:
cpu: 200m
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/0.authx-service-base.yaml b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/0.authx-service-base.yaml
index 5eb183f..07deb46 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/0.authx-service-base.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/0.authx-service-base.yaml
@@ -14,3 +14,230 @@
# 修改harbor仓库配置,并使用 base64 工具进行编码
# {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+
+####################################################
+# redis-server
+####################################################
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ namespace: authx-service
+ name: redis-data-pvc
+spec:
+ accessModes:
+ - ReadWriteMany
+ # 根据情况修改
+ storageClassName: nfs-client
+ resources:
+ requests:
+ storage: 10Gi
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: authx-service
+ name: redis-server
+ labels:
+ app: redis
+ release: redis-server
+type: Opaque
+data:
+ REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: authx-service
+ name: redis-server
+ labels:
+ app: redis
+ release: redis-server
+spec:
+ ports:
+ - name: redis
+ port: 6379
+ protocol: TCP
+ targetPort: redis
+ selector:
+ app: redis
+ release: redis-server
+ role: master
+ type: ClusterIP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ namespace: authx-service
+ name: redis-server
+ labels:
+ app: redis
+ release: redis-server
+spec:
+ podManagementPolicy: OrderedReady
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ app: redis
+ release: redis-server
+ role: master
+ serviceName: redis-master
+ template:
+ metadata:
+ labels:
+ app: redis
+ release: redis-server
+ role: master
+ spec:
+ # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可,注意这里的缩进,imagePullSecrets要对齐到本行#符号)
+ # imagePullSecrets:
+ # - name: harbor-registry
+ containers:
+ - name: redis-server
+ env:
+ - name: REDIS_DISABLE_COMMANDS
+ value: FLUSHDB,FLUSHALL
+ - name: REDIS_REPLICATION_MODE
+ value: master
+ - name: REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: redis-server
+ key: REDIS_PASSWORD
+ # 若使用了学校搭设的私有仓库,请修改
+ image: bitnami/redis:4.0
+ # 若使用了学校搭设的私有仓库,请修改 为 Always
+ imagePullPolicy: IfNotPresent
+ # imagePullPolicy: Always
+ livenessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ ports:
+ - containerPort: 6379
+ name: redis
+ protocol: TCP
+ readinessProbe:
+ exec:
+ command:
+ - redis-cli
+ - ping
+ failureThreshold: 5
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 1
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ volumeMounts:
+ - mountPath: /bitnami/redis/data
+ name: redis-data
+ dnsPolicy: ClusterFirst
+ restartPolicy: Always
+ securityContext:
+ fsGroup: 0
+ # runAsUser: 1001
+ # https://github.com/bitnami/bitnami-docker-redis/issues/106#issuecomment-388884372
+ # runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ # - name: redis-data
+ # emptyDir: {}
+ - name: redis-data
+ persistentVolumeClaim:
+ claimName: redis-data-pvc
+ updateStrategy:
+ rollingUpdate:
+ partition: 0
+ type: RollingUpdate
+
+
+
+####################################################
+# rabbitmq-server
+####################################################
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: authx-service
+ name: rabbitmq-server
+ labels:
+ app: rabbitmq
+ release: rabbitmq-server
+type: Opaque
+data:
+ RABBITMQ_USERNAME: Z3Vlc3Q=
+ RABBITMQ_PASSWORD: Z3Vlc3Q=
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: authx-service
+ name: rabbitmq-server
+ labels:
+ app: rabbitmq-server
+spec:
+ ports:
+ - port: 5672
+ targetPort: tcp-1
+ protocol: TCP
+ name: tcp-1
+ - port: 15672
+ targetPort: tcp-2
+ protocol: TCP
+ name: tcp-2
+ selector:
+ app: rabbitmq-server
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: authx-service
+ name: rabbitmq-server
+spec:
+ selector:
+ matchLabels:
+ app: rabbitmq-server
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: rabbitmq-server
+ annotations:
+ sidecar.istio.io/inject: "false"
+ spec:
+ # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可,注意对齐、缩进)
+ # imagePullSecrets:
+ # - name: harbor-registry
+ containers:
+ - name: rabbitmq-server
+ # 若使用了学校搭设的私有仓库,请修改
+ image: rabbitmq:management
+ # 若使用了学校搭设的私有仓库,请修改 为 Always
+ imagePullPolicy: IfNotPresent
+ # imagePullPolicy: Always
+ ports:
+ - containerPort: 5672
+ name: tcp-1
+ - containerPort: 15672
+ name: tcp-2
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/1.authx-service-env.yaml b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/1.authx-service-env.yaml
new file mode 100644
index 0000000..ed2a7c2
--- /dev/null
+++ b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/1.authx-service-env.yaml
@@ -0,0 +1,35 @@
+# 1.authx-service-env.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: authx-service
+ name: jvm-env
+data:
+ MAX_RAM_PERCENTAGE: "75.0"
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: authx-service
+ name: redis-env-secret
+type: Opaque
+data:
+ SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
+ SPRING_REDIS_PORT: NjM3OQ==
+ SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: authx-service
+ name: rabbitmq-env-secret
+type: Opaque
+data:
+ SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVy
+ SPRING_RABBITMQ_PORT: NTY3Mg==
+ SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+ SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml
index 9b4408d..3e6aa0b 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/2.authx-service-minio.yaml
@@ -120,7 +120,7 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
- name: minio-ingress
+ name: authx-minio-ingress
namespace: authx-service
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 8m
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/4.4.authx-service-bff.yaml b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/4.4.authx-service-bff.yaml
new file mode 100644
index 0000000..60e6c2b
--- /dev/null
+++ b/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/4.4.authx-service-bff.yaml
@@ -0,0 +1,134 @@
+# 4.4.authx-service-bff.yaml
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: authx-service
+ name: authx-service-bff-env
+data:
+ SERVER_PORT: "8080"
+ SSL_ENABLED: "false"
+ #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
+ #SSL_KEYSTORE_PASSWORD: ""
+ #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
+ #SSL_TRUSTSTORE_PASSWORD: ""
+
+ SERVER_MAXHTTPHEADERSIZE: "10240"
+
+ SERVER_TOMCAT_ACCEPT_COUNT: "5000"
+ SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
+ SERVER_TOMCAT_MAX_THREADS: "800"
+ SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
+
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_AUTHX_SERVICE_BFF: INFO
+
+
+ SPRING_REDIS_JEDIS_POOL_MAXACTIVE: "800"
+ SPRING_REDIS_JEDIS_POOL_MAXIDLE: "100"
+ SPRING_REDIS_JEDIS_POOL_MINIDLE: "100"
+
+
+ CASSERVER_SA_API_SERVER_URL: http://cas-server-sa-api-svc.cas-server.svc.cluster.local:8080
+ CASSERVER_SA_API_CLIENT_AUTH_ENABLED: "false"
+ #CASSERVER_SA_API_CLIENT_AUTH_KEY_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #CASSERVER_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_DATA_SERVICE_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
+ USER_DATA_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_DATA_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+
+ TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
+ TPAS_CLIENT_AUTH_ENABLED: "false"
+ #TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
+ #TPAS_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
+ #TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: authx-service
+ name: authx-service-bff-svc
+ labels:
+ app: authx-service-bff
+ needMonitor: 'true'
+spec:
+ ports:
+ - port: 8080
+ targetPort: http
+ protocol: TCP
+ name: http
+ - port: 6060
+ targetPort: http-metrics
+ protocol: TCP
+ name: http-metrics
+ selector:
+ app: authx-service-bff
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: authx-service
+ name: authx-service-bff
+spec:
+ selector:
+ matchLabels:
+ app: authx-service-bff
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: authx-service-bff
+ spec:
+ containers:
+ - name: authx-service-bff
+ image: harbor.supwisdom.com/authx-service/authx-service-bff:1.2.2-RELEASE
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ name: http
+ - containerPort: 6060
+ name: http-metrics
+ envFrom:
+ - configMapRef:
+ name: jvm-env
+ - secretRef:
+ name: redis-env-secret
+ - configMapRef:
+ name: authx-service-bff-env
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: 8080
+ initialDelaySeconds: 20
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 10
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml b/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml
index 2fb4671..a129c1c 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/1.thirdparty-agent-service/4.2.thirdparty-agent-service.yaml
@@ -121,7 +121,7 @@
containers:
- name: agent-service
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/thirdparty-agent-service/agent-service:0.0.1-SNAPSHOT
+ image: harbor.supwisdom.com/thirdparty-agent-service/agent-service:1.2.0-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/10.0.init.sql b/deploy-manifests/k8s-rancher/1.authx-service/10.0.init.sql
index 1b8a9d5..0ab59fa 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/10.0.init.sql
+++ b/deploy-manifests/k8s-rancher/1.authx-service/10.0.init.sql
@@ -1,14 +1,17 @@
-- 10.0.init.sql
+/*
+将 paas.example.com 替换为 paas.学校域名.edu.cn
+*/
+
use cas_server;
-- 更新 服务 personal-security-center 的信息
-
update TB_SERVICE
set
INFORMATION_URL='http://personal-security-center.paas.example.com',
- LOGOUT_URL='http://personal-security-center.paas.example.com/cas/slo?redirect_uri=https://security-center.paas.example.com/?clearCertification=clearCertification',
+ LOGOUT_URL='http://personal-security-center.paas.example.com/slo?redirect_uri=http://security-center.paas.example.com/?clearCertification=clearCertification',
SERVICE_ID='http://personal-security-center.paas.example.com/cas/(.*)'
where ID='2'; -- todo, modify
@@ -65,67 +68,217 @@
update TB_CONFIG set CONFIG_VALUE='' where ID='62'; -- casServer.config.copyrightContentM
-use user;
--- **配置 身份对应的帐号 须自动关联的 用户组**
+use admin_center;
+
+
+-- 管理接口路由
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('20', 0, 'authx-service-user-api', '认证授权 - 用户接口', '1', '/api/v1/base', 'https://localhost:8022', 0);
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('40', 0, 'authx-service-personal-api', '认证授权 - 个人信息接口', '1', '/api/v1/personal', 'http://localhost:8041/api/v1', 1);
+
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('21', 0, 'authx-service-admin-api', '认证授权 - 聚合接口(认证、授权)', '1', '/api/v2/admin', 'http://localhost:8009', 0);
+insert into TB_MGT_ROUTE (ID, DELETED, CODE, NAME, STATUS, PATH_PREFIX, URL, STRIP_PREFIX)
+values ('22', 0, 'authx-service-open-api', '认证授权 - 聚合接口(公开)', '1', '/api/v2/open', 'http://localhost:8009', 0);
+
+commit;
+
+update TB_MGT_ROUTE set URL='http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080' where ID='20';
+
+update TB_MGT_ROUTE set URL='http://personal-security-center-bff-svc.personal-security-center.svc.cluster.local:8080/api/v1' where ID='40';
+
+update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='21';
+update TB_MGT_ROUTE set URL='http://authx-service-bff.authx-service.svc.cluster.local:8080' where ID='22';
+
+commit;
+
+
+-- 应用
+
+insert into TB_MGT_APPLICATION (ID, DELETED, CODE, NAME, STATUS)
+values ('10', 0, '10', '用户授权', '1');
+
+commit;
+
+
+-- 菜单
/*
+-- 认证管理
-IDENTITY_TYPE
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20000', 0, 'cas-server', '认证管理', '1', '2', '', '/', '10', '1', 20000, 1, 18, 33);
-1 admin 系统用户
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20100', 0, 'loginConfig', '登录方式配置', '1', '2', 'su-icon-denglupeizhi', '/cas-server/loginConfig', '10', '20000', 20100, 2, 19, 20);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20200', 0, 'safeLoginConfig', '账号安全配置', '1', '2', 'su-icon-config-security', '/cas-server/safeLoginConfig', '10', '20000', 20200, 2, 21, 22);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20300', 0, 'accountActivationConfiguration', '账号激活配置', '1', '2', 'su-icon-bulb', '/cas-server/accountActivationConfiguration', '10', '20000', 20300, 2, 23, 24);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20400', 0, 'safeConfig', '安全策略配置', '1', '2', 'su-icon-celuepeizhi', '/cas-server/safeConfig', '10', '20000', 20400, 2, 25, 26);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20500', 0, 'passwordConfig', '密码策略配置', '1', '2', 'su-icon-mimacelue', '/cas-server/passwordConfig', '10', '20000', 20500, 2, 27, 28);
-T01 T01 教职工
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20600', 0, 'serverManagement', '应用对接配置', '1', '2', 'el-icon-service', '/cas-server/serverManagement', '10', '20000', 20600, 2, 29, 30);
-S01 S01 本科生
-S02 S02 研究生
-S03 S03 非学历生
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('21100', 0, 'analyze', '认证统计分析', '1', '2', 'su-icon-renzhengtongjifenxi', '/cas-server/analyze', '10', '20000', 21100, 2, 31, 32);
-P01 P01 聘用人员
-P02 P02 外聘教师
-P99 P99 在职/企业博士后
+commit;
+-- 用户管理
-GROUP
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30000', 0, 'user-server', '用户管理', '1', '2', '', '/', '10', '1', 30000, 1, 34, 53);
-11 teacher 教职工用户组
-12 student 本科生用户组
-13 graduate 研究生用户组
-14 fellow 校友用户组
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30100', 0, 'dictionary', '字典管理', '1', '2', 'su-icon-zidian', '/user-server/dictionary', '10', '30000', 30100, 2, 35, 36);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30200', 0, 'identity', '身份管理', '1', '2', 'su-icon-shenfen', '/user-server/identity', '10', '30000', 30200, 2, 37, 38);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30300', 0, 'mechanism', '组织机构管理', '1', '2', 'su-icon-department', '/user-server/mechanism', '10', '30000', 30300, 2, 39, 40);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30400', 0, 'person', '人员管理', '1', '2', 'su-icon-people', '/user-server/person', '10', '30000', 30400, 2, 41, 42);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30500', 0, 'label', '标签管理', '1', '2', 'su-icon-biaoqian', '/user-server/label', '10', '30000', 30500, 2, 43, 44);
-16 admin 管理人员用户组
-17 retire 退休用户组
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30600', 0, 'simpleUserGroupManage', '普通用户组管理', '1', '2', 'su-icon-portrait', '/user-server/simpleUserGroupManage', '10', '30000', 30600, 2, 45, 46);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30700', 0, 'postUserGroupManage', '岗位用户组管理', '1', '2', 'su-icon-personnel', '/user-server/postUserGroupManage', '10', '30000', 30700, 2, 47, 48);
-010883e0ac5e11eaaaee297ae5eef932 bsh 在职/企业博士后
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30800', 0, 'assignation', '人员分配', '1', '2', 'su-icon-tihuanbanliren', '/user-server/assignation', '10', '30000', 30800, 2, 49, 50);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('31000', 0, 'activateAccount', '账号激活审核', '1', '2', 'su-icon-yonghushouquan', '/user-server/activateAccount', '10', '30000', 31000, 2, 51, 52);
-23f87450ac5e11eaaaee297ae5eef932 wpjs 外聘教师
-f1e42c20ac5d11eaaaee297ae5eef932 pyry 聘用人员
+commit;
-ffa610e0ac6111eaaaee297ae5eef932 fxls 非学历生用户组
+-- 授权管理
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40000', 0, 'authorization-server', '授权管理', '1', '2', '', '/', '10', '1', 40000, 1, 54, 77);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40100', 0, 'applicationRole', '角色授权', '1', '2', 'su-icon-yingyongjuese', '/auth-server/applicationRole', '10', '40000', 40100, 2, 55, 56);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40200', 0, 'authorizationRoleComponent', '角色组授权', '1', '2', 'su-icon-juesezu', '/auth-server/authorizationRoleComponent', '10', '40000', 40200, 2, 57, 58);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40300', 0, 'userAuthManagePeople', '用户授权', '1', '2', 'su-icon-yonghushouquan', '/auth-server/userAuthManagePeople', '10', '40000', 40300, 2, 59, 60);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40400', 0, 'roleAuthManagement', '用户规则授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/roleAuthManagement', '10', '40000', 40400, 2, 61, 62);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40500', 0, 'userGroupAuth', '用户组授权', '1', '2', 'su-icon-yonghuguize', '/auth-server/userGroupAuth', '10', '40000', 40500, 2, 63, 64);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('40900', 0, 'authorizationAndManagement', '分级授权管理', '1', '2', 'su-icon-shouquanjiguanli', '/auth-server/authorizationAndManagement', '10', '40000', 40900, 2, 65, 66);
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41100', 0, 'accountAuthorizationAudit', '账号授权审计', '1', '2', 'su-icon-zhsqsj', '/auth-server/accountAuthorizationAudit', '10', '40000', 41100, 2, 67, 68);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41200', 0, 'userAudit', '用户规则权限审计', '1', '2', 'su-icon-yhgzqxsj', '/auth-server/userAudit', '10', '40000', 41200, 2, 69, 70);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41300', 0, 'rolePermissionAudit', '角色/组授权审计', '1', '2', 'su-icon-jszsqsj', '/auth-server/rolePermissionAudit', '10', '40000', 41300, 2, 71, 72);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41400', 0, 'authOperationsAudit', '权限操作审计', '1', '2', 'su-icon-qxczsj', '/auth-server/authOperationsAudit', '10', '40000', 41400, 2, 73, 74);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('41500', 0, 'authStatisticalMonitor', '授权统计监控', '1', '2', 'su-icon-sqtjjk', '/auth-server/authStatisticalMonitor', '10', '40000', 41500, 2, 75, 76);
+
+commit;
+*/
+
+/*
+update TB_MGT_PERMISSION
+ set LFT = LFT+2
+where LFT>=51
+;
+
+update TB_MGT_PERMISSION
+ set RGT = RGT+2
+where RGT>=51
+;
+
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('30750', 0, 'userScope', '用户规则', '1', '1', 'el-icon-guide', '/user-server/userScope', '1', '30000', 30750, 2, 51, 52);
+
+commit;
*/
-insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
-values ('1', 0, 'init', 'T01', '11');
+update TB_MGT_PERMISSION
+ set LFT = LFT+10
+where LFT>=35
+;
-insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
-values ('2', 0, 'init', 'S01', '12');
+update TB_MGT_PERMISSION
+ set RGT = RGT+10
+where RGT>=35
+;
-insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
-values ('3', 0, 'init', 'S02', '13');
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20650', 0, 'casConfig', '认证对接配置', '1', '2', 'el-icon-service', '/cas-server/casConfig', '10', '20000', 20650, 2, 35, 36);
-insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
-values ('4', 0, 'init', 'S03', 'ffa610e0ac6111eaaaee297ae5eef932');
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20700', 0, 'loginPageConfig', '登录页面配置', '1', '2', 'su-icon-tongxunxinxi', '/cas-server/loginPageConfig', '10', '20000', 20700, 2, 37, 38);
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20800', 0, 'linkLoginConfig', '联合登录配置', '1', '2', 'su-icon-test', '/cas-server/linkLoginConfig', '10', '20000', 20800, 2, 39, 40);
-insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
-values ('5', 0, 'init', 'P01', 'f1e42c20ac5d11eaaaee297ae5eef932');
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('20900', 0, 'infoPerfectConfig', '信息完善配置', '1', '2', 'su-icon-chongxintijiao', '/cas-server/infoPerfectConfig', '10', '20000', 20900, 2, 41, 42);
-insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
-values ('6', 0, 'init', 'P02', '23f87450ac5e11eaaaee297ae5eef932');
+insert into TB_MGT_PERMISSION (ID, DELETED, CODE, NAME, STATUS, TYPE_, ICON, URL, APPLICATION_ID, PARENT_ID, ORDER_, LEVEL_, LFT, RGT)
+values ('21000', 0, 'lockManagement', '认证锁定管理', '1', '2', 'su-icon-shouquanjiguanli', '/cas-server/lockManagement', '10', '20000', 21000, 2, 43, 44);
-insert into TB_B_IDENTITY_TYPE_GROUP_INITIAL (ID, DELETED, ADD_ACCOUNT, IDENTITY_TYPE_ID, GROUP_ID)
-values ('7', 0, 'init', 'P99', '010883e0ac5e11eaaaee297ae5eef932');
+commit;
+
+
+
+-- 角色权限
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('20_', ID) as ID, 0 as DELETED, '20' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '2____' or ID='1'
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('30_', ID) as ID, 0 as DELETED, '30' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '3____' or ID='1'
+;
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('40_', ID) as ID, 0 as DELETED, '40' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID like '4____' or ID='1'
+;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('41_', ID) as ID, 0 as DELETED, '41' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID in ('40000', '40100', '40300', '40400', '40500') or ID='1'
+;
+
+
+insert into TB_MGT_ROLE_PERMISSION (ID, DELETED, ROLE_ID, PERMISSION_ID)
+
+select CONCAT('42_', ID) as ID, 0 as DELETED, '41' as ROLE_ID, ID as PERMISSION_ID
+from TB_MGT_PERMISSION
+where ID in ('40000', '40900') or ID='1'
+;
commit;
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml
index 91edf43..a9d74c3 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/0.user-data-service-base.yaml
@@ -124,6 +124,11 @@
- containerPort: 6379
name: redis
protocol: TCP
+ resources:
+ requests:
+ memory: "1024Mi"
+ limits:
+ memory: "1024Mi"
readinessProbe:
exec:
command:
@@ -161,72 +166,90 @@
-####################################################
-# rabbitmq-server
-####################################################
----
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app: rabbitmq
- release: rabbitmq-server
- name: rabbitmq-server
- namespace: user-data-service
-type: Opaque
-data:
- RABBITMQ_USERNAME: Z3Vlc3Q=
- RABBITMQ_PASSWORD: Z3Vlc3Q=
----
-apiVersion: v1
-kind: Service
-metadata:
- name: rabbitmq-server
- namespace: user-data-service
- labels:
- app: rabbitmq-server
-spec:
- ports:
- - port: 5672
- targetPort: tcp-1
- protocol: TCP
- name: tcp-1
- - port: 15672
- targetPort: tcp-2
- protocol: TCP
- name: tcp-2
- selector:
- app: rabbitmq-server
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: rabbitmq-server
- namespace: user-data-service
-spec:
- selector:
- matchLabels:
- app: rabbitmq-server
- replicas: 1
- template:
- metadata:
- labels:
- app: rabbitmq-server
- annotations:
- sidecar.istio.io/inject: "false"
- spec:
- containers:
- - name: rabbitmq-server
- # 若使用了学校搭设的私有仓库,请修改
- image: rabbitmq:management
- # 若使用了学校搭设的私有仓库,请修改 为 Always
- imagePullPolicy: IfNotPresent
- # imagePullPolicy: Always
- ports:
- - containerPort: 5672
- name: tcp-1
- - containerPort: 15672
- name: tcp-2
- # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
- # imagePullSecrets:
- # - name: harbor-registry
+# ####################################################
+# # rabbitmq-server
+# ####################################################
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# labels:
+# app: rabbitmq
+# release: rabbitmq-server
+# name: rabbitmq-server
+# namespace: user-data-service
+# type: Opaque
+# data:
+# RABBITMQ_USERNAME: Z3Vlc3Q=
+# RABBITMQ_PASSWORD: Z3Vlc3Q=
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+# name: rabbitmq-server
+# namespace: user-data-service
+# labels:
+# app: rabbitmq-server
+# spec:
+# ports:
+# - port: 5672
+# targetPort: tcp-1
+# protocol: TCP
+# name: tcp-1
+# - port: 15672
+# targetPort: tcp-2
+# protocol: TCP
+# name: tcp-2
+# selector:
+# app: rabbitmq-server
+# ---
+# apiVersion: apps/v1
+# kind: Deployment
+# metadata:
+# name: rabbitmq-server
+# namespace: user-data-service
+# spec:
+# selector:
+# matchLabels:
+# app: rabbitmq-server
+# replicas: 1
+# template:
+# metadata:
+# labels:
+# app: rabbitmq-server
+# annotations:
+# sidecar.istio.io/inject: "false"
+# spec:
+# containers:
+# - name: rabbitmq-server
+# env:
+# - name: RABBITMQ_VM_MEMORY_HIGH_WATERMARK
+# value: "0.6"
+# - name: RABBITMQ_DEFAULT_USER
+# valueFrom:
+# secretKeyRef:
+# name: rabbitmq-server
+# key: RABBITMQ_USERNAME
+# - name: RABBITMQ_DEFAULT_PASS
+# valueFrom:
+# secretKeyRef:
+# name: rabbitmq-server
+# key: RABBITMQ_PASSWORD
+# # 若使用了学校搭设的私有仓库,请修改
+# image: rabbitmq:management
+# # 若使用了学校搭设的私有仓库,请修改 为 Always
+# imagePullPolicy: IfNotPresent
+# # imagePullPolicy: Always
+# ports:
+# - containerPort: 5672
+# name: tcp-1
+# - containerPort: 15672
+# name: tcp-2
+# resources:
+# requests:
+# memory: "1024Mi"
+# limits:
+# memory: "1024Mi"
+# # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
+# # imagePullSecrets:
+# # - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml
index 39f22fa..0f7e6e2 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/1.user-data-service-env.yaml
@@ -42,11 +42,12 @@
apiVersion: v1
kind: Secret
metadata:
- name: rabbitmq-env-secret
namespace: user-data-service
+ name: rabbitmq-env-secret
type: Opaque
data:
- SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVy
+ # rabbitmq-server.authx-service.svc.cluster.local
+ SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
SPRING_RABBITMQ_PORT: NTY3Mg==
SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
index 8c439e5..53107cc 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
@@ -28,7 +28,7 @@
containers:
- name: user-data-service-installer
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/goa/installer:1.1.14-RELEASE
+ image: harbor.supwisdom.com/goa/installer:1.2.2-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml
index 4296802..774e33d 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.1.user-data-service-poa.yaml
@@ -48,6 +48,9 @@
FILE_SERVER_URL: https://authx-minio.paas.xxx.edu.cn
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+
+
---
apiVersion: v1
kind: Service
@@ -89,7 +92,7 @@
containers:
- name: user-data-service-poa
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/goa/poa-api:1.1.14-RELEASE
+ image: harbor.supwisdom.com/goa/poa-api:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml
index 430e80b..4f2a8ca 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.2.user-data-service-goa.yaml
@@ -21,8 +21,6 @@
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
- LOGGING_LEVEL_COM_SUPWISDOM_GOA: INFO
-
SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
@@ -36,12 +34,14 @@
# 加密算法的实现,默认 default,支持 bcrypt 等加密算法; SHA-256 支持 SHA-256 加密算法
PASSWORD_ENCODER_IMPL: default
+ PASSWORD_ENABLE_TRANS_UPDATE_PASSWORD: "false"
+
SECURITY_API_SECURITY_ACCOUNT_SERVICE_IMPL: redis
# 推送数据到 jobs-server 的配置
JOBS_RABBITMQ_ENABLED: "false"
- JOBS_RABBITMQ_HOST: rabbitmq-server.jobs-server.svc.cluster.local
+ JOBS_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
JOBS_RABBITMQ_PORT: "5672"
JOBS_RABBITMQ_USERNAME: guest
JOBS_RABBITMQ_PASSWORD: guest
@@ -50,17 +50,24 @@
# 是否同步帐号到 openldap(已弃用)
# JOBS_RABBITMQ_ACCOUNTUSERSVC2OPENLDAPRABBITSENDER_ENABLED: "false"
- # 是否同步帐号数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ # 是否同步 帐号 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
JOBS_RABBITMQ_ACCOUNTUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
- # 是否同步密码(明文密码)到 jobs 的 MQ,由 jobs 再进行分发(如分发到 城市热点)
+ # 是否同步 密码(明文密码)到 jobs 的 MQ,由 jobs 再进行分发(如分发到 城市热点)
JOBS_RABBITMQ_ACCOUNTUSERSVC2JOBSSYNCPASSWORDRABBITSENDER_ENABLED: "false"
- # 是否同步组织机构数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ # 是否同步 组织机构 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
JOBS_RABBITMQ_ORGANIZATIONUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
- # 是否同步用户组数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ # 是否同步 用户组 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
JOBS_RABBITMQ_GROUPUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+ # 是否同步 帐号用户组 数据至 jobs 的 MQ,由 jobs 再进行分发(如分发到 openldap)
+ JOBS_RABBITMQ_ACCOUNTGROUPUSERSVC2JOBSRABBITSENDER_ENABLED: "false"
+
+
+ LOGGING_LEVEL_COM_SUPWISDOM_GOA: INFO
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+
---
apiVersion: v1
@@ -103,7 +110,7 @@
containers:
- name: user-data-service-goa
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/goa/goa-api:1.1.14-RELEASE
+ image: harbor.supwisdom.com/goa/goa-api:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml
index 18e1bfe..62eb923 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/4.3.user-data-service-biz.yaml
@@ -35,6 +35,14 @@
#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#CASSERVER_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ USER_AUTHZ_SERVICE_SERVER_URL: http://user-authorization-sa-svc.user-authorization-service.svc.cluster.local:8080
+ USER_AUTHZ_SERVICE_CLIENT_AUTH_ENABLED: "false"
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/common/common.keystore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_KEYSTORE_PASSWORD: ""
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/common/common.truststore
+ #USER_AUTHZ_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+
TPAS_FILE_API_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080/api/v1/tpas/file/minio
TPAS_CLIENT_AUTH_ENABLED: "false"
#TPAS_CLIENT_AUTH_KEY_PASSWORD: ""
@@ -44,6 +52,9 @@
#TPAS_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_GOA_COMMON_LOG: INFO
+
+
---
apiVersion: v1
kind: Service
@@ -85,7 +96,7 @@
containers:
- name: user-data-service-biz
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/goa/biz-api:1.1.14-RELEASE
+ image: harbor.supwisdom.com/goa/biz-api:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
@@ -97,6 +108,8 @@
name: jvm-env
- secretRef:
name: datasource-env-secret
+ - secretRef:
+ name: rabbitmq-env-secret
- configMapRef:
name: user-data-service-biz-env
resources:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml
index 7431795..c771dec 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/5.user-data-service-datax-job.yaml
@@ -24,7 +24,7 @@
name: user-data-service-datax-job
namespace: user-data-service
spec:
- schedule: "10 */1 * * *"
+ schedule: "30 */4 * * *"
jobTemplate:
metadata:
labels:
@@ -41,7 +41,7 @@
containers:
- name: user-data-service-datax-job
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/goa/datax-job:1.1.14-RELEASE
+ image: harbor.supwisdom.com/goa/datax-job:1.2.2-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml
new file mode 100644
index 0000000..e8b1f3c
--- /dev/null
+++ b/deploy-manifests/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml
@@ -0,0 +1,52 @@
+# 9.api-docs-installer.yaml
+
+# 依赖平台OpenAPI的部署
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service
+ name: api-docs-installer-env
+data:
+ ##
+ # 平台OpenAPI的外网访问地址,
+ # **修改** 学校的根域名
+ POA_SERVER_URL: http://poa.paas.xxx.edu.cn
+
+ # **修改** poa-sa 服务的k8s内部地址
+ POA_SA_SERVER_URL: http://poa-sa-svc.poa.svc.cluster.local:8443
+
+ USER_API_SERVER_URL: http://user-data-service-poa-svc.user-data-service.svc.cluster.local:8080
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: user-data-service
+ name: api-docs-installer
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: api-docs-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: api-docs-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: harbor.supwisdom.com/goa/api-docs-installer:1.2.2-RELEASE
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: api-docs-installer-env
+ # resources:
+ # requests:
+ # memory: "256Mi"
+ # limits:
+ # memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/0.user-authorization-service-base.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/0.user-authorization-service-base.yaml
index e9b861d..68bb04c 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/0.user-authorization-service-base.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/0.user-authorization-service-base.yaml
@@ -15,3 +15,74 @@
# {"auths":{"harbor.supwisdom.com":{"password":"PWMgP85qiLFC","username":"rancher.devops"}}}
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
+
+
+# ####################################################
+# # rabbitmq-server
+# ####################################################
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# labels:
+# app: rabbitmq
+# release: rabbitmq-server
+# name: rabbitmq-server
+# namespace: user-data-service
+# type: Opaque
+# data:
+# RABBITMQ_USERNAME: Z3Vlc3Q=
+# RABBITMQ_PASSWORD: Z3Vlc3Q=
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+# name: rabbitmq-server
+# namespace: user-data-service
+# labels:
+# app: rabbitmq-server
+# spec:
+# ports:
+# - port: 5672
+# targetPort: tcp-1
+# protocol: TCP
+# name: tcp-1
+# - port: 15672
+# targetPort: tcp-2
+# protocol: TCP
+# name: tcp-2
+# selector:
+# app: rabbitmq-server
+# ---
+# apiVersion: apps/v1
+# kind: Deployment
+# metadata:
+# name: rabbitmq-server
+# namespace: user-data-service
+# spec:
+# selector:
+# matchLabels:
+# app: rabbitmq-server
+# replicas: 1
+# template:
+# metadata:
+# labels:
+# app: rabbitmq-server
+# annotations:
+# sidecar.istio.io/inject: "false"
+# spec:
+# containers:
+# - name: rabbitmq-server
+# # 若使用了学校搭设的私有仓库,请修改
+# image: rabbitmq:management
+# # 若使用了学校搭设的私有仓库,请修改 为 Always
+# imagePullPolicy: IfNotPresent
+# # imagePullPolicy: Always
+# ports:
+# - containerPort: 5672
+# name: tcp-1
+# - containerPort: 15672
+# name: tcp-2
+# # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
+# # imagePullSecrets:
+# # - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/1.user-authorization-service-env.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/1.user-authorization-service-env.yaml
index 3deea6b..0017035 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/1.user-authorization-service-env.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/1.user-authorization-service-env.yaml
@@ -24,3 +24,17 @@
# 修改为实际的数据库密码,并使用 base64 工具进行编码
# kingstar
JDBC_PASSWORD: a2luZ3N0YXI=
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: rabbitmq-env-secret
+ namespace: user-authorization-service
+type: Opaque
+data:
+ # rabbitmq-server.authx-service.svc.cluster.local
+ SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
+ SPRING_RABBITMQ_PORT: NTY3Mg==
+ SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+ SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml
index 140af51..b35150f 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.0.user-authorization-installer.yaml
@@ -28,7 +28,7 @@
containers:
- name: user-authorization-installer
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/user-authorization-service/user-authorization-installer:1.1.7-RELEASE
+ image: harbor.supwisdom.com/user-authorization-service/user-authorization-installer:1.2.2-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml
index 56bb25f..dcfd4b6 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.1.user-authorization-poa.yaml
@@ -35,6 +35,7 @@
#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
#USER_DATA_SERVICE_CLIENT_AUTH_TRUSTSTORE_PASSWORD: ""
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_COMMON_LOG: INFO
---
apiVersion: v1
@@ -77,7 +78,7 @@
containers:
- name: user-authorization-poa
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/user-authorization-service/user-authorization-poa:1.1.7-RELEASE
+ image: harbor.supwisdom.com/user-authorization-service/user-authorization-poa:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml
index 94505e1..a3a69ab 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/4.2.user-authorization-sa.yaml
@@ -21,16 +21,23 @@
SERVER_TOMCAT_MAX_THREADS: "800"
SERVER_TOMCAT_MIN_SPARE_THREADS: "100"
- # LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_SA_MANGRANTED: debug
SPRING_DATASOURCE_DRUID_INITIAL_SIZE: "10"
SPRING_DATASOURCE_DRUID_MAX_ACTIVE: "20"
SPRING_DATASOURCE_DRUID_MIN_IDLE: "10"
- # SBA_URL: http://spring-boot-admin-svc.base.svc.cluster.local:8080
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_CONSUMER_ENABLED: "false"
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_HOST: rabbitmq-server.authx-service.svc.cluster.local
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_PORT: "5672"
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_USERNAME: guest
+ USER_AUTHORIZATION_SA_USER_RABBITMQ_PASSWORD: guest
+ LOGGING_LEVEL_COM_SUPWISDOM_INSTITUTE_USER_AUTHORIZATION_SERVICE_COMMON_LOG: INFO
+
+ # SBA_URL: http://spring-boot-admin-svc.base.svc.cluster.local:8080
+
---
apiVersion: v1
@@ -73,7 +80,7 @@
containers:
- name: user-authorization-sa
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/user-authorization-service/user-authorization-sa:1.1.7-RELEASE
+ image: harbor.supwisdom.com/user-authorization-service/user-authorization-sa:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
@@ -81,10 +88,12 @@
- containerPort: 6060
name: http-metrics
envFrom:
- - secretRef:
- name: datasource-env-secret
- configMapRef:
name: jvm-env
+ - secretRef:
+ name: datasource-env-secret
+ - secretRef:
+ name: rabbitmq-env-secret
- configMapRef:
name: user-authorization-sa-env
resources:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml
index 0efabff..391911b 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/5.user-authorization-datax-job.yaml
@@ -17,7 +17,6 @@
JOB_USER2AUTHZ_MYSQLWRITER8_PASSWORD: "kingstar"
JOB_USER2AUTHZ_MYSQLWRITER8_JDBC_URL: "jdbc:mysql://mysql-server.authx-service.svc.cluster.local:3306/user_authz?serverTimezone=Asia/Shanghai"
-
---
apiVersion: batch/v1beta1
kind: CronJob
@@ -25,7 +24,7 @@
name: user-authorization-datax-job
namespace: user-authorization-service
spec:
- schedule: "*/10 * * * *"
+ schedule: "30 */4 * * *"
jobTemplate:
metadata:
labels:
@@ -42,7 +41,7 @@
containers:
- name: user-authorization-datax-job
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/user-authorization-service/user-authorization-datax-job:1.1.7-RELEASE
+ image: harbor.supwisdom.com/user-authorization-service/user-authorization-datax-job:1.2.2-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/9.api-docs-installer.yaml
similarity index 60%
rename from deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml
rename to deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/9.api-docs-installer.yaml
index 24e0b71..ae6355a 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/0.authx-service/9.poa-api-docs-installer.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/3.user-authorization-service/9.api-docs-installer.yaml
@@ -1,46 +1,48 @@
-# 10.9.poa-api-docs-installer.yaml
+# 9.api-docs-installer.yaml
+
+# 依赖平台OpenAPI的部署
---
apiVersion: v1
kind: ConfigMap
metadata:
- namespace: authx-service
- name: poa-api-docs-installer-env
+ namespace: user-authorization-service
+ name: api-docs-installer-env
data:
##
# 平台OpenAPI的外网访问地址,
# **修改** 学校的根域名
POA_SERVER_URL: http://poa.paas.xxx.edu.cn
+
+ # **修改** poa-sa 服务的k8s内部地址
POA_SA_SERVER_URL: http://poa-sa-svc.poa.svc.cluster.local:8443
- USER_API_SERVER_URL: http://user-data-service-poa-svc.user-data-service.svc.cluster.local:8080
USER_AUTHZ_API_SERVER_URL: http://user-authorization-poa-svc.user-authorization-service.svc.cluster.local:8080
- COMMUNICATE_API_SERVER_URL: http://communicate-center-poa-svc.communicate-center.svc.cluster.local:8080
---
apiVersion: batch/v1
kind: Job
metadata:
- namespace: authx-service
- name: poa-api-docs-installer
+ namespace: user-authorization-service
+ name: api-docs-installer
spec:
completions: 1
parallelism: 1
template:
metadata:
labels:
- app: poa-api-docs-installer
+ app: api-docs-installer
spec:
restartPolicy: Never
containers:
- - name: poa-api-docs-installer
+ - name: api-docs-installer
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/authx-service/poa-api-docs-installer:1.1.3-SNAPSHOT
+ image: harbor.supwisdom.com/user-authorization-service/api-docs-installer:1.2.2-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
- name: poa-api-docs-installer-env
+ name: api-docs-installer-env
# resources:
# requests:
# memory: "256Mi"
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml
index 9a21d97..53e0bad 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.0.cas-server-installer.yaml
@@ -28,7 +28,7 @@
containers:
- name: cas-server-installer
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/cas-server/cas-server-installer:1.1.10-RELEASE
+ image: harbor.supwisdom.com/cas-server/cas-server-installer:1.2.1-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml
index a753beb..70c4b13 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.2.cas-server-sa-api.yaml
@@ -95,7 +95,7 @@
containers:
- name: cas-server-sa-api
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/cas-server/cas-server-sa-api:1.1.10-RELEASE
+ image: harbor.supwisdom.com/cas-server/cas-server-sa-api:1.2.1-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml
index 6185328..d051aec 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.3.cas-server-security-engine.yaml
@@ -62,7 +62,7 @@
containers:
- name: cas-server-security-engine
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/cas-server/cas-server-security-engine:1.1.10-RELEASE
+ image: harbor.supwisdom.com/cas-server/cas-server-security-engine:1.2.1-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 6060
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.4.cas-server-uidws.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.4.cas-server-uidws.yaml
deleted file mode 100644
index 2dc6367..0000000
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.4.cas-server-uidws.yaml
+++ /dev/null
@@ -1,113 +0,0 @@
-# 4.4.cas-server-uidws.yaml
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: cas-server
- name: cas-server-uidws-env
-data:
- SERVER_PORT: "8080"
- SSL_ENABLED: "false"
- #SSL_KEYSTORE_FILE: file:/certs/server/server.keystore
- #SSL_KEYSTORE_PASSWORD: ""
- #SSL_TRUSTSTORE_FILE: file:/certs/server/server.truststore
- #SSL_TRUSTSTORE_PASSWORD: ""
-
- SERVER_MAXHTTPHEADERSIZE: "10240"
-
- SERVER_TOMCAT_ACCEPT_COUNT: "100"
- SERVER_TOMCAT_MAX_CONNECTIONS: "10000"
- SERVER_TOMCAT_MAX_THREADS: "200"
- SERVER_TOMCAT_MIN_SPARE_THREADS: "10"
-
-
- UIDWS_APPKEYSECRET: "1:1,2:2"
-
-
- USER_DATA_SERVICE_SA_API_SERVER_URL: http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080
- USER_DATA_SERVICE_SA_API_CLIENT_AUTH_ENABLED: "false"
- #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_FILE: file:/certs/client/client.keystore
- #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_FILE: file:/certs/client/client.truststore
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- namespace: cas-server
- name: cas-server-uidws-env-secret
-type: Opaque
-data:
- #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEY_PASSWORD: Y2xpZW50
- #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_KEYSTORE_PASSWORD: Y2xpZW50
- #USER_DATA_SERVICE_SA_API_CLIENT_AUTH_TRUSTSTORE_PASSWORD: Y2xpZW50
-
----
-apiVersion: v1
-kind: Service
-metadata:
- namespace: cas-server
- name: cas-server-uidws-svc
- labels:
- app: cas-server-uidws
- needMonitor: 'true'
-spec:
- ports:
- - port: 8080
- targetPort: http
- protocol: TCP
- name: http
- - port: 6060
- targetPort: http-metrics
- protocol: TCP
- name: http-metrics
- selector:
- app: cas-server-uidws
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: cas-server-uidws
- namespace: cas-server
-spec:
- selector:
- matchLabels:
- app: cas-server-uidws
- replicas: 1
- template:
- metadata:
- labels:
- app: cas-server-uidws
- spec:
- containers:
- - name: cas-server-uidws
- image: harbor.supwisdom.com/cas-server/cas-server-uidws:1.1.10-RELEASE
- imagePullPolicy: Always
- ports:
- - containerPort: 8080
- name: http
- - containerPort: 6060
- name: http-metrics
- envFrom:
- - configMapRef:
- name: jvm-env
- - configMapRef:
- name: cas-server-uidws-env
- - secretRef:
- name: cas-server-uidws-env-secret
- resources:
- requests:
- memory: "512Mi"
- limits:
- memory: "512Mi"
- readinessProbe:
- httpGet:
- path: /uidws/actuator/health
- port: 8080
- initialDelaySeconds: 20
- periodSeconds: 5
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 10
- imagePullSecrets:
- - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
index 8d144f2..7b93ad3 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.5.cas-server-site-webapp.yaml
@@ -95,7 +95,10 @@
# **视情况修改**
## 是否启用登录验证码
- CASSERVERSITE_CAPTCHA_ENABLED: "false"
+ CASSERVERSITE_CAPTCHA_ENABLED: "true"
+ CASSERVERSITE_CAPTCHA_SKIP_N: "true"
+
+ CASSERVERSITE_FEDERATED_CAPTCHA_ENABLED: "true"
## 配置用户的登录名的正则校验(用于手机、邮箱登录的判断)
#CASSERVERSITE_USERNAME_REGEX_MOBILE: ""
@@ -123,6 +126,11 @@
CASSERVERSITE_PASSWORDLESS_SMS_TEXT_TEMPLATE: 【认证中心】您正在登录统一身份认证,本次登录的动态密码为{token},有效期5分钟,请尽快完成登录。
+ ## 密码验证接口(外部接口)
+ CASSERVERSITE_SECURITY_PASSWORD_VERIFY_URL: ""
+ # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
+
+
TPAS_AGENT_SERVICE_SERVER_URL: http://agent-service-svc.thirdparty-agent-service.svc.cluster.local:8080
TPAS_AGENT_SERVICE_CLIENT_AUTH_ENABLED: "false"
#TPAS_AGENT_SERVICE_CLIENT_AUTH_KEY_PASSWORD: ""
@@ -220,7 +228,7 @@
containers:
- name: cas-server-site-webapp
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/cas-server/cas-server-site-webapp:1.1.10-RELEASE
+ image: harbor.supwisdom.com/cas-server/cas-server-site-webapp:1.2.1-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml
index 05313aa..fcb7b32 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/4.6.cas-server-site-scheme.yaml
@@ -95,7 +95,7 @@
memory: "256Mi"
- name: cas-server-site-scheme-generator
# 根据情况修改镜像地址
- image: harbor.supwisdom.com/cas-server/cas-server-site-scheme:1.1.10-RELEASE
+ image: harbor.supwisdom.com/cas-server/cas-server-site-scheme:1.2.1-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml
index db3ac9a..725a4d5 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/4.cas-server/5.cas-server-datax-job.yaml
@@ -25,7 +25,7 @@
namespace: cas-server
name: cas-server-datax-job
spec:
- schedule: "*/5 * * * *"
+ schedule: "5 */2 * * *"
jobTemplate:
metadata:
labels:
@@ -42,7 +42,7 @@
containers:
- name: cas-server-datax-job
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/cas-server/cas-server-datax-job:1.1.10-RELEASE
+ image: harbor.supwisdom.com/cas-server/cas-server-datax-job:1.2.1-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/1.token-server-env.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/1.token-server-env.yaml
index 0bbf852..304756b 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/1.token-server-env.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/1.token-server-env.yaml
@@ -36,3 +36,18 @@
SPRING_REDIS_HOST: cmVkaXMtc2VydmVy
SPRING_REDIS_PORT: NjM3OQ==
SPRING_REDIS_PASSWORD: OEt1d29zbE9pdXc3SA==
+
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: token-server
+ name: rabbitmq-env-secret
+type: Opaque
+data:
+ # rabbitmq-server.authx-service.svc.cluster.local
+ SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
+ SPRING_RABBITMQ_PORT: NTY3Mg==
+ SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+ SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml
index 2dfb3f3..3e40340 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.0.token-server-installer.yaml
@@ -28,7 +28,7 @@
containers:
- name: token-server-installer
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/token-server/token-server-installer:1.0.9-RELEASE
+ image: harbor.supwisdom.com/token-server/token-server-installer:1.2.1-RELEASE
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
index 1609dfe..8bccec9 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/4.1.token-server.yaml
@@ -67,10 +67,16 @@
TOKEN_SERVER_PASSWORDLESS_SMS_FROM: 认证中心
+ ## 密码验证接口(外部接口)
+ TOKEN_SERVER_SECURITY_PASSWORD_VERIFY_URL: ""
+ # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
+
+
# **修改** 从消息中心申请
MESSAGECENTER_ENABLED: "false"
MESSAGECENTER_APP_ID: ""
MESSAGECENTER_MESSAGE_TYPE_CODE_APP_LOGIN: APP_LOGIN
+ MESSAGECENTER_MESSAGE_TYPE_CODE_PASSWORD: PASSWORD
# **修改** 从POA申请
POA_SERVER_URL: https://poa.paas.xxx.edu.cn
@@ -106,6 +112,20 @@
TPAS_AGENT_SERVICE_SMS_SENDER_PATH: /api/v1/tpas/sms/console/send
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: token-server
+ name: token-server-env-secret
+type: Opaque
+data:
+ SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
+ # rabbitmq-server.authx-service.svc.cluster.local
+ SPRING_RABBITMQ_PORT: NTY3Mg==
+ SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
+ SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
+
---
apiVersion: v1
@@ -148,7 +168,7 @@
containers:
- name: token-server
# 若使用了学校搭设的私有仓库,请 **修改**
- image: harbor.supwisdom.com/token-server/token-server:1.0.9-RELEASE
+ image: harbor.supwisdom.com/token-server/token-server:1.2.1-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
@@ -162,6 +182,8 @@
name: datasource-env-secret
- secretRef:
name: redis-env-secret
+ - secretRef:
+ name: rabbitmq-env-secret
- configMapRef:
name: token-server-env
resources:
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/9.api-docs-installer.yaml b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/9.api-docs-installer.yaml
new file mode 100644
index 0000000..a376b5b
--- /dev/null
+++ b/deploy-manifests/k8s-rancher/1.authx-service/5.token-server/9.api-docs-installer.yaml
@@ -0,0 +1,47 @@
+# 9.api-docs-installer.yaml
+
+# 依赖平台OpenAPI的部署
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: token-server
+ name: api-docs-installer-env
+data:
+ ##
+ # 平台OpenAPI的外网访问地址,
+ # **修改** 学校的根域名
+ POA_SERVER_URL: http://poa.paas.xxx.edu.cn
+
+ # **修改** poa-sa 服务的k8s内部地址
+ POA_SA_SERVER_URL: http://poa-sa-svc.poa.svc.cluster.local:8443
+
+ TOKEN_API_SERVER_URL: http://token-server-svc.token-server.svc.cluster.local:8080
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: token-server
+ name: api-docs-installer
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: api-docs-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: api-docs-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: harbor.supwisdom.com/token-server/api-docs-installer:1.2.1-RELEASE
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: api-docs-installer-env
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
index 0fcf977..35ac455 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.4.personal-security-center-bff.yaml
@@ -50,11 +50,13 @@
SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE: '{prefix}{name}:您正在绑定钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_USER_FEDERATION_DINGTALK_SEND_CODE_UNBIND_DINGTALK: '{prefix}{name}:您正在解绑钉钉,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
+ SMS_TEMPLATE_USER_COMPLETED_SECURITY_MOBILE_SEND_CODE: '{name}:您正在绑定安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
+
+ SMS_TEMPLATE_USER_COMPLETED_REALNAME_SEND_CODE_BY_PRE_MOBILE: '{name}:您正在实名认证,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
+
SMS_TEMPLATE_ACCOUNT_INFO_SEND_CODE_BY_MOBILE: '{prefix}您当前正在查询账号,须验证手机有效,验证码{code},有效期5分钟,请尽快完成验证。'
SMS_TEMPLATE_ACCOUNT_INFO_SEND_ACCOUNT_NAME: '{prefix}您当前正在查询账号,查询结果为:{accountName},账号是您在学校中的重要信息,请妥善保管。'
- SMS_TEMPLATE_USER_COMPLETED_SECURITY_MOBILE_SEND_CODE: '{name}:您正在绑定安全手机,须验证身份,验证码{code},有效期5分钟,请尽快完成验证。'
-
SMS_TEMPLATE_PREFIX: ''
@@ -98,6 +100,11 @@
PERSONAL_SECURITY_BFF_NONCE_STORE_IMPL: redis
+ ## 密码验证接口(外部接口)
+ PERSONAL_SECURITY_BFF_SECURITY_PASSWORD_VERIFY_URL: ""
+ # http://user-data-service-goa-svc.user-data-service.svc.cluster.local:8080/api/v1/security/accounts/verifyAccountPassword
+
+
# 新开普人脸对接配置
# 修改为实际项目配置
PERSONAL_SECURITY_BFF_FACE_AIFACE_URL: "http://117.158.17.228:3003/aiface"
@@ -211,7 +218,7 @@
containers:
- name: personal-security-center-bff
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.0.12-RELEASE
+ image: harbor.supwisdom.com/personal-security-center/personal-security-bff:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
index 0ec4ca3..8b55f67 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.5.personal-security-center-zuul.yaml
@@ -58,6 +58,8 @@
INFRAS_SECURITY_JWT_TOKEN_GENERATE_TYPE: cas
#INFRAS_SECURITY_JWT_TOKEN_DECRYPT_KEY_PRIVATE_KEY_PEM_PKCS8: ""
INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://cas-server-site-webapp-svc.cas-server.svc.cluster.local:8080/cas/jwt/publicKey"
+ # 对接 uniauth认证时,使用以下配置
+ #INFRAS_SECURITY_JWT_TOKEN_SIGNING_KEY_URL: "http://uniauth-prod-backend.uniauth.svc.cluster.local:9090/idtoken/publicKey"
INFRAS_SECURITY_CAS_ENABLED: "true"
@@ -150,7 +152,7 @@
containers:
- name: personal-security-center-zuul
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.0.12-RELEASE
+ image: harbor.supwisdom.com/personal-security-center/personal-security-zuul:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 8080
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
index b1ad69e..0d3bb0c 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/6.personal-security-center/4.9.security-center-ui.yaml
@@ -14,6 +14,15 @@
PERSONAL_CENTER_API: http://personal-security-center.paas.xxx.edu.cn
+ # 可选 cas,uniauth
+ AUTH_TYPE: cas
+
+ # AUTH_TYPE 为 uniauth 时,配置
+ UNIAUTH_IDTOKEN: http://uniauth.paas.xxx.edu.cn/idtoken
+ UNIAUTH_IDTOKEN_ISS: "uniauth"
+ UNIAUTH_CLIENT_ID: "22"
+
+ # AUTH_TYPE 为 cas 时,配置 AUTH_CAS、JWT_ISS、JWT_SECRET
AUTH_CAS: http://cas.paas.xxx.edu.cn/cas
JWT_ISS: http://cas.paas.xxx.edu.cn/cas
JWT_SECRET: (@<rhnPaUYKC_k770*DuWwYQ_#Zc#8c(2rB?kae)rN)>K7qy)awCjxp$L653Mf$2
@@ -55,7 +64,7 @@
containers:
- name: security-center-ui
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/personal-security-center/security-center-ui:1.1.3-RELEASE
+ image: harbor.supwisdom.com/personal-security-center/security-center-ui:1.2.2-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 80
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/0.jobs-server-base.yaml b/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/0.jobs-server-base.yaml
index d3f82f8..dcf76b5 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/0.jobs-server-base.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/0.jobs-server-base.yaml
@@ -16,73 +16,88 @@
.dockerconfigjson: eyJhdXRocyI6eyJoYXJib3Iuc3Vwd2lzZG9tLmNvbSI6eyJwYXNzd29yZCI6IlBXTWdQODVxaUxGQyIsInVzZXJuYW1lIjoicmFuY2hlci5kZXZvcHMifX19
-####################################################
-# rabbitmq-server
-####################################################
----
-apiVersion: v1
-kind: Secret
-metadata:
- labels:
- app: rabbitmq
- release: rabbitmq-server
- name: rabbitmq-server
- namespace: jobs-server
-type: Opaque
-data:
- RABBITMQ_USERNAME: Z3Vlc3Q=
- RABBITMQ_PASSWORD: Z3Vlc3Q=
----
-apiVersion: v1
-kind: Service
-metadata:
- name: rabbitmq-server
- namespace: jobs-server
- labels:
- app: rabbitmq-server
-spec:
- ports:
- - port: 5672
- targetPort: tcp-1
- protocol: TCP
- name: tcp-1
- - port: 15672
- targetPort: tcp-2
- protocol: TCP
- name: tcp-2
- selector:
- app: rabbitmq-server
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: rabbitmq-server
- namespace: jobs-server
-spec:
- selector:
- matchLabels:
- app: rabbitmq-server
- replicas: 1
- template:
- metadata:
- labels:
- app: rabbitmq-server
- annotations:
- sidecar.istio.io/inject: "false"
- spec:
- containers:
- - name: rabbitmq-server
- # 若使用了学校搭设的私有仓库,请修改
- image: rabbitmq:management
- # 若使用了学校搭设的私有仓库,请修改 为 Always
- imagePullPolicy: IfNotPresent
- # imagePullPolicy: Always
- ports:
- - containerPort: 5672
- name: tcp-1
- - containerPort: 15672
- name: tcp-2
- # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
- # imagePullSecrets:
- # - name: harbor-registry
+# ####################################################
+# # rabbitmq-server
+# ####################################################
+
+# ---
+# apiVersion: v1
+# kind: Secret
+# metadata:
+# labels:
+# app: rabbitmq
+# release: rabbitmq-server
+# name: rabbitmq-server
+# namespace: jobs-server
+# type: Opaque
+# data:
+# RABBITMQ_USERNAME: Z3Vlc3Q=
+# RABBITMQ_PASSWORD: Z3Vlc3Q=
+
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+# name: rabbitmq-server
+# namespace: jobs-server
+# labels:
+# app: rabbitmq-server
+# spec:
+# ports:
+# - port: 5672
+# targetPort: tcp-1
+# protocol: TCP
+# name: tcp-1
+# - port: 15672
+# targetPort: tcp-2
+# protocol: TCP
+# name: tcp-2
+# selector:
+# app: rabbitmq-server
+# ---
+# apiVersion: apps/v1
+# kind: Deployment
+# metadata:
+# name: rabbitmq-server
+# namespace: jobs-server
+# spec:
+# selector:
+# matchLabels:
+# app: rabbitmq-server
+# replicas: 1
+# template:
+# metadata:
+# labels:
+# app: rabbitmq-server
+# annotations:
+# sidecar.istio.io/inject: "false"
+# spec:
+# containers:
+# - name: rabbitmq-server
+# env:
+# - name: RABBITMQ_VM_MEMORY_HIGH_WATERMARK
+# value: "0.6"
+# - name: RABBITMQ_DEFAULT_USER
+# valueFrom:
+# secretKeyRef:
+# name: rabbitmq-server
+# key: RABBITMQ_USERNAME
+# - name: RABBITMQ_DEFAULT_PASS
+# valueFrom:
+# secretKeyRef:
+# name: rabbitmq-server
+# key: RABBITMQ_PASSWORD
+# # 若使用了学校搭设的私有仓库,请修改
+# image: rabbitmq:management
+# # 若使用了学校搭设的私有仓库,请修改 为 Always
+# imagePullPolicy: IfNotPresent
+# # imagePullPolicy: Always
+# ports:
+# - containerPort: 5672
+# name: tcp-1
+# - containerPort: 15672
+# name: tcp-2
+# # 若使用了学校搭设的私有仓库,请增加以下配置(取消注释即可)
+# # imagePullSecrets:
+# # - name: harbor-registry
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/1.jobs-server-env.yaml b/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/1.jobs-server-env.yaml
index 7ac9df8..10ece22 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/1.jobs-server-env.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/1.jobs-server-env.yaml
@@ -17,7 +17,8 @@
name: rabbitmq-env-secret
type: Opaque
data:
- SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVy
+ # rabbitmq-server.authx-service.svc.cluster.local
+ SPRING_RABBITMQ_HOST: cmFiYml0bXEtc2VydmVyLmF1dGh4LXNlcnZpY2Uuc3ZjLmNsdXN0ZXIubG9jYWw=
SPRING_RABBITMQ_PORT: NTY3Mg==
SPRING_RABBITMQ_USERNAME: Z3Vlc3Q=
SPRING_RABBITMQ_PASSWORD: Z3Vlc3Q=
diff --git a/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/4.1.jobs-server.yaml b/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/4.1.jobs-server.yaml
index bbcea06..c872bd8 100644
--- a/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/4.1.jobs-server.yaml
+++ b/deploy-manifests/k8s-rancher/1.authx-service/9.jobs-server/4.1.jobs-server.yaml
@@ -160,7 +160,7 @@
containers:
- name: jobs-server
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/jobs-server/jobs-server:1.0.3-SNAPSHOT
+ image: harbor.supwisdom.com/jobs-server/jobs-server:1.2.1-RELEASE
imagePullPolicy: Always
ports:
- containerPort: 6060
diff --git "a/docs/CAS\350\256\244\350\257\201\350\201\224\345\220\210\347\231\273\345\275\225\351\205\215\347\275\256\350\257\264\346\230\216\346\226\207\346\241\243.md" "b/docs/CAS\350\256\244\350\257\201\350\201\224\345\220\210\347\231\273\345\275\225\351\205\215\347\275\256\350\257\264\346\230\216\346\226\207\346\241\243.md"
index e7f64dc..53d2a96 100644
--- "a/docs/CAS\350\256\244\350\257\201\350\201\224\345\220\210\347\231\273\345\275\225\351\205\215\347\275\256\350\257\264\346\230\216\346\226\207\346\241\243.md"
+++ "b/docs/CAS\350\256\244\350\257\201\350\201\224\345\220\210\347\231\273\345\275\225\351\205\215\347\275\256\350\257\264\346\230\216\346\226\207\346\241\243.md"
@@ -13,6 +13,39 @@
根据 各开放平台 申请开发者帐号,开通开发权限(涉及到费用)
+* 回调地址、回调域
+
+认证对接时,跳转 url 里的 redirect_uri ,如下,
+各开放平台中 所需配置的 回调地址、回调域 根据实际情况 处理即可
+
+- QQ
+
+redirect_uri: `https://cas.paas.xxx.edu.cn/cas/federation/federatedCallback/qq`
+
+网站回调域: `https://cas.paas.xxx.edu.cn/cas/federation/federatedCallback/qq`
+
+- 微信
+
+redirect_uri: `https://cas.paas.xxx.edu.cn/cas/federation/federatedCallback/openweixin`
+
+回调域: `cas.paas.xxx.edu.cn`
+
+- 企业微信
+
+redirect_uri: `https://cas.paas.xxx.edu.cn/cas/federation/federatedCallback/workweixin`
+
+
+- 支付宝
+
+redirect_uri: `https://cas.paas.xxx.edu.cn/cas/federation/federatedCallback/alipay`
+
+
+- 钉钉
+
+redirect_uri: `https://cas.paas.xxx.edu.cn/cas/federation/federatedCallback/dingtalk`
+
+
+
* 获取对接参数
各开放平台下,创建应用,获取 应用ID、Secret 等对接参数(具体至官方文档了解)
diff --git "a/docs/\345\256\236\346\226\275\345\270\270\350\247\201\351\227\256\351\242\230\345\244\204\347\220\206\350\257\264\346\230\216.md" "b/docs/\345\256\236\346\226\275\345\270\270\350\247\201\351\227\256\351\242\230\345\244\204\347\220\206\350\257\264\346\230\216.md"
new file mode 100644
index 0000000..da18a54
--- /dev/null
+++ "b/docs/\345\256\236\346\226\275\345\270\270\350\247\201\351\227\256\351\242\230\345\244\204\347\220\206\350\257\264\346\230\216.md"
@@ -0,0 +1,35 @@
+
+# 用户授权实施常见问题处理说明
+
+[TOC]
+
+
+## 用户服务帐号数据缓存更新操作
+
+1. 进入 redis-server,将缓存处理标记清除
+ ```bash
+ # redis-cli
+
+ 127.0.0.1:6379> AUTH 8KuwoslOiuw7H
+
+ 127.0.0.1:6379> llen USER_REFRESH_PAGE_LIST
+
+ 127.0.0.1:6379> get USER_REFRESH_PAGE_LIST_INIT_MARK
+
+ 127.0.0.1:6379> del USER_REFRESH_PAGE_LIST
+
+ 127.0.0.1:6379> del USER_REFRESH_PAGE_LIST_INIT_MARK
+ ```
+
+2. 重启 user-data-service-goa
+ 重启后,服务会重新初始化缓存,等待初始化完成即可
+
+
+## 头像显示错误问题
+
+ 排查 admin-center-bff, personal-security-center-bff, user-data-service-goa 等服务下的文件服务接口地址的相关配置`TPAS_FILE_API_URL`
+
+ 确保使用的接口地址是一致的
+
+
+
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
index ab538a4..41fb641 100644
--- a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
@@ -28,7 +28,7 @@
containers:
- name: user-data-service-installer
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/goa/installer:1.1
+ image: harbor.supwisdom.com/goa/installer:1.2.0-SNAPSHOT
imagePullPolicy: Always
envFrom:
- configMapRef:
diff --git a/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml
new file mode 100644
index 0000000..b8f48eb
--- /dev/null
+++ b/project/newcapec-test/k8s-rancher/1.authx-service/2.user-data-service/9.api-docs-installer.yaml
@@ -0,0 +1,52 @@
+# 9.api-docs-installer.yaml
+
+# 依赖平台OpenAPI的部署
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: user-data-service-test
+ name: api-docs-installer-env
+data:
+ ##
+ # 平台OpenAPI的外网访问地址,
+ # **修改** 学校的根域名
+ POA_SERVER_URL: http://poa-test.paas.newcapec.cn
+
+ # **修改** poa-sa 服务的k8s内部地址
+ POA_SA_SERVER_URL: http://poa-sa-test.paas.newcapec.cn
+
+ USER_API_SERVER_URL: http://user-data-service-poa-svc.user-data-service-test.svc.cluster.local:8080
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: user-data-service-test
+ name: api-docs-installer
+spec:
+ completions: 1
+ parallelism: 1
+ template:
+ metadata:
+ labels:
+ app: api-docs-installer
+ spec:
+ restartPolicy: Never
+ containers:
+ - name: api-docs-installer
+ # 若使用了学校搭设的私有仓库,请修改
+ image: harbor.supwisdom.com/goa/api-docs-installer:1.2.0-SNAPSHOT
+ imagePullPolicy: Always
+ envFrom:
+ - configMapRef:
+ name: api-docs-installer-env
+ # resources:
+ # requests:
+ # memory: "256Mi"
+ # limits:
+ # memory: "256Mi"
+ imagePullSecrets:
+ - name: harbor-registry
diff --git a/project/zzu/k8s-rancher/0.infras/0.0.2.infras-sba.yaml b/project/zzu/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
index 70b3269..9b305c7 100644
--- a/project/zzu/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
+++ b/project/zzu/k8s-rancher/0.infras/0.0.2.infras-sba.yaml
@@ -6,7 +6,7 @@
apiVersion: v1
kind: Secret
metadata:
- namespace: base
+ namespace: authx-service
name: spring-boot-admin-env-secret
data:
# sbaadmin
@@ -14,22 +14,11 @@
# sbanimda
SBA_PASSWORD: c2JhbmltZGE=
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: base
- name: spring-boot-admin-env
-data:
- SERVER_PORT: "8080"
-
-
---
apiVersion: v1
kind: Service
metadata:
- namespace: base
+ namespace: authx-service
name: spring-boot-admin-svc
labels:
app: spring-boot-admin
@@ -46,6 +35,7 @@
name: http-metrics
selector:
app: spring-boot-admin
+
---
apiVersion: apps/v1
kind: Deployment
@@ -65,7 +55,7 @@
containers:
- name: spring-boot-admin
# 若使用了学校搭设的私有仓库,请修改
- image: harbor.supwisdom.com/institute/spring-boot-admin:0.1.0-SNAPSHOT
+ image: hb.v.zzu.edu.cn/institute/spring-boot-admin:0.1.0-SNAPSHOT
imagePullPolicy: Always
ports:
- containerPort: 8080
@@ -73,19 +63,15 @@
- containerPort: 6060
name: http-metrics
envFrom:
- - configMapRef:
- name: jvm-env
- - secretRef:
- name: datasource-env-secret
- secretRef:
name: spring-boot-admin-env-secret
- - configMapRef:
- name: spring-boot-admin-env
resources:
requests:
- memory: "400Mi"
+ cpu: 200m
+ memory: "256Mi"
limits:
- memory: "400Mi"
+ cpu: 1000m
+ memory: "256Mi"
readinessProbe:
tcpSocket:
port: 8080
@@ -94,9 +80,8 @@
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
- imagePullSecrets:
- - name: harbor-registry
-
+ # imagePullSecrets:
+ # - name: harbor-registry
---
apiVersion: extensions/v1beta1
@@ -107,11 +92,10 @@
spec:
rules:
# 修改为学校的根域名
- - host: sba.paas.xxx.edu.cn
+ - host: sba.s.zzu.edu.cn
http:
paths:
- path: /
backend:
serviceName: spring-boot-admin-svc
servicePort: http
-
diff --git a/project/zzu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml b/project/zzu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
index 3292853..abd84b3 100644
--- a/project/zzu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
+++ b/project/zzu/k8s-rancher/1.authx-service/2.user-data-service/4.0.user-data-service-installer.yaml
@@ -28,7 +28,7 @@
containers:
- name: user-data-service-installer
# 若使用了学校搭设的私有仓库,请修改
- image: hb.v.zzu.edu.cn/goa/installer:1.1
+ image: hb.v.zzu.edu.cn/goa/installer:1.1.13-SNAPSHOT
imagePullPolicy: Always
envFrom:
- configMapRef: