Git Product home page Git Product logo

iam's Introduction

This project is deprecated as all features were merged to the https://kubesphere.io

OpenPitrix

OpenPitrix

Build Status Docker Build Status Go Report Card GoDoc License

OpenPitrix is a web-based open-source system to package, deploy and manage different types of applications including Kubernetes application, microservice application and serverless applications into multiple cloud environment such as AWS, Azure, Kubernetes, QingCloud, OpenStack, VMWare etc.

Definition: Pitrix ['paitriks] means the matrix of PaaS and IaaS which makes it easy to develop, deploy, manage applications including PaaS on various runtime environments, i.e., Pitrix = PaaS + IaaS + Matrix. It also means a matrix that contains endless (PI - the Greek letter "π") applications.

Motivation

OpenPitrix originates from QingCloud AppCenter which helps developers to create cloud-based enterprise applications with all features of cloud application, such as agility, elasticity, scalability, monitoring and so on. ISV can sell their Apps on the application marketplace. Also, the learning curve of developing an App is extremely low. Many customers love AppCenter but raise the request that they hope it can support their multi-cloud environment instead of QingCloud exclusively, so OpenPitrix was born in this scenario, see OpenPitrix Insight for more details.

Features

  • Multi-cloud: Support multiple runtimes, such as AWS, Aliyun, Azure, Kubernetes, QingCloud, OpenStack, VMWare and so on.
  • Multiple Apps types: Support a variety of application types including VM-based application, Kubernetes application, microservice application and serverless application.
  • Application Lifecycle Management: Developers can easily create and package applications, make flexible application versioning and publishing, others can check, test and quick deploy applications through the application marketplace.
  • Extendable and Pluggable: The types of runtime and application are highly extendable and pluggable, regardless of what new application type or runtime emerges.
  • RBAC for organization: Provide multiple roles including regular user, ISV, developers and admin, admin can also create custom roles and department.
  • Commercial Operation (Coming soon): Provide cloud metering and billing for application marketplace, ISV can sell and operate published applications.

Note:

  • See the Screenshots of OpenPitrix to have a most intuitive understanding of OpenPitrix dashboard.
  • See this document that elaborates on the OpenPitrix features and introduction from a professional point of view.

Workflow

The following flow chart illustrates the application lifecycle management process and workflow with different role of users, see the Quick Start Guide for more details.

Tip: Please browse from top to bottom.

Latest Release

OpenPitrix v0.4 was released on April 1st, 2019. See the Release v0.4.0 to preview the updates and bugfix.

Installation

Minimum Requirements

  • Operating Systems: Any OS.
  • Hardware
    • CPU:1 Core
    • Memory:1 G
    • Disk Space:10 G
  • Software

All-in-One

All-in-One: For those who are new to OpenPitrix and looking for the fastest way to install and experience the dashboard. Execute following commands to download and install OpenPitrix in a single node.

$ wget https://github.com/openpitrix/openpitrix/releases/download/v0.4.1/openpitrix-v0.4.1-docker-compose.tar.gz && tar -zxf openpitrix-v0.4.1-docker-compose.tar.gz
$ cd openpitrix-v0.4.1-docker-compose/
$ make

Normally, all of the images pulling and containers will be completed in a few minutes, then you can use http://<NodeIP>:8000 to preview the dashboard, the default admin account is [email protected] / passw0rd

Deploy on Kubernetes

All-in-One is only used to deploy OpenPitrix for testing and previewing. In a formal environment, the installer supports you to deploy OpenPitrix on Kubernetes cluster, see Helm Chart Installation and Install on Kubernetes for more details.

To start using OpenPitrix

Quick Start

The Quick Start Guide provides 5 quick-start tutorials to walk you through the workflow and common manipulation with different role of users, with a quick overview of the core features of OpenPitrix that helps you to get familiar with it.

Application Store

To start developing OpenPitrix

The development guide hosts all information about building OpenPitrix from source, git workflow, how to contribute code and how to test.

Roadmap

The Roadmap demonstrates a list of open source product development plans and features being split by the edition and role modules, as well as OpenPitrix community's anticipation. Obviously, it details the future's direction of OpenPitrix, but may change over time. We hope that can help you to get familiar with the project plans and vision through the Roadmap. Of course, if you have any better ideas, welcome to Issues.

API Reference

OpenPitrix provides RESTFul API and detailed API documentations for developers, see OpenPitrix API Reference for more information.

Support, Discussion, and Community

If you need any help with OpenPitrix, please join us at Slack channel.

Please submit any OpenPitrix bugs, issues, and feature requests to OpenPitrix GitHub Issue.

Contributing to the project

All members of the OpenPitrix community must abide by the CNCF Code of Conduct. Only by respecting each other can we develop a productive, collaborative community.

You can check out OpenPitrix Contribution Guide for the details.

iam's People

Contributors

chai2010 avatar chilianyi avatar huojiao2006 avatar zheng1 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

chilianyi huojiao2006 ramy-ahmed mitalibo chendongming0625 khauta

iam's Issues

GET donot support repeated type in grpc-gateway?

我看OpenPitrix内部所有的Describe操作也是用的Get, 参数是repeated string, DescribeRoles 这里通过逗号分割的方式代替repeated,但参数仍然是repeated, 具体原因是什么?

message DescribeRolesRequest {
	repeated string role_id = 1;
	repeated string role_name = 2;
	repeated string portal = 3;
	repeated string user_id = 4;
}
rpc DescribeRoles(DescribeRolesRequest) returns (RoleList) {
		option (google.api.http) = {
			get: "/v1/am/roles"
		};
	}

页面经常报【没有权限】错误

[action on web]

WechatIMG57

[error]

1554887964287

[am-service log]

019-04-10 09:17:23.1854  -INFO- Request received [CanDo] [{"user_id":"system","url":"/v1/apps","url_method":"GET"}] (grpc_server.go:115)
2019-04-10 09:17:23.18567 -INFO- Handled request [CanDo] exec_time is [57.651µs] (grpc_server.go:123)
2019-04-10 09:17:23.18589 -INFO- Request received [CanDo] [{"user_id":"uid-2QxnG7XDvQYr","url":"/v1/debug_clusters","url_method":"GET"}] (grpc_server.go:115)
[mysql] 2019/04/10 09:17:23 packets.go:36: read tcp 10.244.1.128:44694->10.100.217.69:3306: read: connection reset by peer

(/go/src/openpitrix.io/iam/pkg/service/am/resource/user_role_binding_control.go:53)
[2019-04-10 09:17:23]  [0.68ms]  SELECT role_id FROM `user_role_binding`  WHERE (user_id in ('uid-2QxnG7XDvQYr'))
[0 rows affected or returned ]
2019-04-10 09:17:23.18681 -ERROR- err: invalid connection, errMsg: 内部错误: invalid connection (user_role_binding_control.go:56)
2019-04-10 09:17:23.1869  -CRITICAL- GRPC server recovery with error: runtime error: invalid memory address or nil pointer dereference (grpc_server.go:66)
2019-04-10 09:17:23.18721 -CRITICAL- goroutine 298 [running]:\nruntime/debug.Stack(0x0, 0x0, 0xa9a792)\n	/usr/local/go/src/runtime/debug/stack.go:24 +0xa7\nopenpitrix.io/iam/pkg/manager.(*GrpcServer).Serve.func2(0x9d1200, 0xf58220, 0xc00000c001, 0xc00000c098)\n	/go/src/openpitrix.io/iam/pkg/manager/grpc_server.go:67 +0x82\ngithub.com/grpc-ecosystem/go-grpc-middleware/recovery.recoverFrom(0x9d1200, 0xf58220, 0xab0dc0, 0xc000244870, 0xc0002448c0)\n	/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/recovery/interceptors.go:47 +0x43\ngithub.com/grpc-ecosystem/go-grpc-middleware/recovery.UnaryServerInterceptor.func1.1(0xc00007ad70, 0xc000389820)\n	/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/recovery/interceptors.go:21 +0x5f\npanic(0x9d1200, 0xf58220)\n	/usr/local/go/src/runtime/panic.go:513 +0x1b9\ndatabase/sql.(*Rows).close(0x0, 0x0, 0x0, 0x0, 0x0)\n	/usr/local/go/src/database/sql/sql.go:2955 +0x66\ndatabase/sql.(*Rows).Close(0x0, 0xc0001f0af0, 0x1)\n	/usr/local/go/src/database/sql/sql.go:2951 +0x33\nopenpitrix.io/iam/pkg/service/am/resource.GetRoleIdsByUserIds(0xb31440, 0xc00020e3c0, 0xc000566270, 0x1, 0x1, 0x0, 0x0, 0x0, 0xb2a4c0, 0xc000244870)\n	/go/src/openpitrix.io/iam/pkg/service/am/resource/user_role_binding_control.go:56 +0x49e\nopenpitrix.io/iam/pkg/service/am/resource.CanDo(0xb31440, 0xc00020e3c0, 0xc0001c20c0, 0xa4b280, 0x0, 0xb347e0)\n/go/src/openpitrix.io/iam/pkg/service/am/resource/can_do_control.go:50 +0x1b8\nopenpitrix.io/iam/pkg/service/am.(*Server).CanDo(0xf89c38, 0xb31440, 0xc00020e3c0, 0xc0001c20c0, 0xf89c38, 0xc0002ac480, 0xc0001f9f40)\n	/go/src/openpitrix.io/iam/pkg/service/am/handler.go:25 +0x3f\nopenpitrix.io/iam/pkg/pb._AccessManager_CanDo_Handler.func1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0xc000566220, 0xc0003dd780, 0x42ab92, 0xc0001f9f70)\n	/go/src/openpitrix.io/iam/pkg/pb/am.pb.go:1978 +0x86\ngithub.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1.1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0xc00006e570, 0xb31440, 0xc00020e3c0, 0x3)\n	/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/chain.go:31 +0x118\ngithub.com/grpc-ecosystem/go-grpc-middleware/recovery.UnaryServerInterceptor.func1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0xc0002de200, 0xc0001d83c0, 0x0, 0x0, 0x0, 0x0)\n	/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/recovery/interceptors.go:25 +0x97\ngithub.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1.1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0xc0003dd990, 0x2, 0x2, 0xc0002646e0)\n	/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/chain.go:34 +0x9f\nopenpitrix.io/iam/pkg/manager.(*GrpcServer).unaryServerLogInterceptor.func1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0xc0002de200, 0xc0001d83c0, 0x40a053, 0x9daf00, 0xa4b040, 0x7f6cb7e15601)\n	/go/src/openpitrix.io/iam/pkg/manager/grpc_server.go:120 +0x141\ngithub.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1.1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0x0, 0xa43700, 0x1, 0xc0001d83c0)\n/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/chain.go:34 +0x9f\ngithub.com/grpc-ecosystem/go-grpc-middleware/validator.UnaryServerInterceptor.func1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0xc0002de200, 0xc0001d83c0, 0xc0003caaf8, 0x40c338, 0xc0003cab08, 0x40c338)\n	/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/validator/validator.go:26 +0x8a\ngithub.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1(0xb31440, 0xc00020e3c0, 0xa4b040, 0xc0001c20c0, 0xc0002de200, 0xc0002de220, 0x9d0720, 0xf89c38, 0xa6b4e0, 0xc00009e100)\n	/go/pkg/mod/github.com/grpc-ecosystem/[email protected]/chain.go:39 +0x153\nopenpitrix.io/iam/pkg/pb._AccessManager_CanDo_Handler(0xa4b280, 0xf89c38, 0xb31440, 0xc00020e3c0, 0xc0001d8320, 0xc00020ea80, 0x0, 0x0, 0xc0004ca030, 0x2b)\n	/go/src/openpitrix.io/iam/pkg/pb/am.pb.go:1980 +0x158\ngoogle.golang.org/grpc.(*Server).processUnaryRPC(0xc00007f980, 0xb33ee0, 0xc00007fe00, 0xc00009e100, 0xc00020ec30, 0xf601b8, 0x0, 0x0, 0x0)\n	/go/pkg/mod/google.golang.org/[email protected]/server.go:966 +0x4a2\ngoogle.golang.org/grpc.(*Server).handleStream(0xc00007f980, 0xb33ee0, 0xc00007fe00, 0xc00009e100, 0x0)\n	/go/pkg/mod/google.golang.org/[email protected]/server.go:1245 +0xd61\ngoogle.golang.org/grpc.(*Server).serveStreams.func1.1(0xc000228260, 0xc00007f980, 0xb33ee0, 0xc00007fe00, 0xc00009e100)\n	/go/pkg/mod/google.golang.org/[email protected]/server.go:685 +0x9f\ncreated by google.golang.org/grpc.(*Server).serveStreams.func1\n	/go/pkg/mod/google.golang.org/[email protected]/server.go:683 +0xa1\n (grpc_server.go:67)
2019-04-10 09:17:23.18728 -INFO- Handled request [CanDo] exec_time is [1.326436ms] (grpc_server.go:123)
2019-04-10 09:17:51.84806 -INFO- Request received [CanDo] [{"user_id":"system","url":"/v1/categories","url_method":"GET"}] (grpc_server.go:115)
2019-04-10 09:17:51.84812 -INFO- Handled request [CanDo] exec_time is [16.208µs] (grpc_server.go:123)
2019-04-10 09:17:52.12062 -INFO- Request received [CanDo] [{"user_id":"system","url":"/v1/active_apps","url_method":"GET"}] (grpc_server.go:115)
2019-04-10 09:17:52.12068 -INFO- Handled request [CanDo] exec_time is [17.51µs] (grpc_server.go:123)
2019-04-10 09:17:52.21193 -INFO- Request received [CanDo] [{"user_id":"system","url":"/v1/active_apps","url_method":"GET"}] (grpc_server.go:115)
2019-04-10 09:17:52.21198 -INFO- Handled request [CanDo] exec_time is [12.47µs] (grpc_server.go:123)
2019-04-10 09:17:56.36148 -INFO- Request received [CanDo] [{"user_id":"uid-2QxnG7XDvQYr","url":"/v1/apps","url_method":"GET"}] (grpc_server.go:115)

(/go/src/openpitrix.io/iam/pkg/service/am/resource/user_role_binding_control.go:53)
[2019-04-10 09:17:56]  [4.41ms]  SELECT role_id FROM `user_role_binding`  WHERE (user_id in ('uid-2QxnG7XDvQYr'))
[0 rows affected or returned ]

(/go/src/openpitrix.io/iam/pkg/service/am/resource/role_control.go:40)
[2019-04-10 09:17:56]  [0.99ms]  SELECT * FROM `role`  WHERE (role_id in ('isv'))
[1 rows affected or returned ]

(/go/src/openpitrix.io/iam/pkg/service/am/resource/role_module_binding_control.go:23)
[2019-04-10 09:17:56]  [1.00ms]  SELECT * FROM `role_module_binding`  WHERE (role_id in ('isv'))
[7 rows affected or returned ]

(/go/src/openpitrix.io/iam/pkg/service/am/resource/module_api_control.go:155)
[2019-04-10 09:17:56]  [4.56ms]  SELECT * FROM `module_api`  WHERE (module_id in ('m1','m2','m3','m4','m6','m7','m0'))
[116 rows affected or returned ]

(/go/src/openpitrix.io/iam/pkg/service/am/resource/module_api_control.go:106)
[2019-04-10 09:17:56]  [1.55ms]  SELECT module_api.* FROM `module_api` JOIN role_module_binding on role_module_binding.module_id = module_api.module_id JOIN enable_action_bundle on enable_action_bundle.action_bundle_id = module_api.action_bundle_id AND enable_action_bundle.bind_id = role_module_binding.bind_id WHERE (role_module_binding.role_id in ('isv')) AND (role_module_binding.is_check_all = 0) GROUP BY module_api.api_id
[0 rows affected or returned ]
2019-04-10 09:17:56.37746 -ERROR- Get user with group failed: rpc error: code = Unknown desc = invalid connection (can_do_control.go:130)
2019-04-10 09:17:56.37752 -ERROR- err: rpc error: code = Unknown desc = invalid connection, errMsg: 内部错误: rpc error: code = Unknown desc = invalid connection (can_do_control.go:131)
2019-04-10 09:17:56.37755 -INFO- Handled request [CanDo] exec_time is [16.033751ms] (grpc_server.go:123)
2019-04-10 09:17:56.37757 -DEBUG- Response is error: Internal, 内部错误: rpc error: code = Unknown desc = invalid connection (grpc_server.go:126)
2019-04-10 09:21:16.44286 -INFO- Request received [CanDo] [{"user_id":"uid-2QxnG7XDvQYr","url":"/v1/apps","url_method":"GET"}] (grpc_server.go:115)

Init sql issues

iam/pkg/service/am/db/static/V0_1__init.sql

Line 91 in 8ae78aa

('bind_00009', 'role_0001', 'm_00010', 'all', NULL, NULL, 'system'),

There is no module_id whoes value is m_00010

iam/pkg/service/am/db/static/V0_1__init.sql

Line 102 in 8ae78aa

('role_0002', '超级管理员', 'Portal是isv的超级管理员', 'isv', NULL, NULL, 'system', 'system.'),

owner_path should be :system

iam/pkg/service/am/db/static/V0_1__init.sql

Line 64 in 8ae78aa

DROP TABLE IF EXISTS `action2`;

Change table name to action.

iam/pkg/service/am/db/static/V0_1__init.sql

Line 80 in 8ae78aa

INSERT INTO `user_role_binding` (`id`, `user_id`, `role_id`) VALUES ('urbind0001', 'uid-PYu7bdqa', 'role_0001'),

What do these records mean?

iam/pkg/service/am/db/static/V0_1__init.sql

Line 37 in 8ae78aa

`create_time` timestamp NULL DEFAULT NULL, 

	create_time       TIMESTAMP      NOT NULL DEFAULT CURRENT_TIMESTAMP,
	status_time       TIMESTAMP      NOT NULL DEFAULT CURRENT_TIMESTAMP,

iam/pkg/service/am/db/static/V0_1__init.sql

Line 83 in 8ae78aa

INSERT INTO `role_module_binding` (`bind_id`, `role_id`, `module_id`, `data_level`, `create_time`, `update_time`, `owner`) VALUES ('bind_00001', 'role_0001', 'm_0001', 'all', NULL, NULL, 'system'),

No need to insert create_time and status_time.

统一命名规范

目前项目中部分变量采用下划线式,部分采用驼峰式,建议重构下统一采用驼峰式。

openpitrix需求

  • UserWithRole 需要加上 Group 信息
  • DescribeUsersWithRoleRequest 需要加上 SortKey/Reverse/SearchWord

DescribeRoles获取当前用户应该看到的角色

如果当前用户是global_admin, 可以看到global_admin, user, isv 这三个系统角色,以及由global_admin 创建的角色。

如果当前用户是isv,可以看到developer 这个系统角色,以及由当前用户创建的角色。

如果当前用户是developer或者普通用户,应该只能看到自己这个角色。

Dev的portal和isv一致 

        case db_spec.Portal_Isv:
		sActionBundleVisibility = "isv_action_bundle_visibility=1"

	case db_spec.Portal_Dev:
		sActionBundleVisibility = "user_action_bundle_visibility=1"

sActionBundleVisibility -> isActionBundleVisibility

CreateRole 需要写入 owner和owner_path

新创建的角色,需要向role表中写入owner和owner_path

这样GetRole和DescribeRoles的时候,才能够根据owner_path 过滤出自己角色。

新创建的角色,默认的status应该是active,现在是空。

ModifyGroup 可修改内容应该有限制

只能修改:ParentGroupId, GroupName, Description,Status,Extra
UpdateTime 应该不需要,修改后更新StatusTime。
如果修改了ParentGroupId, 应自动修改GroupPath。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.