开放平台能否支持管理所有应用，目前是 TOKEN 一个个授权

[zhb127]

Is your feature request related to a problem? Please describe. 在 CI/CD 过程中，构建完成后，系统会通知 APOLLO 更新某个配置项，目前是通过开放平台 HTTP REST API 去更新，但是开放平台的授权，得有一个应用加一次，TOKEN 不能对所有应用（包括未来新增的应用全部授权么），或者不能直接绑定在一个高权限的账号下么？

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

[nobodyiam]

目前的设计是权限细粒度控制，所以同一个token如果需要管理多个app的话，需要多次授权。

[cypggs]

同样的困扰，目前授权app可以直接操作数据库insert into consumerrole (ConsumerId,RoleId,DataChange_CreatedBy,DataChange_CreatedTime,DataChange_LastModifiedBy,DataChange_LastTime) select ConsumerId, $i, DataChange_CreatedBy ,now(),DataChange_LastModifiedBy,now() from consumerrole where id = 3 ；但是无法在应用新增的时候就去授权，无法自动化创建app，进而自动授权。 是否能提供创建app的api

[nobodyiam]

创建app接口需要考虑一下如何授权，因为目前的权限都是在app或namespace上

[cypggs]

创建app接口需要考虑一下如何授权，因为目前的权限都是在app或namespace上

#临时通过插入数据库脚本实现了，不知道会不会有坑，验证都ok。（新增把APPNAME替换成应用名就行） use ApolloConfigDB; INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail) VALUES ('APPNAME', 'APPNAME', 'pay', '支付', 'apollo', '[email protected]');

INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment) VALUES ('application', 'APPNAME', 'properties', 0, 'default app namespace');

INSERT INTO Cluster (Name, AppId) VALUES ('default', 'APPNAME');

INSERT INTO Namespace (AppId, ClusterName, NamespaceName) VALUES ('APPNAME', 'default', 'application');

use ApolloPortalDB;

INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail) VALUES ('APPNAME', 'APPNAME', 'pay', '支付', 'apollo', '[email protected]');

INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment) VALUES ('application', 'APPNAME', 'properties', 0, 'default app namespace');

INSERT INTO Permission ( PermissionType, TargetId) VALUES ( 'CreateCluster', 'APPNAME'), ( 'CreateNamespace', 'APPNAME'), ( 'AssignRole', 'APPNAME'), ( 'ModifyNamespace', 'APPNAME+application'), ( 'ReleaseNamespace', 'APPNAME+application');

INSERT INTO Role ( RoleName) VALUES ( 'Master+APPNAME'), ( 'ModifyNamespace+APPNAME+application'), ( 'ReleaseNamespace+APPNAME+application');

insert into RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "Master+APPNAME" and P.TargetId="APPNAME";

insert into RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ModifyNamespace+APPNAME+application" and P.TargetId = "APPNAME+application" and P.PermissionType = "ModifyNamespace";

insert into RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ReleaseNamespace+APPNAME+application" and P.TargetId = "APPNAME+application" and P.PermissionType = "ReleaseNamespace";

insert into UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName like '%APPNAME%';

[cypggs]

来个终极脚本版本，自取 #!/bin/bash NS=PAY APP_NAME=case2 TYPE=java mkdir -p /data/apollo-sql/ cd /data/apollo-sql/ #备份apollo数据库 mysqldump ApolloConfigDB > ApolloConfigDB.sqldate "+%d" mysqldump ApolloPortalDB > ApolloPortalDB.sqldate "+%d" APP_NAME_CN=mysql -NB ApolloConfigDB -e "select OrgName from App where OrgId=${NS} limit 1" #生成apollo-app应用插入的mysql脚本 cat > /data/apollo-sql/${APP_NAME}.sql <<EOF use ApolloConfigDB; INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail) VALUES ('$APP_NAME', '$APP_NAME', '${NS}', '${APP_NAME_CN}', 'apollo', '[email protected]'); INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment) VALUES ('application', '$APP_NAME', 'properties', 0, 'default app namespace'); INSERT INTO Cluster (Name, AppId) VALUES ('default', '$APP_NAME'); INSERT INTO Namespace (AppId, ClusterName, NamespaceName) VALUES ('$APP_NAME', 'default', 'application'); use ApolloPortalDB; INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail) VALUES ('$APP_NAME', '$APP_NAME', '${NS}', '${APP_NAME_CN}', 'apollo', '[email protected]'); INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment) VALUES ('application', '$APP_NAME', 'properties', 0, 'default app namespace'); INSERT INTO Permission ( PermissionType, TargetId) VALUES ('CreateCluster', '$APP_NAME'),('CreateNamespace', '$APP_NAME'),('AssignRole', '$APP_NAME'),('ModifyNamespace', '$APP_NAME+application'),('ReleaseNamespace','$APP_NAME+application'),('ModifyNamespace', '$APP_NAME+application+PRO '),('ReleaseNamespace','$APP_NAME+application+PRO '); INSERT INTO Role ( RoleName) VALUES ('Master+$APP_NAME'),('ModifyNamespace+$APP_NAME+application'),('ReleaseNamespace+$APP_NAME+application'),('ModifyNamespace+$APP_NAME+application+PRO'),('ReleaseNamespace+$APP_NAME+application+PRO'); INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "Master+$APP_NAME" and P.TargetId="$APP_NAME"; INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ModifyNamespace+$APP_NAME+application" and P.TargetId = "$APP_NAME+application" and P.PermissionType = "ModifyNamespace"; INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ReleaseNamespace+$APP_NAME+application" and P.TargetId = "$APP_NAME+application" and P.PermissionType = "ReleaseNamespace"; INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ModifyNamespace+$APP_NAME+application+PRO" and P.TargetId = "$APP_NAME+application+PRO" and P.PermissionType = "ModifyNamespace"; INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ReleaseNamespace+$APP_NAME+application+PRO" and P.TargetId = "$APP_NAME+application+PRO" and P.PermissionType = "ReleaseNamespace"; INSERT INTO UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName = 'Master+$APP_NAME'; INSERT INTO UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName = 'ModifyNamespace+$APP_NAME+application'; INSERT INTO UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName = 'ReleaseNamespace+$APP_NAME+application'; INSERT INTO ConsumerRole (ConsumerId,RoleId,DataChange_CreatedBy,DataChange_LastModifiedBy) select C.Id, R.id, 'apollo','apollo' from Role R,Consumer C where R.RoleName = "Master+$APP_NAME" and C.AppId = "apollo-api"; EOF #判断应用是否已经存在 CHECKAPP=mysql -NB ApolloConfigDB -e "select AppId from App where AppId='$APP_NAME'" [[ "$TYPE" == 'java' ]] && [[ ! -n "$CHECKAPP" ]] && mysql --default-character-set=utf8 -e "source /data/apollo-sql/${APP_NAME}.sql"

[qixiaobo]

很多ops应用都有此类需求 甚至包含创建app

[sulin2018]

这个issue有支持计划吗? 还是挺有用的