影音體驗是真的強 簡單聊聊iQOO Pad
大公司的好處就是產品線豐富,非常細分化的東西也能給你做出來,例如早先我們看到了新的vivo Pad2,之后我們又在iQOO Neo8 Pro的發布會上看到了iQOO的首款平板產品iQOO Pad。雖
基于角色的訪問控制(Role-based access control,簡稱 RBAC),指的是通過用戶的角色(Role)授權其相關權限,這實現了更靈活的訪問控制,相比直接授予用戶權限,要更加簡單、高效、可擴展。
圖片
當使用 RBAC 時,通過分析系統用戶的實際情況,基于共同的職責和需求,授予他們不同角色。你可以授予給用戶一個或多個角色,每個角色具有一個或多個權限,這種 用戶-角色、角色-權限 間的關系,讓我們可以不用再單獨管理單個用戶,用戶從授予的角色里面繼承所需的權限。
大家可以看一下的案例更容易理解:
用戶角色分為管理員、開發、運維,各個角色并具備不同的權限。每個用戶也具備單個與多個角色。
圖片
本章節是通過一個企業案例進行講解,需求如下:
圖片
接下來,我們根據上圖的組織架構來創建用戶與組。
Jenkins權限如何分配:
圖片
圖片
張三(管理員),下圖可以看到什么權限都有:
圖片
李四(只讀),下圖可以看到只有只讀權限:
圖片
張三(執行權限),下圖可以看到是有執行權限的:
圖片
實際情況中,我們是通過Pipeline進行管理流水線的,接下來咱們針對Pipeline進行配置權限控制,詳情如下圖:
圖片
權限配置:
以Ruoyi- Gateway為例,在Pipeline里配置權限:
DeployDev階段(修改submitter配置):
... stage('DeployDev'){ steps { echo "部署開發環境" script { def userInput = input ( message: '確定要發布到DEV環境嗎?', parameters:[ choice(name: '操作', choices: ['發布', '跳過']) ], ok: '確定', submitter: 'ops,qa', // 配置ops,qa組即可 submitterParameter: 'APPROVER' ) if (userInput['操作'] == '發布'){ echo "部署Dev環境開始" ....DeployUat階段(修改submitter配置):
.... stage('DeployUat'){ steps { echo "部署測試環境" script { def userInput = input ( message: '確定要發布到UAT環境嗎?', parameters:[ choice(name: '操作', choices: ['發布', '跳過']) ], ok: '確定', submitter: 'ops,qa', // 配置ops,qa組即可 submitterParameter: 'APPROVER' ) if (userInput['操作'] == '發布'){ echo "發布" ....DeployGray階段(修改submitter配置):
stage('DeployGray'){ steps { echo "部署灰度環境" script { def GraysMode = input ( message: '確定要灰度驗證嗎?', parameters:[ choice(name: 'operation', choices: ['基于權重灰度','基于請求頭灰度','跳過']) ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) if (GraysMode['operation'] == '基于權重灰度'){ def WeightMode = input ( message: '請輸入權重比例!', parameters:[ string(name: 'workload_weight',defaultValue: '',description: ''), string(name: 'grayload_weight',defaultValue: '',description: '') ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) sh """ echo $pipeline_dir echo "打印編排文件詳細信息" if [ -e "$pipeline_dir/prod/$Project_Name/deployment-gray.yml" ]; then cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" | /usr/bin/kubectl apply -f - fi echo "配置權重" echo ${WeightMode['grayload_weight']} if [ -e "$pipeline_dir/prod/$Project_Name/ingress-gray-weight.yml" ]; then cat $pipeline_dir/prod/$Project_Name/ingress-gray-weight.yml | sed "s/WEIGHT-VALUE/${WeightMode['grayload_weight']}/g" cat $pipeline_dir/prod/$Project_Name/ingress-gray-weight.yml | sed "s/WEIGHT-VALUE/${WeightMode['grayload_weight']}/g" | /usr/bin/kubectl apply -f - fi """ } if (GraysMode['operation'] == '基于請求頭灰度'){ GrayHeaderMode = input ( message: '請輸入請求頭!', parameters:[ string(name: 'header_key',defaultValue: '',description: ''), string(name: 'header_value',defaultValue: '',description: '') ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) sh """ echo ${GrayHeaderMode['header_value']} echo $pipeline_dir echo "打印編排文件詳細信息" if [ -e "$pipeline_dir/prod/$Project_Name/deployment-gray.yml" ]; then cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" | /usr/bin/kubectl apply -f - fi echo "配置請求頭" echo ${GrayHeaderMode['header_key']} echo ${GrayHeaderMode['header_value']} if [ -e "$pipeline_dir/prod/$Project_Name/ingress-gray-header.yml" ]; then cat $pipeline_dir/prod/$Project_Name/ingress-gray-header.yml | sed "s/header-key/${GrayHeaderMode['header_key']}/g" | sed "s/header-value/${GrayHeaderMode['header_value']}/g" cat $pipeline_dir/prod/$Project_Name/ingress-gray-header.yml | sed "s/header-value/${GrayHeaderMode['header_key']}/g" | sed "s/header-value/${GrayHeaderMode['header_value']}/g" | /usr/bin/kubectl apply -f - fi """ } // 默認模式為yes,如果跳過為no if (GraysMode['operation'] == '跳過'){ GrayEnable='no' } } }DeployProd階段(修改submitter配置):
stage('DeployProd'){ steps { echo "部署生產環境" script { def userInput = input ( message: '確定要發布到生產環境嗎?', parameters:[ choice(name: '操作', choices: ['發布', '跳過']) ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) if (userInput['操作'] == '發布'){ echo "發布" Namespace_Prod = sh(script: "cat $pipeline_dir/prod/$Project_Name/deployment.yml | grep namespace | awk -F ':' '{print /$2}'", returnStdout: true).trim() DeploymentName = sh(script: "cat $pipeline_dir/prod/$Project_Name/deployment.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() Revsion_Prod = sh(script: "kubectl get deployment $DeploymentName -n ${Namespace_Prod} -o=jsnotallow='{.spec.template.spec.containers[*].image}' | awk -F ':' '{print /$NF}'", returnStdout: true).trim() GrayDeploymentName = sh(script: "cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() GrayServiceName = sh(script: "cat $pipeline_dir/prod/$Project_Name/service-gray.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() GrayIngressName = sh(script: "cat $pipeline_dir/prod/$Project_Name/ingress-gray-header.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() sh ''' echo $pipeline_dir echo "開始部署生產環境" echo "打印編排文件詳細信息" if [ -e "$pipeline_dir/prod/$Project_Name/deployment.yml" ]; then cat $pipeline_dir/prod/$Project_Name/deployment.yml | sed "s/TAG/${Tag}/g" cat $pipeline_dir/prod/$Project_Name/deployment.yml | sed "s/TAG/${Tag}/g" | /usr/bin/kubectl apply -f - fi if [ -e "$pipeline_dir/prod/$Project_Name/service.yml" ]; then cat $pipeline_dir/prod/$Project_Name/service.yml cat $pipeline_dir/prod/$Project_Name/service.yml | /usr/bin/kubectl apply -f - fi if [ -e "$pipeline_dir/prod/$Project_Name/ingress.yml" ]; then cat $pipeline_dir/prod/$Project_Name/ingress.yml cat $pipeline_dir/prod/$Project_Name/ingress.yml | /usr/bin/kubectl apply -f - fi ''' if (GrayEnable == 'yes'){ sh """ kubectl delete deployment ${GrayDeploymentName} -n ${Namespace_Prod} kubectl delete service ${GrayServiceName} -n ${Namespace_Prod} kubectl delete ingress ${GrayIngressName} -n ${Namespace_Prod} """ } } else { echo "不發布" } } } post { success { wrap([$class: 'BuildUser']) { lark ( robot: "2026ab67-7d07-46ec-a309-bebebaeaffbc", type: "CARD", title: "
本文鏈接:http://www.tebozhan.com/showinfo-26-90502-0.htmlJenkins Pipeline用戶權限管理新技巧:打造安全高效的流水線!
聲明:本網頁內容旨在傳播知識,若有侵權等問題請及時與本網聯系,我們將在第一時間刪除處理。郵件:2376512515@qq.com
上一篇: Angular 18 正式發布,一起來看看都有哪些更新
下一篇: 很強!五個 python 高級技巧
Copyright ? 2016-2023 天津谷騏科技有限公司 版權所有 sitemap.xml
違法及侵權請聯系:2376512515@qq.com 津ICP備18001702號
津公網安備 12010102000574號