石頭智能洗地機(jī)A10 Plus體驗(yàn):雙向自清潔治好了我的懶癌
一、前言和介紹專為家庭請假懶人而生的石頭科技在近日又帶來了自己的全新旗艦新品,石頭智能洗地機(jī)A10 Plus。從這個產(chǎn)品名上就不難看出,這次石頭推出的并不是常見的掃地機(jī)器
基于角色的訪問控制(Role-based access control,簡稱 RBAC),指的是通過用戶的角色(Role)授權(quán)其相關(guān)權(quán)限,這實(shí)現(xiàn)了更靈活的訪問控制,相比直接授予用戶權(quán)限,要更加簡單、高效、可擴(kuò)展。
圖片
當(dāng)使用 RBAC 時,通過分析系統(tǒng)用戶的實(shí)際情況,基于共同的職責(zé)和需求,授予他們不同角色。你可以授予給用戶一個或多個角色,每個角色具有一個或多個權(quán)限,這種 用戶-角色、角色-權(quán)限 間的關(guān)系,讓我們可以不用再單獨(dú)管理單個用戶,用戶從授予的角色里面繼承所需的權(quán)限。
大家可以看一下的案例更容易理解:
用戶角色分為管理員、開發(fā)、運(yùn)維,各個角色并具備不同的權(quán)限。每個用戶也具備單個與多個角色。
圖片
本章節(jié)是通過一個企業(yè)案例進(jìn)行講解,需求如下:
圖片
接下來,我們根據(jù)上圖的組織架構(gòu)來創(chuàng)建用戶與組。
Jenkins權(quán)限如何分配:
圖片
圖片
張三(管理員),下圖可以看到什么權(quán)限都有:
圖片
李四(只讀),下圖可以看到只有只讀權(quán)限:
圖片
張三(執(zhí)行權(quán)限),下圖可以看到是有執(zhí)行權(quán)限的:
圖片
實(shí)際情況中,我們是通過Pipeline進(jìn)行管理流水線的,接下來咱們針對Pipeline進(jìn)行配置權(quán)限控制,詳情如下圖:
圖片
權(quán)限配置:
以Ruoyi- Gateway為例,在Pipeline里配置權(quán)限:
DeployDev階段(修改submitter配置):
... stage('DeployDev'){ steps { echo "部署開發(fā)環(huán)境" script { def userInput = input ( message: '確定要發(fā)布到DEV環(huán)境嗎?', parameters:[ choice(name: '操作', choices: ['發(fā)布', '跳過']) ], ok: '確定', submitter: 'ops,qa', // 配置ops,qa組即可 submitterParameter: 'APPROVER' ) if (userInput['操作'] == '發(fā)布'){ echo "部署Dev環(huán)境開始" ....DeployUat階段(修改submitter配置):
.... stage('DeployUat'){ steps { echo "部署測試環(huán)境" script { def userInput = input ( message: '確定要發(fā)布到UAT環(huán)境嗎?', parameters:[ choice(name: '操作', choices: ['發(fā)布', '跳過']) ], ok: '確定', submitter: 'ops,qa', // 配置ops,qa組即可 submitterParameter: 'APPROVER' ) if (userInput['操作'] == '發(fā)布'){ echo "發(fā)布" ....DeployGray階段(修改submitter配置):
stage('DeployGray'){ steps { echo "部署灰度環(huán)境" script { def GraysMode = input ( message: '確定要灰度驗(yàn)證嗎?', parameters:[ choice(name: 'operation', choices: ['基于權(quán)重灰度','基于請求頭灰度','跳過']) ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) if (GraysMode['operation'] == '基于權(quán)重灰度'){ def WeightMode = input ( message: '請輸入權(quán)重比例!', parameters:[ string(name: 'workload_weight',defaultValue: '',description: ''), string(name: 'grayload_weight',defaultValue: '',description: '') ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) sh """ echo $pipeline_dir echo "打印編排文件詳細(xì)信息" if [ -e "$pipeline_dir/prod/$Project_Name/deployment-gray.yml" ]; then cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" | /usr/bin/kubectl apply -f - fi echo "配置權(quán)重" echo ${WeightMode['grayload_weight']} if [ -e "$pipeline_dir/prod/$Project_Name/ingress-gray-weight.yml" ]; then cat $pipeline_dir/prod/$Project_Name/ingress-gray-weight.yml | sed "s/WEIGHT-VALUE/${WeightMode['grayload_weight']}/g" cat $pipeline_dir/prod/$Project_Name/ingress-gray-weight.yml | sed "s/WEIGHT-VALUE/${WeightMode['grayload_weight']}/g" | /usr/bin/kubectl apply -f - fi """ } if (GraysMode['operation'] == '基于請求頭灰度'){ GrayHeaderMode = input ( message: '請輸入請求頭!', parameters:[ string(name: 'header_key',defaultValue: '',description: ''), string(name: 'header_value',defaultValue: '',description: '') ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) sh """ echo ${GrayHeaderMode['header_value']} echo $pipeline_dir echo "打印編排文件詳細(xì)信息" if [ -e "$pipeline_dir/prod/$Project_Name/deployment-gray.yml" ]; then cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | sed "s/TAG/${Tag}/g" | /usr/bin/kubectl apply -f - fi echo "配置請求頭" echo ${GrayHeaderMode['header_key']} echo ${GrayHeaderMode['header_value']} if [ -e "$pipeline_dir/prod/$Project_Name/ingress-gray-header.yml" ]; then cat $pipeline_dir/prod/$Project_Name/ingress-gray-header.yml | sed "s/header-key/${GrayHeaderMode['header_key']}/g" | sed "s/header-value/${GrayHeaderMode['header_value']}/g" cat $pipeline_dir/prod/$Project_Name/ingress-gray-header.yml | sed "s/header-value/${GrayHeaderMode['header_key']}/g" | sed "s/header-value/${GrayHeaderMode['header_value']}/g" | /usr/bin/kubectl apply -f - fi """ } // 默認(rèn)模式為yes,如果跳過為no if (GraysMode['operation'] == '跳過'){ GrayEnable='no' } } }DeployProd階段(修改submitter配置):
stage('DeployProd'){ steps { echo "部署生產(chǎn)環(huán)境" script { def userInput = input ( message: '確定要發(fā)布到生產(chǎn)環(huán)境嗎?', parameters:[ choice(name: '操作', choices: ['發(fā)布', '跳過']) ], ok: '確定', submitter: 'ops', submitterParameter: 'APPROVER' ) if (userInput['操作'] == '發(fā)布'){ echo "發(fā)布" Namespace_Prod = sh(script: "cat $pipeline_dir/prod/$Project_Name/deployment.yml | grep namespace | awk -F ':' '{print /$2}'", returnStdout: true).trim() DeploymentName = sh(script: "cat $pipeline_dir/prod/$Project_Name/deployment.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() Revsion_Prod = sh(script: "kubectl get deployment $DeploymentName -n ${Namespace_Prod} -o=jsnotallow='{.spec.template.spec.containers[*].image}' | awk -F ':' '{print /$NF}'", returnStdout: true).trim() GrayDeploymentName = sh(script: "cat $pipeline_dir/prod/$Project_Name/deployment-gray.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() GrayServiceName = sh(script: "cat $pipeline_dir/prod/$Project_Name/service-gray.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() GrayIngressName = sh(script: "cat $pipeline_dir/prod/$Project_Name/ingress-gray-header.yml | grep name: | head -n 1 | awk -F ':' '{print /$2}'", returnStdout: true).trim() sh ''' echo $pipeline_dir echo "開始部署生產(chǎn)環(huán)境" echo "打印編排文件詳細(xì)信息" if [ -e "$pipeline_dir/prod/$Project_Name/deployment.yml" ]; then cat $pipeline_dir/prod/$Project_Name/deployment.yml | sed "s/TAG/${Tag}/g" cat $pipeline_dir/prod/$Project_Name/deployment.yml | sed "s/TAG/${Tag}/g" | /usr/bin/kubectl apply -f - fi if [ -e "$pipeline_dir/prod/$Project_Name/service.yml" ]; then cat $pipeline_dir/prod/$Project_Name/service.yml cat $pipeline_dir/prod/$Project_Name/service.yml | /usr/bin/kubectl apply -f - fi if [ -e "$pipeline_dir/prod/$Project_Name/ingress.yml" ]; then cat $pipeline_dir/prod/$Project_Name/ingress.yml cat $pipeline_dir/prod/$Project_Name/ingress.yml | /usr/bin/kubectl apply -f - fi ''' if (GrayEnable == 'yes'){ sh """ kubectl delete deployment ${GrayDeploymentName} -n ${Namespace_Prod} kubectl delete service ${GrayServiceName} -n ${Namespace_Prod} kubectl delete ingress ${GrayIngressName} -n ${Namespace_Prod} """ } } else { echo "不發(fā)布" } } } post { success { wrap([$class: 'BuildUser']) { lark ( robot: "2026ab67-7d07-46ec-a309-bebebaeaffbc", type: "CARD", title: "
本文鏈接:http://www.tebozhan.com/showinfo-26-90502-0.htmlJenkins Pipeline用戶權(quán)限管理新技巧:打造安全高效的流水線!
聲明:本網(wǎng)頁內(nèi)容旨在傳播知識,若有侵權(quán)等問題請及時與本網(wǎng)聯(lián)系,我們將在第一時間刪除處理。郵件:2376512515@qq.com
Copyright ? 2016-2023 天津谷騏科技有限公司 版權(quán)所有 sitemap.xml
違法及侵權(quán)請聯(lián)系:2376512515@qq.com 津ICP備18001702號
津公網(wǎng)安備 12010102000574號