526互联

Apollo批量给新创建的用户授可编辑权限

发布时间 2023-06-13 11:06:22作者: 一起走过的路

apollo系统版本: java-2.1.0

管理员账号:Apollo

可编辑账号:guoyabin

 

在没写这段代码的时候从网上搜了一些文章如下:
apollo_adminservice、apollo_configservice改成自己的域名,在不知道用户密码的前提下可以获取cluster、app_ids、namespaces的脚本。 
# !/usr/bin/env python
# -*-coding:utf-8 -*-

"""
# File       : apollo.py
# Time       :2023/6/6/006 11:01
# Author     :GuoYabin
# version    :python 3.8
# Description:利用apollo_adminservice的8090和apollo_configservice的8080
               获取所有Apollo环境/appid/cluster
"""
import json
import time
import requests
from urllib.parse import urlparse


def get_response(uri):
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20200101 Firefox/60.0",
        "Accept-Encoding": "gzip, deflate",
        "Accept-Language": "zh-CN,zh;q=0.9",
        "Connection": "close"
    }
    return requests.get(uri, headers=headers, timeout=20, allow_redirects=False)


def get_app_ids(uri):
    print(uri)
    app_ids = []
    response = get_response("{}/apps".format(uri))
    html = response.text
    print(html)
    if response.status_code == 200:
        for app in json.loads(html):
            app_ids.append(app.get("appId"))
    return app_ids


def get_clusters(uri, app_ids):
    clusters = {}
    for app_id in app_ids:
        clusters[app_id] = []
        response = get_response("{}/apps/{}/clusters".format(uri, app_id))
        html = response.text
        if response.status_code == 200:
            for app in json.loads(html):
                clusters[app_id].append(app.get("name"))
    return clusters


def get_namespaces(uri, app_ids, clusters):
    namespaces = {}
    for app_id in app_ids:
        namespaces[app_id] = []
        for cluster in clusters[app_id]:
            url = "{}/apps/{}/clusters/{}/namespaces".format(uri, app_id, cluster)
            response = get_response(url)
            html = response.text
            if response.status_code == 200:
                for app in json.loads(html):
                    namespaces[app_id].append(app.get("namespaceName"))
    return namespaces


def get_configurations(uri, app_ids, clusters, namespaces):
    configurations = []
    for app_id in app_ids:
        for cluster in clusters[app_id]:
            for namespace in namespaces[app_id]:
                key_name = "{}-{}-{}".format(app_id, cluster, namespace)
                url = "{}/configs/{}/{}/{}".format(uri, app_id, cluster, namespace)
                response = get_response(url)
                code = response.status_code
                html = response.text
                print("[+] get {} configs, status: {}".format(url, code))
                time.sleep(1)
                if code == 200:
                    configurations.append({key_name: json.loads(html)})
    return configurations


if __name__ == "__main__":
    apollo_adminservice = "http://192.168.40.185:8090"
    apollo_configservice = "http://192.168.40.185:8080"

    scheme0, netloc0, path0, params0, query0, fragment0 = urlparse(apollo_adminservice)
    host0 = "{}://{}".format(scheme0, netloc0)

    _ids = get_app_ids(host0)
    print("All appIds:")
    print(_ids)

    _clusters = get_clusters(host0, _ids)
    print("\nAll Clusters:")
    print(_clusters)

    _namespaces = get_namespaces(host0, _ids, _clusters)
    print("\nAll Namespaces:")
    print(_namespaces)
    print()

    scheme1, netloc1, path1, params1, query1, fragment1 = urlparse(apollo_configservice)
    host1 = "{}://{}".format(scheme1, netloc1)
    _configurations = get_configurations(host1, _ids, _clusters, _namespaces)
    print("\nresults:\n")
    print(_configurations)

 

下面我们自己写一个批量授权的方法、使用管理员apollo给guoyabin账号授权,允许guoyabin账号可以编辑,但无法发布权限。

 

# !/usr/bin/env python
# -*-coding:utf-8 -*-

"""
# File       : apollo.py
# Time       :2023/6/6/006 11:01
# Author     :GuoYabin
# version    :python 3.8
# Description:模拟Apollo登陆,获取所有envs/appid添加guoyabin账号编辑权限
"""

import requests
import json

class apollo:
    def __init__(self):
        self.username = "apollo"
        self.password = "*********"
        self.apollourl = "http://**************"
        self.addauth = "guoyabin"
        self.session = requests.session()
        self.headers = self.setheaders()

    def login(self):
        url = '{}/signin'.format(self.apollourl)
        payload = {
            "username": self.username,
            "password": self.password,
            "login-submit": "登录"
        }
        self.session.post(url=url,data=payload)
        res = self.session.cookies
        return (res.get_dict()['SESSION'])

    def setheaders(self):
        session = self.login()
        myheaders = {
            "Accept": "application/json, text/plain, */*",
            "Cookie": "Hm_lvt_488a0e7e13b847119c47d080b3dc7272=1677469471; NG_TRANSLATE_LANG_KEY=zh-CN; SESSION={0}".format(session),
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
        }
        return (myheaders)

    def getenvs(self):
        url = 'http://{}/envs'.format(self.apollourl)
        head = self.headers
        res = requests.get(url=url,headers=head)
        return (res.text)

    def getappid(self):
        url = 'http://{}/apps'.format(self.apollourl)
        params = {'page': 0}
        res = requests.get(url, params=params,headers=self.headers)
        date = json.loads(res.text)
        allapp = [d['appId'] for d in date]
        return (allapp)

    def addauth(self,appid):
        uri = 'http://{0}/apps/{1}/namespaces/application/roles/ModifyNamespace'.format(self.apollourl,appid)
        playload = self.addauth
        try:
            response = requests.post(url=uri,data=playload,headers=self.headers)
            response.raise_for_status()
        except requests.exceptions.HTTPError as error:
            json_data = error.response.json()
            error_message = json_data['message']
            print(appid,error_message)

if __name__ == '__main__':
    apollo_obj = apollo()
    for i in apollo_obj.getappid():
        apollo_obj.addauth(i)