feat: 支持蓝鲸插件框架添加网关鉴权 --story=129089299

Author: Vinceeee

bk-plugin-framework/bk_plugin_framework/services/bpf_service/management/commands/data/api-definition.yml

@@ -23,5 +23,13 @@ stage:
       max_age: 86400
       allow_credential: true
 
+{% if settings.BK_APIGW_GRANTED_APPS %}
+grant_permissions:
+  {% for app_code in settings.BK_APIGW_GRANTED_APPS %}
+  - bk_app_code: {{ app_code }}
+    grant_dimension: "gateway"
+  {% endfor %}
+{% endif %}
+
 release:
   comment: "auto release by bk-plugin-runtime"

bk-plugin-framework/bk_plugin_framework/services/bpf_service/management/commands/sync_plugin_apigw.py

@@ -27,6 +27,8 @@ def handle(self, *args, **kwargs):
         call_command("sync_apigw_resources", file=resources_file_path)
         print("[bk-plugin-framework]call sync_apigw_strategies with definition: %s" % definition_file_path)
         call_command("sync_apigw_strategies", file=definition_file_path)
+        print("[bk-plugin-framework]call grant_apigw_permissions with definition: %s" % definition_file_path)
+        call_command("grant_apigw_permissions", file=definition_file_path)
 
         # if getattr(settings, "BK_APIGW_CORS_ALLOW_ORIGINS"):
         #     strategy_cors_file_path = os.path.join(__file__.rsplit("/", 1)[0], "data/api-strategy-cors.yml")

runtime/bk-plugin-runtime/bk_plugin_runtime/config/default.py

@@ -253,3 +253,4 @@ def logging_addition_settings(logging_dict):
 BK_APIGW_CORS_ALLOW_METHODS = os.getenv("BK_APIGW_CORS_ALLOW_METHODS", "")
 BK_APIGW_CORS_ALLOW_HEADERS = os.getenv("BK_APIGW_CORS_ALLOW_HEADERS", "")
 BK_APIGW_DEFAULT_TIMEOUT = int(os.getenv("BK_APIGW_DEFAULT_TIMEOUT", "60"))
+BK_APIGW_GRANTED_APPS = [BK_APP_CODE] + [each.strip() for each in os.getenv("BK_APIGW_GRANTED_APPS", "").split(",") if each.strip()]