cluster manager support importing gke

bcs-services/bcs-cluster-manager/api/clustermanager/clustermanager.proto

@@ -1497,6 +1497,8 @@ message Credential {
   string resourceGroupName = 5;
   string clientID = 6;
   string clientSecret = 7;
+  string serviceAccountSecret = 8;
+  string gkeProjectID = 9;
 }
 
 message BKOpsPlugin {
@@ -1644,11 +1646,11 @@ message Account {
   string secretID = 1[(grpc.gateway.protoc_gen_swagger.options.openapiv2_field) = {
     title: "secretID",
     description: "腾讯云账号secretID"
-  }, (validate.rules).string = {max_len : 64, pattern : "^[0-9a-zA-Z-]+$"}];
+  }];
   string secretKey = 2[(grpc.gateway.protoc_gen_swagger.options.openapiv2_field) = {
     title: "secretKey",
     description: "腾讯云账号secretKey"
-  }, (validate.rules).string = {max_len : 64, pattern : "^[0-9a-zA-Z-]+$"}];
+  }];
   string subscriptionID = 3[(grpc.gateway.protoc_gen_swagger.options.openapiv2_field) = {
     title: "subscriptionID",
     description: "Azure 订阅ID"
@@ -1669,6 +1671,14 @@ message Account {
     title: "clientSecret",
     description: "Azure Service Principal ClientSecret"
   }];
+  string serviceAccountSecret = 8[(grpc.gateway.protoc_gen_swagger.options.openapiv2_field) = {
+    title: "serviceAccountSecret",
+    description: "Google Cloud service account的json字符串秘钥"
+  }];
+  string gkeProjectID = 9[(grpc.gateway.protoc_gen_swagger.options.openapiv2_field) = {
+    title: "gkeProjectID",
+    description: "Google Cloud 项目ID"
+  }];
 }
 
 // cloud account manage
@@ -8889,7 +8899,7 @@ message GetCloudRegionZonesRequest {
   string region = 2 [(grpc.gateway.protoc_gen_swagger.options.openapiv2_field) = {
     title : "region",
     description : "地域信息"
-  },(validate.rules).string = {min_len : 2}];
+  }];
   string accountID = 3 [(grpc.gateway.protoc_gen_swagger.options.openapiv2_field) = {
     title : "accountID",
     description : "云凭证ID"

bcs-services/bcs-cluster-manager/api/clustermanager/clustermanager.swagger.json

@@ -4520,6 +4520,16 @@
           "type": "string",
           "description": "Azure Service Principal ClientSecret",
           "title": "clientSecret"
+        },
+        "serviceAccountSecret": {
+          "type": "string",
+          "description": "Google Cloud service account的json字符串秘钥",
+          "title": "serviceAccountSecret"
+        },
+        "gkeProjectID": {
+          "type": "string",
+          "description": "Google Cloud 项目ID",
+          "title": "gkeProjectID"
         }
       },
       "description": "用于存储不同cloud的账号信息，不同cloud格式兼容处理",
@@ -7525,6 +7535,12 @@
         },
         "clientSecret": {
           "type": "string"
+        },
+        "serviceAccountSecret": {
+          "type": "string"
+        },
+        "gkeProjectID": {
+          "type": "string"
         }
       },
       "description": "用于记录账户信息",

bcs-services/bcs-cluster-manager/go.mod

@@ -37,13 +37,16 @@ require (
 	github.com/kirito41dd/xslice v0.0.1
 	github.com/micro/go-micro/v2 v2.9.1
 	github.com/parnurzeal/gorequest v0.2.16
+	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.11.0
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/as v1.0.398
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.417
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.376
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.417
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.374
 	go.mongodb.org/mongo-driver v1.5.3
+	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
+	google.golang.org/api v0.44.0
 	google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2
 	google.golang.org/grpc v1.41.0
 	google.golang.org/protobuf v1.28.1
@@ -142,7 +145,6 @@ require (
 	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.28.0 // indirect
@@ -172,15 +174,13 @@ require (
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
 	golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect
-	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
 	golang.org/x/sync v0.0.0-20220907140024-f12130a52804 // indirect
 	golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
 	golang.org/x/tools v0.1.12 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/api v0.44.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect

bcs-services/bcs-cluster-manager/internal/actions/account/list.go

@@ -15,12 +15,16 @@ package account
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
+
 	"github.com/Tencent/bk-bcs/bcs-common/common/blog"
 	"github.com/Tencent/bk-bcs/bcs-common/pkg/auth/iam"
 	"github.com/Tencent/bk-bcs/bcs-common/pkg/odm/operator"
 	cmproto "github.com/Tencent/bk-bcs/bcs-services/bcs-cluster-manager/api/clustermanager"
 	"github.com/Tencent/bk-bcs/bcs-services/bcs-cluster-manager/internal/actions"
+	"github.com/Tencent/bk-bcs/bcs-services/bcs-cluster-manager/internal/cloudprovider/google/api"
 	"github.com/Tencent/bk-bcs/bcs-services/bcs-cluster-manager/internal/common"
 	"github.com/Tencent/bk-bcs/bcs-services/bcs-cluster-manager/internal/store"
 	storeopt "github.com/Tencent/bk-bcs/bcs-services/bcs-cluster-manager/internal/store/options"
@@ -78,7 +82,10 @@ func (la *ListAction) listCloudAccount() error {
 		if err != nil {
 			blog.Errorf("getRelativeClustersByAccountID[%s] failed: %v", cloudAccounts[i].AccountID, err)
 		}
-		cloudAccounts[i].Account = shieldCloudSecret(cloudAccounts[i].Account)
+		cloudAccounts[i].Account, err = shieldCloudSecret(cloudAccounts[i].Account)
+		if err != nil {
+			blog.Errorf("shieldCloudSecret failed: %v", err)
+		}
 
 		cloudAccountInfo := &cmproto.CloudAccountInfo{
 			Account:  &cloudAccounts[i],
@@ -146,7 +153,7 @@ func (la *ListAction) Handle(
 }
 
 // shieldCloudSecret return secret by '***'
-func shieldCloudSecret(account *cmproto.Account) *cmproto.Account {
+func shieldCloudSecret(account *cmproto.Account) (*cmproto.Account, error) {
 	shield := func(key string) string {
 		keyBytes := []byte(key)
 		if len(keyBytes) <= 4 {
@@ -169,7 +176,20 @@ func shieldCloudSecret(account *cmproto.Account) *cmproto.Account {
 
 	account.SecretKey = shield(account.SecretKey)
 	account.ClientSecret = shield(account.ClientSecret)
-	return account
+	if account.ServiceAccountSecret != "" {
+		sa := &api.GkeServiceAccount{}
+		if err := json.Unmarshal([]byte(account.ServiceAccountSecret), sa); err != nil {
+			return nil, err
+		}
+		shieldPrivateKey := shield(base64.StdEncoding.EncodeToString([]byte(sa.PrivateKey)))
+		sa.PrivateKey = shieldPrivateKey
+		shieldServiceAccountByte, err := json.Marshal(sa)
+		if err != nil {
+			return nil, err
+		}
+		account.ServiceAccountSecret = string(shieldServiceAccountByte)
+	}
+	return account, nil
 }
 
 // ListPermDataAction action for list permData account