Skip to content

Commit

Permalink
Merge pull request #1181 from hanshuaikang/feature/guomi
Browse files Browse the repository at this point in the history
feature: 流程服务支持国密
  • Loading branch information
hanshuaikang authored Aug 22, 2023
2 parents 65a5c99 + fb5ca35 commit 82de729
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
25 changes: 25 additions & 0 deletions config/default.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
BK_PAAS_HOST,
BK_PAAS_INNER_HOST,
RUN_VER,
APP_TOKEN,
)

# 标准运维页面服务地址
Expand Down Expand Up @@ -909,3 +910,27 @@ def redirect_func(request):
CLOSE_EVERY_DAY_TICKET_NOTIFY = bool(
os.getenv("BKAPP_CLOSE_EVERY_DAY_TICKET_NOTIFY", False)
)

# 国密相关的改造配置
# BKPAAS_BK_CRYPTO_TYPE 为 PaaSV3 国密版本支持变量,可选值:CLASSIC-国际算法,SHANGMI-国家算法
# 通过该值确定 SYMMETRIC_CIPHER_TYPE
if os.getenv("BKPAAS_BK_CRYPTO_TYPE") == "SHANGMI":
BKCRYPTO_SYMMETRIC_CIPHER_TYPE = "SM4"
else:
BKCRYPTO_SYMMETRIC_CIPHER_TYPE = "AES"

# 开启 blueapps 内置数据表加密
BLUEAPPS_ENABLE_DB_ENCRYPTION = True

# 使用 APP_TOKEN 作为非对称密码的 Key
# 关于 BKCRYPTO 的配置,可参考:https://github.com/TencentBlueKing/crypto-python-sdk
BKCRYPTO = {
"SYMMETRIC_TYPE": BKCRYPTO_SYMMETRIC_CIPHER_TYPE,
"SYMMETRIC_CIPHERS": {
"blueapps": {
# 配置非对称加密密钥,如需延迟到 `default.py` 外 lazy 加载 key,可使用 `get_key_config_func` 配置
# 详情参考:https://github.com/TencentBlueKing/crypto-python-sdk
"common": {"key": APP_TOKEN},
},
},
}
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,6 @@ jmespath==0.10.0
requests_toolbelt==0.9.1

apigw-manager[cryptography]==1.0.7
blueapps[opentelemetry]==4.7.0
blueapps[opentelemetry,bkcrypto]==4.8.0

drf-yasg==1.20.0

0 comments on commit 82de729

Please sign in to comment.