ideal-world
diff --git a/‎support/iam/src/basic/dto/iam_open_dto.rs
Lines changed: 17 additions & 3 deletions b/‎support/iam/src/basic/dto/iam_open_dto.rs
Lines changed: 17 additions & 3 deletions
diff --git a/‎support/iam/src/basic/serv/iam_open_serv.rs
Lines changed: 54 additions & 9 deletions b/‎support/iam/src/basic/serv/iam_open_serv.rs
Lines changed: 54 additions & 9 deletions
diff --git a/‎support/iam/src/console_interface/api/iam_ci_open_api.rs
Lines changed: 14 additions & 2 deletions b/‎support/iam/src/console_interface/api/iam_ci_open_api.rs
Lines changed: 14 additions & 2 deletions
diff --git a/‎support/iam/tests/test_cc_res.rs
Lines changed: 25 additions & 0 deletions b/‎support/iam/tests/test_cc_res.rs
Lines changed: 25 additions & 0 deletions
diff --git a/‎support/iam/tests/test_cc_role.rs
Lines changed: 1 addition & 0 deletions b/‎support/iam/tests/test_cc_role.rs
Lines changed: 1 addition & 0 deletions
@@ -32,8 +32,8 @@ pub struct IamOpenAddSpecReq {
 
 #[derive(poem_openapi::Object, Serialize, Deserialize, Debug)]
 pub struct IamOpenBindAkProductReq {
-    pub product_id: String,
-    pub spec_id: String,
+    pub product_code: String,
+    pub spec_code: String,
     pub start_time: Option<chrono::DateTime<Utc>>,
     pub end_time: Option<chrono::DateTime<Utc>>,
     pub api_call_frequency: Option<u32>,
@@ -43,10 +43,24 @@ pub struct IamOpenBindAkProductReq {
 #[derive(Serialize, Deserialize, Debug, poem_openapi::Object)]
 pub struct IamOpenRuleInfo {
     pub cert_id: String,
-    pub spec_id: String,
+    pub spec_code: String,
     pub start_time: Option<chrono::DateTime<Utc>>,
     pub end_time: Option<chrono::DateTime<Utc>>,
     pub api_call_frequency: Option<u32>,
     pub api_call_count: Option<u32>,
     pub api_call_cumulative_count: Option<u32>,
 }
+
+
+#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)]
+pub struct IamOpenAkSkAddReq {
+    pub tenant_id: String,
+    pub app_id: Option<String>,
+}
+
+#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)]
+pub struct IamOpenAkSkResp {
+    pub id: String,
+    pub ak: String,
+    pub sk: String,
+}
@@ -10,8 +10,7 @@ use bios_basic::rbum::{
 use bios_sdk_invoke::clients::spi_kv_client::SpiKvClient;
 use itertools::Itertools;
 use tardis::{
-    basic::{dto::TardisContext, result::TardisResult},
-    TardisFunsInst,
+    basic::{dto::TardisContext, field::TrimString, result::TardisResult}, TardisFuns, TardisFunsInst
 };
 use tardis::{
     chrono::{self, Utc},
@@ -20,15 +19,13 @@ use tardis::{
 
 use crate::{
     basic::dto::{
-        iam_filer_dto::IamResFilterReq,
-        iam_open_dto::{IamOpenAddProductReq, IamOpenBindAkProductReq},
-        iam_res_dto::IamResAddReq,
+        iam_cert_conf_dto::IamCertConfAkSkAddOrModifyReq, iam_cert_dto::IamCertAkSkAddReq, iam_filer_dto::IamResFilterReq, iam_open_dto::{IamOpenAddProductReq, IamOpenAkSkAddReq, IamOpenAkSkResp, IamOpenBindAkProductReq}, iam_res_dto::IamResAddReq
     },
     iam_config::IamConfig,
-    iam_enumeration::{IamRelKind, IamResKind},
+    iam_enumeration::{IamCertKernelKind, IamRelKind, IamResKind},
 };
 
-use super::{iam_key_cache_serv::IamIdentCacheServ, iam_rel_serv::IamRelServ, iam_res_serv::IamResServ};
+use super::{iam_cert_aksk_serv::IamCertAkSkServ, iam_cert_serv::IamCertServ, iam_key_cache_serv::IamIdentCacheServ, iam_rel_serv::IamRelServ, iam_res_serv::IamResServ, iam_tenant_serv::IamTenantServ};
 
 pub struct IamOpenServ;
 
@@ -83,10 +80,39 @@ impl IamOpenServ {
             RbumRelServ::delete_rbum(&rel.id, funs, ctx).await?;
         }
 
-        Self::bind_cert_product(cert_id, &bind_req.product_id, None, funs, ctx).await?;
+        let product_id = IamResServ::find_one_detail_item(
+            &IamResFilterReq {
+                basic: RbumBasicFilterReq {
+                    code: Some(format!("{}/*/{}", IamResKind::Product.to_int(), &bind_req.product_code)),
+                    ..Default::default()
+                },
+                ..Default::default()
+            },
+            funs,
+            ctx,
+        )
+        .await?
+        .ok_or_else(|| funs.err().internal_error("iam_open", "bind_cert_product_and_spec", "illegal response", "404-iam-res-not-exist"))?
+        .id;
+        let spec_id = IamResServ::find_one_detail_item(
+            &IamResFilterReq {
+                basic: RbumBasicFilterReq {
+                    code: Some(format!("{}/*/{}", IamResKind::Spec.to_int(), &bind_req.spec_code)),
+                    ..Default::default()
+                },
+                ..Default::default()
+            },
+            funs,
+            ctx,
+        )
+        .await?
+        .ok_or_else(|| funs.err().internal_error("iam_open", "bind_cert_product_and_spec", "illegal response", "404-iam-res-not-exist"))?
+        .id;
+
+        Self::bind_cert_product(cert_id, &product_id, None, funs, ctx).await?;
         Self::bind_cert_spec(
             cert_id,
-            &bind_req.spec_id,
+            &spec_id,
             None,
             bind_req.start_time,
             bind_req.end_time,
@@ -240,6 +266,25 @@ impl IamOpenServ {
         Ok(())
     }
 
+    pub async fn general_cert(add_req: IamOpenAkSkAddReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<IamOpenAkSkResp> {
+        let rel_iam_item_id = IamTenantServ::get_id_by_ctx(ctx, funs)?;
+        let cert_conf_id = IamCertServ::get_cert_conf_id_by_kind(IamCertKernelKind::AkSk.to_string().as_str(), Some(rel_iam_item_id.clone()), funs).await
+        .unwrap_or(
+            IamCertAkSkServ::add_cert_conf(&IamCertConfAkSkAddOrModifyReq {
+                name: TrimString(format!("AkSk-{}", &rel_iam_item_id)),
+                 expire_sec: None,
+            }, Some(IamTenantServ::get_id_by_ctx(ctx, funs)?), funs, ctx).await?
+        );
+        let ak = TardisFuns::crypto.key.generate_ak()?;
+        let sk = TardisFuns::crypto.key.generate_sk(&ak)?;
+
+        let cert_id = IamCertAkSkServ::add_cert(&IamCertAkSkAddReq {
+            tenant_id:add_req.tenant_id,
+            app_id:add_req.app_id,
+        }, &ak, &sk, &cert_conf_id, funs, ctx).await?;
+        Ok(IamOpenAkSkResp { id: cert_id, ak, sk })
+    }
+
     pub async fn refresh_cert_cumulative_count(funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> {
         let cert_ids = RbumRelServ::find_rels(
             &RbumRelFilterReq {
 
@@ -7,7 +7,7 @@ use tardis::web::poem_openapi::param::Path;
 use tardis::web::poem_openapi::payload::Json;
 use tardis::web::web_resp::{TardisApiResult, TardisResp, Void};
 
-use crate::basic::dto::iam_open_dto::{IamOpenAddProductReq, IamOpenBindAkProductReq};
+use crate::basic::dto::iam_open_dto::{IamOpenAddProductReq, IamOpenAkSkAddReq, IamOpenAkSkResp, IamOpenBindAkProductReq};
 use crate::basic::serv::iam_open_serv::IamOpenServ;
 use crate::iam_constants;
 
@@ -42,9 +42,21 @@ impl IamCiOpenApi {
         TardisResp::ok(Void {})
     }
 
+    /// Add aksk Cert by open platform / 生成AKSK通过开放平台
+    #[oai(path = "/aksk", method = "post")]
+    async fn add_aksk(&self, add_req: Json<IamOpenAkSkAddReq>, ctx: TardisContextExtractor, request: &Request) -> TardisApiResult<IamOpenAkSkResp> {
+        add_remote_ip(request, &ctx.0).await?;
+        let mut funs = iam_constants::get_tardis_inst();
+        funs.begin().await?;
+        let result = IamOpenServ::general_cert(add_req.0, &funs, &ctx.0).await?;
+        funs.commit().await?;
+        ctx.0.execute_task().await?;
+        TardisResp::ok(result)
+    }
+
     /// Refresh cumulative number of api calls / 刷新API累计调用数 (定时任务)
     #[oai(path = "/refresh_cert_cumulative_count", method = "post")]
-    async fn refresh_cert_cumulative_count(&self, request: &Request) -> TardisApiResult<Void> {
+    async fn refresh_cert_cumulative_count(&self, _request: &Request) -> TardisApiResult<Void> {
         let mut funs = iam_constants::get_tardis_inst();
         let ctx = TardisContext::default();
         funs.begin().await?;
 
@@ -72,6 +72,7 @@ async fn test_single_level(context: &TardisContext, another_context: &TardisCont
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         context,
@@ -96,6 +97,7 @@ async fn test_single_level(context: &TardisContext, another_context: &TardisCont
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         another_context,
@@ -121,6 +123,7 @@ async fn test_single_level(context: &TardisContext, another_context: &TardisCont
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         another_context
@@ -146,6 +149,7 @@ async fn test_single_level(context: &TardisContext, another_context: &TardisCont
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         context,
@@ -232,6 +236,7 @@ async fn test_multi_level_add<'a>(
             double_auth: Some(false),
             need_login: Some(false),
             bind_api_res: None,
+            ext: None,
             double_auth_msg: None,
         },
         funs,
@@ -257,6 +262,7 @@ async fn test_multi_level_add<'a>(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         funs,
         sys_context,
@@ -281,6 +287,7 @@ async fn test_multi_level_add<'a>(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         funs,
         t1_context,
@@ -305,6 +312,7 @@ async fn test_multi_level_add<'a>(
             need_login: Some(false),
             double_auth_msg: None,
             bind_api_res: None,
+            ext: None,
         },
         funs,
         t2_context,
@@ -329,6 +337,7 @@ async fn test_multi_level_add<'a>(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         funs,
         t2_context,
@@ -353,6 +362,7 @@ async fn test_multi_level_add<'a>(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         funs,
         t2_a1_context,
@@ -377,6 +387,7 @@ async fn test_multi_level_add<'a>(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         funs,
         t2_a2_context,
@@ -437,6 +448,7 @@ pub async fn test_multi_level_by_sys_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         sys_context,
@@ -460,6 +472,7 @@ pub async fn test_multi_level_by_sys_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         sys_context,
@@ -483,6 +496,7 @@ pub async fn test_multi_level_by_sys_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         sys_context,
@@ -612,6 +626,7 @@ pub async fn test_multi_level_by_tenant_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t1_context,
@@ -636,6 +651,7 @@ pub async fn test_multi_level_by_tenant_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t1_context,
@@ -660,6 +676,7 @@ pub async fn test_multi_level_by_tenant_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_context,
@@ -684,6 +701,7 @@ pub async fn test_multi_level_by_tenant_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_context,
@@ -707,6 +725,7 @@ pub async fn test_multi_level_by_tenant_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_context,
@@ -826,6 +845,7 @@ pub async fn test_multi_level_by_app_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_a1_context,
@@ -850,6 +870,7 @@ pub async fn test_multi_level_by_app_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_a1_context,
@@ -874,6 +895,7 @@ pub async fn test_multi_level_by_app_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_a1_context,
@@ -898,6 +920,7 @@ pub async fn test_multi_level_by_app_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_a1_context,
@@ -922,6 +945,7 @@ pub async fn test_multi_level_by_app_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_a1_context,
@@ -946,6 +970,7 @@ pub async fn test_multi_level_by_app_context(
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         t2_a1_context,
 
@@ -175,6 +175,7 @@ async fn test_single_level(context: &TardisContext, account_name: &str, another_
             double_auth_msg: None,
             need_login: None,
             bind_api_res: None,
+            ext: None,
         },
         &funs,
         context,