开放平台能否支持管理所有应用，目前是 TOKEN 一个个授权

[zhb127]

Is your feature request related to a problem? Please describe.
在 CI/CD 过程中，构建完成后，系统会通知 APOLLO 更新某个配置项，目前是通过开放平台 HTTP REST API 去更新，但是开放平台的授权，得有一个应用加一次，TOKEN 不能对所有应用（包括未来新增的应用全部授权么），或者不能直接绑定在一个高权限的账号下么？

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

[nobodyiam]

目前的设计是权限细粒度控制，所以同一个token如果需要管理多个app的话，需要多次授权。

[cypggs]

同样的困扰，目前授权app可以直接操作数据库insert into consumerrole (ConsumerId,RoleId,DataChange_CreatedBy,DataChange_CreatedTime,DataChange_LastModifiedBy,DataChange_LastTime) select ConsumerId, $i, DataChange_CreatedBy ,now(),DataChange_LastModifiedBy,now() from consumerrole where id = 3
；但是无法在应用新增的时候就去授权，无法自动化创建app，进而自动授权。
是否能提供创建app的api

[nobodyiam]

创建app接口需要考虑一下如何授权，因为目前的权限都是在app或namespace上

[cypggs]

创建app接口需要考虑一下如何授权，因为目前的权限都是在app或namespace上

#临时通过插入数据库脚本实现了，不知道会不会有坑，验证都ok。（新增把APPNAME替换成应用名就行）
use ApolloConfigDB;
INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail)
VALUES
('APPNAME', 'APPNAME', 'pay', '支付', 'apollo', 'cyp@xxxx.com');

INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment)
VALUES
('application', 'APPNAME', 'properties', 0, 'default app namespace');

INSERT INTO Cluster (Name, AppId)
VALUES
('default', 'APPNAME');

INSERT INTO Namespace (AppId, ClusterName, NamespaceName)
VALUES
('APPNAME', 'default', 'application');

use ApolloPortalDB;

INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail)
VALUES
('APPNAME', 'APPNAME', 'pay', '支付', 'apollo', 'cyp@xxxx.com');

INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment)
VALUES
('application', 'APPNAME', 'properties', 0, 'default app namespace');

INSERT INTO Permission ( PermissionType, TargetId)
VALUES
( 'CreateCluster', 'APPNAME'),
( 'CreateNamespace', 'APPNAME'),
( 'AssignRole', 'APPNAME'),
( 'ModifyNamespace', 'APPNAME+application'),
( 'ReleaseNamespace', 'APPNAME+application');

INSERT INTO Role ( RoleName)
VALUES
( 'Master+APPNAME'),
( 'ModifyNamespace+APPNAME+application'),
( 'ReleaseNamespace+APPNAME+application');

insert into RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "Master+APPNAME" and P.TargetId="APPNAME";

insert into RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ModifyNamespace+APPNAME+application" and P.TargetId = "APPNAME+application" and P.PermissionType = "ModifyNamespace";

insert into RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ReleaseNamespace+APPNAME+application" and P.TargetId = "APPNAME+application" and P.PermissionType = "ReleaseNamespace";

insert into UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName like '%APPNAME%';

[cypggs]

来个终极脚本版本，自取
#!/bin/bash
NS=PAY
APP_NAME=case2
TYPE=java
mkdir -p /data/apollo-sql/
cd /data/apollo-sql/
#备份apollo数据库
mysqldump ApolloConfigDB > ApolloConfigDB.sqldate "+%d"
mysqldump ApolloPortalDB > ApolloPortalDB.sqldate "+%d"
APP_NAME_CN=mysql -NB ApolloConfigDB -e "select OrgName from App where OrgId=${NS} limit 1"
#生成apollo-app应用插入的mysql脚本
cat > /data/apollo-sql/${APP_NAME}.sql <<EOF
use ApolloConfigDB;
INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail) VALUES ('$APP_NAME', '$APP_NAME', '${NS}', '${APP_NAME_CN}', 'apollo', 'apollo@acme.com');
INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment) VALUES ('application', '$APP_NAME', 'properties', 0, 'default app namespace');
INSERT INTO Cluster (Name, AppId) VALUES ('default', '$APP_NAME');
INSERT INTO Namespace (AppId, ClusterName, NamespaceName) VALUES ('$APP_NAME', 'default', 'application');
use ApolloPortalDB;
INSERT INTO App (AppId, Name, OrgId, OrgName, OwnerName, OwnerEmail) VALUES ('$APP_NAME', '$APP_NAME', '${NS}', '${APP_NAME_CN}', 'apollo', 'apollo@acme.com');
INSERT INTO AppNamespace (Name, AppId, Format, IsPublic, Comment) VALUES ('application', '$APP_NAME', 'properties', 0, 'default app namespace');
INSERT INTO Permission ( PermissionType, TargetId) VALUES ('CreateCluster', '$APP_NAME'),('CreateNamespace', '$APP_NAME'),('AssignRole', '$APP_NAME'),('ModifyNamespace', '$APP_NAME+application'),('ReleaseNamespace','$APP_NAME+application'),('ModifyNamespace', '$APP_NAME+application+PRO '),('ReleaseNamespace','$APP_NAME+application+PRO ');
INSERT INTO Role ( RoleName) VALUES ('Master+$APP_NAME'),('ModifyNamespace+$APP_NAME+application'),('ReleaseNamespace+$APP_NAME+application'),('ModifyNamespace+$APP_NAME+application+PRO'),('ReleaseNamespace+$APP_NAME+application+PRO');
INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "Master+$APP_NAME" and P.TargetId="$APP_NAME";
INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ModifyNamespace+$APP_NAME+application" and P.TargetId = "$APP_NAME+application" and P.PermissionType = "ModifyNamespace";
INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ReleaseNamespace+$APP_NAME+application" and P.TargetId = "$APP_NAME+application" and P.PermissionType = "ReleaseNamespace";
INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ModifyNamespace+$APP_NAME+application+PRO" and P.TargetId = "$APP_NAME+application+PRO" and P.PermissionType = "ModifyNamespace";
INSERT INTO RolePermission (RoleId, PermissionId) select R.id,P.id from Role R ,Permission P where R.RoleName = "ReleaseNamespace+$APP_NAME+application+PRO" and P.TargetId = "$APP_NAME+application+PRO" and P.PermissionType = "ReleaseNamespace";
INSERT INTO UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName = 'Master+$APP_NAME';
INSERT INTO UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName = 'ModifyNamespace+$APP_NAME+application';
INSERT INTO UserRole(UserId,RoleId) select "apollo" , r.id from Role r where r.RoleName = 'ReleaseNamespace+$APP_NAME+application';
INSERT INTO ConsumerRole (ConsumerId,RoleId,DataChange_CreatedBy,DataChange_LastModifiedBy) select C.Id, R.id, 'apollo','apollo' from Role R,Consumer C where R.RoleName = "Master+$APP_NAME" and C.AppId = "apollo-api";
EOF
#判断应用是否已经存在
CHECKAPP=mysql -NB ApolloConfigDB -e "select AppId from App where AppId='$APP_NAME'"
[[ "$TYPE" == 'java' ]] && [[ ! -n "$CHECKAPP" ]] && mysql --default-character-set=utf8 -e "source /data/apollo-sql/${APP_NAME}.sql"

[qixiaobo]

很多ops应用都有此类需求 甚至包含创建app

[sulin2018]

这个issue有支持计划吗? 还是挺有用的

[No-SilverBullet]

https://github.com/No-SilverBullet/apollo-token-batcher 可以参考这个项目，能对openapi token批量授予应用的权限

[lilianzhu]

同样需要，devops 平台对接需要一个全局的 token 用于修改应用配置，现在要一个个应用加完全不可操作，官方是否有计划优化？