docs(authz-service): 更新 README 文档完善服务描述和文件结构

- 更新 authz-service 描述，明确已包含 Dockerfile、启动脚本和空白种子数据 - 在目录结构图中添加 Dockerfile 文件路径 - 在文档末尾添加 authz-service 的 README 路径到文档列表 - 从后续建议列表中移除已完成的 Dockerfile 和启动脚本相关条目 - 将 authz-service 的部署脚本更新为控制面接入和部署编排
2026-03-13 16:49:06 +08:00
parent 0a49bcfb2d
commit 7e9d1dcacb
12 changed files with 265 additions and 4 deletions
--- a/authz-service/start-authz.sh
+++ b/authz-service/start-authz.sh
@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+IMAGE_NAME="${IMAGE_NAME:-nano/authz-service:latest}"
+CONTAINER_NAME="${CONTAINER_NAME:-nano-authz-service}"
+DATA_ROOT="${DATA_ROOT:-${SCRIPT_DIR}/runtime/data}"
+HOST_PORT="${HOST_PORT:-19090}"
+HOST_BIND_IP="${HOST_BIND_IP:-0.0.0.0}"
+AUTHZ_ISSUER="${AUTHZ_ISSUER:-http://127.0.0.1:${HOST_PORT}}"
+AUTHZ_INTERNAL_TOKEN="${AUTHZ_INTERNAL_TOKEN:-dev-internal-token}"
+AUTHZ_ACCESS_TOKEN_TTL_SECONDS="${AUTHZ_ACCESS_TOKEN_TTL_SECONDS:-3600}"
+FORCE_BUILD=0
+REPLACE=0
+
+usage() {
+  cat <<'EOF'
+Usage:
+  ./start-authz.sh [--build] [--replace]
+EOF
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --build)
+      FORCE_BUILD=1
+      shift
+      ;;
+    --replace)
+      REPLACE=1
+      shift
+      ;;
+    --help|-h)
+      usage
+      exit 0
+      ;;
+    *)
+      printf '[start-authz] unknown argument: %s\n' "$1" >&2
+      exit 1
+      ;;
+  esac
+done
+
+mkdir -p "${DATA_ROOT}"
+
+if [[ "${FORCE_BUILD}" -eq 1 ]] || ! docker image inspect "${IMAGE_NAME}" >/dev/null 2>&1; then
+  docker build -t "${IMAGE_NAME}" "${SCRIPT_DIR}"
+fi
+
+if docker container inspect "${CONTAINER_NAME}" >/dev/null 2>&1; then
+  if [[ "${REPLACE}" -eq 1 ]]; then
+    docker rm -f "${CONTAINER_NAME}" >/dev/null
+  else
+    printf '[start-authz] container already exists: %s\n' "${CONTAINER_NAME}" >&2
+    exit 1
+  fi
+fi
+
+docker run -d \
+  --name "${CONTAINER_NAME}" \
+  --restart unless-stopped \
+  -p "${HOST_BIND_IP}:${HOST_PORT}:19090" \
+  -v "${DATA_ROOT}:/var/lib/authz-service/data" \
+  -e "AUTHZ_ISSUER=${AUTHZ_ISSUER}" \
+  -e "AUTHZ_INTERNAL_TOKEN=${AUTHZ_INTERNAL_TOKEN}" \
+  -e "AUTHZ_ACCESS_TOKEN_TTL_SECONDS=${AUTHZ_ACCESS_TOKEN_TTL_SECONDS}" \
+  "${IMAGE_NAME}" >/dev/null
+
+printf 'container_name=%s\n' "${CONTAINER_NAME}"
+printf 'host_port=%s\n' "${HOST_PORT}"
+printf 'data_root=%s\n' "${DATA_ROOT}"