feat: 构件传输记录指标增加userId #2448

* feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat : 修复权限校验bug #2375 * feat: Commit-Edge模式兼容独立集群模式 #2298 * feat: 添加 node_download 类型 #2380 * feat: 添加 node_download 类型 #2380 * feat: 添加 download 类型 #2380 * feat : 修复权限校验bug #2375 * feat: Commit-Edge模式兼容独立集群模式 #2298 * feat: 构件传输记录指标增加userId #2448 * feat: 构件传输记录指标增加userId #2448 * feat: 构件传输记录指标增加userId #2448 --------- Co-authored-by: owen <[email protected]> Co-authored-by: zacYL <[email protected]>
TencentBlueKing · Aug 1, 2024 · 8c69b82 · 8c69b82
1 parent d97bda8
commit 8c69b82
Show file tree

Hide file tree

Showing 13 changed files with 88 additions and 21 deletions.
diff --git a/...end/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/ActionTypeMapping.kt b/...end/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/ActionTypeMapping.kt
@@ -33,15 +33,18 @@ package com.tencent.bkrepo.auth.pojo.enums
 enum class ActionTypeMapping(val resType: String, val pAction: String) {
     PROJECT_MANAGE(ResourceType.PROJECT.name, PermissionAction.MANAGE.name),
     PROJECT_VIEW(ResourceType.PROJECT.name, PermissionAction.READ.name),
+    PROJECT_DOWNLOAD(ResourceType.PROJECT.name, PermissionAction.DOWNLOAD.name),
     PROJECT_EDIT(ResourceType.PROJECT.name, PermissionAction.UPDATE.name),
     REPO_CREATE(ResourceType.PROJECT.name, PermissionAction.WRITE.name),
     REPO_MANAGE(ResourceType.REPO.name, PermissionAction.MANAGE.name),
     REPO_VIEW(ResourceType.REPO.name, PermissionAction.READ.name),
+    REPO_DOWNLOAD(ResourceType.REPO.name, PermissionAction.DOWNLOAD.name),
     REPO_EDIT(ResourceType.REPO.name, PermissionAction.UPDATE.name),
     REPO_DELETE(ResourceType.REPO.name, PermissionAction.DELETE.name),
     NODE_CREATE(ResourceType.REPO.name, PermissionAction.WRITE.name),
     NODE_VIEW(ResourceType.NODE.name, PermissionAction.VIEW.name),
-    NODE_DOWNLOAD(ResourceType.NODE.name, PermissionAction.READ.name),
+    NODE_READ(ResourceType.NODE.name, PermissionAction.READ.name),
+    NODE_DOWNLOAD(ResourceType.NODE.name, PermissionAction.DOWNLOAD.name),
     NODE_EDIT(ResourceType.NODE.name, PermissionAction.UPDATE.name),
     NODE_WRITE(ResourceType.NODE.name, PermissionAction.WRITE.name),
     NODE_DELETE(ResourceType.NODE.name, PermissionAction.DELETE.name);

diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/helper/PermissionHelper.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/helper/PermissionHelper.kt
@@ -49,6 +49,7 @@ import com.tencent.bkrepo.auth.model.TAccount
 import com.tencent.bkrepo.auth.model.TPermission
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.READ
+import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.DOWNLOAD
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.MANAGE
 import com.tencent.bkrepo.auth.pojo.oauth.AuthorizationGrantType
 import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest
@@ -92,10 +93,10 @@ class PermissionHelper constructor(
         if (queryRoles.isEmpty()) return false
 
         val result = roleRepository.findByTypeAndProjectIdAndAdminAndRepoNameAndIdIn(
-            projectId = request.projectId!!,
             type = RoleType.REPO,
-            repoName = request.repoName!!,
+            projectId = request.projectId!!,
             admin = true,
+            repoName = request.repoName!!,
             ids = queryRoles
         )
         if (result.isNotEmpty()) return true
@@ -185,7 +186,8 @@ class PermissionHelper constructor(
     }
 
     fun checkProjectReadAction(request: CheckPermissionRequest, isProjectUser: Boolean): Boolean {
-        return request.projectId != null && request.action == READ.name && isProjectUser
+        val readeOrdownload = request.action == READ.name || request.action == DOWNLOAD.name
+        return request.projectId != null && readeOrdownload && isProjectUser
     }
 
     fun getPermissionPathFromConfig(

diff --git a/...h/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt b/...h/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt
@@ -43,6 +43,9 @@ import com.tencent.bkrepo.auth.constant.PIPELINE
 import com.tencent.bkrepo.auth.constant.REPORT
 import com.tencent.bkrepo.auth.dao.PersonalPathDao
 import com.tencent.bkrepo.auth.dao.RepoAuthConfigDao
+import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.DOWNLOAD
+import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.VIEW
+import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.WRITE
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.MANAGE
 import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.READ
 import com.tencent.bkrepo.auth.pojo.enums.ResourceType.NODE
@@ -194,19 +197,26 @@ class DevopsPermissionServiceImpl constructor(
                 return false
             }
             when (repoName) {
-                CUSTOM, LOG, REPORT -> {
+                CUSTOM, LOG -> {
                     return checkDevopsCustomPermission(request)
                 }
                 PIPELINE -> {
                     return checkDevopsPipelinePermission(request)
                 }
+                REPORT -> {
+                    return checkDevopsReportPermission(request.action)
+                }
                 else -> {
                     return checkRepoNotInDevops(request)
                 }
             }
         }
     }
 
+    private fun checkDevopsReportPermission(action: String): Boolean {
+        return action == READ.name || action == WRITE.name || action == VIEW.name || action == DOWNLOAD.name
+    }
+
     private fun checkDevopsCustomPermission(request: CheckPermissionRequest): Boolean {
         logger.debug("check devops custom permission request [$request]")
         with(request) {
@@ -221,12 +231,11 @@ class DevopsPermissionServiceImpl constructor(
     private fun checkRepoNotInDevops(request: CheckPermissionRequest): Boolean {
         logger.debug("check repo not in devops request [$request]")
         with(request) {
-            val isDevopsProjectMember = isDevopsProjectMember(uid, projectId!!, action) ||
-                    isUserLocalProjectUser(uid, projectId!!)
+            val isDevopsProjectMember = isDevopsProjectMember(uid, projectId!!, action)
             if (needCheckPathPermission(resourceType, projectId!!, repoName!!)) {
                 return checkNodeAction(request, null, isDevopsProjectMember)
             }
-            return isDevopsProjectMember
+            return isDevopsProjectMember || super.checkPermission(request)
         }
     }
 

diff --git a/...h/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt b/...h/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt
@@ -406,7 +406,7 @@ open class PermissionServiceImpl constructor(
         return permHelper.isUserLocalProjectAdmin(userId, projectId)
     }
 
-    fun isUserLocalProjectUser(userId: String, projectId: String): Boolean {
+    private fun isUserLocalProjectUser(userId: String, projectId: String): Boolean {
         return permHelper.isUserLocalProjectUser(userId, projectId)
     }
 

diff --git a/...main/kotlin/com/tencent/bkrepo/common/artifact/event/listener/ArtifactTransferListener.kt b/...main/kotlin/com/tencent/bkrepo/common/artifact/event/listener/ArtifactTransferListener.kt
@@ -37,6 +37,7 @@ import com.tencent.bkrepo.common.artifact.constant.DEFAULT_STORAGE_KEY
 import com.tencent.bkrepo.common.artifact.event.ArtifactReceivedEvent
 import com.tencent.bkrepo.common.artifact.event.ArtifactResponseEvent
 import com.tencent.bkrepo.common.artifact.event.ChunkArtifactTransferEvent
+import com.tencent.bkrepo.common.artifact.hash.md5
 import com.tencent.bkrepo.common.artifact.metrics.ArtifactCacheMetrics
 import com.tencent.bkrepo.common.artifact.metrics.ArtifactMetrics
 import com.tencent.bkrepo.common.artifact.metrics.ArtifactMetricsProperties
@@ -106,7 +107,8 @@ class ArtifactTransferListener(
                     host = artifactMetricsProperties.host,
                     builderAgentList = artifactMetricsProperties.builderAgentList,
                     clientAgentList = artifactMetricsProperties.clientAgentList
-                ).name
+                ).name,
+                userId = SecurityUtils.getUserId().md5()
             )
             if (SecurityUtils.getUserId() != SYSTEM_USER) {
                 projectUsageStatisticsService.inc(projectId = projectId, receivedBytes = throughput.bytes)
@@ -151,7 +153,8 @@ class ArtifactTransferListener(
                     host = artifactMetricsProperties.host,
                     builderAgentList = artifactMetricsProperties.builderAgentList,
                     clientAgentList = artifactMetricsProperties.clientAgentList
-                ).name
+                ).name,
+                userId = SecurityUtils.getUserId().md5()
             )
             if (SecurityUtils.getUserId() != SYSTEM_USER) {
                 projectUsageStatisticsService.inc(projectId = projectId, responseBytes = throughput.bytes)
@@ -207,7 +210,8 @@ class ArtifactTransferListener(
                     host = artifactMetricsProperties.host,
                     builderAgentList = artifactMetricsProperties.builderAgentList,
                     clientAgentList = artifactMetricsProperties.clientAgentList
-                ).name
+                ).name,
+                userId = SecurityUtils.getUserId().md5()
             )
             if (artifactMetricsProperties.collectByLog) {
                 logger.info(

diff --git a/...vice/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecord.kt b/...vice/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecord.kt
@@ -63,6 +63,8 @@ data class ArtifactTransferRecord(
     val fullPath: String,
     @Column(name = "agent")
     val agent: String,
+    @Column(name = "userId")
+    val userId: String,
 ) {
     companion object {
         const val RECEIVE = "RECEIVE"

diff --git a/...e/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecordLog.kt b/...e/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecordLog.kt
@@ -46,6 +46,7 @@ class ArtifactTransferRecordLog(
     val repoName: String = record.repoName
     val agent: String = record.agent
     val fullPath: String = record.fullPath
+    val userId: String = record.userId
     val service: String? = commonTag["service"]
     val instance: String? = commonTag["instance"]
     val host: String? = commonTag["host"]

diff --git a/.../main/kotlin/com/tencent/bkrepo/common/artifact/metrics/export/ArtifactMetricsExporter.kt b/.../main/kotlin/com/tencent/bkrepo/common/artifact/metrics/export/ArtifactMetricsExporter.kt
@@ -74,6 +74,7 @@ class ArtifactMetricsExporter(
         labels[ArtifactTransferRecord::elapsed.name] = record.elapsed.toString()
         labels[ArtifactTransferRecord::type.name] = record.type
         labels[ArtifactTransferRecord::agent.name] = record.agent
+        labels[ArtifactTransferRecord::userId.name] = record.userId
         return labels
     }
 

diff --git a/...ice/src/main/kotlin/com/tencent/bkrepo/common/operate/service/OperateAutoConfiguration.kt b/...ice/src/main/kotlin/com/tencent/bkrepo/common/operate/service/OperateAutoConfiguration.kt
@@ -67,7 +67,8 @@ class OperateAutoConfiguration {
         clusterProperties: ClusterProperties
     ): OperateLogService {
         return if (clusterProperties.role == ClusterNodeType.EDGE &&
-            clusterProperties.architecture == ClusterArchitecture.COMMIT_EDGE
+            clusterProperties.architecture == ClusterArchitecture.COMMIT_EDGE &&
+            clusterProperties.commitEdge.oplog.enabled
         ) {
             CommitEdgeOperateLogServiceImpl(operateProperties, operateLogDao, permissionManager, clusterProperties)
         } else {

diff --git a/...n/com/tencent/bkrepo/common/service/cluster/properties/commitedge/CommitEdgeProperties.kt b/...n/com/tencent/bkrepo/common/service/cluster/properties/commitedge/CommitEdgeProperties.kt
@@ -30,5 +30,6 @@ package com.tencent.bkrepo.common.service.cluster.properties.commitedge
 data class CommitEdgeProperties(
     var repo: RepoProperties = RepoProperties(),
     var `package`: PackageProperties = PackageProperties(),
-    var auth: AuthProperties = AuthProperties()
+    var auth: AuthProperties = AuthProperties(),
+    var oplog: OpLogProperties = OpLogProperties()
 )
diff --git a/...kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/OpLogProperties.kt b/...kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/OpLogProperties.kt
@@ -0,0 +1,32 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2024 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ *  A copy of the MIT License is included in this file.
+ *
+ *
+ *  Terms of the MIT License:
+ *  ---------------------------------------------------
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ *  documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ *  rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ *  permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ *  the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ *  LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ *  NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ *  WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ *  SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.bkrepo.common.service.cluster.properties.commitedge
+
+data class OpLogProperties(
+    var enabled: Boolean = false,
+)
diff --git a/...lin/com/tencent/bkrepo/repository/service/fs/impl/center/CommitEdgeCenterFsServiceImpl.kt b/...lin/com/tencent/bkrepo/repository/service/fs/impl/center/CommitEdgeCenterFsServiceImpl.kt
@@ -47,7 +47,7 @@ class CommitEdgeCenterFsServiceImpl(
 ) {
     override fun buildTNode(request: NodeCreateRequest): TNode {
         val tNode = super.buildTNode(request)
-        tNode.clusterNames = setOf(SecurityUtils.getClusterName() ?: clusterProperties.self.name!!)
+        tNode.clusterNames = SecurityUtils.getClusterName()?.let { setOf(it) }
         return tNode
     }
 }
diff --git a/...y/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/edge/EdgeFsServiceImpl.kt b/...y/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/edge/EdgeFsServiceImpl.kt
@@ -27,8 +27,9 @@
 
 package com.tencent.bkrepo.repository.service.fs.impl.edge
 
-import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties
+import com.tencent.bkrepo.common.artifact.util.ClusterUtils.reportMetadataToCenter
 import com.tencent.bkrepo.common.service.cluster.condition.CommitEdgeEdgeCondition
+import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties
 import com.tencent.bkrepo.common.service.feign.FeignClientFactory
 import com.tencent.bkrepo.repository.api.cluster.ClusterFsNodeClient
 import com.tencent.bkrepo.repository.dao.NodeDao
@@ -53,18 +54,28 @@ class EdgeFsServiceImpl(
         by lazy { FeignClientFactory.create(clusterProperties.center, "repository", clusterProperties.self.name) }
 
     override fun createNode(createRequest: NodeCreateRequest): NodeDetail {
-        centerNodeClient.createNode(createRequest)
-        return super.createNode(createRequest)
+        with(createRequest) {
+            if (reportMetadataToCenter(projectId, repoName)) {
+                centerNodeClient.createNode(this)
+            }
+            return super.createNode(this)
+        }
     }
 
     override fun setLength(setLengthRequest: NodeSetLengthRequest) {
-        centerNodeClient.setLength(setLengthRequest)
-        super.setLength(setLengthRequest)
+        with(setLengthRequest) {
+            if (reportMetadataToCenter(projectId, repoName)) {
+                centerNodeClient.setLength(this)
+            }
+            super.setLength(this)
+        }
     }
 
     override fun buildTNode(request: NodeCreateRequest): TNode {
         val tNode = super.buildTNode(request)
-        tNode.clusterNames = setOf(clusterProperties.self.name!!)
+        if (reportMetadataToCenter(request.projectId, request.repoName)) {
+            tNode.clusterNames = setOf(clusterProperties.self.name!!)
+        }
         return tNode
     }
 }