manager/orion-visor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: 主机额外配置保存.

Browse Source
This commit is contained in:
lijiahangmax
2023-12-24 22:20:33 +08:00
parent 68ac0d6968
commit 03c87b28d4
16 changed files with 187 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java
View File

@@ -67,4 +67,6 @@ public interface ErrorMessage {
String BEFORE_PASSWORD_ERROR = "原密码错误";
String DATA_NO_PERMISSION = "数据无权限";
}

57
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/extra/strategy/HostSshExtraStrategy.java
View File

@@ -1,10 +1,20 @@
package com.orion.ops.module.asset.handler.host.extra.strategy;
import com.orion.ops.framework.common.constant.ErrorMessage;
import com.orion.ops.framework.common.handler.data.strategy.MapDataStrategy;
import com.orion.ops.framework.common.utils.Valid;
import com.orion.ops.framework.security.core.utils.SecurityUtils;
import com.orion.ops.module.asset.dao.HostIdentityDAO;
import com.orion.ops.module.asset.dao.HostKeyDAO;
import com.orion.ops.module.asset.enums.HostExtraSshAuthTypeEnum;
import com.orion.ops.module.asset.handler.host.extra.model.HostSshExtraModel;
import com.orion.ops.module.infra.api.DataPermissionApi;
import com.orion.ops.module.infra.api.SystemUserApi;
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
/**
* 主机拓展信息 - ssh 模型处理策略
*
@@ -15,6 +25,18 @@ import org.springframework.stereotype.Component;
@Component
public class HostSshExtraStrategy implements MapDataStrategy<HostSshExtraModel> {
@Resource
private HostKeyDAO hostKeyDAO;
@Resource
private HostIdentityDAO hostIdentityDAO;
@Resource
private SystemUserApi systemUserApi;
@Resource
private DataPermissionApi dataPermissionApi;
@Override
public HostSshExtraModel getDefault() {
return HostSshExtraModel.builder()
@@ -24,17 +46,46 @@ public class HostSshExtraStrategy implements MapDataStrategy<HostSshExtraModel>
@Override
public void updateFill(HostSshExtraModel beforeModel, HostSshExtraModel afterModel) {
}
@Override
public void preValid(HostSshExtraModel model) {
HostExtraSshAuthTypeEnum authType = Valid.valid(HostExtraSshAuthTypeEnum::of, model.getAuthType());
model.setAuthType(authType.name());
Long keyId = model.getKeyId();
Long identityId = model.getIdentityId();
// 必填验证
if (HostExtraSshAuthTypeEnum.KEY.equals(authType)) {
Valid.notNull(keyId);
} else if (HostExtraSshAuthTypeEnum.IDENTITY.equals(authType)) {
Valid.notNull(identityId);
}
// 验证主机秘钥是否存在
if (keyId != null) {
Valid.notNull(hostKeyDAO.selectById(keyId), ErrorMessage.KEY_ABSENT);
}
// 验证主机身份是否存在
if (identityId != null) {
Valid.notNull(hostIdentityDAO.selectById(identityId), ErrorMessage.IDENTITY_ABSENT);
}
// 非管理员验证权限
Long userId = SecurityUtils.getLoginUserId();
if (!systemUserApi.isAdminUser(userId)) {
// 验证主机秘钥是否有权限
if (keyId != null) {
Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_KEY, userId, keyId),
ErrorMessage.DATA_NO_PERMISSION);
}
// 验证主机身份是否有权限
if (identityId != null) {
Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_IDENTITY, userId, identityId),
ErrorMessage.DATA_NO_PERMISSION);
}
}
}
@Override
public void valid(HostSshExtraModel model) {
}
}

14
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java
View File

@@ -48,18 +48,4 @@ public interface HostExtraService {
*/
Integer updateHostExtra(HostExtraUpdateRequest request);
/**
* 删除主机秘钥回调
*
* @param id id
*/
void deleteHostKeyCallback(Long id);
/**
* 删除主机身份回调
*
* @param id id
*/
void deleteHostIdentityCallback(Long id);
}

7
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java
View File

@@ -45,6 +45,7 @@ public class HostConfigServiceImpl implements HostConfigService {
private HostConfigDAO hostConfigDAO;
// FIXME 动态初始化
// 改为小写
@Override
public HostConfigVO getHostConfig(Long hostId, String type) {
@@ -73,12 +74,8 @@ public class HostConfigServiceImpl implements HostConfigService {
@Override
public List<HostConfigVO> getHostConfigList(Long hostId) {
// 查询
List<HostConfigDO> configs = hostConfigDAO.getHostConfigByHostId(hostId);
if (configs.isEmpty()) {
// 初始化 兜底
this.initHostConfig(hostId);
configs = hostConfigDAO.getHostConfigByHostId(hostId);
}
// 返回
return configs.stream().map(s -> {
HostConfigVO vo = HostConfigConvert.MAPPER.to(s);

10
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java
View File

@@ -122,16 +122,6 @@ public class HostExtraServiceImpl implements HostExtraService {
return dataExtraApi.updateExtraValue(beforeExtraItem.getId(), newExtra.serial());
}
@Override
public void deleteHostKeyCallback(Long id) {
}
@Override
public void deleteHostIdentityCallback(Long id) {
}
/**
* 检查配置项并且转为视图 (不存在则初始化默认值)
*

8
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostIdentityServiceImpl.java
View File

@@ -24,8 +24,8 @@ import com.orion.ops.module.asset.entity.request.host.HostIdentityCreateRequest;
import com.orion.ops.module.asset.entity.request.host.HostIdentityQueryRequest;
import com.orion.ops.module.asset.entity.request.host.HostIdentityUpdateRequest;
import com.orion.ops.module.asset.entity.vo.HostIdentityVO;
import com.orion.ops.module.asset.service.HostExtraService;
import com.orion.ops.module.asset.service.HostIdentityService;
import com.orion.ops.module.infra.api.DataExtraApi;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
@@ -56,7 +56,7 @@ public class HostIdentityServiceImpl implements HostIdentityService {
private HostConfigDAO hostConfigDAO;
@Resource
private HostExtraService hostExtraService;
private DataExtraApi dataExtraApi;
@Override
public Long createHostIdentity(HostIdentityCreateRequest request) {
@@ -178,8 +178,8 @@ public class HostIdentityServiceImpl implements HostIdentityService {
int effect = hostIdentityDAO.deleteById(id);
// 删除主机配置
hostConfigDAO.setIdentityIdWithNull(id);
// 删除主机额外配置
hostExtraService.deleteHostIdentityCallback(id);
// 删除主机身份额外配置
dataExtraApi.deleteHostIdentityExtra(id);
// 删除缓存
RedisMaps.delete(HostCacheKeyDefine.HOST_IDENTITY.getKey(), record.getId());
log.info("HostIdentityService-deleteHostIdentityById effect: {}", effect);

8
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostKeyServiceImpl.java
View File

@@ -22,8 +22,8 @@ import com.orion.ops.module.asset.entity.request.host.HostKeyCreateRequest;
import com.orion.ops.module.asset.entity.request.host.HostKeyQueryRequest;
import com.orion.ops.module.asset.entity.request.host.HostKeyUpdateRequest;
import com.orion.ops.module.asset.entity.vo.HostKeyVO;
import com.orion.ops.module.asset.service.HostExtraService;
import com.orion.ops.module.asset.service.HostKeyService;
import com.orion.ops.module.infra.api.DataExtraApi;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -53,7 +53,7 @@ public class HostKeyServiceImpl implements HostKeyService {
private HostConfigDAO hostConfigDAO;
@Resource
private HostExtraService hostExtraService;
private DataExtraApi dataExtraApi;
@Override
public Long createHostKey(HostKeyCreateRequest request) {
@@ -175,8 +175,8 @@ public class HostKeyServiceImpl implements HostKeyService {
hostIdentityDAO.setKeyWithNull(id);
// 删除主机配置
hostConfigDAO.setKeyIdWithNull(id);
// 删除主机额外配置
hostExtraService.deleteHostKeyCallback(id);
// 删除主机秘钥额外配置
dataExtraApi.deleteHostKeyExtra(id);
// 删除缓存
RedisMaps.delete(HostCacheKeyDefine.HOST_KEY.getKey(), record.getId());
log.info("HostKeyService-deleteHostKeyById effect: {}", effect);

16
orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataExtraApi.java
View File

@@ -96,4 +96,20 @@ public interface DataExtraApi {
*/
Integer deleteByRelId(DataExtraTypeEnum type, Long relId);
/**
* 删除主机秘钥
*
* @param keyId keyId
* @return effect
*/
int deleteHostKeyExtra(Long keyId);
/**
* 删除主机身份
*
* @param identityId identityId
* @return effect
*/
int deleteHostIdentityExtra(Long identityId);
}

10
orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataPermissionApi.java
View File

@@ -30,6 +30,16 @@ public interface DataPermissionApi {
*/
void updateDataPermission(DataPermissionTypeEnum type, DataPermissionUpdateDTO dto);
/**
* 检查用户是否有权限
*
* @param type type
* @param userId userId
* @param relId relId
* @return effect
*/
boolean hasPermission(DataPermissionTypeEnum type, Long userId, Long relId);
/**
* 通过 userId 查询数据权限 (不包含角色 不走缓存)
*

16
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataExtraApiImpl.java
View File

@@ -3,6 +3,7 @@ package com.orion.ops.module.infra.api.impl;
import com.orion.ops.framework.common.utils.Valid;
import com.orion.ops.module.infra.api.DataExtraApi;
import com.orion.ops.module.infra.convert.DataExtraProviderConvert;
import com.orion.ops.module.infra.dao.DataExtraDAO;
import com.orion.ops.module.infra.entity.domain.DataExtraDO;
import com.orion.ops.module.infra.entity.dto.data.DataExtraDTO;
import com.orion.ops.module.infra.entity.dto.data.DataExtraQueryDTO;
@@ -33,6 +34,9 @@ public class DataExtraApiImpl implements DataExtraApi {
@Resource
private DataExtraService dataExtraService;
@Resource
private DataExtraDAO dataExtraDAO;
@Override
public Integer setExtraItem(DataExtraSetDTO dto, DataExtraTypeEnum type) {
Valid.valid(dto);
@@ -103,4 +107,16 @@ public class DataExtraApiImpl implements DataExtraApi {
return dataExtraService.deleteByRelId(type.name(), relId);
}
@Override
public int deleteHostKeyExtra(Long keyId) {
Valid.notNull(keyId);
return dataExtraDAO.deleteHostKey(keyId);
}
@Override
public int deleteHostIdentityExtra(Long identityId) {
Valid.notNull(identityId);
return dataExtraDAO.deleteHostIdentity(identityId);
}
}

6
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataPermissionApiImpl.java
View File

@@ -49,6 +49,12 @@ public class DataPermissionApiImpl implements DataPermissionApi {
dataPermissionService.updateDataPermission(request);
}
@Override
public boolean hasPermission(DataPermissionTypeEnum type, Long userId, Long relId) {
Valid.allNotNull(userId, relId);
return dataPermissionService.hasPermission(type.name(), userId, relId);
}
@Override
public List<Long> getRelIdListByUserId(DataPermissionTypeEnum type, Long userId) {
return dataPermissionService.getRelIdListByUserId(type.name(), userId);

17
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/dao/DataExtraDAO.java
View File

@@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.orion.ops.framework.mybatis.core.mapper.IMapper;
import com.orion.ops.module.infra.entity.domain.DataExtraDO;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
/**
* 数据拓展信息 Mapper 接口
@@ -41,4 +42,20 @@ public interface DataExtraDAO extends IMapper<DataExtraDO> {
return this.delete(wrapper);
}
/**
* 删除主机秘钥
*
* @param keyId keyId
* @return effect
*/
int deleteHostKey(@Param("keyId") Long keyId);
/**
* 删除主机身份
*
* @param identityId identityId
* @return effect
*/
int deleteHostIdentity(@Param("identityId") Long identityId);
}

11
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/DataPermissionService.java
View File

@@ -1,6 +1,7 @@
package com.orion.ops.module.infra.service;
import com.orion.ops.module.infra.entity.request.data.DataPermissionUpdateRequest;
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
import java.util.List;
@@ -27,6 +28,16 @@ public interface DataPermissionService {
*/
void updateDataPermission(DataPermissionUpdateRequest request);
/**
* 检查用户是否有权限
*
* @param type type
* @param userId userId
* @param relId relId
* @return effect
*/
boolean hasPermission(String type, Long userId, Long relId);
/**
* 通过 userId 查询数据权限 (不包含角色 不走缓存)
*

47
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/DataPermissionServiceImpl.java
View File

@@ -104,6 +104,16 @@ public class DataPermissionServiceImpl implements DataPermissionService {
this.deleteCache(type, userId, roleId);
}
@Override
public boolean hasPermission(String type, Long userId, Long relId) {
// 查询用户授权列表
List<Long> relIdList = this.getUserAuthorizedRelIdList(type, userId);
if (relIdList.isEmpty()) {
return false;
}
return relIdList.contains(relId);
}
@Override
public List<Long> getRelIdListByUserId(String type, Long userId) {
return dataPermissionDAO.of()
@@ -185,41 +195,27 @@ public class DataPermissionServiceImpl implements DataPermissionService {
.collect(Collectors.toList());
List<Long> userIdList = mapper.apply(DataPermissionDO::getUserId);
List<Long> roleIdList = mapper.apply(DataPermissionDO::getRoleId);
this.deleteCache(Lists.singleton(type), userIdList, roleIdList);
this.deleteCache(userIdList, roleIdList);
return effect;
}
@Override
public int deleteByUserId(Long userId) {
LambdaQueryWrapper<DataPermissionDO> wrapper = Conditions.eq(DataPermissionDO::getUserId, userId);
// 查询
List<String> typeList = dataPermissionDAO.of()
.wrapper(wrapper)
.stream()
.map(DataPermissionDO::getType)
.distinct()
.collect(Collectors.toList());
// 删除
int effect = dataPermissionDAO.delete(wrapper);
// 删除缓存
this.deleteCache(typeList, Lists.singleton(userId), null);
this.deleteCache(Lists.singleton(userId), null);
return effect;
}
@Override
public int deleteByRoleId(Long roleId) {
LambdaQueryWrapper<DataPermissionDO> wrapper = Conditions.eq(DataPermissionDO::getRoleId, roleId);
// 查询
List<String> typeList = dataPermissionDAO.of()
.wrapper(wrapper)
.stream()
.map(DataPermissionDO::getType)
.distinct()
.collect(Collectors.toList());
// 删除
int effect = dataPermissionDAO.delete(wrapper);
// 删除缓存
this.deleteCache(typeList, null, Lists.singleton(roleId));
this.deleteCache(null, Lists.singleton(roleId));
return effect;
}
@@ -241,12 +237,12 @@ public class DataPermissionServiceImpl implements DataPermissionService {
@Override
public void clearUserCache(List<Long> userIdList) {
// 扫描的 key
List<String> keyMatchs = userIdList.stream()
List<String> keyMatches = userIdList.stream()
.distinct()
.map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format("*", s))
.collect(Collectors.toList());
// 扫描并删除
RedisUtils.scanKeysDelete(keyMatchs);
RedisUtils.scanKeysDelete(keyMatches);
}
/**
@@ -262,8 +258,10 @@ public class DataPermissionServiceImpl implements DataPermissionService {
userIdList.add(userId);
}
// 查询角色的权限
List<Long> roleUserIdList = systemUserRoleDAO.selectUserIdByRoleId(roleId);
userIdList.addAll(roleUserIdList);
if (roleId != null) {
List<Long> roleUserIdList = systemUserRoleDAO.selectUserIdByRoleId(roleId);
userIdList.addAll(roleUserIdList);
}
// 删除缓存
if (!userIdList.isEmpty()) {
List<String> keys = userIdList.stream()
@@ -276,11 +274,10 @@ public class DataPermissionServiceImpl implements DataPermissionService {
/**
* 删除缓存
*
* @param typeList typeList
* @param userIdList userIdList
* @param roleIdList roleIdList
*/
private void deleteCache(List<String> typeList, List<Long> userIdList, List<Long> roleIdList) {
private void deleteCache(List<Long> userIdList, List<Long> roleIdList) {
Set<Long> deleteUserIdList = new HashSet<>(4);
if (!Lists.isEmpty(userIdList)) {
deleteUserIdList.addAll(userIdList);
@@ -295,10 +292,10 @@ public class DataPermissionServiceImpl implements DataPermissionService {
}
// 删除缓存
List<String> keys = new ArrayList<>();
for (String type : typeList) {
for (DataPermissionTypeEnum type : DataPermissionTypeEnum.values()) {
userIdList.stream()
.filter(Objects::nonNull)
.map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format(type, s))
.map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format(type.name(), s))
.forEach(keys::add);
}
RedisLists.delete(keys);

2
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/SystemRoleServiceImpl.java
View File

@@ -185,7 +185,7 @@ public class SystemRoleServiceImpl implements SystemRoleService {
// 删除用户缓存中的角色
systemUserRoleService.deleteUserCacheRoleAsync(id, userIdList);
// 删除数据权限缓存
dataPermissionService.clearUserCache(userIdList);
dataPermissionService.deleteByRoleId(id);
return effect;
}

22
orion-ops-module-infra/orion-ops-module-infra-service/src/main/resources/mapper/DataExtraMapper.xml
View File

@@ -22,4 +22,26 @@
id, user_id, rel_id, type, item, value, create_time, update_time, creator, updater, deleted
</sql>
<delete id="deleteHostKey">
UPDATE data_extra
SET value = JSON_REPLACE(value,
"$.keyId", NULL,
"$.authType", IF(JSON_EXTRACT(value, "$.authType") = 'KEY', 'DEFAULT', JSON_EXTRACT(value, "$.authType")))
WHERE deleted = 0
AND type = 'HOST'
AND item = 'ssh'
AND JSON_CONTAINS(value, JSON_OBJECT('keyId', #{keyId}))
</delete>
<delete id="deleteHostIdentity">
UPDATE data_extra
SET value = JSON_REPLACE(value,
"$.identityId", NULL,
"$.authType", IF(JSON_EXTRACT(value, "$.authType") = 'IDENTITY', 'DEFAULT', JSON_EXTRACT(value, "$.authType")))
WHERE deleted = 0
AND type = 'HOST'
AND item = 'ssh'
AND JSON_CONTAINS(value, JSON_OBJECT('identityId', #{identityId}))
</delete>
</mapper>