diff --git a/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java b/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java index c26059ec..7808d812 100644 --- a/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java +++ b/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java @@ -69,4 +69,6 @@ public interface ErrorMessage { String DATA_NO_PERMISSION = "数据无权限"; + String ANY_NO_PERMISSION = "{}无权限"; + } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/dto/HostSshConnectDTO.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/dto/HostSshConnectDTO.java new file mode 100644 index 00000000..18138da7 --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/dto/HostSshConnectDTO.java @@ -0,0 +1,52 @@ +package com.orion.ops.module.asset.entity.dto; + +import com.orion.ops.module.asset.entity.domain.HostKeyDO; +import com.orion.ops.module.asset.enums.HostSshAuthTypeEnum; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +/** + * 主机连接参数 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/12/26 15:47 + */ +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +@Schema(name = "HostSshConnectDTO", description = "主机连接参数") +public class HostSshConnectDTO { + + @Schema(description = "hostId") + private Long hostId; + + @Schema(description = "主机地址") + private String address; + + @Schema(description = "端口") + private Integer port; + + @Schema(description = "超时时间") + private Integer timeout; + + @Schema(description = "认证方式") + private HostSshAuthTypeEnum authType; + + @Schema(description = "用户名") + private String username; + + @Schema(description = "密码") + private String password; + + @Schema(description = "主机秘钥") + private HostKeyDO key; + + // @Schema(description = "") + // private ; + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostExtraSshAuthTypeEnum.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostExtraSshAuthTypeEnum.java index fd67d48c..e993bba5 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostExtraSshAuthTypeEnum.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostExtraSshAuthTypeEnum.java @@ -28,14 +28,14 @@ public enum HostExtraSshAuthTypeEnum { public static HostExtraSshAuthTypeEnum of(String type) { if (type == null) { - return DEFAULT; + return null; } for (HostExtraSshAuthTypeEnum value : values()) { if (value.name().equals(type)) { return value; } } - return DEFAULT; + return null; } } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostConfigSshAuthTypeEnum.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostSshAuthTypeEnum.java similarity index 75% rename from orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostConfigSshAuthTypeEnum.java rename to orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostSshAuthTypeEnum.java index 62637c41..ffe50f2f 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostConfigSshAuthTypeEnum.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/enums/HostSshAuthTypeEnum.java @@ -7,7 +7,7 @@ package com.orion.ops.module.asset.enums; * @version 1.0.0 * @since 2023/9/21 19:01 */ -public enum HostConfigSshAuthTypeEnum { +public enum HostSshAuthTypeEnum { /** * 密码验证 @@ -26,11 +26,11 @@ public enum HostConfigSshAuthTypeEnum { ; - public static HostConfigSshAuthTypeEnum of(String type) { + public static HostSshAuthTypeEnum of(String type) { if (type == null) { return null; } - for (HostConfigSshAuthTypeEnum value : values()) { + for (HostSshAuthTypeEnum value : values()) { if (value.name().equals(type)) { return value; } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/config/strategy/HostSshConfigStrategy.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/config/strategy/HostSshConfigStrategy.java index 5be2dc1d..d3fdcb15 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/config/strategy/HostSshConfigStrategy.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/config/strategy/HostSshConfigStrategy.java @@ -12,7 +12,7 @@ import com.orion.ops.framework.common.security.PasswordModifier; import com.orion.ops.framework.common.utils.Valid; import com.orion.ops.module.asset.dao.HostIdentityDAO; import com.orion.ops.module.asset.dao.HostKeyDAO; -import com.orion.ops.module.asset.enums.HostConfigSshAuthTypeEnum; +import com.orion.ops.module.asset.enums.HostSshAuthTypeEnum; import com.orion.ops.module.asset.handler.host.config.model.HostSshConfigModel; import org.springframework.stereotype.Component; @@ -44,7 +44,7 @@ public class HostSshConfigStrategy implements MapDataStrategy // 验证主机秘钥是否有权限 if (keyId != null) { Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_KEY, userId, keyId), - ErrorMessage.DATA_NO_PERMISSION); + ErrorMessage.ANY_NO_PERMISSION, + DataPermissionTypeEnum.HOST_KEY.getPermissionName()); } // 验证主机身份是否有权限 if (identityId != null) { Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_IDENTITY, userId, identityId), - ErrorMessage.DATA_NO_PERMISSION); + ErrorMessage.ANY_NO_PERMISSION, + DataPermissionTypeEnum.HOST_IDENTITY.getPermissionName()); } } } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java index d81490f2..ec58cf4b 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java @@ -34,6 +34,14 @@ public interface AssetAuthorizedDataService { */ AuthorizedHostWrapperVO getUserAuthorizedHostGroup(Long userId); + /** + * 获取用户已授权的主机id 不查询角色 + * + * @param userId userId + * @return hostId + */ + List getUserAuthorizedHostId(Long userId); + /** * 查询用户已授权的主机秘钥 * diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostConnectService.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostConnectService.java new file mode 100644 index 00000000..c39cc08e --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostConnectService.java @@ -0,0 +1,33 @@ +package com.orion.ops.module.asset.service; + +import com.orion.net.host.SessionStore; + +/** + * 主机连接服务 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/12/26 14:22 + */ +public interface HostConnectService { + + /** + * 打开主机会话 + * 鉴权并且读取用户配置 + * + * @param hostId hostId + * @param userId userId + * @return session + */ + SessionStore openSessionStore(Long hostId, Long userId); + + /** + * 打开主机会话 + * 使用默认配置 不鉴权 + * + * @param hostId hostId + * @return session + */ + SessionStore openSessionStore(Long hostId); + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java index bf67fe9f..6efc57c6 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java @@ -1,8 +1,10 @@ package com.orion.ops.module.asset.service; +import com.orion.ops.framework.common.handler.data.model.GenericsDataModel; import com.orion.ops.module.asset.entity.request.host.HostAliasUpdateRequest; import com.orion.ops.module.asset.entity.request.host.HostExtraQueryRequest; import com.orion.ops.module.asset.entity.request.host.HostExtraUpdateRequest; +import com.orion.ops.module.asset.enums.HostExtraItemEnum; import java.util.Map; @@ -32,6 +34,17 @@ public interface HostExtraService { */ Map getHostExtra(Long hostId, String item); + /** + * 获取主机额外配置 + * + * @param userId userId + * @param hostId hostId + * @param item item + * @param T + * @return extra + */ + T getHostExtra(Long userId, Long hostId, HostExtraItemEnum item); + /** * 获取多个主机拓展信息 * diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java index b6425b56..3c2696c0 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java @@ -101,6 +101,24 @@ public class AssetAuthorizedDataServiceImpl implements AssetAuthorizedDataServic } } + @Override + public List getUserAuthorizedHostId(Long userId) { + // 查询授权的分组 + List authorizedIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_GROUP, userId); + if (authorizedIdList.isEmpty()) { + return Lists.empty(); + } + // 查询分组主机映射 + Map> dataGroupRel = dataGroupRelApi.getGroupRelList(DataGroupTypeEnum.HOST); + // 返回 + return authorizedIdList.stream() + .map(dataGroupRel::get) + .filter(Lists::isNotEmpty) + .flatMap(Collection::stream) + .distinct() + .collect(Collectors.toList()); + } + @Override public List getUserAuthorizedHostKey(Long userId) { if (systemUserApi.isAdminUser(userId)) { diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java index 5e52bae3..e2986beb 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java @@ -1,6 +1,5 @@ package com.orion.ops.module.asset.service.impl; -import com.alibaba.fastjson.JSON; import com.orion.ops.framework.biz.operator.log.core.uitls.OperatorLogs; import com.orion.ops.framework.common.constant.Const; import com.orion.ops.framework.common.constant.ErrorMessage; @@ -67,7 +66,7 @@ public class HostConfigServiceImpl implements HostConfigService { if (config == null) { return null; } - return (T) JSON.parseObject(config.getConfig(), type.getModel()); + return type.parse(config.getConfig()); } @Override diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConnectServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConnectServiceImpl.java new file mode 100644 index 00000000..198c4b65 --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConnectServiceImpl.java @@ -0,0 +1,243 @@ +package com.orion.ops.module.asset.service.impl; + +import com.orion.lang.exception.AuthenticationException; +import com.orion.lang.utils.Exceptions; +import com.orion.lang.utils.Strings; +import com.orion.net.host.SessionHolder; +import com.orion.net.host.SessionStore; +import com.orion.ops.framework.common.constant.Const; +import com.orion.ops.framework.common.constant.ErrorMessage; +import com.orion.ops.framework.common.utils.CryptoUtils; +import com.orion.ops.framework.common.utils.Valid; +import com.orion.ops.module.asset.dao.HostDAO; +import com.orion.ops.module.asset.dao.HostIdentityDAO; +import com.orion.ops.module.asset.dao.HostKeyDAO; +import com.orion.ops.module.asset.entity.domain.HostDO; +import com.orion.ops.module.asset.entity.domain.HostIdentityDO; +import com.orion.ops.module.asset.entity.domain.HostKeyDO; +import com.orion.ops.module.asset.entity.dto.HostSshConnectDTO; +import com.orion.ops.module.asset.enums.HostConfigTypeEnum; +import com.orion.ops.module.asset.enums.HostExtraItemEnum; +import com.orion.ops.module.asset.enums.HostExtraSshAuthTypeEnum; +import com.orion.ops.module.asset.enums.HostSshAuthTypeEnum; +import com.orion.ops.module.asset.handler.host.config.model.HostSshConfigModel; +import com.orion.ops.module.asset.handler.host.extra.model.HostSshExtraModel; +import com.orion.ops.module.asset.service.HostConfigService; +import com.orion.ops.module.asset.service.HostConnectService; +import com.orion.ops.module.asset.service.HostExtraService; +import com.orion.ops.module.infra.api.DataPermissionApi; +import com.orion.ops.module.infra.api.SystemUserApi; +import com.orion.ops.module.infra.enums.DataPermissionTypeEnum; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; + +import javax.annotation.Resource; +import java.util.List; +import java.util.Optional; + +/** + * 主机连接服务 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/12/26 14:27 + */ +@Slf4j +@Service +public class HostConnectServiceImpl implements HostConnectService { + + @Resource + private HostConfigService hostConfigService; + + @Resource + private HostExtraService hostExtraService; + + @Resource + private AssetAuthorizedDataServiceImpl assetAuthorizedDataService; + + @Resource + private HostDAO hostDAO; + + @Resource + private HostIdentityDAO hostIdentityDAO; + + @Resource + private HostKeyDAO hostKeyDAO; + + @Resource + private DataPermissionApi dataPermissionApi; + + @Resource + private SystemUserApi systemUserApi; + + @Override + public SessionStore openSessionStore(Long hostId, Long userId) { + log.info("HostConnectService.openSessionStore-withUser hostId: {}, userId: {}", hostId, userId); + // 查询主机 + HostDO host = hostDAO.selectById(hostId); + Valid.notNull(host, ErrorMessage.HOST_ABSENT); + // 查询主机配置 + HostSshConfigModel config = hostConfigService.getHostConfig(hostId, HostConfigTypeEnum.SSH); + Valid.notNull(config, ErrorMessage.CONFIG_ABSENT); + // 查询主机额外配置 + HostSshExtraModel extra = hostExtraService.getHostExtra(userId, hostId, HostExtraItemEnum.SSH); + // 非管理员检查权限 + if (!systemUserApi.isAdminUser(userId)) { + // 验证主机是否有权限 + List hostIdList = assetAuthorizedDataService.getUserAuthorizedHostId(userId); + Valid.isTrue(hostIdList.contains(hostId), + ErrorMessage.ANY_NO_PERMISSION, + DataPermissionTypeEnum.HOST_GROUP.getPermissionName()); + // 检查额外配置权限 + if (extra != null) { + HostExtraSshAuthTypeEnum extraAuthType = HostExtraSshAuthTypeEnum.of(extra.getAuthType()); + if (HostExtraSshAuthTypeEnum.CUSTOM_KEY.equals(extraAuthType)) { + // 验证主机秘钥是否有权限 + Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_KEY, userId, extra.getKeyId()), + ErrorMessage.ANY_NO_PERMISSION, + DataPermissionTypeEnum.HOST_KEY.getPermissionName()); + } else if (HostExtraSshAuthTypeEnum.CUSTOM_IDENTITY.equals(extraAuthType)) { + // 验证主机身份是否有权限 + Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_IDENTITY, userId, extra.getIdentityId()), + ErrorMessage.ANY_NO_PERMISSION, + DataPermissionTypeEnum.HOST_IDENTITY.getPermissionName()); + } + } + } + // 连接 + return this.openSessionStoreWithHost(host, config, extra); + } + + @Override + public SessionStore openSessionStore(Long hostId) { + log.info("HostConnectService.openSessionStore-withHost hostId: {}", hostId); + // 查询主机 + HostDO host = hostDAO.selectById(hostId); + Valid.notNull(host, ErrorMessage.HOST_ABSENT); + // 查询主机配置 + HostSshConfigModel config = hostConfigService.getHostConfig(hostId, HostConfigTypeEnum.SSH); + Valid.notNull(config, ErrorMessage.CONFIG_ABSENT); + // 连接 + return this.openSessionStoreWithHost(host, config, null); + } + + /** + * 打开主机会话 + * + * @param host host + * @param config config + * @param extra extra + * @return session + */ + private SessionStore openSessionStoreWithHost(HostDO host, + HostSshConfigModel config, + HostSshExtraModel extra) { + // 获取认证方式 + HostSshAuthTypeEnum authType = HostSshAuthTypeEnum.of(config.getAuthType()); + HostExtraSshAuthTypeEnum extraAuthType = Optional.ofNullable(extra) + .map(HostSshExtraModel::getAuthType) + .map(HostExtraSshAuthTypeEnum::of) + .orElse(HostExtraSshAuthTypeEnum.DEFAULT); + if (HostExtraSshAuthTypeEnum.CUSTOM_KEY.equals(extraAuthType)) { + // 自定义秘钥 + authType = HostSshAuthTypeEnum.KEY; + config.setKeyId(extra.getKeyId()); + if (extra.getUsername() != null) { + config.setUsername(extra.getUsername()); + } + } else if (HostExtraSshAuthTypeEnum.CUSTOM_IDENTITY.equals(extraAuthType)) { + // 自定义身份 + authType = HostSshAuthTypeEnum.IDENTITY; + config.setIdentityId(extra.getIdentityId()); + } + // 填充认证信息 + HostSshConnectDTO conn = new HostSshConnectDTO(); + conn.setHostId(host.getId()); + conn.setAddress(host.getAddress()); + conn.setPort(config.getPort()); + conn.setTimeout(config.getConnectTimeout()); + conn.setAuthType(authType); + conn.setUsername(config.getUsername()); + // 填充身份信息 + if (HostSshAuthTypeEnum.PASSWORD.equals(authType)) { + conn.setPassword(config.getPassword()); + } else if (HostSshAuthTypeEnum.KEY.equals(authType)) { + // 秘钥认证 + HostKeyDO key = hostKeyDAO.selectById(config.getKeyId()); + Valid.notNull(key, ErrorMessage.KEY_ABSENT); + conn.setKey(key); + } else if (HostSshAuthTypeEnum.IDENTITY.equals(authType)) { + // 身份认证 + HostIdentityDO identity = hostIdentityDAO.selectById(config.getIdentityId()); + Valid.notNull(identity, ErrorMessage.IDENTITY_ABSENT); + if (identity.getKeyId() != null) { + // 秘钥认证 + HostKeyDO key = hostKeyDAO.selectById(config.getKeyId()); + Valid.notNull(key, ErrorMessage.KEY_ABSENT); + conn.setKey(key); + } + conn.setUsername(identity.getUsername()); + conn.setPassword(identity.getPassword()); + } + // 连接 + return this.openSessionStoreWithConfig(conn); + } + + /** + * 打开主机会话 + * + * @param conn conn + * @return session + */ + private SessionStore openSessionStoreWithConfig(HostSshConnectDTO conn) { + Long hostId = conn.getHostId(); + String address = conn.getAddress(); + String username = conn.getUsername(); + log.info("HostConnectService-openSessionStore-start hostId: {}, address: {}, username: {}", hostId, address, username); + try { + SessionHolder sessionHolder = new SessionHolder(); + HostKeyDO key = conn.getKey(); + final boolean useKey = key != null; + // 使用秘钥认证 + if (useKey) { + // 加载秘钥 + String publicKey = Optional.ofNullable(key.getPublicKey()) + .map(CryptoUtils::decryptAsString) + .orElse(null); + String privateKey = Optional.ofNullable(key.getPrivateKey()) + .map(CryptoUtils::decryptAsString) + .orElse(null); + String password = Optional.ofNullable(key.getPassword()) + .map(CryptoUtils::decryptAsString) + .orElse(null); + sessionHolder.addIdentityValue(String.valueOf(key.getId()), + privateKey, + publicKey, + password); + } + // 获取会话 + SessionStore session = sessionHolder.getSession(address, conn.getPort(), username); + // 使用密码认证 + if (!useKey) { + session.password(CryptoUtils.decryptAsString(conn.getPassword())); + } + // 连接 + session.connect(conn.getTimeout()); + log.info("HostConnectService-openSessionStore-success hostId: {}, address: {}, username: {}", hostId, address, username); + return session; + } catch (Exception e) { + String message = e.getMessage(); + log.error("HostConnectService-openSessionStore-error hostId: {}, address: {}, username: {}, message: {}", hostId, address, username, message, e); + if (Strings.contains(message, Const.TIMEOUT)) { + // 连接超时 + throw Exceptions.timeout(message, e); + } else if (e instanceof AuthenticationException) { + // 认证失败 + throw Exceptions.authentication(message, e); + } else { + throw e; + } + } + } + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java index dbda3c76..5c0ee5b0 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java @@ -67,6 +67,17 @@ public class HostExtraServiceImpl implements HostExtraService { return this.checkItemAndToView(extraItem, extraValue, userId, hostId); } + @Override + public T getHostExtra(Long userId, Long hostId, HostExtraItemEnum item) { + DataExtraQueryDTO query = DataExtraQueryDTO.builder() + .userId(userId) + .relId(hostId) + .item(item.getItem()) + .build(); + String extraValue = dataExtraApi.getExtraValue(query, DataExtraTypeEnum.HOST); + return item.parse(extraValue); + } + @Override public Map> getHostExtraList(HostExtraQueryRequest request) { Long hostId = request.getHostId(); diff --git a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java index 98a8a102..1944f177 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java +++ b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java @@ -17,17 +17,17 @@ public enum DataPermissionTypeEnum { /** * 主机分组 */ - HOST_GROUP(true), + HOST_GROUP(true, "主机"), /** * 主机秘钥 */ - HOST_KEY(true), + HOST_KEY(true, "主机秘钥"), /** * 主机身份 */ - HOST_IDENTITY(true), + HOST_IDENTITY(true, "主机身份"), ; @@ -36,6 +36,11 @@ public enum DataPermissionTypeEnum { */ private final boolean toRole; + /** + * 权限名称 + */ + private final String permissionName; + public static DataPermissionTypeEnum of(String type) { if (type == null) { return null; diff --git a/sql/init-2-schema-tables.sql b/sql/init-2-schema-tables.sql index c225e33e..2d5f3eed 100644 --- a/sql/init-2-schema-tables.sql +++ b/sql/init-2-schema-tables.sql @@ -290,17 +290,17 @@ CREATE TABLE `host` DROP TABLE IF EXISTS `host_config`; CREATE TABLE `host_config` ( - `id` bigint(0) NOT NULL AUTO_INCREMENT COMMENT 'id', - `host_id` bigint(0) NULL DEFAULT NULL COMMENT '主机id', + `id` bigint(0) NOT NULL AUTO_INCREMENT COMMENT 'id', + `host_id` bigint(0) NULL DEFAULT NULL COMMENT '主机id', `type` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '配置类型', - `status` tinyint(0) NULL DEFAULT 1 COMMENT '状态 0停用 1启用', - `config` json NULL COMMENT '配置详情', - `version` int(0) NULL DEFAULT 0 COMMENT '配置版本号', - `create_time` datetime(0) NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', - `update_time` datetime(0) NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP(0) COMMENT '修改时间', - `creator` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT NULL COMMENT '创建人', - `updater` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT NULL COMMENT '更新人', - `deleted` tinyint(1) NULL DEFAULT 0 COMMENT '是否删除 0未删除 1已删除', + `status` tinyint(0) NULL DEFAULT 1 COMMENT '状态 0停用 1启用', + `config` json NULL COMMENT '配置详情', + `version` int(0) NULL DEFAULT 0 COMMENT '配置版本号', + `create_time` datetime(0) NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间', + `update_time` datetime(0) NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP(0) COMMENT '修改时间', + `creator` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT NULL COMMENT '创建人', + `updater` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NULL DEFAULT NULL COMMENT '更新人', + `deleted` tinyint(1) NULL DEFAULT 0 COMMENT '是否删除 0未删除 1已删除', PRIMARY KEY (`id`) USING BTREE, INDEX `idx_host_type` (`host_id`, `type`) USING BTREE ) ENGINE = InnoDB diff --git a/sql/init-3-data.sql b/sql/init-3-data.sql index acff3975..d51dbf8a 100644 --- a/sql/init-3-data.sql +++ b/sql/init-3-data.sql @@ -91,7 +91,7 @@ INSERT INTO `dict_key` VALUES (7, 'systemMenuCache', 'INTEGER', '[]', '菜单缓 INSERT INTO `dict_key` VALUES (8, 'dictValueType', 'STRING', '[{\"name\": \"color\", \"type\": \"COLOR\"}]', '字典配置值类型', '2023-10-27 01:48:51', '2023-10-27 01:48:51', '1', '1', 0); INSERT INTO `dict_key` VALUES (9, 'systemUserStatus', 'INTEGER', '[{\"name\": \"color\", \"type\": \"COLOR\"}]', '用户状态', '2023-10-27 12:10:41', '2023-10-27 12:10:41', '1', '1', 0); INSERT INTO `dict_key` VALUES (10, 'systemRoleStatus', 'INTEGER', '[{\"name\": \"color\", \"type\": \"COLOR\"}, {\"name\": \"status\", \"type\": \"STRING\"}]', '角色状态', '2023-10-27 12:33:04', '2023-10-27 12:33:17', '1', '1', 0); -INSERT INTO `dict_key` VALUES (11, 'hostAuthTypeType', 'STRING', '[]', '主机身份验证方式', '2023-10-27 14:29:12', '2023-10-27 14:29:12', '1', '1', 0); +INSERT INTO `dict_key` VALUES (11, 'hostSshAuthType', 'STRING', '[]', '主机ssh身份验证方式', '2023-10-27 14:29:12', '2023-12-25 15:41:40', '1', '1', 0); INSERT INTO `dict_key` VALUES (15, 'operatorLogResult', 'INTEGER', '[{\"name\": \"color\", \"type\": \"COLOR\"}]', '操作日志结果', '2023-10-31 17:35:28', '2023-10-31 17:42:50', '2', '2', 0); INSERT INTO `dict_key` VALUES (16, 'operatorRiskLevel', 'STRING', '[{\"name\": \"color\", \"type\": \"COLOR\"}]', '操作风险等级', '2023-11-01 16:03:00', '2023-11-01 16:03:00', '1', '1', 0); INSERT INTO `dict_key` VALUES (19, 'systemMenuNewWindow', 'INTEGER', '[]', '菜单是否开启新窗口', '2023-12-05 14:14:29', '2023-12-05 14:14:29', '1', '1', 0); @@ -101,6 +101,8 @@ INSERT INTO `dict_key` VALUES (22, 'terminalFontSize', 'INTEGER', '[]', '终端 INSERT INTO `dict_key` VALUES (23, 'terminalFontWeight', 'STRING', '[]', '终端文本粗细', '2023-12-11 17:18:43', '2023-12-11 17:21:36', '1', '1', 0); INSERT INTO `dict_key` VALUES (24, 'terminalCursorStyle', 'STRING', '[]', '终端光标样式', '2023-12-11 18:24:47', '2023-12-11 18:26:11', '1', '1', 0); INSERT INTO `dict_key` VALUES (25, 'terminalNewConnectionType', 'STRING', '[]', '终端新建连接类型', '2023-12-14 17:24:19', '2023-12-14 17:24:19', '1', '1', 0); +INSERT INTO `dict_key` VALUES (26, 'hostExtraSshAuthType', 'STRING', '[]', '主机额外配置ssh认证方式', '2023-12-25 15:41:22', '2023-12-25 15:41:22', '1', '1', 0); + -- 字典值 INSERT INTO `dict_value` VALUES (3, 4, 'systemMenuType', '1', '父菜单', '{}', 10, '2023-10-26 15:58:59', '2023-10-26 15:58:59', '1', '1', 0); INSERT INTO `dict_value` VALUES (4, 4, 'systemMenuType', '2', '子菜单', '{}', 20, '2023-10-26 16:44:34', '2023-10-26 16:44:34', '1', '1', 0); @@ -111,7 +113,7 @@ INSERT INTO `dict_value` VALUES (8, 6, 'systemMenuVisible', '0', '隐藏', '{\"c INSERT INTO `dict_value` VALUES (9, 6, 'systemMenuVisible', '1', '显示', '{\"color\": \"blue\"}', 20, '2023-10-27 00:25:30', '2023-10-27 00:25:58', '1', '1', 0); INSERT INTO `dict_value` VALUES (10, 7, 'systemMenuCache', '0', '不缓存', '{}', 10, '2023-10-27 00:26:15', '2023-10-27 00:26:15', '1', '1', 0); INSERT INTO `dict_value` VALUES (11, 7, 'systemMenuCache', '1', '缓存', '{}', 20, '2023-10-27 00:26:25', '2023-10-27 00:26:25', '1', '1', 0); -INSERT INTO `dict_value` VALUES (12, 8, 'dictValueType', 'STRING', '字符串', '{\"color\": \"arcoblue\"}', 10, '2023-10-27 01:49:18', '2023-10-27 01:49:18', '1', '1', 0); +INSERT INTO `dict_value` VALUES (12, 8, 'dictValueType', 'STRING', '字符串', '{\"color\": \"arcoblue\"}', 10, '2023-10-27 01:49:18', '2023-12-17 18:45:14', '1', '1', 0); INSERT INTO `dict_value` VALUES (13, 8, 'dictValueType', 'INTEGER', '整数', '{\"color\": \"arcoblue\"}', 20, '2023-10-27 01:54:30', '2023-10-27 01:54:30', '1', '1', 0); INSERT INTO `dict_value` VALUES (14, 8, 'dictValueType', 'DECIMAL', '小数', '{\"color\": \"purple\"}', 30, '2023-10-27 01:54:43', '2023-10-27 01:54:43', '1', '1', 0); INSERT INTO `dict_value` VALUES (15, 8, 'dictValueType', 'BOOLEAN', '布尔值', '{\"color\": \"pinkpurple\"}', 40, '2023-10-27 01:54:54', '2023-10-27 01:54:54', '1', '1', 0); @@ -121,11 +123,11 @@ INSERT INTO `dict_value` VALUES (18, 9, 'systemUserStatus', '1', '启用', '{\"c INSERT INTO `dict_value` VALUES (19, 9, 'systemUserStatus', '2', '锁定', '{\"color\": \"orange\"}', 30, '2023-10-27 12:13:24', '2023-10-27 12:13:24', '1', '1', 0); INSERT INTO `dict_value` VALUES (20, 10, 'systemRoleStatus', '0', '停用', '{\"color\": \"orange\", \"status\": \"danger\"}', 10, '2023-10-27 12:33:45', '2023-10-27 12:33:45', '1', '1', 0); INSERT INTO `dict_value` VALUES (21, 10, 'systemRoleStatus', '1', '启用', '{\"color\": \"blue\", \"status\": \"default\"}', 20, '2023-10-27 12:33:56', '2023-10-31 01:23:23', '1', '1', 0); -INSERT INTO `dict_value` VALUES (22, 11, 'hostAuthTypeType', 'PASSWORD', '密码验证', '{}', 10, '2023-10-27 14:29:28', '2023-10-27 14:29:28', '1', '1', 0); -INSERT INTO `dict_value` VALUES (23, 11, 'hostAuthTypeType', 'KEY', '秘钥验证', '{}', 20, '2023-10-27 14:29:35', '2023-10-27 14:29:35', '1', '1', 0); -INSERT INTO `dict_value` VALUES (24, 11, 'hostAuthTypeType', 'IDENTITY', '身份验证', '{}', 30, '2023-10-27 14:29:42', '2023-10-27 14:29:42', '1', '1', 0); +INSERT INTO `dict_value` VALUES (22, 11, 'hostSshAuthType', 'PASSWORD', '密码验证', '{}', 10, '2023-10-27 14:29:28', '2023-12-25 15:40:47', '1', '1', 0); +INSERT INTO `dict_value` VALUES (23, 11, 'hostSshAuthType', 'KEY', '秘钥验证', '{}', 20, '2023-10-27 14:29:35', '2023-12-25 15:40:47', '1', '1', 0); +INSERT INTO `dict_value` VALUES (24, 11, 'hostSshAuthType', 'IDENTITY', '身份验证', '{}', 30, '2023-10-27 14:29:42', '2023-12-25 15:40:47', '1', '1', 0); INSERT INTO `dict_value` VALUES (55, 1, 'operatorLogModule', 'infra:authentication', '身份认证', '{}', 1000, '2023-10-31 10:47:48', '2023-10-31 10:55:12', '1', '1', 0); -INSERT INTO `dict_value` VALUES (56, 1, 'operatorLogModule', 'infra:system-user', '系统用户', '{}', 1010, '2023-10-31 10:47:51', '2023-10-31 11:00:59', '1', '1', 0); +INSERT INTO `dict_value` VALUES (56, 1, 'operatorLogModule', 'i nfra:system-user', '系统用户', '{}', 1010, '2023-10-31 10:47:51', '2023-10-31 11:00:59', '1', '1', 0); INSERT INTO `dict_value` VALUES (57, 1, 'operatorLogModule', 'infra:system-role', '系统角色', '{}', 1020, '2023-10-31 10:47:52', '2023-10-31 10:54:59', '1', '1', 0); INSERT INTO `dict_value` VALUES (58, 1, 'operatorLogModule', 'infra:system-menu', '系统菜单', '{}', 1030, '2023-10-31 10:47:53', '2023-10-31 10:54:51', '1', '1', 0); INSERT INTO `dict_value` VALUES (59, 1, 'operatorLogModule', 'infra:dict-key', '字典配置项', '{}', 1040, '2023-10-31 10:48:03', '2023-10-31 10:54:44', '1', '1', 0); @@ -227,3 +229,6 @@ INSERT INTO `dict_value` VALUES (169, 25, 'terminalNewConnectionType', 'group', INSERT INTO `dict_value` VALUES (170, 25, 'terminalNewConnectionType', 'list', '列表', '{}', 20, '2023-12-14 17:24:49', '2023-12-14 17:24:49', '1', '1', 0); INSERT INTO `dict_value` VALUES (171, 25, 'terminalNewConnectionType', 'favorite', '收藏', '{}', 30, '2023-12-14 17:25:00', '2023-12-14 17:25:00', '1', '1', 0); INSERT INTO `dict_value` VALUES (172, 25, 'terminalNewConnectionType', 'latest', '最近连接', '{}', 40, '2023-12-14 17:25:10', '2023-12-14 17:25:10', '1', '1', 0); +INSERT INTO `dict_value` VALUES (173, 26, 'hostExtraSshAuthType', 'DEFAULT', '主机默认配置', '{}', 10, '2023-12-25 15:48:26', '2023-12-25 15:48:26', '1', '1', 0); +INSERT INTO `dict_value` VALUES (174, 26, 'hostExtraSshAuthType', 'CUSTOM_KEY', '自定义秘钥', '{}', 20, '2023-12-25 15:48:42', '2023-12-25 16:05:36', '1', '1', 0); +INSERT INTO `dict_value` VALUES (175, 26, 'hostExtraSshAuthType', 'CUSTOM_IDENTITY', '自定义身份', '{}', 30, '2023-12-25 15:48:52', '2023-12-25 16:05:31', '1', '1', 0);