diff --git a/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/ActionTypeMapping.kt b/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/ActionTypeMapping.kt index aac8521b6c..922401ec8d 100644 --- a/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/ActionTypeMapping.kt +++ b/src/backend/auth/api-auth/src/main/kotlin/com/tencent/bkrepo/auth/pojo/enums/ActionTypeMapping.kt @@ -33,15 +33,18 @@ package com.tencent.bkrepo.auth.pojo.enums enum class ActionTypeMapping(val resType: String, val pAction: String) { PROJECT_MANAGE(ResourceType.PROJECT.name, PermissionAction.MANAGE.name), PROJECT_VIEW(ResourceType.PROJECT.name, PermissionAction.READ.name), + PROJECT_DOWNLOAD(ResourceType.PROJECT.name, PermissionAction.DOWNLOAD.name), PROJECT_EDIT(ResourceType.PROJECT.name, PermissionAction.UPDATE.name), REPO_CREATE(ResourceType.PROJECT.name, PermissionAction.WRITE.name), REPO_MANAGE(ResourceType.REPO.name, PermissionAction.MANAGE.name), REPO_VIEW(ResourceType.REPO.name, PermissionAction.READ.name), + REPO_DOWNLOAD(ResourceType.REPO.name, PermissionAction.DOWNLOAD.name), REPO_EDIT(ResourceType.REPO.name, PermissionAction.UPDATE.name), REPO_DELETE(ResourceType.REPO.name, PermissionAction.DELETE.name), NODE_CREATE(ResourceType.REPO.name, PermissionAction.WRITE.name), NODE_VIEW(ResourceType.NODE.name, PermissionAction.VIEW.name), - NODE_DOWNLOAD(ResourceType.NODE.name, PermissionAction.READ.name), + NODE_READ(ResourceType.NODE.name, PermissionAction.READ.name), + NODE_DOWNLOAD(ResourceType.NODE.name, PermissionAction.DOWNLOAD.name), NODE_EDIT(ResourceType.NODE.name, PermissionAction.UPDATE.name), NODE_WRITE(ResourceType.NODE.name, PermissionAction.WRITE.name), NODE_DELETE(ResourceType.NODE.name, PermissionAction.DELETE.name); diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/helper/PermissionHelper.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/helper/PermissionHelper.kt index da9edbf3f5..87d9acd79d 100644 --- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/helper/PermissionHelper.kt +++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/helper/PermissionHelper.kt @@ -49,6 +49,7 @@ import com.tencent.bkrepo.auth.model.TAccount import com.tencent.bkrepo.auth.model.TPermission import com.tencent.bkrepo.auth.pojo.enums.PermissionAction import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.READ +import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.DOWNLOAD import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.MANAGE import com.tencent.bkrepo.auth.pojo.oauth.AuthorizationGrantType import com.tencent.bkrepo.auth.pojo.permission.CheckPermissionRequest @@ -92,10 +93,10 @@ class PermissionHelper constructor( if (queryRoles.isEmpty()) return false val result = roleRepository.findByTypeAndProjectIdAndAdminAndRepoNameAndIdIn( - projectId = request.projectId!!, type = RoleType.REPO, - repoName = request.repoName!!, + projectId = request.projectId!!, admin = true, + repoName = request.repoName!!, ids = queryRoles ) if (result.isNotEmpty()) return true @@ -185,7 +186,8 @@ class PermissionHelper constructor( } fun checkProjectReadAction(request: CheckPermissionRequest, isProjectUser: Boolean): Boolean { - return request.projectId != null && request.action == READ.name && isProjectUser + val readeOrdownload = request.action == READ.name || request.action == DOWNLOAD.name + return request.projectId != null && readeOrdownload && isProjectUser } fun getPermissionPathFromConfig( diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt index 1c6dd30edf..1a34eaba32 100644 --- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt +++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/bkdevops/DevopsPermissionServiceImpl.kt @@ -43,6 +43,9 @@ import com.tencent.bkrepo.auth.constant.PIPELINE import com.tencent.bkrepo.auth.constant.REPORT import com.tencent.bkrepo.auth.dao.PersonalPathDao import com.tencent.bkrepo.auth.dao.RepoAuthConfigDao +import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.DOWNLOAD +import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.VIEW +import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.WRITE import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.MANAGE import com.tencent.bkrepo.auth.pojo.enums.PermissionAction.READ import com.tencent.bkrepo.auth.pojo.enums.ResourceType.NODE @@ -194,12 +197,15 @@ class DevopsPermissionServiceImpl constructor( return false } when (repoName) { - CUSTOM, LOG, REPORT -> { + CUSTOM, LOG -> { return checkDevopsCustomPermission(request) } PIPELINE -> { return checkDevopsPipelinePermission(request) } + REPORT -> { + return checkDevopsReportPermission(request.action) + } else -> { return checkRepoNotInDevops(request) } @@ -207,6 +213,10 @@ class DevopsPermissionServiceImpl constructor( } } + private fun checkDevopsReportPermission(action: String): Boolean { + return action == READ.name || action == WRITE.name || action == VIEW.name || action == DOWNLOAD.name + } + private fun checkDevopsCustomPermission(request: CheckPermissionRequest): Boolean { logger.debug("check devops custom permission request [$request]") with(request) { @@ -221,12 +231,11 @@ class DevopsPermissionServiceImpl constructor( private fun checkRepoNotInDevops(request: CheckPermissionRequest): Boolean { logger.debug("check repo not in devops request [$request]") with(request) { - val isDevopsProjectMember = isDevopsProjectMember(uid, projectId!!, action) || - isUserLocalProjectUser(uid, projectId!!) + val isDevopsProjectMember = isDevopsProjectMember(uid, projectId!!, action) if (needCheckPathPermission(resourceType, projectId!!, repoName!!)) { return checkNodeAction(request, null, isDevopsProjectMember) } - return isDevopsProjectMember + return isDevopsProjectMember || super.checkPermission(request) } } diff --git a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt index 9bb6fc1b9c..3529711164 100644 --- a/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt +++ b/src/backend/auth/biz-auth/src/main/kotlin/com/tencent/bkrepo/auth/service/local/PermissionServiceImpl.kt @@ -406,7 +406,7 @@ open class PermissionServiceImpl constructor( return permHelper.isUserLocalProjectAdmin(userId, projectId) } - fun isUserLocalProjectUser(userId: String, projectId: String): Boolean { + private fun isUserLocalProjectUser(userId: String, projectId: String): Boolean { return permHelper.isUserLocalProjectUser(userId, projectId) } diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/event/listener/ArtifactTransferListener.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/event/listener/ArtifactTransferListener.kt index ee3132c531..b923f179d2 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/event/listener/ArtifactTransferListener.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/event/listener/ArtifactTransferListener.kt @@ -37,6 +37,7 @@ import com.tencent.bkrepo.common.artifact.constant.DEFAULT_STORAGE_KEY import com.tencent.bkrepo.common.artifact.event.ArtifactReceivedEvent import com.tencent.bkrepo.common.artifact.event.ArtifactResponseEvent import com.tencent.bkrepo.common.artifact.event.ChunkArtifactTransferEvent +import com.tencent.bkrepo.common.artifact.hash.md5 import com.tencent.bkrepo.common.artifact.metrics.ArtifactCacheMetrics import com.tencent.bkrepo.common.artifact.metrics.ArtifactMetrics import com.tencent.bkrepo.common.artifact.metrics.ArtifactMetricsProperties @@ -106,7 +107,8 @@ class ArtifactTransferListener( host = artifactMetricsProperties.host, builderAgentList = artifactMetricsProperties.builderAgentList, clientAgentList = artifactMetricsProperties.clientAgentList - ).name + ).name, + userId = SecurityUtils.getUserId().md5() ) if (SecurityUtils.getUserId() != SYSTEM_USER) { projectUsageStatisticsService.inc(projectId = projectId, receivedBytes = throughput.bytes) @@ -151,7 +153,8 @@ class ArtifactTransferListener( host = artifactMetricsProperties.host, builderAgentList = artifactMetricsProperties.builderAgentList, clientAgentList = artifactMetricsProperties.clientAgentList - ).name + ).name, + userId = SecurityUtils.getUserId().md5() ) if (SecurityUtils.getUserId() != SYSTEM_USER) { projectUsageStatisticsService.inc(projectId = projectId, responseBytes = throughput.bytes) @@ -207,7 +210,8 @@ class ArtifactTransferListener( host = artifactMetricsProperties.host, builderAgentList = artifactMetricsProperties.builderAgentList, clientAgentList = artifactMetricsProperties.clientAgentList - ).name + ).name, + userId = SecurityUtils.getUserId().md5() ) if (artifactMetricsProperties.collectByLog) { logger.info( diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecord.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecord.kt index 04d8e2e2dd..95809747b1 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecord.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecord.kt @@ -63,6 +63,8 @@ data class ArtifactTransferRecord( val fullPath: String, @Column(name = "agent") val agent: String, + @Column(name = "userId") + val userId: String, ) { companion object { const val RECEIVE = "RECEIVE" diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecordLog.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecordLog.kt index efb173f3f6..2136727fa0 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecordLog.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/ArtifactTransferRecordLog.kt @@ -46,6 +46,7 @@ class ArtifactTransferRecordLog( val repoName: String = record.repoName val agent: String = record.agent val fullPath: String = record.fullPath + val userId: String = record.userId val service: String? = commonTag["service"] val instance: String? = commonTag["instance"] val host: String? = commonTag["host"] diff --git a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/export/ArtifactMetricsExporter.kt b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/export/ArtifactMetricsExporter.kt index a74f99c36c..fc2d6a08ea 100644 --- a/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/export/ArtifactMetricsExporter.kt +++ b/src/backend/common/common-artifact/artifact-service/src/main/kotlin/com/tencent/bkrepo/common/artifact/metrics/export/ArtifactMetricsExporter.kt @@ -74,6 +74,7 @@ class ArtifactMetricsExporter( labels[ArtifactTransferRecord::elapsed.name] = record.elapsed.toString() labels[ArtifactTransferRecord::type.name] = record.type labels[ArtifactTransferRecord::agent.name] = record.agent + labels[ArtifactTransferRecord::userId.name] = record.userId return labels } diff --git a/src/backend/common/common-operate/operate-service/src/main/kotlin/com/tencent/bkrepo/common/operate/service/OperateAutoConfiguration.kt b/src/backend/common/common-operate/operate-service/src/main/kotlin/com/tencent/bkrepo/common/operate/service/OperateAutoConfiguration.kt index 55966a8730..52eaf2a594 100644 --- a/src/backend/common/common-operate/operate-service/src/main/kotlin/com/tencent/bkrepo/common/operate/service/OperateAutoConfiguration.kt +++ b/src/backend/common/common-operate/operate-service/src/main/kotlin/com/tencent/bkrepo/common/operate/service/OperateAutoConfiguration.kt @@ -67,7 +67,8 @@ class OperateAutoConfiguration { clusterProperties: ClusterProperties ): OperateLogService { return if (clusterProperties.role == ClusterNodeType.EDGE && - clusterProperties.architecture == ClusterArchitecture.COMMIT_EDGE + clusterProperties.architecture == ClusterArchitecture.COMMIT_EDGE && + clusterProperties.commitEdge.oplog.enabled ) { CommitEdgeOperateLogServiceImpl(operateProperties, operateLogDao, permissionManager, clusterProperties) } else { diff --git a/src/backend/common/common-service/src/main/kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/CommitEdgeProperties.kt b/src/backend/common/common-service/src/main/kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/CommitEdgeProperties.kt index a6679b864f..7165b9416d 100644 --- a/src/backend/common/common-service/src/main/kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/CommitEdgeProperties.kt +++ b/src/backend/common/common-service/src/main/kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/CommitEdgeProperties.kt @@ -30,5 +30,6 @@ package com.tencent.bkrepo.common.service.cluster.properties.commitedge data class CommitEdgeProperties( var repo: RepoProperties = RepoProperties(), var `package`: PackageProperties = PackageProperties(), - var auth: AuthProperties = AuthProperties() + var auth: AuthProperties = AuthProperties(), + var oplog: OpLogProperties = OpLogProperties() ) diff --git a/src/backend/common/common-service/src/main/kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/OpLogProperties.kt b/src/backend/common/common-service/src/main/kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/OpLogProperties.kt new file mode 100644 index 0000000000..2f91700060 --- /dev/null +++ b/src/backend/common/common-service/src/main/kotlin/com/tencent/bkrepo/common/service/cluster/properties/commitedge/OpLogProperties.kt @@ -0,0 +1,32 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2024 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.bkrepo.common.service.cluster.properties.commitedge + +data class OpLogProperties( + var enabled: Boolean = false, +) diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/center/CommitEdgeCenterFsServiceImpl.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/center/CommitEdgeCenterFsServiceImpl.kt index 4785ee672b..287933512b 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/center/CommitEdgeCenterFsServiceImpl.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/center/CommitEdgeCenterFsServiceImpl.kt @@ -47,7 +47,7 @@ class CommitEdgeCenterFsServiceImpl( ) { override fun buildTNode(request: NodeCreateRequest): TNode { val tNode = super.buildTNode(request) - tNode.clusterNames = setOf(SecurityUtils.getClusterName() ?: clusterProperties.self.name!!) + tNode.clusterNames = SecurityUtils.getClusterName()?.let { setOf(it) } return tNode } } diff --git a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/edge/EdgeFsServiceImpl.kt b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/edge/EdgeFsServiceImpl.kt index 6455ce9f35..1dc61cb480 100644 --- a/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/edge/EdgeFsServiceImpl.kt +++ b/src/backend/repository/biz-repository/src/main/kotlin/com/tencent/bkrepo/repository/service/fs/impl/edge/EdgeFsServiceImpl.kt @@ -27,8 +27,9 @@ package com.tencent.bkrepo.repository.service.fs.impl.edge -import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties +import com.tencent.bkrepo.common.artifact.util.ClusterUtils.reportMetadataToCenter import com.tencent.bkrepo.common.service.cluster.condition.CommitEdgeEdgeCondition +import com.tencent.bkrepo.common.service.cluster.properties.ClusterProperties import com.tencent.bkrepo.common.service.feign.FeignClientFactory import com.tencent.bkrepo.repository.api.cluster.ClusterFsNodeClient import com.tencent.bkrepo.repository.dao.NodeDao @@ -53,18 +54,28 @@ class EdgeFsServiceImpl( by lazy { FeignClientFactory.create(clusterProperties.center, "repository", clusterProperties.self.name) } override fun createNode(createRequest: NodeCreateRequest): NodeDetail { - centerNodeClient.createNode(createRequest) - return super.createNode(createRequest) + with(createRequest) { + if (reportMetadataToCenter(projectId, repoName)) { + centerNodeClient.createNode(this) + } + return super.createNode(this) + } } override fun setLength(setLengthRequest: NodeSetLengthRequest) { - centerNodeClient.setLength(setLengthRequest) - super.setLength(setLengthRequest) + with(setLengthRequest) { + if (reportMetadataToCenter(projectId, repoName)) { + centerNodeClient.setLength(this) + } + super.setLength(this) + } } override fun buildTNode(request: NodeCreateRequest): TNode { val tNode = super.buildTNode(request) - tNode.clusterNames = setOf(clusterProperties.self.name!!) + if (reportMetadataToCenter(request.projectId, request.repoName)) { + tNode.clusterNames = setOf(clusterProperties.self.name!!) + } return tNode } }