From bd31da2f63abcd526705354e2b9759914fc17f28 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 5 Sep 2023 15:41:55 +0800 Subject: [PATCH 01/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/build.gradle.kts | 7 ++++++- .../src/main/kotlin/constants/Versions.kt | 1 + .../ci/core/auth/biz-auth/build.gradle.kts | 1 + .../ServicePermissionAuthResourceImpl.kt | 15 ++++++++++++++ .../service/iam/PermissionProjectService.kt | 14 +++++++++++++ .../src/main/resources/logback-spring.xml | 2 ++ .../src/main/resources/logback/appender.xml | 20 ++++++++++++++++++- src/backend/ci/gradle.properties | 1 + 8 files changed, 59 insertions(+), 2 deletions(-) diff --git a/src/backend/ci/build.gradle.kts b/src/backend/ci/build.gradle.kts index 9e7f0d0d62e..0af4337b015 100644 --- a/src/backend/ci/build.gradle.kts +++ b/src/backend/ci/build.gradle.kts @@ -6,13 +6,17 @@ plugins { apply(plugin = "org.owasp.dependencycheck") allprojects { + repositories { + maven(url = "https://mirrors.tencent.com/repository/maven/bk-audit-java-sdk/") + } + apply(plugin = "com.tencent.devops.boot") // 包路径 group = "com.tencent.bk.devops.ci" // 版本 version = (System.getProperty("ci_version") ?: "1.9.0") + - if (System.getProperty("snapshot") == "true") "-SNAPSHOT" else "" + if (System.getProperty("snapshot") == "true") "-SNAPSHOT" else "" // 加载boot的插件 if (name.startsWith("boot-")) { @@ -124,6 +128,7 @@ allprojects { entry("org.eclipse.jgit.ssh.jsch") } dependency("com.tencent.bk.sdk:iam-java-sdk:${Versions.iam}") + dependency("com.tencent.bk.sdk:spring-boot-bk-audit-starter:${Versions.audit}") } } diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index 243179dddff..a0ddc10ee58 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -47,4 +47,5 @@ object Versions { const val Okhttp = "4.9.0" const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.30-SNAPSHOT" + const val audit = "1.0.5" } diff --git a/src/backend/ci/core/auth/biz-auth/build.gradle.kts b/src/backend/ci/core/auth/biz-auth/build.gradle.kts index 06e1fe90575..e5b1f540c7e 100644 --- a/src/backend/ci/core/auth/biz-auth/build.gradle.kts +++ b/src/backend/ci/core/auth/biz-auth/build.gradle.kts @@ -40,4 +40,5 @@ dependencies { api(project(":core:repository:api-repository")) api(project(":core:process:api-process")) api("com.github.ben-manes.caffeine:caffeine") + api("com.tencent.bk.sdk:spring-boot-bk-audit-starter") } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt index 977320d05ad..909290fb0b8 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt @@ -27,6 +27,10 @@ package com.tencent.devops.auth.resources.service +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.devops.auth.api.service.ServicePermissionAuthResource import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO import com.tencent.devops.auth.service.iam.PermissionExtService @@ -54,6 +58,17 @@ class ServicePermissionAuthResourceImpl @Autowired constructor( return Result(permissionService.validateUserActionPermission(userId, action)) } + @AuditEntry(actionId = "validateUserResourcePermission") + @ActionAuditRecord( + actionId = "validateUserResourcePermission", + instance = AuditInstanceRecord( + resourceType = "test", + instanceIds = "#projectCode", + instanceNames = "#$?.data" + ), + content = "getProjectGroupAndUserList [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) override fun validateUserResourcePermission( userId: String, token: String, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt index 19abac2b8b9..e710f9e650b 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt @@ -27,6 +27,10 @@ package com.tencent.devops.auth.service.iam +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.devops.common.auth.api.pojo.BKAuthProjectRolesResources import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList @@ -35,6 +39,16 @@ interface PermissionProjectService { fun getProjectUsers(projectCode: String, group: BkAuthGroup?): List + @AuditEntry(actionId = "getProjectGroupAndUserList") + @ActionAuditRecord( + actionId = "getProjectGroupAndUserList", + instance = AuditInstanceRecord( + resourceType = "test", + instanceIds = "#projectCode" + ), + content = "getProjectGroupAndUserList [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) fun getProjectGroupAndUserList(projectCode: String): List fun getUserProjects(userId: String): List diff --git a/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml b/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml index 170a07e7731..c7d93155a12 100644 --- a/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml +++ b/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml @@ -10,6 +10,7 @@ + @@ -27,6 +28,7 @@ + diff --git a/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml b/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml index 7981bb94bbc..4095389e89f 100644 --- a/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml +++ b/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml @@ -1,6 +1,9 @@ - + + + @@ -54,4 +57,19 @@ true + + + ${AUDIT_EVENT_LOG_FILE} + + ${AUDIT_EVENT_LOG_FILE}-%d{yyyy-MM-dd}.log.%i + 1GB + 1 + 5GB + + + ${AUDIT_EVENT_LOG_PATTERN} + UTF-8 + + + diff --git a/src/backend/ci/gradle.properties b/src/backend/ci/gradle.properties index 56e48de0785..3f89cd3f4f8 100644 --- a/src/backend/ci/gradle.properties +++ b/src/backend/ci/gradle.properties @@ -40,3 +40,4 @@ org.gradle.parallel=true org.gradle.caching=true org.gradle.jvmargs=-Xms2g -Xmx4g org.gradle.daemon.idletimeout=300000 +EXTRA_MAVEN_REPO_URLS=https://mirrors.tencent.com/repository/maven/bk-audit-java-sdk/ From e902659741289f72495bbb616026d69e7cda0d5e Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 5 Sep 2023 18:16:11 +0800 Subject: [PATCH 02/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/resources/logback-spring.xml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml b/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml index c7d93155a12..1ea97f10cdd 100644 --- a/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml +++ b/src/backend/ci/core/common/common-service/src/main/resources/logback-spring.xml @@ -10,9 +10,11 @@ - - + + + + @@ -20,7 +22,7 @@ - + @@ -28,8 +30,10 @@ - + + + From ef5f94df804b0b17c1ca5069e1ca5684643fad9f Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 6 Sep 2023 15:53:49 +0800 Subject: [PATCH 03/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index a0ddc10ee58..d6c2038ecd4 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -47,5 +47,5 @@ object Versions { const val Okhttp = "4.9.0" const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.30-SNAPSHOT" - const val audit = "1.0.5" + const val audit = "1.0.6" } From 0d8f0f5fa3047cc749b417d347468f715ea403d5 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 7 Sep 2023 10:45:01 +0800 Subject: [PATCH 04/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ci/core/auth/biz-auth/build.gradle.kts | 2 +- .../core/common/common-audit/build.gradle.kts | 4 + .../common/audit/BkAuditConfiguration.kt | 15 ++++ .../common/audit/BkAuditRequestProvider.kt | 80 +++++++++++++++++++ .../main/resources/META-INF/spring.factories | 3 + src/backend/ci/settings.gradle.kts | 1 + 6 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 src/backend/ci/core/common/common-audit/build.gradle.kts create mode 100644 src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt create mode 100644 src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt create mode 100644 src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories diff --git a/src/backend/ci/core/auth/biz-auth/build.gradle.kts b/src/backend/ci/core/auth/biz-auth/build.gradle.kts index e5b1f540c7e..b88c735521d 100644 --- a/src/backend/ci/core/auth/biz-auth/build.gradle.kts +++ b/src/backend/ci/core/auth/biz-auth/build.gradle.kts @@ -40,5 +40,5 @@ dependencies { api(project(":core:repository:api-repository")) api(project(":core:process:api-process")) api("com.github.ben-manes.caffeine:caffeine") - api("com.tencent.bk.sdk:spring-boot-bk-audit-starter") + api(project(":core:common:common-audit")) } diff --git a/src/backend/ci/core/common/common-audit/build.gradle.kts b/src/backend/ci/core/common/common-audit/build.gradle.kts new file mode 100644 index 00000000000..ec1236c05a0 --- /dev/null +++ b/src/backend/ci/core/common/common-audit/build.gradle.kts @@ -0,0 +1,4 @@ +dependencies { + api("com.tencent.bk.sdk:spring-boot-bk-audit-starter") + api(project(":core:common:common-web")) +} diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt new file mode 100644 index 00000000000..3a3240af8ab --- /dev/null +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt @@ -0,0 +1,15 @@ +package com.tencent.devops.common.audit + +import com.tencent.bk.audit.AuditRequestProvider +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.context.annotation.Primary + +@Configuration +class BkAuditConfiguration { + @Bean + @Primary + fun bkAuditRequestProvider(): AuditRequestProvider { + return BkAuditRequestProvider() + } +} diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt new file mode 100644 index 00000000000..35d9447c1f3 --- /dev/null +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -0,0 +1,80 @@ +package com.tencent.devops.common.audit + +import com.tencent.bk.audit.AuditRequestProvider +import com.tencent.bk.audit.constants.AccessTypeEnum +import com.tencent.bk.audit.constants.UserIdentifyTypeEnum +import com.tencent.bk.audit.exception.AuditException +import com.tencent.bk.audit.model.AuditHttpRequest +import org.slf4j.LoggerFactory +import org.springframework.web.context.request.RequestContextHolder +import org.springframework.web.context.request.ServletRequestAttributes +import javax.servlet.http.HttpServletRequest + +class BkAuditRequestProvider : AuditRequestProvider { + companion object { + private const val HEADER_USERNAME = "X-DEVOPS-UID" + private const val HEADER_USER_IDENTIFY_TENANT_ID = "X-User-Identify-Tenant-Id" + private const val HEADER_USER_IDENTIFY_TYPE = "X-User-Identify-Type" + private const val HEADER_ACCESS_TYPE = "X-Access-Type" + private const val HEADER_REQUEST_ID = "X-Request-Id" + private const val HEADER_BK_APP_CODE = "X-Bk-App-Code" + private val logger = LoggerFactory.getLogger(BkAuditRequestProvider::class.java) + } + + override fun getRequest(): AuditHttpRequest { + val httpServletRequest: HttpServletRequest = getHttpServletRequest() + return AuditHttpRequest(httpServletRequest) + } + + private fun getHttpServletRequest(): HttpServletRequest { + val requestAttributes = RequestContextHolder.getRequestAttributes() + if (requestAttributes == null) { + logger.error("Could not get RequestAttributes from RequestContext!") + throw AuditException("Parse http request error") + } + return (requestAttributes as ServletRequestAttributes).request + } + + override fun getUsername(): String? { + val httpServletRequest = getHttpServletRequest() + return httpServletRequest.getHeader(HEADER_USERNAME) + } + + override fun getUserIdentifyType(): UserIdentifyTypeEnum? { + val httpServletRequest = getHttpServletRequest() + return UserIdentifyTypeEnum.valOf( + httpServletRequest.getHeader(HEADER_USER_IDENTIFY_TYPE) + ) + } + + override fun getUserIdentifyTenantId(): String? { + val httpServletRequest = getHttpServletRequest() + return httpServletRequest.getHeader(HEADER_USER_IDENTIFY_TENANT_ID) + } + + override fun getAccessType(): AccessTypeEnum? { + val httpServletRequest = getHttpServletRequest() + return AccessTypeEnum.valOf(httpServletRequest.getHeader(HEADER_ACCESS_TYPE)) + } + + override fun getRequestId(): String? { + val httpServletRequest = getHttpServletRequest() + return httpServletRequest.getHeader(HEADER_REQUEST_ID) + } + + override fun getBkAppCode(): String? { + val httpServletRequest = getHttpServletRequest() + return httpServletRequest.getHeader(HEADER_BK_APP_CODE) + } + + override fun getClientIp(): String { + val request = getHttpServletRequest() + val xff: String = request.getHeader("X-Forwarded-For") + return if (xff.contains(",")) xff.split(",".toRegex()).toTypedArray()[0] else xff + } + + override fun getUserAgent(): String? { + val request = getHttpServletRequest() + return request.getHeader("User-Agent") + } +} diff --git a/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories new file mode 100644 index 00000000000..d575f83708a --- /dev/null +++ b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories @@ -0,0 +1,3 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ +com.tencent.bk.audit.config.AuditAutoConfiguration\ +com.tencent.devops.common.audit.BkAuditRequestProvider diff --git a/src/backend/ci/settings.gradle.kts b/src/backend/ci/settings.gradle.kts index bbcf02fd0e9..2c503ebaff3 100644 --- a/src/backend/ci/settings.gradle.kts +++ b/src/backend/ci/settings.gradle.kts @@ -267,3 +267,4 @@ include(":core:metrics:biz-metrics") include(":core:metrics:biz-metrics-sample") include(":core:metrics:boot-metrics") include(":core:metrics:model-metrics") +include("core:common:common-audit") From e60cf08f7789c594263ce5d0eefc48d9f38e40c9 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 7 Sep 2023 10:55:06 +0800 Subject: [PATCH 05/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/settings.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/settings.gradle.kts b/src/backend/ci/settings.gradle.kts index 2c503ebaff3..e3c81ac2e84 100644 --- a/src/backend/ci/settings.gradle.kts +++ b/src/backend/ci/settings.gradle.kts @@ -267,4 +267,4 @@ include(":core:metrics:biz-metrics") include(":core:metrics:biz-metrics-sample") include(":core:metrics:boot-metrics") include(":core:metrics:model-metrics") -include("core:common:common-audit") +include(":core:common:common-audit") From 11f8164c1c20dfc610069b12fd37f12e4390be95 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 7 Sep 2023 11:16:40 +0800 Subject: [PATCH 06/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common-audit/src/main/resources/META-INF/spring.factories | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories index d575f83708a..151fdf178b3 100644 --- a/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories +++ b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories @@ -1,3 +1,3 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ -com.tencent.bk.audit.config.AuditAutoConfiguration\ +com.tencent.bk.audit.config.AuditAutoConfiguration,\ com.tencent.devops.common.audit.BkAuditRequestProvider From aa9faac839e5eb8ca45fb0c1c62d192986a3ed74 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 7 Sep 2023 11:58:42 +0800 Subject: [PATCH 07/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/audit/BkAuditRequestProvider.kt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index 35d9447c1f3..bdacd6d6c71 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -67,10 +67,14 @@ class BkAuditRequestProvider : AuditRequestProvider { return httpServletRequest.getHeader(HEADER_BK_APP_CODE) } - override fun getClientIp(): String { + override fun getClientIp(): String? { val request = getHttpServletRequest() - val xff: String = request.getHeader("X-Forwarded-For") - return if (xff.contains(",")) xff.split(",".toRegex()).toTypedArray()[0] else xff + val xff = request.getHeader("X-Forwarded-For") + return if (xff == null) { + request.remoteAddr + } else { + if (xff.contains(",")) xff.split(",".toRegex()).toTypedArray()[0] else xff + } } override fun getUserAgent(): String? { From 3aaae2464cc0aeb675e89a4bab6831432532065d Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 11 Sep 2023 21:43:09 +0800 Subject: [PATCH 08/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/process/biz-process/build.gradle.kts | 1 + .../service/PipelineInfoFacadeService.kt | 48 +++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/src/backend/ci/core/process/biz-process/build.gradle.kts b/src/backend/ci/core/process/biz-process/build.gradle.kts index a605bd355ce..f2143cb43d4 100644 --- a/src/backend/ci/core/process/biz-process/build.gradle.kts +++ b/src/backend/ci/core/process/biz-process/build.gradle.kts @@ -33,6 +33,7 @@ dependencies { api(project(":core:common:common-archive")) api(project(":core:common:common-auth:common-auth-api")) api(project(":core:common:common-websocket")) + api(project(":core:common:common-audit")) api(project(":core:store:api-store")) api(project(":core:store:api-store-image")) api(project(":core:dispatch:api-dispatch")) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 1d11678a6e9..28662347400 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -29,6 +29,10 @@ package com.tencent.devops.process.service import com.fasterxml.jackson.core.JsonParseException import com.google.common.cache.CacheBuilder +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE import com.tencent.devops.common.api.exception.ErrorCodeException @@ -236,6 +240,17 @@ class PipelineInfoFacadeService @Autowired constructor( return Pair(pipelineInfo?.pipelineName ?: "", pipelineInfo?.version ?: 0) } + @AuditEntry(actionId = "pipeline_create") + @ActionAuditRecord( + actionId = "pipeline_create", + instance = AuditInstanceRecord( + resourceType = "pipeline", + instanceNames = "#model?.name", + instanceIds = "#$" + ), + content = "create pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) fun createPipeline( userId: String, projectId: String, @@ -646,6 +661,17 @@ class PipelineInfoFacadeService @Autowired constructor( } } + @AuditEntry(actionId = "pipeline_edit") + @ActionAuditRecord( + actionId = "pipeline_edit", + instance = AuditInstanceRecord( + resourceType = "pipeline", + instanceNames = "#pipelineId", + instanceIds = "#model?.name" + ), + content = "edit pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) fun editPipeline( userId: String, projectId: String, @@ -797,6 +823,17 @@ class PipelineInfoFacadeService @Autowired constructor( return pipelineResult } + @AuditEntry(actionId = "pipeline_view") + @ActionAuditRecord( + actionId = "pipeline_view", + instance = AuditInstanceRecord( + resourceType = "pipeline", + instanceNames = "#pipelineId", + instanceIds = "#$?.name" + ), + content = "get pipeline info [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) fun getPipeline( userId: String, projectId: String, @@ -892,6 +929,17 @@ class PipelineInfoFacadeService @Autowired constructor( } } + @AuditEntry(actionId = "pipeline_delete") + @ActionAuditRecord( + actionId = "pipeline_delete", + instance = AuditInstanceRecord( + resourceType = "pipeline", + instanceNames = "#pipelineId", + instanceIds = "#$?.pipelineName" + ), + content = "delete pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) fun deletePipeline( userId: String, projectId: String, From 98d529fd29b1d42520c42e1ae536bfb7c4fcd1d2 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 12 Sep 2023 17:41:39 +0800 Subject: [PATCH 09/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/common/audit/BkAuditRequestProvider.kt | 8 +++++--- .../src/main/resources/META-INF/spring.factories | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index bdacd6d6c71..f0885a7a049 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -5,6 +5,8 @@ import com.tencent.bk.audit.constants.AccessTypeEnum import com.tencent.bk.audit.constants.UserIdentifyTypeEnum import com.tencent.bk.audit.exception.AuditException import com.tencent.bk.audit.model.AuditHttpRequest +import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE +import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import org.slf4j.LoggerFactory import org.springframework.web.context.request.RequestContextHolder import org.springframework.web.context.request.ServletRequestAttributes @@ -12,12 +14,12 @@ import javax.servlet.http.HttpServletRequest class BkAuditRequestProvider : AuditRequestProvider { companion object { - private const val HEADER_USERNAME = "X-DEVOPS-UID" + private const val HEADER_USERNAME = AUTH_HEADER_USER_ID private const val HEADER_USER_IDENTIFY_TENANT_ID = "X-User-Identify-Tenant-Id" private const val HEADER_USER_IDENTIFY_TYPE = "X-User-Identify-Type" private const val HEADER_ACCESS_TYPE = "X-Access-Type" - private const val HEADER_REQUEST_ID = "X-Request-Id" - private const val HEADER_BK_APP_CODE = "X-Bk-App-Code" + private const val HEADER_REQUEST_ID = "X-DEVOPS-RID" + private const val HEADER_BK_APP_CODE = AUTH_HEADER_DEVOPS_APP_CODE private val logger = LoggerFactory.getLogger(BkAuditRequestProvider::class.java) } diff --git a/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories index 151fdf178b3..9549f2a3693 100644 --- a/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories +++ b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories @@ -1,3 +1,3 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ com.tencent.bk.audit.config.AuditAutoConfiguration,\ -com.tencent.devops.common.audit.BkAuditRequestProvider +com.tencent.devops.common.audit.BkAuditConfiguration From 9239e06243e1d3851f26b82111e22e5d9397b584 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 12 Sep 2023 17:52:22 +0800 Subject: [PATCH 10/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../process/service/PipelineInfoFacadeService.kt | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 28662347400..102addf42e9 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -32,6 +32,7 @@ import com.google.common.cache.CacheBuilder import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE @@ -254,6 +255,7 @@ class PipelineInfoFacadeService @Autowired constructor( fun createPipeline( userId: String, projectId: String, + @AuditRequestBody model: Model, channelCode: ChannelCode, checkPermission: Boolean = true, @@ -666,8 +668,8 @@ class PipelineInfoFacadeService @Autowired constructor( actionId = "pipeline_edit", instance = AuditInstanceRecord( resourceType = "pipeline", - instanceNames = "#pipelineId", - instanceIds = "#model?.name" + instanceNames = "#model?.name", + instanceIds = "#pipelineId" ), content = "edit pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" @@ -676,6 +678,7 @@ class PipelineInfoFacadeService @Autowired constructor( userId: String, projectId: String, pipelineId: String, + @AuditRequestBody model: Model, channelCode: ChannelCode, checkPermission: Boolean = true, @@ -828,8 +831,8 @@ class PipelineInfoFacadeService @Autowired constructor( actionId = "pipeline_view", instance = AuditInstanceRecord( resourceType = "pipeline", - instanceNames = "#pipelineId", - instanceIds = "#$?.name" + instanceNames = "#$?.name", + instanceIds = "#pipelineId" ), content = "get pipeline info [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" @@ -934,8 +937,8 @@ class PipelineInfoFacadeService @Autowired constructor( actionId = "pipeline_delete", instance = AuditInstanceRecord( resourceType = "pipeline", - instanceNames = "#pipelineId", - instanceIds = "#$?.pipelineName" + instanceNames = "#$?.pipelineName", + instanceIds = "#pipelineId" ), content = "delete pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" From f269638b8a7ea2686a7eabab974649387d7d72fa Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 12 Sep 2023 19:56:41 +0800 Subject: [PATCH 11/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ci/core/auth/biz-auth/build.gradle.kts | 1 - .../service/ServicePermissionAuthResourceImpl.kt | 15 --------------- .../auth/service/iam/PermissionProjectService.kt | 14 -------------- 3 files changed, 30 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/build.gradle.kts b/src/backend/ci/core/auth/biz-auth/build.gradle.kts index b88c735521d..06e1fe90575 100644 --- a/src/backend/ci/core/auth/biz-auth/build.gradle.kts +++ b/src/backend/ci/core/auth/biz-auth/build.gradle.kts @@ -40,5 +40,4 @@ dependencies { api(project(":core:repository:api-repository")) api(project(":core:process:api-process")) api("com.github.ben-manes.caffeine:caffeine") - api(project(":core:common:common-audit")) } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt index 909290fb0b8..977320d05ad 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt @@ -27,10 +27,6 @@ package com.tencent.devops.auth.resources.service -import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditEntry -import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.devops.auth.api.service.ServicePermissionAuthResource import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO import com.tencent.devops.auth.service.iam.PermissionExtService @@ -58,17 +54,6 @@ class ServicePermissionAuthResourceImpl @Autowired constructor( return Result(permissionService.validateUserActionPermission(userId, action)) } - @AuditEntry(actionId = "validateUserResourcePermission") - @ActionAuditRecord( - actionId = "validateUserResourcePermission", - instance = AuditInstanceRecord( - resourceType = "test", - instanceIds = "#projectCode", - instanceNames = "#$?.data" - ), - content = "getProjectGroupAndUserList [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" - ) override fun validateUserResourcePermission( userId: String, token: String, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt index e710f9e650b..19abac2b8b9 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionProjectService.kt @@ -27,10 +27,6 @@ package com.tencent.devops.auth.service.iam -import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditEntry -import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.devops.common.auth.api.pojo.BKAuthProjectRolesResources import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList @@ -39,16 +35,6 @@ interface PermissionProjectService { fun getProjectUsers(projectCode: String, group: BkAuthGroup?): List - @AuditEntry(actionId = "getProjectGroupAndUserList") - @ActionAuditRecord( - actionId = "getProjectGroupAndUserList", - instance = AuditInstanceRecord( - resourceType = "test", - instanceIds = "#projectCode" - ), - content = "getProjectGroupAndUserList [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" - ) fun getProjectGroupAndUserList(projectCode: String): List fun getUserProjects(userId: String): List From 65559fad8b75d58b16f6225d8feca43fd59d0e3f Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 12 Sep 2023 21:02:42 +0800 Subject: [PATCH 12/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/PipelineListFacadeService.kt | 22 ++++++++++++++++++- .../builds/PipelineBuildFacadeService.kt | 21 +++++++++++++++++- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index f9928f276b1..17c9dba415f 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -28,6 +28,11 @@ package com.tencent.devops.process.service import com.fasterxml.jackson.core.type.TypeReference +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.constants.AuditAttributeNames +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException @@ -108,7 +113,6 @@ import com.tencent.devops.process.utils.PIPELINE_VIEW_RECENT_USE import com.tencent.devops.process.utils.PIPELINE_VIEW_UNCLASSIFIED import com.tencent.devops.quality.api.v2.pojo.response.QualityPipeline import com.tencent.devops.scm.utils.code.git.GitUtils -import javax.ws.rs.core.Response import org.jooq.DSLContext import org.jooq.Record4 import org.jooq.Result @@ -117,6 +121,7 @@ import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Value import org.springframework.stereotype.Service import org.springframework.util.StopWatch +import javax.ws.rs.core.Response @Suppress("ALL") @Service @@ -429,6 +434,15 @@ class PipelineListFacadeService @Autowired constructor( * 其中 PIPELINE_VIEW_FAVORITE_PIPELINES,PIPELINE_VIEW_MY_PIPELINES,PIPELINE_VIEW_ALL_PIPELINES * 分别对应 我的收藏,我的流水线,全部流水线 */ + @AuditEntry(actionId = "pipeline_list") + @ActionAuditRecord( + actionId = "pipeline_list", + instance = AuditInstanceRecord( + resourceType = "pipeline" + ), + content = "list pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) fun listViewPipelines( userId: String, projectId: String, @@ -691,6 +705,12 @@ class PipelineListFacadeService @Autowired constructor( ) } } + // 审计 + ActionAuditContext.current().apply { + instanceIdList = pipelineList.map { it.pipelineId } + instanceNameList = pipelineList.map { it.pipelineName } + } + watcher.stop() return PipelineViewPipelinePage( diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt index c46edd6bfb2..c85b4bd9ff3 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt @@ -27,6 +27,11 @@ package com.tencent.devops.process.service.builds +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.constants.AuditAttributeNames +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException @@ -552,6 +557,17 @@ class PipelineBuildFacadeService( } } + + @AuditEntry(actionId = "pipeline_execute") + @ActionAuditRecord( + actionId = "pipeline_execute", + instance = AuditInstanceRecord( + resourceType = "pipeline", + instanceIds = "#pipelineId" + ), + content = "execute pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + ) fun buildManualStartup( userId: String, startType: StartType, @@ -593,9 +609,12 @@ class PipelineBuildFacadeService( errorCode = ProcessMessageCode.ERROR_PIPELINE_NOT_EXISTS, params = arrayOf(pipelineId) ) - val startEpoch = System.currentTimeMillis() try { + /** + * 设置审计上下文实例名称 + */ + ActionAuditContext.current().setInstanceName(readyToBuildPipelineInfo.pipelineName) val model = getModel(projectId, pipelineId) From 48e84f5825da3f51a9d70fa673a3e53819a5d9da Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 15 Sep 2023 10:00:42 +0800 Subject: [PATCH 13/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/audit/BkAuditRequestProvider.kt | 11 +++-- .../devops/common/auth/api/ActionId.kt | 29 +++++++++++ .../devops/common/auth/api/ResourceTypeId.kt | 7 +++ .../core/openapi/biz-openapi/build.gradle.kts | 1 + .../apigw/v3/ApigwPipelineResourceV3Impl.kt | 6 +++ .../v3/ApigwTemplateInstanceResourceV3Impl.kt | 4 ++ .../apigw/v4/ApigwPipelineResourceV4Impl.kt | 6 +++ .../v4/ApigwTemplateInstanceResourceV4Impl.kt | 4 ++ .../api/ServicePipelineResourceImpl.kt | 3 ++ .../process/api/UserPipelineResourceImpl.kt | 8 ++++ .../ServicePipelineInitResourceImpl.kt | 4 ++ .../UserTemplateInstanceResourceImpl.kt | 3 ++ .../service/PipelineInfoFacadeService.kt | 48 ++++++++++--------- .../service/PipelineListFacadeService.kt | 16 +++---- .../builds/PipelineBuildFacadeService.kt | 8 ++-- 15 files changed, 120 insertions(+), 38 deletions(-) create mode 100644 src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt create mode 100644 src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index f0885a7a049..44207945325 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -17,7 +17,7 @@ class BkAuditRequestProvider : AuditRequestProvider { private const val HEADER_USERNAME = AUTH_HEADER_USER_ID private const val HEADER_USER_IDENTIFY_TENANT_ID = "X-User-Identify-Tenant-Id" private const val HEADER_USER_IDENTIFY_TYPE = "X-User-Identify-Type" - private const val HEADER_ACCESS_TYPE = "X-Access-Type" + private const val HEADER_ACCESS_TYPE = "USER-AGENT" private const val HEADER_REQUEST_ID = "X-DEVOPS-RID" private const val HEADER_BK_APP_CODE = AUTH_HEADER_DEVOPS_APP_CODE private val logger = LoggerFactory.getLogger(BkAuditRequestProvider::class.java) @@ -54,9 +54,14 @@ class BkAuditRequestProvider : AuditRequestProvider { return httpServletRequest.getHeader(HEADER_USER_IDENTIFY_TENANT_ID) } - override fun getAccessType(): AccessTypeEnum? { + override fun getAccessType(): AccessTypeEnum { val httpServletRequest = getHttpServletRequest() - return AccessTypeEnum.valOf(httpServletRequest.getHeader(HEADER_ACCESS_TYPE)) + val accessTypeHeader = httpServletRequest.getHeader(HEADER_ACCESS_TYPE) + return when { + accessTypeHeader.contains("Mozilla") -> AccessTypeEnum.WEB + accessTypeHeader.contains("API") -> AccessTypeEnum.API + else -> AccessTypeEnum.OTHER + } } override fun getRequestId(): String? { diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt new file mode 100644 index 00000000000..2edbca5f7c7 --- /dev/null +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt @@ -0,0 +1,29 @@ +package com.tencent.devops.common.auth.api + +object ActionId { + // 流水线 + const val PIPELINE_CREATE = "pipeline_create" + const val PIPELINE_VIEW = "pipeline_view" + const val PIPELINE_EDIT = "pipeline_edit" + const val PIPELINE_DELETE = "pipeline_delete" + const val PIPELINE_EXECUTE = "pipeline_execute" + const val PIPELINE_LIST = "pipeline_list" + const val PIPELINE_SHARE = "pipeline_share" + const val PIPELINE_DOWNLOAD = "pipeline_download" + + // 凭据 + const val CREDENTIAL_CREATE = "credential_create" + const val CREDENTIAL_VIEW = "credential_view" + const val CREDENTIAL_EDIT = "credential_edit" + const val CREDENTIAL_DELETE = "credential_delete" + const val CREDENTIAL_LIST = "credential_list" + const val CREDENTIAL_USE = "credential_use" + + // 证书 + const val CERT_CREATE = "cert_create" + const val CERT_VIEW = "cert_view" + const val CERT_EDIT = "cert_edit" + const val CERT_DELETE = "cert_delete" + const val CERT_LIST = "cert_list" + const val CERT_USE = "cert_use" +} diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt new file mode 100644 index 00000000000..f212f949ab7 --- /dev/null +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt @@ -0,0 +1,7 @@ +package com.tencent.devops.common.auth.api + +object ResourceTypeId { + const val PIPELINE = "pipeline" + const val CREDENTIAL = "credential" + const val CERT_CREATE = "cert" +} diff --git a/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts b/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts index 2c058459137..34f917034e5 100644 --- a/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts +++ b/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts @@ -34,6 +34,7 @@ dependencies { api(project(":core:environment:api-environment")) api(project(":core:artifactory:api-artifactory")) api(project(":core:common:common-client")) + api(project(":core:common:common-audit")) api("io.jsonwebtoken:jjwt-api") runtimeOnly("io.jsonwebtoken:jjwt-impl") runtimeOnly("io.jsonwebtoken:jjwt-jackson") diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt index 7a7c4220718..ae920a75750 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt @@ -26,8 +26,10 @@ */ package com.tencent.devops.openapi.resources.apigw.v3 +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.web.RestResource @@ -99,6 +101,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun updatePipeline( appCode: String?, apigwType: String?, @@ -117,6 +120,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun uploadPipeline( appCode: String?, apigwType: String?, @@ -166,6 +170,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun delete( appCode: String?, apigwType: String?, @@ -182,6 +187,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun copy( userId: String, projectId: String, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt index 13832c8f14c..48ce16db413 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt @@ -26,7 +26,9 @@ */ package com.tencent.devops.openapi.resources.apigw.v3 +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.RestResource import com.tencent.devops.openapi.api.apigw.v3.ApigwTemplateInstanceResourceV3 @@ -42,6 +44,8 @@ import org.springframework.beans.factory.annotation.Autowired @RestResource class ApigwTemplateInstanceResourceV3Impl @Autowired constructor(private val client: Client) : ApigwTemplateInstanceResourceV3 { + + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt index b63784c397d..88105dcd785 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt @@ -26,8 +26,10 @@ */ package com.tencent.devops.openapi.resources.apigw.v4 +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.web.RestResource @@ -101,6 +103,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun updatePipeline( appCode: String?, apigwType: String?, @@ -119,6 +122,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun uploadPipeline( appCode: String?, apigwType: String?, @@ -185,6 +189,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun delete( appCode: String?, apigwType: String?, @@ -201,6 +206,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun copy( userId: String, projectId: String, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt index 131214acaca..53c2e39eb2e 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt @@ -26,7 +26,9 @@ */ package com.tencent.devops.openapi.resources.apigw.v4 +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.RestResource import com.tencent.devops.openapi.api.apigw.v4.ApigwTemplateInstanceResourceV4 @@ -42,6 +44,8 @@ import org.springframework.beans.factory.annotation.Autowired @RestResource class ApigwTemplateInstanceResourceV4Impl @Autowired constructor(private val client: Client) : ApigwTemplateInstanceResourceV4 { + + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt index 73d7a580239..61506b8d374 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt @@ -27,12 +27,14 @@ package com.tencent.devops.process.api +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_HAVE_PROJECT_PERMISSIONS import com.tencent.devops.common.api.exception.InvalidParamException import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.exception.PermissionForbiddenException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.AuthResourceType import com.tencent.devops.common.event.pojo.measure.PipelineLabelRelateInfo @@ -94,6 +96,7 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index e8a6fef3a5c..b7cd73ad463 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -27,6 +27,7 @@ package com.tencent.devops.process.api +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.InvalidParamException @@ -34,6 +35,7 @@ import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.MessageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.AuthResourceType import com.tencent.devops.common.client.Client @@ -139,6 +141,7 @@ class UserPipelineResourceImpl @Autowired constructor( } @Timed + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( userId: String, projectId: String, @@ -197,6 +200,7 @@ class UserPipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun copy( userId: String, projectId: String, @@ -227,6 +231,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(pid) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun edit(userId: String, projectId: String, pipelineId: String, pipeline: Model): Result { checkParam(userId, projectId) val pipelineResult = pipelineInfoFacadeService.editPipeline( @@ -250,6 +255,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveAll( userId: String, projectId: String, @@ -375,6 +381,7 @@ class UserPipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun softDelete(userId: String, projectId: String, pipelineId: String): Result { checkParam(userId, projectId) val deletePipeline = pipelineInfoFacadeService.deletePipeline( @@ -595,6 +602,7 @@ class UserPipelineResourceImpl @Autowired constructor( return pipelineInfoFacadeService.exportPipeline(userId, projectId, pipelineId) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun uploadPipeline( userId: String, pipelineInfo: PipelineModelAndSetting, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt index 3f10f11c290..97c89c56e76 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt @@ -27,7 +27,9 @@ package com.tencent.devops.process.api.service +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.pojo.AtomMarketInitPipelineReq import com.tencent.devops.common.pipeline.pojo.CheckImageInitPipelineReq import com.tencent.devops.common.web.RestResource @@ -43,6 +45,7 @@ class ServicePipelineInitResourceImpl @Autowired constructor( private val checkImageInitPipelineService: CheckImageInitPipelineService ) : ServicePipelineInitResource { + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun initAtomMarketPipeline( userId: String, projectCode: String, @@ -55,6 +58,7 @@ class ServicePipelineInitResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun initCheckImagePipeline( userId: String, projectCode: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt index b73a1c251bb..886035acc38 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt @@ -27,7 +27,9 @@ package com.tencent.devops.process.api.template +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.pojo.PipelineId import com.tencent.devops.process.pojo.enums.TemplateSortTypeEnum @@ -46,6 +48,7 @@ class UserTemplateInstanceResourceImpl @Autowired constructor( ) : UserTemplateInstanceResource { + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 102addf42e9..4a7477997f8 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -34,6 +34,7 @@ import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.bk.audit.constants.AuditAttributeNames +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE import com.tencent.devops.common.api.exception.ErrorCodeException @@ -43,7 +44,9 @@ import com.tencent.devops.common.api.exception.PipelineAlreadyExistException import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.Watcher +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model @@ -83,17 +86,17 @@ import com.tencent.devops.process.service.pipeline.PipelineSettingFacadeService import com.tencent.devops.process.service.view.PipelineViewGroupService import com.tencent.devops.process.template.service.TemplateService import com.tencent.devops.store.api.template.ServiceTemplateResource -import java.net.URLEncoder -import java.util.concurrent.TimeUnit -import javax.ws.rs.core.MediaType -import javax.ws.rs.core.Response -import javax.ws.rs.core.StreamingOutput import org.jooq.DSLContext import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Value import org.springframework.dao.DuplicateKeyException import org.springframework.stereotype.Service +import java.net.URLEncoder +import java.util.concurrent.TimeUnit +import javax.ws.rs.core.MediaType +import javax.ws.rs.core.Response +import javax.ws.rs.core.StreamingOutput @Suppress("ALL") @Service @@ -241,13 +244,10 @@ class PipelineInfoFacadeService @Autowired constructor( return Pair(pipelineInfo?.pipelineName ?: "", pipelineInfo?.version ?: 0) } - @AuditEntry(actionId = "pipeline_create") @ActionAuditRecord( - actionId = "pipeline_create", + actionId = ActionId.PIPELINE_CREATE, instance = AuditInstanceRecord( - resourceType = "pipeline", - instanceNames = "#model?.name", - instanceIds = "#$" + resourceType = ResourceTypeId.PIPELINE ), content = "create pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" @@ -453,7 +453,9 @@ class PipelineInfoFacadeService @Autowired constructor( pipelineId = pipelineId, userId = userId ) - + ActionAuditContext.current() + .setInstanceId(pipelineId) + .setInstanceName(model.name) success = true return pipelineId } catch (duplicateKeyException: DuplicateKeyException) { @@ -663,13 +665,10 @@ class PipelineInfoFacadeService @Autowired constructor( } } - @AuditEntry(actionId = "pipeline_edit") @ActionAuditRecord( - actionId = "pipeline_edit", + actionId = ActionId.PIPELINE_EDIT, instance = AuditInstanceRecord( - resourceType = "pipeline", - instanceNames = "#model?.name", - instanceIds = "#pipelineId" + resourceType = ResourceTypeId.PIPELINE ), content = "edit pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" @@ -767,6 +766,12 @@ class PipelineInfoFacadeService @Autowired constructor( if (checkPermission) { pipelinePermissionService.modifyResource(projectId, pipelineId, model.name) } + // 审计 + ActionAuditContext.current() + .setInstanceId(pipelineId) + .setInstanceName(model.name) + .setOriginInstance(existModel) + .setInstance(model) success = true return deployResult } finally { @@ -826,11 +831,11 @@ class PipelineInfoFacadeService @Autowired constructor( return pipelineResult } - @AuditEntry(actionId = "pipeline_view") + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) @ActionAuditRecord( - actionId = "pipeline_view", + actionId = ActionId.PIPELINE_VIEW, instance = AuditInstanceRecord( - resourceType = "pipeline", + resourceType = ResourceTypeId.PIPELINE, instanceNames = "#$?.name", instanceIds = "#pipelineId" ), @@ -932,11 +937,10 @@ class PipelineInfoFacadeService @Autowired constructor( } } - @AuditEntry(actionId = "pipeline_delete") @ActionAuditRecord( - actionId = "pipeline_delete", + actionId = ActionId.PIPELINE_DELETE, instance = AuditInstanceRecord( - resourceType = "pipeline", + resourceType = ResourceTypeId.PIPELINE, instanceNames = "#$?.pipelineName", instanceIds = "#pipelineId" ), diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index 17c9dba415f..d0ec224f0cd 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -32,7 +32,6 @@ import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.constants.AuditAttributeNames -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException @@ -46,7 +45,9 @@ import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil import com.tencent.devops.common.api.util.Watcher import com.tencent.devops.common.api.util.timestampmilli +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.event.pojo.measure.PipelineLabelRelateInfo import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.enums.BuildStatus @@ -434,11 +435,12 @@ class PipelineListFacadeService @Autowired constructor( * 其中 PIPELINE_VIEW_FAVORITE_PIPELINES,PIPELINE_VIEW_MY_PIPELINES,PIPELINE_VIEW_ALL_PIPELINES * 分别对应 我的收藏,我的流水线,全部流水线 */ - @AuditEntry(actionId = "pipeline_list") + @AuditEntry(actionId = ActionId.PIPELINE_LIST) @ActionAuditRecord( - actionId = "pipeline_list", + actionId = ActionId.PIPELINE_LIST, instance = AuditInstanceRecord( - resourceType = "pipeline" + resourceType = ResourceTypeId.PIPELINE, + instanceIds = "#projectId" ), content = "list pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + "({{" + AuditAttributeNames.INSTANCE_ID + "}})" @@ -705,12 +707,6 @@ class PipelineListFacadeService @Autowired constructor( ) } } - // 审计 - ActionAuditContext.current().apply { - instanceIdList = pipelineList.map { it.pipelineId } - instanceNameList = pipelineList.map { it.pipelineName } - } - watcher.stop() return PipelineViewPipelinePage( diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt index c85b4bd9ff3..710f4917317 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt @@ -43,7 +43,9 @@ import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.pojo.SimpleResult import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.enums.ActionType import com.tencent.devops.common.log.pojo.message.LogMessage @@ -558,11 +560,11 @@ class PipelineBuildFacadeService( } - @AuditEntry(actionId = "pipeline_execute") + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) @ActionAuditRecord( - actionId = "pipeline_execute", + actionId = ActionId.PIPELINE_EXECUTE, instance = AuditInstanceRecord( - resourceType = "pipeline", + resourceType = ResourceTypeId.PIPELINE, instanceIds = "#pipelineId" ), content = "execute pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + From fd1521f40d0108f11e10738584dd3b872c3502bf Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 18 Sep 2023 09:39:23 +0800 Subject: [PATCH 14/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/audit/ActionAuditContent.kt | 17 +++++++++++++++++ .../apigw/v3/ApigwPipelineResourceV3Impl.kt | 2 ++ .../apigw/v4/ApigwPipelineResourceV4Impl.kt | 2 ++ .../process/api/ServicePipelineResourceImpl.kt | 2 +- .../process/api/UserPipelineResourceImpl.kt | 2 ++ .../service/PipelineInfoFacadeService.kt | 14 +++++--------- .../service/PipelineListFacadeService.kt | 4 ++-- .../builds/PipelineBuildFacadeService.kt | 4 ++-- .../ci/core/store/biz-store/build.gradle.kts | 1 + .../common/impl/StoreIndexManageServiceImpl.kt | 3 +++ .../ci/core/stream/biz-stream/build.gradle.kts | 1 + .../resources/user/UserStreamGitResourceImpl.kt | 3 +++ .../stream/trigger/StreamYamlBaseBuild.kt | 3 +++ 13 files changed, 44 insertions(+), 14 deletions(-) create mode 100644 src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt new file mode 100644 index 00000000000..fa3bb2b6950 --- /dev/null +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -0,0 +1,17 @@ +package com.tencent.devops.common.audit + +import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_ID +import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_NAME + +object ActionAuditContent { + // 流水线 + private const val CONTENT_TEMPLATE = "[{{$INSTANCE_NAME}}]({{$INSTANCE_ID}})" + const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE" + const val PIPELINE_SHARE_CONTENT = "share pipeline $CONTENT_TEMPLATE" + const val PIPELINE_CREATE_CONTENT = "create pipeline $CONTENT_TEMPLATE" + const val PIPELINE_LIST_CONTENT = "list pipeline $CONTENT_TEMPLATE" + const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE" + const val PIPELINE_EDIT_CONTENT = "update pipeline $CONTENT_TEMPLATE" + const val PIPELINE_DELETE_CONTENT = "delete pipeline $CONTENT_TEMPLATE" + const val PIPELINE_EXECUTE_CONTENT = "execute pipeline $CONTENT_TEMPLATE" +} diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt index ae920a75750..77e0086ebdf 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt @@ -67,6 +67,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( appCode: String?, apigwType: String?, @@ -137,6 +138,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun get( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt index 88105dcd785..9f46fb86d7c 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt @@ -69,6 +69,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( appCode: String?, apigwType: String?, @@ -139,6 +140,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun get( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt index 61506b8d374..4d44065d83b 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt @@ -96,7 +96,6 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( userId: String, projectId: String, @@ -246,6 +245,7 @@ class ServicePipelineResourceImpl @Autowired constructor( return Result(pipelineResult) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun get( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index b7cd73ad463..7518e1cb3e3 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -324,6 +324,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun get(userId: String, projectId: String, pipelineId: String): Result { checkParam(userId, projectId) val pipeline = pipelineInfoFacadeService.getPipeline( @@ -336,6 +337,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(pipeline) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getVersion(userId: String, projectId: String, pipelineId: String, version: Int): Result { checkParam(userId, projectId) return Result( diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 4a7477997f8..3c1982d6da5 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -44,6 +44,7 @@ import com.tencent.devops.common.api.exception.PipelineAlreadyExistException import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.Watcher +import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.ResourceTypeId @@ -249,8 +250,7 @@ class PipelineInfoFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE ), - content = "create pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + content = ActionAuditContent.PIPELINE_CREATE_CONTENT ) fun createPipeline( userId: String, @@ -670,8 +670,7 @@ class PipelineInfoFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE ), - content = "edit pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + content = ActionAuditContent.PIPELINE_EDIT_CONTENT ) fun editPipeline( userId: String, @@ -831,7 +830,6 @@ class PipelineInfoFacadeService @Autowired constructor( return pipelineResult } - @AuditEntry(actionId = ActionId.PIPELINE_VIEW) @ActionAuditRecord( actionId = ActionId.PIPELINE_VIEW, instance = AuditInstanceRecord( @@ -839,8 +837,7 @@ class PipelineInfoFacadeService @Autowired constructor( instanceNames = "#$?.name", instanceIds = "#pipelineId" ), - content = "get pipeline info [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + content = ActionAuditContent.PIPELINE_VIEW_CONTENT ) fun getPipeline( userId: String, @@ -944,8 +941,7 @@ class PipelineInfoFacadeService @Autowired constructor( instanceNames = "#$?.pipelineName", instanceIds = "#pipelineId" ), - content = "delete pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + content = ActionAuditContent.PIPELINE_DELETE_CONTENT ) fun deletePipeline( userId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index d0ec224f0cd..e733276a272 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -45,6 +45,7 @@ import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil import com.tencent.devops.common.api.util.Watcher import com.tencent.devops.common.api.util.timestampmilli +import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.ResourceTypeId @@ -442,8 +443,7 @@ class PipelineListFacadeService @Autowired constructor( resourceType = ResourceTypeId.PIPELINE, instanceIds = "#projectId" ), - content = "list pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + content = ActionAuditContent.PIPELINE_LIST_CONTENT ) fun listViewPipelines( userId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt index 710f4917317..79e4d18fe96 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt @@ -43,6 +43,7 @@ import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.pojo.SimpleResult import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.ResourceTypeId @@ -567,8 +568,7 @@ class PipelineBuildFacadeService( resourceType = ResourceTypeId.PIPELINE, instanceIds = "#pipelineId" ), - content = "execute pipeline [{{" + AuditAttributeNames.INSTANCE_NAME + "}}]" + - "({{" + AuditAttributeNames.INSTANCE_ID + "}})" + content = ActionAuditContent.PIPELINE_EXECUTE_CONTENT ) fun buildManualStartup( userId: String, diff --git a/src/backend/ci/core/store/biz-store/build.gradle.kts b/src/backend/ci/core/store/biz-store/build.gradle.kts index ef78ad6c2d8..d10e65ce5de 100644 --- a/src/backend/ci/core/store/biz-store/build.gradle.kts +++ b/src/backend/ci/core/store/biz-store/build.gradle.kts @@ -30,6 +30,7 @@ dependencies { api(project(":core:common:common-service")) api(project(":core:common:common-db")) api(project(":core:common:common-websocket")) + api(project(":core:common:common-audit")) api(project(":core:store:api-store")) api(project(":core:project:api-project")) api(project(":core:process:api-process")) diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt index 29734ec8532..4ec696119a0 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt @@ -27,12 +27,14 @@ package com.tencent.devops.store.service.common.impl +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.ERROR_INVALID_PARAM_ import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.UUIDUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.enums.BuildStatus import com.tencent.devops.common.pipeline.enums.ChannelCode @@ -77,6 +79,7 @@ class StoreIndexManageServiceImpl @Autowired constructor( private val client: Client ) : StoreIndexManageService { + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun add(userId: String, storeIndexCreateRequest: StoreIndexCreateRequest): Result { val indexCode = storeIndexCreateRequest.indexCode // 验证指标代码是否已存在 diff --git a/src/backend/ci/core/stream/biz-stream/build.gradle.kts b/src/backend/ci/core/stream/biz-stream/build.gradle.kts index ea9a7fe3a87..6aeb60389f7 100644 --- a/src/backend/ci/core/stream/biz-stream/build.gradle.kts +++ b/src/backend/ci/core/stream/biz-stream/build.gradle.kts @@ -36,6 +36,7 @@ dependencies { api(project(":core:common:common-archive")) api(project(":core:common:common-db")) api(project(":core:common:common-scm")) + api(project(":core:common:common-audit")) api(project(":core:common:common-websocket")) api(project(":core:common:common-webhook:biz-common-webhook")) api(project(":core:store:api-store")) diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt index 44a0bef0e88..4a37003a913 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt @@ -27,9 +27,11 @@ package com.tencent.devops.stream.resources.user +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.PermissionForbiddenException import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.MessageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.RestResource @@ -156,6 +158,7 @@ class UserStreamGitResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun gitCodeCreateFile( userId: String, projectId: String, diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt index 8c1f632d7cf..c4d9635bb14 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt @@ -27,8 +27,10 @@ package com.tencent.devops.stream.trigger +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.util.JsonUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.pojo.pipeline.PipelineBuildCommitFinishEvent @@ -110,6 +112,7 @@ class StreamYamlBaseBuild @Autowired constructor( private val buildRunningDesc = "Running." + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) fun savePipeline( action: BaseAction, pipeline: StreamTriggerPipeline, From 10d49fda0b68515140de17e12175bdf4ca5c29ee Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 21 Sep 2023 14:58:55 +0800 Subject: [PATCH 15/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/kotlin/constants/Versions.kt | 2 +- .../biz-artifactory/build.gradle.kts | 1 + .../devops/common/audit/ActionAuditContent.kt | 33 +++- .../devops/common/auth/api/ActionId.kt | 3 + .../devops/common/auth/api/ResourceTypeId.kt | 3 +- .../apigw/v3/ApigwPipelineResourceV3Impl.kt | 16 +- .../apigw/v4/ApigwPipelineResourceV4Impl.kt | 16 +- .../core/process/api-process/build.gradle.kts | 1 + .../service/PipelineRepositoryService.kt | 9 ++ .../process/report/service/ReportService.kt | 6 + .../service/pipeline/PipelineBuildService.kt | 16 ++ .../core/process/biz-process/build.gradle.kts | 1 - .../process/api/ServiceReportResourceImpl.kt | 4 +- .../api/UserPipelineInfoResourceImpl.kt | 3 + .../process/api/UserPipelineResourceImpl.kt | 15 +- .../api/UserPipelineSettingResourceImpl.kt | 4 + .../api/op/OpPipelineSettingResourceImpl.kt | 3 + .../service/ServiceCallBackResourceImpl.kt | 3 + .../ServicePipelineSettingResourceImpl.kt | 3 + .../service/PipelineVersionFacadeService.kt | 14 ++ .../service/ProjectPipelineCallBackService.kt | 13 ++ .../service/PipelineInfoFacadeService.kt | 22 ++- .../service/PipelineListFacadeService.kt | 26 ++- .../builds/PipelineBuildFacadeService.kt | 15 -- .../pipeline/PipelineSettingFacadeService.kt | 23 +++ .../service/template/TemplateFacadeService.kt | 84 +++++++++- .../impl/StoreIndexPipelineServiceImpl.kt | 3 + .../user/UserStreamGitResourceImpl.kt | 1 - .../stream/service/StreamPipelineService.kt | 6 + .../stream/trigger/StreamYamlBaseBuild.kt | 5 +- .../stream/trigger/parsers/PipelineDelete.kt | 3 + .../core/ticket/biz-ticket/build.gradle.kts | 1 + .../devops/ticket/service/CertServiceImpl.kt | 148 +++++++++++++++++- .../ticket/service/CredentialServiceImpl.kt | 82 +++++++++- 34 files changed, 543 insertions(+), 45 deletions(-) diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index d6c2038ecd4..741c70e0876 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -47,5 +47,5 @@ object Versions { const val Okhttp = "4.9.0" const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.30-SNAPSHOT" - const val audit = "1.0.6" + const val audit = "1.0.6-alpla.5" } diff --git a/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts b/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts index b8c12fcfbd9..226070d3b98 100644 --- a/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts +++ b/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts @@ -30,6 +30,7 @@ dependencies { api(project(":core:common:common-web")) api(project(":core:common:common-client")) api(project(":core:common:common-archive")) + api(project(":core:common:common-audit")) api(project(":core:common:common-db")) api(project(":core:common:common-auth:common-auth-api")) api(project(":core:artifactory:api-artifactory")) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt index fa3bb2b6950..dffce4c3cf0 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -4,14 +4,45 @@ import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_ID import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_NAME object ActionAuditContent { - // 流水线 private const val CONTENT_TEMPLATE = "[{{$INSTANCE_NAME}}]({{$INSTANCE_ID}})" + + // 项目 + const val PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT = "restore pipeline $CONTENT_TEMPLATE" + const val PROJECT_MANAGE_CREATE_TEMPLATE_CONTENT = "create template $CONTENT_TEMPLATE" + const val PROJECT_MANAGE_COPY_TEMPLATE_CONTENT = "copy template $CONTENT_TEMPLATE" + const val PROJECT_MANAGE_SAVE_AS_TEMPLATE_CONTENT = "save as template $CONTENT_TEMPLATE" + const val PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT = "delete template $CONTENT_TEMPLATE" + const val PROJECT_MANAGE_UPDATE_TEMPLATE_SETTING_CONTENT = "update template setting $CONTENT_TEMPLATE" + const val PROJECT_MANAGE_UPDATE_TEMPLATE_CONTENT = "update template $CONTENT_TEMPLATE" + + // 流水线 const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE" const val PIPELINE_SHARE_CONTENT = "share pipeline $CONTENT_TEMPLATE" const val PIPELINE_CREATE_CONTENT = "create pipeline $CONTENT_TEMPLATE" const val PIPELINE_LIST_CONTENT = "list pipeline $CONTENT_TEMPLATE" const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE" const val PIPELINE_EDIT_CONTENT = "update pipeline $CONTENT_TEMPLATE" + const val PIPELINE_EDIT_SAVE_SETTING_CONTENT = "save pipeline setting $CONTENT_TEMPLATE" + const val PIPELINE_EDIT_EXPORT_PIPELINE_CONTENT = "export pipeline $CONTENT_TEMPLATE" + const val PIPELINE_EDIT_BIND_PIPELINE_CALLBACK_CONTENT = "bind pipeline call back $CONTENT_TEMPLATE" const val PIPELINE_DELETE_CONTENT = "delete pipeline $CONTENT_TEMPLATE" + const val PIPELINE_DELETE_VERSION_CONTENT = "delete pipeline version $CONTENT_TEMPLATE" const val PIPELINE_EXECUTE_CONTENT = "execute pipeline $CONTENT_TEMPLATE" + + // 证书 + const val CERT_CREATE_CONTENT = "create cert $CONTENT_TEMPLATE" + const val CERT_VIEW_CONTENT = "get cert info $CONTENT_TEMPLATE" + const val CERT_EDIT_CONTENT = "update cert $CONTENT_TEMPLATE" + const val CERT_DELETE_CONTENT = "delete cert $CONTENT_TEMPLATE" + const val CERT_LIST_CONTENT = "list cert $CONTENT_TEMPLATE" + const val CERT_USE_CONTENT = "use cert $CONTENT_TEMPLATE" + + // 凭据 + const val CREDENTIAL_CREATE_CONTENT = "create credential $CONTENT_TEMPLATE" + const val CREDENTIAL_VIEW_CONTENT = "get credential info $CONTENT_TEMPLATE" + const val CREDENTIAL_EDIT_CONTENT = "update credential $CONTENT_TEMPLATE" + const val CREDENTIAL_EDIT_SETTING_CONTENT = "update credential setting $CONTENT_TEMPLATE" + const val CREDENTIAL_DELETE_CONTENT = "delete credential $CONTENT_TEMPLATE" + const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE" + const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE" } diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt index 2edbca5f7c7..bd39db252d3 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt @@ -1,6 +1,9 @@ package com.tencent.devops.common.auth.api object ActionId { + // 项目 + const val PROJECT_MANAGE = "project_manage" + // 流水线 const val PIPELINE_CREATE = "pipeline_create" const val PIPELINE_VIEW = "pipeline_view" diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt index f212f949ab7..271c326aaef 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt @@ -1,7 +1,8 @@ package com.tencent.devops.common.auth.api object ResourceTypeId { + const val PROJECT = "project" const val PIPELINE = "pipeline" const val CREDENTIAL = "credential" - const val CERT_CREATE = "cert" + const val CERT = "cert" } diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt index 77e0086ebdf..493b238efcc 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt @@ -102,7 +102,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_DELETE) + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updatePipeline( appCode: String?, apigwType: String?, @@ -121,7 +121,10 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun uploadPipeline( appCode: String?, apigwType: String?, @@ -156,6 +159,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBatch( appCode: String?, apigwType: String?, @@ -189,7 +193,10 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun copy( userId: String, projectId: String, @@ -224,6 +231,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun rename( appCode: String?, apigwType: String?, @@ -236,6 +244,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( return client.get(ServicePipelineResource::class).rename(userId, projectId, pipelineId, name) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun restore( appCode: String?, apigwType: String?, @@ -247,6 +256,7 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( return client.get(ServicePipelineResource::class).restore(userId, projectId, pipelineId) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveSetting( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt index 9f46fb86d7c..f82cd5acab4 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt @@ -104,7 +104,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_DELETE) + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updatePipeline( appCode: String?, apigwType: String?, @@ -123,7 +123,10 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun uploadPipeline( appCode: String?, apigwType: String?, @@ -175,6 +178,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBatch( appCode: String?, apigwType: String?, @@ -208,7 +212,10 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun copy( userId: String, projectId: String, @@ -243,6 +250,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun rename( appCode: String?, apigwType: String?, @@ -255,6 +263,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( return client.get(ServicePipelineResource::class).rename(userId, projectId, pipelineId, name) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun restore( appCode: String?, apigwType: String?, @@ -266,6 +275,7 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( return client.get(ServicePipelineResource::class).restore(userId, projectId, pipelineId) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveSetting( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/process/api-process/build.gradle.kts b/src/backend/ci/core/process/api-process/build.gradle.kts index 734a4e7928f..90b5131dcf7 100644 --- a/src/backend/ci/core/process/api-process/build.gradle.kts +++ b/src/backend/ci/core/process/api-process/build.gradle.kts @@ -30,6 +30,7 @@ dependencies { api(project(":core:common:common-event")) api(project(":core:common:common-pipeline")) api(project(":core:common:common-archive")) + api(project(":core:common:common-audit")) api(project(":core:common:common-auth:common-auth-api")) api(project(":core:store:api-store")) api(project(":core:store:api-store-image")) diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt index 5fe32d9a445..89769810822 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt @@ -27,6 +27,7 @@ package com.tencent.devops.process.engine.service +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.DependNotFoundException import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.InvalidParamException @@ -34,6 +35,7 @@ import com.tencent.devops.common.api.pojo.PipelineAsCodeSettings import com.tencent.devops.common.api.util.DateTimeUtil import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.MessageUtil +import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.client.Client import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.pojo.pipeline.PipelineModelAnalysisEvent @@ -1129,6 +1131,13 @@ class PipelineRepositoryService constructor( val lock = PipelineModelLock(redisOperation, pipelineModelVersion.pipelineId) try { lock.lock() + // 审计 + ActionAuditContext.current().addInstanceInfo( + pipelineModelVersion.pipelineId, + pipelineModelVersion.pipelineId, + null, + pipelineModelVersion.model + ) pipelineResDao.updatePipelineModel(dslContext, userId, pipelineModelVersion) } finally { lock.unlock() diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt index e71e14ae51f..05a2f8bb340 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt @@ -27,6 +27,9 @@ package com.tencent.devops.process.report.service +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.client.Client import com.tencent.devops.common.notify.enums.EnumEmailFormat @@ -40,6 +43,9 @@ import com.tencent.devops.process.engine.service.PipelineTaskService import com.tencent.devops.process.pojo.Report import com.tencent.devops.common.archive.pojo.ReportListDTO import com.tencent.devops.common.archive.pojo.TaskReport +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.process.pojo.report.ReportEmail import com.tencent.devops.process.pojo.report.enums.ReportTypeEnum import com.tencent.devops.process.report.dao.ReportDao diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt index d04db0eeb19..395d8ff2f2d 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt @@ -27,7 +27,13 @@ package com.tencent.devops.process.service.pipeline +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.container.TriggerContainer import com.tencent.devops.common.pipeline.enums.BuildFormPropertyType @@ -93,6 +99,16 @@ class PipelineBuildService( private const val CONTEXT_PREFIX = "variables." } + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) + @ActionAuditRecord( + actionId = ActionId.PIPELINE_EXECUTE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceIds = "#pipeline?.pipelineId", + instanceNames = "#pipeline?.pipelineName" + ), + content = ActionAuditContent.PIPELINE_EXECUTE_CONTENT + ) fun startPipeline( userId: String, pipeline: PipelineInfo, diff --git a/src/backend/ci/core/process/biz-process/build.gradle.kts b/src/backend/ci/core/process/biz-process/build.gradle.kts index f2143cb43d4..a605bd355ce 100644 --- a/src/backend/ci/core/process/biz-process/build.gradle.kts +++ b/src/backend/ci/core/process/biz-process/build.gradle.kts @@ -33,7 +33,6 @@ dependencies { api(project(":core:common:common-archive")) api(project(":core:common:common-auth:common-auth-api")) api(project(":core:common:common-websocket")) - api(project(":core:common:common-audit")) api(project(":core:store:api-store")) api(project(":core:store:api-store-image")) api(project(":core:dispatch:api-dispatch")) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceReportResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceReportResourceImpl.kt index 6714256cb6d..f1eb5f2a915 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceReportResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceReportResourceImpl.kt @@ -29,13 +29,13 @@ package com.tencent.devops.process.api import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.archive.pojo.ReportListDTO +import com.tencent.devops.common.archive.pojo.TaskReport import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.api.service.ServiceReportResource import com.tencent.devops.process.constant.ProcessMessageCode import com.tencent.devops.process.permission.PipelinePermissionService -import com.tencent.devops.common.archive.pojo.ReportListDTO -import com.tencent.devops.common.archive.pojo.TaskReport import com.tencent.devops.process.report.service.ReportService import org.springframework.beans.factory.annotation.Autowired diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineInfoResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineInfoResourceImpl.kt index 5b312ac0fee..5185f29b338 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineInfoResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineInfoResourceImpl.kt @@ -27,9 +27,11 @@ package com.tencent.devops.process.api +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.api.user.UserPipelineInfoResource @@ -95,6 +97,7 @@ class UserPipelineInfoResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getPipelineInfo(userId: String, projectId: String, pipelineId: String): Result { return Result(pipelineListFacadeService.getPipelineDetail(userId, projectId, pipelineId)) } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index 7518e1cb3e3..ba60316c742 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -200,7 +200,10 @@ class UserPipelineResourceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun copy( userId: String, projectId: String, @@ -290,6 +293,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveSetting( userId: String, projectId: String, @@ -312,6 +316,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun rename(userId: String, projectId: String, pipelineId: String, name: PipelineName): Result { checkParam(userId, projectId) pipelineInfoFacadeService.renamePipeline( @@ -426,6 +431,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(result) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun deleteVersion( userId: String, projectId: String, @@ -458,6 +464,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(pipelineListFacadeService.getCount(userId, projectId)) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun restore(userId: String, projectId: String, pipelineId: String): Result { checkParam(userId, projectId) val restorePipeline = pipelineInfoFacadeService.restorePipeline( @@ -600,11 +607,15 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(pipelineGroupService.favorPipeline(userId, projectId, pipelineId, favor)) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun exportPipeline(userId: String, projectId: String, pipelineId: String): Response { return pipelineInfoFacadeService.exportPipeline(userId, projectId, pipelineId) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun uploadPipeline( userId: String, pipelineInfo: PipelineModelAndSetting, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt index 669d89d7b7a..e0d06b5ff58 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt @@ -27,7 +27,9 @@ package com.tencent.devops.process.api +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.api.user.UserPipelineSettingResource import com.tencent.devops.process.pojo.setting.PipelineCommonSetting @@ -39,6 +41,8 @@ import org.springframework.beans.factory.annotation.Autowired class UserPipelineSettingResourceImpl @Autowired constructor( private val pipelineSettingFacadeService: PipelineSettingFacadeService ) : UserPipelineSettingResource { + + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveSetting(userId: String, setting: PipelineSetting): Result { return Result(pipelineSettingFacadeService.saveSetting(userId, setting)) } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/op/OpPipelineSettingResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/op/OpPipelineSettingResourceImpl.kt index 2d83d4027a5..ba1ea19a456 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/op/OpPipelineSettingResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/op/OpPipelineSettingResourceImpl.kt @@ -27,11 +27,13 @@ package com.tencent.devops.process.api.op +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ExecuteException import com.tencent.devops.common.api.exception.InvalidParamException import com.tencent.devops.common.api.pojo.PipelineAsCodeSettings import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.MessageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.RestResource import com.tencent.devops.common.web.utils.I18nUtil @@ -59,6 +61,7 @@ class OpPipelineSettingResourceImpl @Autowired constructor( private val logger = LoggerFactory.getLogger(OpPipelineSettingResourceImpl::class.java) + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updateSetting(userId: String, setting: PipelineSetting): Result { return Result(pipelineSettingFacadeService.saveSetting(userId = userId, setting = setting)) } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt index e309984f44c..0eaa7e20daa 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt @@ -27,10 +27,12 @@ package com.tencent.devops.process.api.service +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.event.CallBackEvent import com.tencent.devops.common.pipeline.event.CallBackNetWorkRegionType import com.tencent.devops.common.pipeline.event.PipelineCallbackEvent @@ -156,6 +158,7 @@ class ServiceCallBackResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun createPipelineCallBack( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineSettingResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineSettingResourceImpl.kt index 9d246d7f8f1..136c194e28d 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineSettingResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineSettingResourceImpl.kt @@ -27,7 +27,9 @@ package com.tencent.devops.process.api.service +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.pojo.setting.PipelineSetting @@ -40,6 +42,7 @@ class ServicePipelineSettingResourceImpl @Autowired constructor( private val pipelineSettingFacadeService: PipelineSettingFacadeService ) : ServicePipelineSettingResource { + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updatePipelineModel( userId: String, updatePipelineModelRequest: UpdatePipelineModelRequest diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt index 3bf5641cdb3..510bbf20f89 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt @@ -27,11 +27,16 @@ package com.tencent.devops.process.engine.service +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.model.SQLLimit import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.web.utils.I18nUtil import com.tencent.devops.process.engine.pojo.PipelineInfo import com.tencent.devops.process.permission.PipelinePermissionService @@ -46,6 +51,15 @@ class PipelineVersionFacadeService @Autowired constructor( private val pipelinePermissionService: PipelinePermissionService ) { + @ActionAuditRecord( + actionId = ActionId.PIPELINE_DELETE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#$", + instanceIds = "#pipelineId" + ), + content = ActionAuditContent.PIPELINE_DELETE_VERSION_CONTENT + ) fun deletePipelineVersion( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt index eded651b461..5aa9a60d17b 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt @@ -27,14 +27,20 @@ package com.tencent.devops.process.engine.service +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.model.SQLPage import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.OkhttpUtils import com.tencent.devops.common.api.util.timestampmilli +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.AuthProjectApi +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.auth.code.PipelineAuthServiceCode import com.tencent.devops.common.client.Client import com.tencent.devops.common.notify.enums.NotifyType @@ -469,6 +475,13 @@ class ProjectPipelineCallBackService @Autowired constructor( } } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE + ), + content = ActionAuditContent.PIPELINE_EDIT_BIND_PIPELINE_CALLBACK_CONTENT + ) fun bindPipelineCallBack( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 3c1982d6da5..f7f3494dd7d 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -130,6 +130,14 @@ class PipelineInfoFacadeService @Autowired constructor( .expireAfterWrite(1, TimeUnit.HOURS) .build() + @ActionAuditRecord( + actionId = ActionId.PIPELINE_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceIds = "#pipelineId" + ), + content = ActionAuditContent.PIPELINE_EDIT_EXPORT_PIPELINE_CONTENT + ) fun exportPipeline(userId: String, projectId: String, pipelineId: String): Response { val language = I18nUtil.getLanguage(userId) val permission = AuthPermission.EDIT @@ -158,12 +166,15 @@ class PipelineInfoFacadeService @Autowired constructor( ?: throw OperationException( I18nUtil.getCodeLanMessage(ILLEGAL_PIPELINE_MODEL_JSON, language = I18nUtil.getLanguage(userId)) ) - // 适配兼容老数据 model.stages.forEach { it.transformCompatibility() } val modelAndSetting = PipelineModelAndSetting(model = model, setting = settingInfo) + + // 审计 + ActionAuditContext.current().setInstanceName(model.name) + logger.info("exportPipeline |$pipelineId | $projectId| $userId") return exportModelToFile(modelAndSetting, settingInfo.pipelineName) } @@ -494,6 +505,14 @@ class PipelineInfoFacadeService @Autowired constructor( /** * 还原已经删除的流水线 */ + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT, + instanceIds = "#pipelineId" + ), + content = ActionAuditContent.PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT + ) fun restorePipeline( userId: String, projectId: String, @@ -531,6 +550,7 @@ class PipelineInfoFacadeService @Autowired constructor( pipelineId = pipelineId, pipelineName = model.name ) + ActionAuditContext.current().setInstanceName(model.name) return DeployPipelineResult(pipelineId, pipelineName = model.name, version = model.latestVersion) } finally { watcher.stop() diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index e733276a272..f9da02ffe9c 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -31,7 +31,7 @@ import com.fasterxml.jackson.core.type.TypeReference import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.constants.AuditAttributeNames +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException @@ -180,6 +180,13 @@ class PipelineListFacadeService @Autowired constructor( } } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE + ), + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getBatchPipelinesWithModel( userId: String, projectId: String, @@ -212,6 +219,11 @@ class PipelineListFacadeService @Autowired constructor( userId = userId ) + ActionAuditContext.current().apply { + instanceIdList = buildPipelineRecords.map { it.pipelineId } + instanceNameList = buildPipelineRecords.map { it.pipelineName } + } + return buildPipelines( pipelineInfoRecords = buildPipelineRecords, projectId = projectId, @@ -1722,6 +1734,13 @@ class PipelineListFacadeService @Autowired constructor( return pipelineInfos } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE + ), + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getPipelineDetail( userId: String, projectId: String, @@ -1779,6 +1798,11 @@ class PipelineListFacadeService @Autowired constructor( val hasCollect = if (favorInfos != null) { favorInfos.size > 0 } else false + // 审计 + ActionAuditContext.current() + .setInstanceId(pipelineInfo.pipelineId) + .setInstanceName(pipelineInfo.pipelineName) + return PipelineDetailInfo( pipelineId = pipelineInfo.pipelineId, pipelineName = pipelineInfo.pipelineName, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt index 79e4d18fe96..f28d24e7ebc 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt @@ -560,16 +560,6 @@ class PipelineBuildFacadeService( } } - - @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) - @ActionAuditRecord( - actionId = ActionId.PIPELINE_EXECUTE, - instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PIPELINE, - instanceIds = "#pipelineId" - ), - content = ActionAuditContent.PIPELINE_EXECUTE_CONTENT - ) fun buildManualStartup( userId: String, startType: StartType, @@ -613,11 +603,6 @@ class PipelineBuildFacadeService( ) val startEpoch = System.currentTimeMillis() try { - /** - * 设置审计上下文实例名称 - */ - ActionAuditContext.current().setInstanceName(readyToBuildPipelineInfo.pipelineName) - val model = getModel(projectId, pipelineId) /** diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt index af2138be6a3..56a214965aa 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt @@ -27,13 +27,19 @@ package com.tencent.devops.process.service.pipeline +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_DEFAULT import com.tencent.devops.common.api.exception.PermissionForbiddenException import com.tencent.devops.common.api.pojo.PipelineAsCodeSettings import com.tencent.devops.common.api.util.MessageUtil +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.auth.api.AuthResourceType +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.client.Client import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.pipeline.enums.ChannelCode @@ -81,8 +87,18 @@ class PipelineSettingFacadeService @Autowired constructor( private val pipelineEventDispatcher: PipelineEventDispatcher ) { + @ActionAuditRecord( + actionId = ActionId.PIPELINE_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceIds = "#setting?.pipelineId", + instanceNames = "#setting?.pipelineName" + ), + content = ActionAuditContent.PIPELINE_EDIT_SAVE_SETTING_CONTENT + ) fun saveSetting( userId: String, + @AuditRequestBody setting: PipelineSetting, checkPermission: Boolean = true, version: Int = 0, @@ -282,6 +298,13 @@ class PipelineSettingFacadeService @Autowired constructor( } } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE + ), + content = ActionAuditContent.PIPELINE_EDIT_CONTENT + ) fun updatePipelineModel( userId: String, updatePipelineModelRequest: UpdatePipelineModelRequest, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt index 8d596c7ac20..eab2f4a9806 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt @@ -29,6 +29,10 @@ package com.tencent.devops.process.service.template import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.module.kotlin.readValue +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_UPDATED_TIME import com.tencent.devops.common.api.constant.KEY_VERSION @@ -40,7 +44,10 @@ import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.UUIDUtil import com.tencent.devops.common.api.util.timestampmilli +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.container.Container @@ -187,6 +194,14 @@ class TemplateFacadeService @Autowired constructor( @Value("\${template.maxErrorReasonLength:200}") private val maxErrorReasonLength: Int = 200 + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT + ), + content = ActionAuditContent.PROJECT_MANAGE_CREATE_TEMPLATE_CONTENT + ) fun createTemplate(projectId: String, userId: String, template: Model): String { logger.info("Start to create the template ${template.name} by user $userId") checkPermission(projectId, userId) @@ -217,10 +232,20 @@ class TemplateFacadeService @Autowired constructor( ) logger.info("Get the template version $version") } - + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(template.name) return templateId } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT, + instanceIds = "#srcTemplateId", + instanceNames = "#copyTemplateReq?.templateName" + ), + content = ActionAuditContent.PROJECT_MANAGE_COPY_TEMPLATE_CONTENT + ) fun copyTemplate( userId: String, projectId: String, @@ -283,6 +308,14 @@ class TemplateFacadeService @Autowired constructor( /** * 流水线另存为模版 */ + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT + ), + content = ActionAuditContent.PROJECT_MANAGE_SAVE_AS_TEMPLATE_CONTENT + ) fun saveAsTemplate( userId: String, projectId: String, @@ -334,17 +367,25 @@ class TemplateFacadeService @Autowired constructor( isTemplate = true ) } - + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(saveAsTemplateReq.templateName) logger.info("Get the template version $version") } - return templateId } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT + ), + content = ActionAuditContent.PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT + ) fun deleteTemplate(projectId: String, userId: String, templateId: String): Boolean { logger.info("Start to delete the template $templateId by user $userId") checkPermission(projectId, userId) val template = templateDao.getLatestTemplate(dslContext, templateId) + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(template.templateName) dslContext.transaction { configuration -> val context = DSL.using(configuration) val instanceSize = templatePipelineDao.countByVersionFeat( @@ -384,9 +425,18 @@ class TemplateFacadeService @Autowired constructor( return true } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT + ), + content = ActionAuditContent.PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT + ) fun deleteTemplate(projectId: String, userId: String, templateId: String, version: Long): Boolean { logger.info("Start to delete the template [$projectId|$userId|$templateId|$version]") checkPermission(projectId, userId) + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(templateId) return dslContext.transactionResult { configuration -> val context = DSL.using(configuration) val instanceSize = @@ -413,9 +463,18 @@ class TemplateFacadeService @Autowired constructor( } } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT + ), + content = ActionAuditContent.PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT + ) fun deleteTemplate(projectId: String, userId: String, templateId: String, versionName: String): Boolean { logger.info("Start to delete the template [$projectId|$userId|$templateId|$versionName]") checkPermission(projectId, userId) + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(templateId) dslContext.transaction { configuration -> val context = DSL.using(configuration) val instanceSize = @@ -446,6 +505,14 @@ class TemplateFacadeService @Autowired constructor( return true } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT + ), + content = ActionAuditContent.PROJECT_MANAGE_UPDATE_TEMPLATE_CONTENT + ) fun updateTemplate( projectId: String, userId: String, @@ -464,6 +531,7 @@ class TemplateFacadeService @Autowired constructor( } var version: Long = 0 checkTemplateName(dslContext, template.name, projectId, templateId) + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(template.name) updateModelParam(template) dslContext.transaction { configuration -> val context = DSL.using(configuration) @@ -513,6 +581,14 @@ class TemplateFacadeService @Autowired constructor( return version } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @ActionAuditRecord( + actionId = ActionId.PROJECT_MANAGE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PROJECT + ), + content = ActionAuditContent.PROJECT_MANAGE_UPDATE_TEMPLATE_SETTING_CONTENT + ) fun updateTemplateSetting( projectId: String, userId: String, @@ -521,6 +597,7 @@ class TemplateFacadeService @Autowired constructor( ): Boolean { logger.info("Start to update the template setting - [$projectId|$userId|$templateId]") checkPermission(projectId, userId) + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(templateId) dslContext.transaction { configuration -> val context = DSL.using(configuration) checkTemplateName( @@ -1427,6 +1504,7 @@ class TemplateFacadeService @Autowired constructor( return TemplateOperationRet(0, TemplateOperationMessage(successPipelines, failurePipelines, messages), "") } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) fun updateTemplateInstanceInfo( userId: String, useTemplateSettings: Boolean, diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt index 8f282e39677..b3a3b058f75 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt @@ -26,11 +26,13 @@ */ package com.tencent.devops.store.service.common.impl +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_VERSION import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.UUIDUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.enums.ChannelCode @@ -71,6 +73,7 @@ class StoreIndexPipelineServiceImpl @Autowired constructor( * @param storeIndexPipelineInitRequest 初始化研发商店指标流水线请求报文 * @return 布尔值 */ + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun initStoreIndexPipeline( userId: String, storeIndexPipelineInitRequest: StoreIndexPipelineInitRequest diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt index 4a37003a913..d758066bbfc 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt @@ -158,7 +158,6 @@ class UserStreamGitResourceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun gitCodeCreateFile( userId: String, projectId: String, diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt index 0c090dcec5d..ab3d56fd01d 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt @@ -27,9 +27,11 @@ package com.tencent.devops.stream.service +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.CustomException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.enums.ChannelCode @@ -289,6 +291,10 @@ class StreamPipelineService @Autowired constructor( ) } + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) fun savePipeline( pipeline: StreamTriggerPipeline, userId: String, diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt index c4d9635bb14..deef97ad466 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt @@ -112,7 +112,10 @@ class StreamYamlBaseBuild @Autowired constructor( private val buildRunningDesc = "Running." - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) fun savePipeline( action: BaseAction, pipeline: StreamTriggerPipeline, diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt index 1ac4ea5a989..f643c62751b 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt @@ -27,6 +27,8 @@ package com.tencent.devops.stream.trigger.parsers +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.redis.RedisLock @@ -91,6 +93,7 @@ class PipelineDelete @Autowired constructor( } } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) fun delete( action: BaseAction, gitProjectId: String, diff --git a/src/backend/ci/core/ticket/biz-ticket/build.gradle.kts b/src/backend/ci/core/ticket/biz-ticket/build.gradle.kts index d26c27a0c58..ec2e3e9162a 100644 --- a/src/backend/ci/core/ticket/biz-ticket/build.gradle.kts +++ b/src/backend/ci/core/ticket/biz-ticket/build.gradle.kts @@ -32,6 +32,7 @@ dependencies { api(project(":core:common:common-auth:common-auth-api")) api(project(":core:common:common-db")) api(project(":core:common:common-auth:common-auth-rbac")) + api(project(":core:common:common-audit")) api(project(":core:process:api-process")) api(project(":core:ticket:api-ticket")) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt index e295d7165e0..2c33e7477ae 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt @@ -27,6 +27,9 @@ package com.tencent.devops.ticket.service +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.devops.common.api.exception.OperationException import com.tencent.devops.common.api.exception.RemoteServiceException import com.tencent.devops.common.api.model.SQLPage @@ -34,7 +37,10 @@ import com.tencent.devops.common.api.util.DHUtil import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.ShaUtils import com.tencent.devops.common.api.util.timestamp +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.utils.I18nUtil import com.tencent.devops.process.api.service.ServiceBuildResource @@ -68,17 +74,17 @@ import com.tencent.devops.ticket.pojo.CertWithPermission import com.tencent.devops.ticket.pojo.enums.CertAndroidType import com.tencent.devops.ticket.pojo.enums.CertType import com.tencent.devops.ticket.util.MobileProvisionUtil -import java.io.ByteArrayOutputStream -import java.io.InputStream -import java.nio.charset.Charset -import java.time.LocalDateTime -import java.util.Base64 import org.glassfish.jersey.media.multipart.FormDataContentDisposition import org.jooq.DSLContext import org.jooq.impl.DSL import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Service +import java.io.ByteArrayOutputStream +import java.io.InputStream +import java.nio.charset.Charset +import java.time.LocalDateTime +import java.util.Base64 @Suppress("ALL") @Service @@ -95,6 +101,18 @@ class CertServiceImpl @Autowired constructor( private val certMaxSize = 64 * 1024 private val certIdMaxSize = 32 + @AuditEntry( + actionId = ActionId.CERT_CREATE + ) + @ActionAuditRecord( + actionId = ActionId.CERT_CREATE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_CREATE_CONTENT + ) override fun uploadIos( userId: String, projectId: String, @@ -222,6 +240,16 @@ class CertServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CERT_EDIT) + @ActionAuditRecord( + actionId = ActionId.CERT_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_EDIT_CONTENT + ) override fun updateIos( userId: String, projectId: String, @@ -346,6 +374,16 @@ class CertServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CERT_CREATE) + @ActionAuditRecord( + actionId = ActionId.CERT_CREATE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_CREATE_CONTENT + ) override fun uploadEnterprise( userId: String, projectId: String, @@ -457,6 +495,16 @@ class CertServiceImpl @Autowired constructor( } } + @AuditEntry(actionId = ActionId.CERT_EDIT) + @ActionAuditRecord( + actionId = ActionId.CERT_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_EDIT_CONTENT + ) override fun updateEnterprise( userId: String, projectId: String, @@ -559,6 +607,16 @@ class CertServiceImpl @Autowired constructor( } } + @AuditEntry(actionId = ActionId.CERT_CREATE) + @ActionAuditRecord( + actionId = ActionId.CERT_CREATE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_CREATE_CONTENT + ) override fun uploadAndroid( userId: String, projectId: String, @@ -689,6 +747,16 @@ class CertServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CERT_EDIT) + @ActionAuditRecord( + actionId = ActionId.CERT_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_EDIT_CONTENT + ) override fun updateAndroid( userId: String, projectId: String, @@ -822,6 +890,16 @@ class CertServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CERT_CREATE) + @ActionAuditRecord( + actionId = ActionId.CERT_CREATE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_CREATE_CONTENT + ) override fun uploadTls( userId: String, projectId: String, @@ -962,6 +1040,16 @@ class CertServiceImpl @Autowired constructor( } } + @AuditEntry(actionId = ActionId.CERT_EDIT) + @ActionAuditRecord( + actionId = ActionId.CERT_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_EDIT_CONTENT + ) override fun updateTls( userId: String, projectId: String, @@ -1108,6 +1196,16 @@ class CertServiceImpl @Autowired constructor( } } + @AuditEntry(actionId = ActionId.CERT_DELETE) + @ActionAuditRecord( + actionId = ActionId.CERT_DELETE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_DELETE_CONTENT + ) override fun delete(userId: String, projectId: String, certId: String) { val delete = AuthPermission.DELETE certPermissionService.validatePermission( @@ -1232,6 +1330,16 @@ class CertServiceImpl @Autowired constructor( return SQLPage(count, certList) } + @AuditEntry(actionId = ActionId.CERT_VIEW) + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun getIos(userId: String, projectId: String, certId: String): CertIOSInfo { certPermissionService.validatePermission( userId = userId, @@ -1253,6 +1361,16 @@ class CertServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CERT_VIEW) + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun getEnterprise(projectId: String, certId: String): CertEnterpriseInfo { val certRecord = certDao.get(dslContext, projectId, certId) return CertEnterpriseInfo( @@ -1262,6 +1380,16 @@ class CertServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CERT_VIEW) + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun getAndroid(userId: String, projectId: String, certId: String): CertAndroidInfo { certPermissionService.validatePermission( userId = userId, @@ -1284,6 +1412,16 @@ class CertServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CERT_VIEW) + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun getTls(projectId: String, certId: String): CertTlsInfo { val certRecord = certDao.get(dslContext, projectId, certId) val certTlsRecord = certTlsDao.get(dslContext, projectId, certId) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index f91ab75c40d..aaf00e40cf2 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -27,6 +27,11 @@ package com.tencent.devops.ticket.service +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.annotations.AuditRequestBody +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.TEMPLATE_ACROSS_INFO_ID import com.tencent.devops.common.api.exception.CustomException import com.tencent.devops.common.api.exception.ErrorCodeException @@ -35,7 +40,10 @@ import com.tencent.devops.common.api.model.SQLPage import com.tencent.devops.common.api.util.DHUtil import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.timestamp +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.auth.api.pojo.BkAuthGroup import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.utils.I18nUtil @@ -56,13 +64,13 @@ import com.tencent.devops.ticket.pojo.CredentialSettingUpdate import com.tencent.devops.ticket.pojo.CredentialUpdate import com.tencent.devops.ticket.pojo.CredentialWithPermission import com.tencent.devops.ticket.pojo.enums.CredentialType -import java.util.Base64 -import javax.ws.rs.NotFoundException -import javax.ws.rs.core.Response import org.jooq.DSLContext import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Service +import java.util.Base64 +import javax.ws.rs.NotFoundException +import javax.ws.rs.core.Response @Suppress("ALL") @Service @@ -118,6 +126,16 @@ class CredentialServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CREDENTIAL_CREATE) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_CREATE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceIds = "#credential?.credentialId", + instanceNames = "#credential?.credentialName" + ), + content = ActionAuditContent.CREDENTIAL_CREATE_CONTENT + ) override fun userCreate( userId: String, projectId: String, @@ -196,7 +214,23 @@ class CredentialServiceImpl @Autowired constructor( credentialPermissionService.createResource(userId, projectId, credential.credentialId, authGroupList) } - override fun userEdit(userId: String, projectId: String, credentialId: String, credential: CredentialUpdate) { + @AuditEntry(actionId = ActionId.CREDENTIAL_EDIT) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceIds = "#credentialId", + instanceNames = "#credential?.credentialName" + ), + content = ActionAuditContent.CREDENTIAL_EDIT_CONTENT + ) + override fun userEdit( + userId: String, + projectId: String, + credentialId: String, + @AuditRequestBody + credential: CredentialUpdate + ) { val edit = AuthPermission.EDIT credentialPermissionService.validatePermission( userId = userId, @@ -223,10 +257,21 @@ class CredentialServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CREDENTIAL_EDIT) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_EDIT, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceIds = "#credentialId", + instanceNames = "#credentialId" + ), + content = ActionAuditContent.CREDENTIAL_EDIT_SETTING_CONTENT + ) override fun userSettingEdit( userId: String, projectId: String, credentialId: String, + @AuditRequestBody credentialSetting: CredentialSettingUpdate ): Boolean { val edit = AuthPermission.EDIT @@ -255,6 +300,16 @@ class CredentialServiceImpl @Autowired constructor( ) > 0 } + @AuditEntry(actionId = ActionId.CREDENTIAL_DELETE) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_DELETE, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceIds = "#credentialId", + instanceNames = "#credentialId" + ), + content = ActionAuditContent.CREDENTIAL_DELETE_CONTENT + ) override fun userDelete(userId: String, projectId: String, credentialId: String) { val delete = AuthPermission.DELETE credentialPermissionService.validatePermission( @@ -416,6 +471,14 @@ class CredentialServiceImpl @Autowired constructor( } } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun userShow(userId: String, projectId: String, credentialId: String): CredentialWithPermission { val view = AuthPermission.VIEW credentialPermissionService.validatePermission( @@ -443,6 +506,7 @@ class CredentialServiceImpl @Autowired constructor( val credentialRecord = credentialDao.get(dslContext, projectId, credentialId) + ActionAuditContext.current().setInstanceName(credentialRecord.credentialName).setInstanceId(credentialRecord.credentialId) return CredentialWithPermission( credentialId = credentialId, credentialName = credentialRecord.credentialName ?: credentialId, @@ -462,6 +526,14 @@ class CredentialServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun userGet(userId: String, projectId: String, credentialId: String): CredentialWithPermission { val view = AuthPermission.VIEW credentialPermissionService.validatePermission( @@ -488,6 +560,8 @@ class CredentialServiceImpl @Autowired constructor( credentialPermissionService.validatePermission(userId, projectId, credentialId, AuthPermission.EDIT) val credentialRecord = credentialDao.get(dslContext, projectId, credentialId) + + ActionAuditContext.current().setInstanceId(credentialRecord.credentialId).setInstanceName(credentialRecord.credentialName) return CredentialWithPermission( credentialId = credentialId, credentialName = credentialRecord.credentialName ?: credentialId, From 7103c0e2d3ee9f3002785afe3ae7974baf83b94b Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 21 Sep 2023 16:03:19 +0800 Subject: [PATCH 16/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/common/audit/BkAuditRequestProvider.kt | 7 ------- src/backend/ci/gradle.properties | 1 - src/backend/ci/settings.gradle.kts | 2 +- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index 44207945325..4bd70b7541e 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -5,7 +5,6 @@ import com.tencent.bk.audit.constants.AccessTypeEnum import com.tencent.bk.audit.constants.UserIdentifyTypeEnum import com.tencent.bk.audit.exception.AuditException import com.tencent.bk.audit.model.AuditHttpRequest -import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import org.slf4j.LoggerFactory import org.springframework.web.context.request.RequestContextHolder @@ -19,7 +18,6 @@ class BkAuditRequestProvider : AuditRequestProvider { private const val HEADER_USER_IDENTIFY_TYPE = "X-User-Identify-Type" private const val HEADER_ACCESS_TYPE = "USER-AGENT" private const val HEADER_REQUEST_ID = "X-DEVOPS-RID" - private const val HEADER_BK_APP_CODE = AUTH_HEADER_DEVOPS_APP_CODE private val logger = LoggerFactory.getLogger(BkAuditRequestProvider::class.java) } @@ -69,11 +67,6 @@ class BkAuditRequestProvider : AuditRequestProvider { return httpServletRequest.getHeader(HEADER_REQUEST_ID) } - override fun getBkAppCode(): String? { - val httpServletRequest = getHttpServletRequest() - return httpServletRequest.getHeader(HEADER_BK_APP_CODE) - } - override fun getClientIp(): String? { val request = getHttpServletRequest() val xff = request.getHeader("X-Forwarded-For") diff --git a/src/backend/ci/gradle.properties b/src/backend/ci/gradle.properties index 3f89cd3f4f8..56e48de0785 100644 --- a/src/backend/ci/gradle.properties +++ b/src/backend/ci/gradle.properties @@ -40,4 +40,3 @@ org.gradle.parallel=true org.gradle.caching=true org.gradle.jvmargs=-Xms2g -Xmx4g org.gradle.daemon.idletimeout=300000 -EXTRA_MAVEN_REPO_URLS=https://mirrors.tencent.com/repository/maven/bk-audit-java-sdk/ diff --git a/src/backend/ci/settings.gradle.kts b/src/backend/ci/settings.gradle.kts index e3c81ac2e84..c2f0a4e810f 100644 --- a/src/backend/ci/settings.gradle.kts +++ b/src/backend/ci/settings.gradle.kts @@ -72,6 +72,7 @@ include(":core:common:common-stream") include(":core:common:common-expression") include(":core:common:common-test") include(":core:common:common-auth") +include(":core:common:common-audit") include(":core:common:common-kubernetes") include(":core:common:common-auth:common-auth-api") include(":core:common:common-auth:common-auth-mock") @@ -267,4 +268,3 @@ include(":core:metrics:biz-metrics") include(":core:metrics:biz-metrics-sample") include(":core:metrics:boot-metrics") include(":core:metrics:model-metrics") -include(":core:common:common-audit") From 45f486b5ef23bd44c9244ff1ab4f52ca08810bc4 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 21 Sep 2023 18:21:08 +0800 Subject: [PATCH 17/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/process/api/UserPipelineResourceImpl.kt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index ba60316c742..b37f9404642 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -411,6 +411,7 @@ class UserPipelineResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun batchDelete(userId: String, batchDeletePipeline: BatchDeletePipeline): Result> { val pipelineIds = batchDeletePipeline.pipelineIds if (pipelineIds.isEmpty()) { From 9183d6b555db557e1e6eb10f7129a35e37e5f320 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 21 Sep 2023 20:24:52 +0800 Subject: [PATCH 18/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ticket/service/CredentialServiceImpl.kt | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index aaf00e40cf2..5dfb06e7498 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -582,6 +582,14 @@ class CredentialServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun buildGet( projectId: String, buildId: String, @@ -618,6 +626,16 @@ class CredentialServiceImpl @Autowired constructor( return serviceGetAcrossProject(targetProjectId, credentialId, publicKey) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceNames = "#credentialId", + instanceIds = "#credentialId" + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun buildGetDetail( projectId: String, buildId: String, @@ -660,6 +678,16 @@ class CredentialServiceImpl @Autowired constructor( return credentialInfo(publicKey, credentialRecord) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceNames = "#credentialId", + instanceIds = "#credentialId" + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun serviceGetAcrossProject( targetProjectId: String, credentialId: String, @@ -715,6 +743,16 @@ class CredentialServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceNames = "#credentialId", + instanceIds = "#credentialId" + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun serviceGet(projectId: String, credentialId: String): Credential { val record = credentialDao.get(dslContext, projectId, credentialId) @@ -753,6 +791,14 @@ class CredentialServiceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun getCredentialByIds(projectId: String?, credentialIds: Set): List? { val records = credentialDao.listByProject( dslContext = dslContext, @@ -764,6 +810,11 @@ class CredentialServiceImpl @Autowired constructor( keyword = null ) return records.map { + ActionAuditContext.current().addInstanceInfo( + it.credentialId, + it.credentialName, + null,null + ) Credential( credentialId = it.credentialId, credentialName = it.credentialName ?: it.credentialId, @@ -780,6 +831,14 @@ class CredentialServiceImpl @Autowired constructor( } } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun searchByCredentialId( projectId: String, offset: Int, @@ -795,6 +854,11 @@ class CredentialServiceImpl @Autowired constructor( credentialId = credentialId ) val result = credentialRecords.map { + ActionAuditContext.current().addInstanceInfo( + it.credentialId, + it.credentialName, + null,null + ) Credential( credentialId = it.credentialId, credentialName = it.credentialName ?: it.credentialId, From 846501012252b179a0b5fb7cb40e7e66dd638eb9 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 22 Sep 2023 10:22:54 +0800 Subject: [PATCH 19/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/process/service/PipelineListFacadeService.kt | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index f9da02ffe9c..b7d7ce0d8f4 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -448,15 +448,6 @@ class PipelineListFacadeService @Autowired constructor( * 其中 PIPELINE_VIEW_FAVORITE_PIPELINES,PIPELINE_VIEW_MY_PIPELINES,PIPELINE_VIEW_ALL_PIPELINES * 分别对应 我的收藏,我的流水线,全部流水线 */ - @AuditEntry(actionId = ActionId.PIPELINE_LIST) - @ActionAuditRecord( - actionId = ActionId.PIPELINE_LIST, - instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PIPELINE, - instanceIds = "#projectId" - ), - content = ActionAuditContent.PIPELINE_LIST_CONTENT - ) fun listViewPipelines( userId: String, projectId: String, From e04cb1383136a7cc783ff15fc7ee9bbb7a7704db Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 26 Sep 2023 10:17:01 +0800 Subject: [PATCH 20/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../apigw/v3/ApigwPipelineResourceV3Impl.kt | 15 --------------- .../v3/ApigwTemplateInstanceResourceV3Impl.kt | 1 - .../apigw/v4/ApigwPipelineResourceV4Impl.kt | 16 ---------------- .../v4/ApigwTemplateInstanceResourceV4Impl.kt | 1 - .../process/api/ServicePipelineResourceImpl.kt | 18 +++++++++++++++++- .../process/api/UserPipelineResourceImpl.kt | 1 - .../service/ServicePipelineInitResourceImpl.kt | 2 -- .../UserTemplateInstanceResourceImpl.kt | 1 - .../service/PipelineInfoFacadeService.kt | 1 + .../impl/AtomIndexTriggerCalServiceImpl.kt | 2 ++ .../common/impl/StoreIndexManageServiceImpl.kt | 1 - .../impl/StoreIndexPipelineServiceImpl.kt | 1 - .../user/UserStreamPipelineResourceImpl.kt | 2 ++ .../stream/service/StreamPipelineService.kt | 4 ---- .../stream/trigger/StreamYamlBaseBuild.kt | 4 ---- .../stream/trigger/parsers/PipelineDelete.kt | 1 - 16 files changed, 22 insertions(+), 49 deletions(-) diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt index 493b238efcc..658f43c8c51 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt @@ -67,7 +67,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( appCode: String?, apigwType: String?, @@ -102,7 +101,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updatePipeline( appCode: String?, apigwType: String?, @@ -121,10 +119,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry( - actionId = ActionId.PIPELINE_CREATE, - subActionIds = [ActionId.PIPELINE_EDIT] - ) override fun uploadPipeline( appCode: String?, apigwType: String?, @@ -141,7 +135,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun get( appCode: String?, apigwType: String?, @@ -159,7 +152,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBatch( appCode: String?, apigwType: String?, @@ -176,7 +168,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun delete( appCode: String?, apigwType: String?, @@ -193,10 +184,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry( - actionId = ActionId.PIPELINE_CREATE, - subActionIds = [ActionId.PIPELINE_EDIT] - ) override fun copy( userId: String, projectId: String, @@ -231,7 +218,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun rename( appCode: String?, apigwType: String?, @@ -256,7 +242,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( return client.get(ServicePipelineResource::class).restore(userId, projectId, pipelineId) } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveSetting( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt index 48ce16db413..f913e64134b 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt @@ -45,7 +45,6 @@ import org.springframework.beans.factory.annotation.Autowired class ApigwTemplateInstanceResourceV3Impl @Autowired constructor(private val client: Client) : ApigwTemplateInstanceResourceV3 { - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt index f82cd5acab4..226f9e55902 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt @@ -69,7 +69,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( appCode: String?, apigwType: String?, @@ -104,7 +103,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updatePipeline( appCode: String?, apigwType: String?, @@ -123,10 +121,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry( - actionId = ActionId.PIPELINE_CREATE, - subActionIds = [ActionId.PIPELINE_EDIT] - ) override fun uploadPipeline( appCode: String?, apigwType: String?, @@ -143,7 +137,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun get( appCode: String?, apigwType: String?, @@ -178,7 +171,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBatch( appCode: String?, apigwType: String?, @@ -195,7 +187,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun delete( appCode: String?, apigwType: String?, @@ -212,10 +203,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry( - actionId = ActionId.PIPELINE_CREATE, - subActionIds = [ActionId.PIPELINE_EDIT] - ) override fun copy( userId: String, projectId: String, @@ -250,7 +237,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun rename( appCode: String?, apigwType: String?, @@ -263,7 +249,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( return client.get(ServicePipelineResource::class).rename(userId, projectId, pipelineId, name) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun restore( appCode: String?, apigwType: String?, @@ -275,7 +260,6 @@ class ApigwPipelineResourceV4Impl @Autowired constructor( return client.get(ServicePipelineResource::class).restore(userId, projectId, pipelineId) } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveSetting( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt index 53c2e39eb2e..5ed17d99e58 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt @@ -45,7 +45,6 @@ import org.springframework.beans.factory.annotation.Autowired class ApigwTemplateInstanceResourceV4Impl @Autowired constructor(private val client: Client) : ApigwTemplateInstanceResourceV4 { - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt index 4d44065d83b..cd7bd955455 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt @@ -119,6 +119,7 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun edit( userId: String, projectId: String, @@ -151,6 +152,10 @@ class ServicePipelineResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun copy( userId: String, projectId: String, @@ -181,6 +186,10 @@ class ServicePipelineResourceImpl @Autowired constructor( return Result(pid) } + @AuditEntry( + actionId = ActionId.PIPELINE_CREATE, + subActionIds = [ActionId.PIPELINE_EDIT] + ) override fun uploadPipeline( userId: String, projectId: String, @@ -210,6 +219,7 @@ class ServicePipelineResourceImpl @Autowired constructor( return Result(pipelineId) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updatePipeline( userId: String, projectId: String, @@ -222,7 +232,7 @@ class ServicePipelineResourceImpl @Autowired constructor( if (!buildNumRule.isNullOrBlank()) { pipelineRuleService.validateRuleStr(buildNumRule, PipelineRuleBusCodeEnum.BUILD_NUM.name) } - val pipelineResult = pipelineInfoFacadeService.saveAll( + val pipelineResult = pipelineInfoFacadeService. saveAll( userId = userId, projectId = projectId, pipelineId = pipelineId, @@ -264,6 +274,7 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getWithPermission( userId: String, projectId: String, @@ -302,6 +313,7 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBatch( userId: String, projectId: String, @@ -320,6 +332,7 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun saveSetting( userId: String, projectId: String, @@ -360,6 +373,7 @@ class ServicePipelineResourceImpl @Autowired constructor( return Result(pipelineRepositoryService.getPipelineInfo(projectId, pipelineId)) } + @AuditEntry(actionId = ActionId.PIPELINE_DELETE) override fun delete( userId: String, projectId: String, @@ -442,6 +456,7 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun rename(userId: String, projectId: String, pipelineId: String, name: PipelineName): Result { checkParams(userId, projectId) pipelineInfoFacadeService.renamePipeline( @@ -454,6 +469,7 @@ class ServicePipelineResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun restore(userId: String, projectId: String, pipelineId: String): Result { checkParams(userId, projectId) val restorePipeline = pipelineInfoFacadeService.restorePipeline( diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index b37f9404642..68f9a5446d0 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -141,7 +141,6 @@ class UserPipelineResourceImpl @Autowired constructor( } @Timed - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt index 97c89c56e76..42eaadec8ab 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt @@ -45,7 +45,6 @@ class ServicePipelineInitResourceImpl @Autowired constructor( private val checkImageInitPipelineService: CheckImageInitPipelineService ) : ServicePipelineInitResource { - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun initAtomMarketPipeline( userId: String, projectCode: String, @@ -58,7 +57,6 @@ class ServicePipelineInitResourceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun initCheckImagePipeline( userId: String, projectCode: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt index 886035acc38..b13da6b27c1 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt @@ -48,7 +48,6 @@ class UserTemplateInstanceResourceImpl @Autowired constructor( ) : UserTemplateInstanceResource { - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index f7f3494dd7d..78f3868beb1 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -256,6 +256,7 @@ class PipelineInfoFacadeService @Autowired constructor( return Pair(pipelineInfo?.pipelineName ?: "", pipelineInfo?.version ?: 0) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) @ActionAuditRecord( actionId = ActionId.PIPELINE_CREATE, instance = AuditInstanceRecord( diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt index 5d1c3044977..07adc8b33a2 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt @@ -27,8 +27,10 @@ package com.tencent.devops.store.service.atom.impl +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.enums.ChannelCode diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt index 4ec696119a0..29dd9583241 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt @@ -79,7 +79,6 @@ class StoreIndexManageServiceImpl @Autowired constructor( private val client: Client ) : StoreIndexManageService { - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun add(userId: String, storeIndexCreateRequest: StoreIndexCreateRequest): Result { val indexCode = storeIndexCreateRequest.indexCode // 验证指标代码是否已存在 diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt index b3a3b058f75..574e9ae8d0e 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt @@ -73,7 +73,6 @@ class StoreIndexPipelineServiceImpl @Autowired constructor( * @param storeIndexPipelineInitRequest 初始化研发商店指标流水线请求报文 * @return 布尔值 */ - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun initStoreIndexPipeline( userId: String, storeIndexPipelineInitRequest: StoreIndexPipelineInitRequest diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt index 12fdfd5f7c3..51cb083f3fe 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt @@ -27,9 +27,11 @@ package com.tencent.devops.stream.resources.user +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.web.RestResource import com.tencent.devops.stream.api.user.UserStreamPipelineResource diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt index ab3d56fd01d..6a1db9c282d 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt @@ -291,10 +291,6 @@ class StreamPipelineService @Autowired constructor( ) } - @AuditEntry( - actionId = ActionId.PIPELINE_CREATE, - subActionIds = [ActionId.PIPELINE_EDIT] - ) fun savePipeline( pipeline: StreamTriggerPipeline, userId: String, diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt index deef97ad466..610516fac9b 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt @@ -112,10 +112,6 @@ class StreamYamlBaseBuild @Autowired constructor( private val buildRunningDesc = "Running." - @AuditEntry( - actionId = ActionId.PIPELINE_CREATE, - subActionIds = [ActionId.PIPELINE_EDIT] - ) fun savePipeline( action: BaseAction, pipeline: StreamTriggerPipeline, diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt index f643c62751b..deaf424d8f8 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt @@ -93,7 +93,6 @@ class PipelineDelete @Autowired constructor( } } - @AuditEntry(actionId = ActionId.PIPELINE_DELETE) fun delete( action: BaseAction, gitProjectId: String, From 72c65aada94369373aadc02e17a906ce32a23b09 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 26 Sep 2023 10:19:10 +0800 Subject: [PATCH 21/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/process/api/ServicePipelineResourceImpl.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt index cd7bd955455..9e8f411064a 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt @@ -232,7 +232,7 @@ class ServicePipelineResourceImpl @Autowired constructor( if (!buildNumRule.isNullOrBlank()) { pipelineRuleService.validateRuleStr(buildNumRule, PipelineRuleBusCodeEnum.BUILD_NUM.name) } - val pipelineResult = pipelineInfoFacadeService. saveAll( + val pipelineResult = pipelineInfoFacadeService.saveAll( userId = userId, projectId = projectId, pipelineId = pipelineId, From ae7ba5bdf09df6fa8b12009f77ebda99ce3e8648 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 26 Sep 2023 10:27:49 +0800 Subject: [PATCH 22/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt | 3 --- .../resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt | 2 -- .../openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt | 2 -- .../resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt | 2 -- .../process/api/service/ServicePipelineInitResourceImpl.kt | 2 -- .../process/api/template/UserTemplateInstanceResourceImpl.kt | 2 -- .../store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt | 2 -- .../store/service/common/impl/StoreIndexManageServiceImpl.kt | 4 +--- .../service/common/impl/StoreIndexPipelineServiceImpl.kt | 2 -- .../stream/resources/user/UserStreamPipelineResourceImpl.kt | 2 -- .../tencent/devops/stream/service/StreamPipelineService.kt | 2 -- .../com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt | 2 -- .../tencent/devops/stream/trigger/parsers/PipelineDelete.kt | 2 -- 13 files changed, 1 insertion(+), 28 deletions(-) diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt index 658f43c8c51..7a7c4220718 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwPipelineResourceV3Impl.kt @@ -26,10 +26,8 @@ */ package com.tencent.devops.openapi.resources.apigw.v3 -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.web.RestResource @@ -230,7 +228,6 @@ class ApigwPipelineResourceV3Impl @Autowired constructor( return client.get(ServicePipelineResource::class).rename(userId, projectId, pipelineId, name) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun restore( appCode: String?, apigwType: String?, diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt index f913e64134b..4b9ae193553 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwTemplateInstanceResourceV3Impl.kt @@ -26,9 +26,7 @@ */ package com.tencent.devops.openapi.resources.apigw.v3 -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.RestResource import com.tencent.devops.openapi.api.apigw.v3.ApigwTemplateInstanceResourceV3 diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt index 226f9e55902..b63784c397d 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwPipelineResourceV4Impl.kt @@ -26,10 +26,8 @@ */ package com.tencent.devops.openapi.resources.apigw.v4 -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.web.RestResource diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt index 5ed17d99e58..75cca3fc266 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwTemplateInstanceResourceV4Impl.kt @@ -26,9 +26,7 @@ */ package com.tencent.devops.openapi.resources.apigw.v4 -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.RestResource import com.tencent.devops.openapi.api.apigw.v4.ApigwTemplateInstanceResourceV4 diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt index 42eaadec8ab..3f10f11c290 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineInitResourceImpl.kt @@ -27,9 +27,7 @@ package com.tencent.devops.process.api.service -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.pojo.AtomMarketInitPipelineReq import com.tencent.devops.common.pipeline.pojo.CheckImageInitPipelineReq import com.tencent.devops.common.web.RestResource diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt index b13da6b27c1..b73a1c251bb 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt @@ -27,9 +27,7 @@ package com.tencent.devops.process.api.template -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.pojo.PipelineId import com.tencent.devops.process.pojo.enums.TemplateSortTypeEnum diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt index 07adc8b33a2..5d1c3044977 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/atom/impl/AtomIndexTriggerCalServiceImpl.kt @@ -27,10 +27,8 @@ package com.tencent.devops.store.service.atom.impl -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.enums.ChannelCode diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt index 29dd9583241..8536670b29f 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt @@ -27,14 +27,12 @@ package com.tencent.devops.store.service.common.impl -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.ERROR_INVALID_PARAM_ import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.UUIDUtil -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.enums.BuildStatus import com.tencent.devops.common.pipeline.enums.ChannelCode @@ -62,12 +60,12 @@ import com.tencent.devops.store.pojo.common.index.StoreIndexInfo import com.tencent.devops.store.pojo.common.index.StoreIndexPipelineInitRequest import com.tencent.devops.store.service.common.StoreIndexManageService import com.tencent.devops.store.service.common.StoreIndexPipelineService -import java.time.LocalDateTime import org.jooq.DSLContext import org.jooq.impl.DSL import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Service +import java.time.LocalDateTime @Service class StoreIndexManageServiceImpl @Autowired constructor( diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt index 574e9ae8d0e..8f282e39677 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexPipelineServiceImpl.kt @@ -26,13 +26,11 @@ */ package com.tencent.devops.store.service.common.impl -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_VERSION import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.UUIDUtil -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.enums.ChannelCode diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt index 51cb083f3fe..12fdfd5f7c3 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamPipelineResourceImpl.kt @@ -27,11 +27,9 @@ package com.tencent.devops.stream.resources.user -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.web.RestResource import com.tencent.devops.stream.api.user.UserStreamPipelineResource diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt index 6a1db9c282d..0c090dcec5d 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamPipelineService.kt @@ -27,11 +27,9 @@ package com.tencent.devops.stream.service -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.CustomException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.util.PageUtil -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.pipeline.enums.ChannelCode diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt index 610516fac9b..8c1f632d7cf 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/StreamYamlBaseBuild.kt @@ -27,10 +27,8 @@ package com.tencent.devops.stream.trigger -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.util.JsonUtil -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.pojo.pipeline.PipelineBuildCommitFinishEvent diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt index deaf424d8f8..1ac4ea5a989 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/trigger/parsers/PipelineDelete.kt @@ -27,8 +27,6 @@ package com.tencent.devops.stream.trigger.parsers -import com.tencent.bk.audit.annotations.AuditEntry -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.redis.RedisLock From c9627b5bb0b83bf0afcce91bc7815bc622de242e Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 10 Oct 2023 17:44:05 +0800 Subject: [PATCH 23/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/build.gradle.kts | 4 ---- .../ci/buildSrc/src/main/kotlin/constants/Versions.kt | 2 +- .../src/main/resources/logback/appender.xml | 8 +++----- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/backend/ci/build.gradle.kts b/src/backend/ci/build.gradle.kts index 0af4337b015..cc3f101b4dc 100644 --- a/src/backend/ci/build.gradle.kts +++ b/src/backend/ci/build.gradle.kts @@ -6,10 +6,6 @@ plugins { apply(plugin = "org.owasp.dependencycheck") allprojects { - repositories { - maven(url = "https://mirrors.tencent.com/repository/maven/bk-audit-java-sdk/") - } - apply(plugin = "com.tencent.devops.boot") // 包路径 diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index 741c70e0876..41cff521ee2 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -47,5 +47,5 @@ object Versions { const val Okhttp = "4.9.0" const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.30-SNAPSHOT" - const val audit = "1.0.6-alpla.5" + const val audit = "1.0.6-SNAPSHOT" } diff --git a/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml b/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml index 4095389e89f..e037cfd024a 100644 --- a/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml +++ b/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml @@ -3,8 +3,6 @@ - - ${pattern} @@ -59,11 +57,11 @@ - ${AUDIT_EVENT_LOG_FILE} + ${service.log.dir}/audit_event.log - ${AUDIT_EVENT_LOG_FILE}-%d{yyyy-MM-dd}.log.%i + ${service.log.dir}/audit_event.%d{yyyy-MM-dd}.%i.log 1GB - 1 + 10 5GB From e31a967f8c79cda4e5a32699efba11d417463df1 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 10 Oct 2023 18:03:31 +0800 Subject: [PATCH 24/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/artifactory/biz-artifactory/build.gradle.kts | 1 - .../engine/service/PipelineRepositoryService.kt | 1 - .../devops/process/report/service/ReportService.kt | 10 ++-------- .../engine/service/ProjectPipelineCallBackService.kt | 7 +++---- .../process/service/PipelineInfoFacadeService.kt | 1 - .../service/builds/PipelineBuildFacadeService.kt | 8 -------- .../stream/resources/user/UserStreamGitResourceImpl.kt | 2 -- .../devops/ticket/service/CredentialServiceImpl.kt | 6 ++++-- 8 files changed, 9 insertions(+), 27 deletions(-) diff --git a/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts b/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts index 226070d3b98..b8c12fcfbd9 100644 --- a/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts +++ b/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts @@ -30,7 +30,6 @@ dependencies { api(project(":core:common:common-web")) api(project(":core:common:common-client")) api(project(":core:common:common-archive")) - api(project(":core:common:common-audit")) api(project(":core:common:common-db")) api(project(":core:common:common-auth:common-auth-api")) api(project(":core:artifactory:api-artifactory")) diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt index 89769810822..72aca1e8dc8 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt @@ -35,7 +35,6 @@ import com.tencent.devops.common.api.pojo.PipelineAsCodeSettings import com.tencent.devops.common.api.util.DateTimeUtil import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.MessageUtil -import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.client.Client import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.pojo.pipeline.PipelineModelAnalysisEvent diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt index 05a2f8bb340..e51332c6156 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/report/service/ReportService.kt @@ -27,10 +27,9 @@ package com.tencent.devops.process.report.service -import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.archive.pojo.ReportListDTO +import com.tencent.devops.common.archive.pojo.TaskReport import com.tencent.devops.common.client.Client import com.tencent.devops.common.notify.enums.EnumEmailFormat import com.tencent.devops.common.service.utils.HomeHostUtil @@ -41,11 +40,6 @@ import com.tencent.devops.process.constant.ProcessMessageCode import com.tencent.devops.process.engine.service.PipelineRuntimeService import com.tencent.devops.process.engine.service.PipelineTaskService import com.tencent.devops.process.pojo.Report -import com.tencent.devops.common.archive.pojo.ReportListDTO -import com.tencent.devops.common.archive.pojo.TaskReport -import com.tencent.devops.common.audit.ActionAuditContent -import com.tencent.devops.common.auth.api.ActionId -import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.process.pojo.report.ReportEmail import com.tencent.devops.process.pojo.report.enums.ReportTypeEnum import com.tencent.devops.process.report.dao.ReportDao diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt index 5aa9a60d17b..275f55eaeb9 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt @@ -29,7 +29,6 @@ package com.tencent.devops.process.engine.service import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.model.SQLPage @@ -64,9 +63,6 @@ import com.tencent.devops.process.pojo.ProjectPipelineCallBackHistory import com.tencent.devops.process.pojo.setting.PipelineModelVersion import com.tencent.devops.project.api.service.ServiceAllocIdResource import com.tencent.devops.project.api.service.ServiceProjectResource -import java.time.LocalDate -import java.time.LocalDateTime -import java.time.LocalTime import okhttp3.MediaType.Companion.toMediaTypeOrNull import okhttp3.Request import okhttp3.RequestBody @@ -74,6 +70,9 @@ import org.jooq.DSLContext import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Service +import java.time.LocalDate +import java.time.LocalDateTime +import java.time.LocalTime @Suppress("ALL") @Service diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 78f3868beb1..e0707b65b23 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -33,7 +33,6 @@ import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.annotations.AuditRequestBody -import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt index 7dddad1fc30..eef2411b48d 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt @@ -27,11 +27,6 @@ package com.tencent.devops.process.service.builds -import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditEntry -import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.constants.AuditAttributeNames -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException @@ -43,10 +38,7 @@ import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.pojo.SimpleResult import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil -import com.tencent.devops.common.audit.ActionAuditContent -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission -import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.enums.ActionType import com.tencent.devops.common.log.pojo.message.LogMessage diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt index d758066bbfc..44a0bef0e88 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/resources/user/UserStreamGitResourceImpl.kt @@ -27,11 +27,9 @@ package com.tencent.devops.stream.resources.user -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.PermissionForbiddenException import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.MessageUtil -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.client.Client import com.tencent.devops.common.web.RestResource diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index 5dfb06e7498..973ab8f26ed 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -813,7 +813,8 @@ class CredentialServiceImpl @Autowired constructor( ActionAuditContext.current().addInstanceInfo( it.credentialId, it.credentialName, - null,null + null, + null ) Credential( credentialId = it.credentialId, @@ -857,7 +858,8 @@ class CredentialServiceImpl @Autowired constructor( ActionAuditContext.current().addInstanceInfo( it.credentialId, it.credentialName, - null,null + null, + null ) Credential( credentialId = it.credentialId, From 6b18b940d4004b9a81c9353a8278c6f685e52534 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 10 Oct 2023 18:04:46 +0800 Subject: [PATCH 25/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/process/service/PipelineInfoFacadeService.kt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index e0707b65b23..78f3868beb1 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -33,6 +33,7 @@ import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.annotations.AuditRequestBody +import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE From d16df544fd20f85a6512ce492987d903fdc70fdd Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 10 Oct 2023 18:06:00 +0800 Subject: [PATCH 26/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/process/service/PipelineInfoFacadeService.kt | 1 - .../tencent/devops/process/service/PipelineListFacadeService.kt | 1 - 2 files changed, 2 deletions(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 78f3868beb1..e0707b65b23 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -33,7 +33,6 @@ import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.annotations.AuditRequestBody -import com.tencent.bk.audit.constants.AuditAttributeNames import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index b7d7ce0d8f4..e297eb3311b 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -29,7 +29,6 @@ package com.tencent.devops.process.service import com.fasterxml.jackson.core.type.TypeReference import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode From 639a8d7cb20e4e33420c154bb227a4382e7730f2 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 10 Oct 2023 19:10:29 +0800 Subject: [PATCH 27/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/auth/config/RbacAuthConfiguration.kt | 4 ++-- .../devops/auth/service/RbacPermissionProjectService.kt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/config/RbacAuthConfiguration.kt b/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/config/RbacAuthConfiguration.kt index 65ee75f5dee..42ddda1c960 100644 --- a/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/config/RbacAuthConfiguration.kt +++ b/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/config/RbacAuthConfiguration.kt @@ -240,7 +240,7 @@ class RbacAuthConfiguration { dslContext: DSLContext, rbacCacheService: RbacCacheService, deptService: DeptService, - permissionGradeManagerService: PermissionGradeManagerService, + resourceGroupMemberService: RbacPermissionResourceMemberService, client: Client ) = RbacPermissionProjectService( authHelper = authHelper, @@ -251,7 +251,7 @@ class RbacAuthConfiguration { dslContext = dslContext, rbacCacheService = rbacCacheService, deptService = deptService, - permissionGradeManagerService = permissionGradeManagerService, + resourceGroupMemberService = resourceGroupMemberService, client = client ) diff --git a/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/RbacPermissionProjectService.kt b/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/RbacPermissionProjectService.kt index 50b8e89c6d2..d1f306692f0 100644 --- a/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/RbacPermissionProjectService.kt +++ b/src/backend/ci/core/auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/RbacPermissionProjectService.kt @@ -61,7 +61,7 @@ class RbacPermissionProjectService( private val dslContext: DSLContext, private val rbacCacheService: RbacCacheService, private val deptService: DeptService, - private val permissionGradeManagerService: PermissionGradeManagerService, + private val resourceGroupMemberService: RbacPermissionResourceMemberService, private val client: Client ) : PermissionProjectService { From b6a4f87b8e199ecf552cf3d6aa554dd352f90c49 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 10 Oct 2023 19:28:58 +0800 Subject: [PATCH 28/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../store/service/common/impl/StoreIndexManageServiceImpl.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt index dfdd8d2f602..2cbaafaaa39 100644 --- a/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt +++ b/src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/service/common/impl/StoreIndexManageServiceImpl.kt @@ -67,7 +67,6 @@ import org.jooq.impl.DSL import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Service -import java.time.LocalDateTime @Service class StoreIndexManageServiceImpl @Autowired constructor( From c6a4b405c9037a787a7ca0dd73f1128382e950ef Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 11 Oct 2023 17:10:58 +0800 Subject: [PATCH 29/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/pipeline/PipelineBuildService.kt | 1 - .../process/api/ServiceBuildResourceImpl.kt | 4 ++ .../api/ServicePipelineResourceImpl.kt | 1 + .../process/api/UserBuildResourceImpl.kt | 4 ++ .../process/api/UserPipelineResourceImpl.kt | 1 + .../api/app/AppPipelineBuildResourceImpl.kt | 4 ++ .../builds/BuildSubPipelineResourceImpl.kt | 4 ++ .../service/ServiceCallBackResourceImpl.kt | 1 - .../ServiceTemplateInstanceResourceImpl.kt | 5 ++ .../api/template/UserPTemplateResourceImpl.kt | 10 ++++ .../UserTemplateInstanceResourceImpl.kt | 42 +++++++------ .../service/PipelineInfoFacadeService.kt | 10 +--- .../service/template/TemplateFacadeService.kt | 9 --- .../resources/BuildAgentCertResourceImpl.kt | 4 ++ .../BuildAgentCredentialResourceImpl.kt | 3 + .../ticket/resources/BuildCertResourceImpl.kt | 4 ++ .../resources/BuildCredentialResourceImpl.kt | 21 +++++-- .../resources/ServiceCertResourceImpl.kt | 8 +++ .../ServiceCredentialResourceImpl.kt | 4 ++ .../ticket/resources/UserCertResourceImpl.kt | 23 +++++++- .../resources/UserCredentialResourceImpl.kt | 8 +++ .../devops/ticket/service/CertServiceImpl.kt | 59 ++++++++++++++----- .../ticket/service/CredentialServiceImpl.kt | 49 +++------------ 23 files changed, 182 insertions(+), 97 deletions(-) diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt index 395d8ff2f2d..46569329991 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt @@ -99,7 +99,6 @@ class PipelineBuildService( private const val CONTEXT_PREFIX = "variables." } - @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) @ActionAuditRecord( actionId = ActionId.PIPELINE_EXECUTE, instance = AuditInstanceRecord( diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceBuildResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceBuildResourceImpl.kt index f4b02a1c64e..5db79ecf450 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceBuildResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServiceBuildResourceImpl.kt @@ -27,11 +27,13 @@ package com.tencent.devops.process.api +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.BuildHistoryPage import com.tencent.devops.common.api.pojo.ErrorType import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.pojo.SimpleResult +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.enums.BuildStatus import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.pipeline.enums.StartType @@ -722,6 +724,7 @@ class ServiceBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) override fun manualStartupNew( userId: String, projectId: String, @@ -748,6 +751,7 @@ class ServiceBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) override fun buildRestart(userId: String, projectId: String, pipelineId: String, buildId: String): Result { return Result( pipelineBuildFacadeService.buildRestart( diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt index 048fe1dbbf5..68efbe87ecc 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineResourceImpl.kt @@ -98,6 +98,7 @@ class ServicePipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun create( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt index b1f41a9973b..f967d329217 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt @@ -27,10 +27,12 @@ package com.tencent.devops.process.api +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.BuildHistoryPage import com.tencent.devops.common.api.pojo.IdValue import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.enums.BuildStatus import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.pipeline.enums.StartType @@ -85,6 +87,7 @@ class UserBuildResourceImpl @Autowired constructor( return Result(pipelineBuildFacadeService.getBuildParameters(userId, projectId, pipelineId, buildId)) } + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) override fun manualStartup( userId: String, projectId: String, @@ -108,6 +111,7 @@ class UserBuildResourceImpl @Autowired constructor( return Result(manualStartup) } + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) override fun retry( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index 68f9a5446d0..19e813ad6d5 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -140,6 +140,7 @@ class UserPipelineResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) @Timed override fun create( userId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/app/AppPipelineBuildResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/app/AppPipelineBuildResourceImpl.kt index f6d7c6b3181..b6d9a2dd049 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/app/AppPipelineBuildResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/app/AppPipelineBuildResourceImpl.kt @@ -27,9 +27,11 @@ package com.tencent.devops.process.api.app +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.BuildHistoryPage import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.enums.BuildStatus import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.pipeline.enums.ManualReviewAction @@ -271,6 +273,7 @@ class AppPipelineBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) override fun manualStartup( userId: String, projectId: String, @@ -320,6 +323,7 @@ class AppPipelineBuildResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) override fun retry( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/builds/BuildSubPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/builds/BuildSubPipelineResourceImpl.kt index da5bc61a593..a89e95b446a 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/builds/BuildSubPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/builds/BuildSubPipelineResourceImpl.kt @@ -27,8 +27,10 @@ package com.tencent.devops.process.api.builds +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.client.Client import com.tencent.devops.common.pipeline.enums.ChannelCode import com.tencent.devops.common.web.RestResource @@ -47,6 +49,8 @@ class BuildSubPipelineResourceImpl @Autowired constructor( private val subPipeService: SubPipelineStartUpService, private val client: Client ) : BuildSubPipelineResource { + + @AuditEntry(actionId = ActionId.PIPELINE_EXECUTE) override fun callOtherProjectPipelineStartup( projectId: String, parentPipelineId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt index 0eaa7e20daa..6d46b72f068 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt @@ -158,7 +158,6 @@ class ServiceCallBackResourceImpl @Autowired constructor( return Result(true) } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun createPipelineCallBack( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/ServiceTemplateInstanceResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/ServiceTemplateInstanceResourceImpl.kt index 6fd007d4b30..7a2e7674800 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/ServiceTemplateInstanceResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/ServiceTemplateInstanceResourceImpl.kt @@ -27,7 +27,9 @@ package com.tencent.devops.process.api.template +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.service.template.TemplateFacadeService import com.tencent.devops.process.pojo.PipelineId @@ -45,6 +47,7 @@ class ServiceTemplateInstanceResourceImpl @Autowired constructor( private val templateFacadeService: TemplateFacadeService ) : ServiceTemplateInstanceResource { + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( userId: String, projectId: String, @@ -74,6 +77,7 @@ class ServiceTemplateInstanceResourceImpl @Autowired constructor( return Result(templateFacadeService.serviceCountTemplateInstancesDetail(projectId, templateIds)) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updateTemplate( userId: String, projectId: String, @@ -92,6 +96,7 @@ class ServiceTemplateInstanceResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updateTemplate( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt index 7e0e8687005..77d261bb499 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt @@ -27,8 +27,10 @@ package com.tencent.devops.process.api.template +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.InvalidParamException import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.Model import com.tencent.devops.common.web.RestResource import com.tencent.devops.common.web.utils.I18nUtil @@ -57,14 +59,17 @@ import org.springframework.beans.factory.annotation.Autowired class UserPTemplateResourceImpl @Autowired constructor(private val templateFacadeService: TemplateFacadeService) : UserPTemplateResource { + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun createTemplate(userId: String, projectId: String, template: Model): Result { return Result(TemplateId(templateFacadeService.createTemplate(projectId, userId, template))) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun deleteTemplate(userId: String, projectId: String, templateId: String): Result { return Result(templateFacadeService.deleteTemplate(projectId, userId, templateId)) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun deleteTemplate(userId: String, projectId: String, templateId: String, version: Long): Result { return Result(templateFacadeService.deleteTemplate( projectId = projectId, @@ -74,6 +79,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad )) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun deleteTemplate( userId: String, projectId: String, @@ -88,6 +94,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad )) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun updateTemplate( userId: String, projectId: String, @@ -129,6 +136,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad } @Suppress("ALL") + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun updateTemplateSetting( userId: String, projectId: String, @@ -161,6 +169,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad return Result(templateFacadeService.getTemplateSetting(projectId, userId, templateId)) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun copyTemplate( userId: String, projectId: String, @@ -170,6 +179,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad return Result(TemplateId(templateFacadeService.copyTemplate(userId, projectId, templateId, copyTemplateReq))) } + @AuditEntry(actionId = ActionId.PROJECT_MANAGE) override fun saveAsTemplate( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt index b73a1c251bb..58a7efaaedc 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserTemplateInstanceResourceImpl.kt @@ -27,7 +27,9 @@ package com.tencent.devops.process.api.template +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.process.pojo.PipelineId import com.tencent.devops.process.pojo.enums.TemplateSortTypeEnum @@ -46,6 +48,7 @@ class UserTemplateInstanceResourceImpl @Autowired constructor( ) : UserTemplateInstanceResource { + @AuditEntry(actionId = ActionId.PIPELINE_CREATE) override fun createTemplateInstances( userId: String, projectId: String, @@ -64,6 +67,7 @@ class UserTemplateInstanceResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_EDIT) override fun updateTemplate( userId: String, projectId: String, @@ -112,16 +116,18 @@ class UserTemplateInstanceResourceImpl @Autowired constructor( sortType: TemplateSortTypeEnum?, desc: Boolean? ): Result { - return Result(templateFacadeService.listTemplateInstancesInPage( - projectId = projectId, - userId = userId, - templateId = templateId, - page = page, - pageSize = pageSize, - searchKey = searchKey, - sortType = sortType, - desc = desc - )) + return Result( + templateFacadeService.listTemplateInstancesInPage( + projectId = projectId, + userId = userId, + templateId = templateId, + page = page, + pageSize = pageSize, + searchKey = searchKey, + sortType = sortType, + desc = desc + ) + ) } override fun listTemplateInstancesParams( @@ -149,12 +155,14 @@ class UserTemplateInstanceResourceImpl @Autowired constructor( pipelineId: String, version: Long ): Result { - return Result(templateFacadeService.compareTemplateInstances( - projectId = projectId, - userId = userId, - templateId = templateId, - pipelineId = pipelineId, - version = version - )) + return Result( + templateFacadeService.compareTemplateInstances( + projectId = projectId, + userId = userId, + templateId = templateId, + pipelineId = pipelineId, + version = version + ) + ) } } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index e0707b65b23..0d14c64cd73 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -255,7 +255,6 @@ class PipelineInfoFacadeService @Autowired constructor( return Pair(pipelineInfo?.pipelineName ?: "", pipelineInfo?.version ?: 0) } - @AuditEntry(actionId = ActionId.PIPELINE_CREATE) @ActionAuditRecord( actionId = ActionId.PIPELINE_CREATE, instance = AuditInstanceRecord( @@ -465,8 +464,7 @@ class PipelineInfoFacadeService @Autowired constructor( userId = userId ) ActionAuditContext.current() - .setInstanceId(pipelineId) - .setInstanceName(model.name) + .addInstanceInfo(pipelineId, model.name, null, null) success = true return pipelineId } catch (duplicateKeyException: DuplicateKeyException) { @@ -696,7 +694,6 @@ class PipelineInfoFacadeService @Autowired constructor( userId: String, projectId: String, pipelineId: String, - @AuditRequestBody model: Model, channelCode: ChannelCode, checkPermission: Boolean = true, @@ -787,10 +784,7 @@ class PipelineInfoFacadeService @Autowired constructor( } // 审计 ActionAuditContext.current() - .setInstanceId(pipelineId) - .setInstanceName(model.name) - .setOriginInstance(existModel) - .setInstance(model) + .addInstanceInfo(pipelineId, model.name, existModel, model) success = true return deployResult } finally { diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt index 9c0be8b46b5..541b3ab720e 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt @@ -194,7 +194,6 @@ class TemplateFacadeService @Autowired constructor( @Value("\${template.maxErrorReasonLength:200}") private val maxErrorReasonLength: Int = 200 - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -236,7 +235,6 @@ class TemplateFacadeService @Autowired constructor( return templateId } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -308,7 +306,6 @@ class TemplateFacadeService @Autowired constructor( /** * 流水线另存为模版 */ - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -373,7 +370,6 @@ class TemplateFacadeService @Autowired constructor( return templateId } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -425,7 +421,6 @@ class TemplateFacadeService @Autowired constructor( return true } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -463,7 +458,6 @@ class TemplateFacadeService @Autowired constructor( } } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -505,7 +499,6 @@ class TemplateFacadeService @Autowired constructor( return true } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -581,7 +574,6 @@ class TemplateFacadeService @Autowired constructor( return version } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) @ActionAuditRecord( actionId = ActionId.PROJECT_MANAGE, instance = AuditInstanceRecord( @@ -1504,7 +1496,6 @@ class TemplateFacadeService @Autowired constructor( return TemplateOperationRet(0, TemplateOperationMessage(successPipelines, failurePipelines, messages), "") } - @AuditEntry(actionId = ActionId.PIPELINE_EDIT) fun updateTemplateInstanceInfo( userId: String, useTemplateSettings: Boolean, diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCertResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCertResourceImpl.kt index 566247a8cd4..d150c0b3890 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCertResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCertResourceImpl.kt @@ -27,8 +27,10 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.ticket.api.BuildAgentCertResource import com.tencent.devops.ticket.pojo.CertAndroid @@ -42,6 +44,7 @@ class BuildAgentCertResourceImpl @Autowired constructor( private val certService: CertService ) : BuildAgentCertResource { + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun queryIos( projectId: String, agentId: String, @@ -62,6 +65,7 @@ class BuildAgentCertResourceImpl @Autowired constructor( return Result(certService.queryIos(projectId, buildId, certId, publicKey)) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun queryAndroid( projectId: String, agentId: String, diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt index ed63e279d38..416cae71363 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt @@ -27,8 +27,10 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.ticket.api.BuildAgentCredentialResource import com.tencent.devops.ticket.pojo.CredentialInfo @@ -40,6 +42,7 @@ class BuildAgentCredentialResourceImpl @Autowired constructor( private val credentialService: CredentialService ) : BuildAgentCredentialResource { + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun get( projectId: String, buildId: String, diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCertResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCertResourceImpl.kt index 2a6fb631c82..2d7745cb379 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCertResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCertResourceImpl.kt @@ -27,8 +27,10 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.ticket.api.BuildCertResource import com.tencent.devops.ticket.pojo.CertAndroid @@ -40,6 +42,7 @@ import org.springframework.beans.factory.annotation.Autowired @RestResource class BuildCertResourceImpl @Autowired constructor(private val certService: CertService) : BuildCertResource { + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun queryIos( projectId: String, buildId: String, @@ -52,6 +55,7 @@ class BuildCertResourceImpl @Autowired constructor(private val certService: Cert return Result(certService.queryIos(projectId, buildId, certId, publicKey)) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun queryAndroid( projectId: String, buildId: String, diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt index a4093e54ed9..ddfb62f05cc 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt @@ -27,8 +27,10 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Result +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.service.prometheus.BkTimed import com.tencent.devops.common.web.RestResource import com.tencent.devops.common.web.annotation.SensitiveApiPermission @@ -42,8 +44,10 @@ import org.springframework.beans.factory.annotation.Autowired class BuildCredentialResourceImpl @Autowired constructor( private val credentialService: CredentialService ) : BuildCredentialResource { + @SensitiveApiPermission("get_credential") @BkTimed(extraTags = ["operate", "get"]) + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun get( projectId: String, buildId: String, @@ -82,6 +86,7 @@ class BuildCredentialResourceImpl @Autowired constructor( @SensitiveApiPermission("get_credential") @BkTimed(extraTags = ["operate", "get"]) + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun getAcrossProject( projectId: String, buildId: String, @@ -113,6 +118,7 @@ class BuildCredentialResourceImpl @Autowired constructor( @SensitiveApiPermission("get_credential") @BkTimed(extraTags = ["operate", "get"]) + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun getDetail( projectId: String, buildId: String, @@ -135,14 +141,17 @@ class BuildCredentialResourceImpl @Autowired constructor( throw ParamBlankException("Invalid credentialId") } // 这里兼容下旧版本sdk的header - return Result(credentialService.buildGetDetail( - projectId = projectId, - buildId = buildId, - taskId = taskId ?: oldTaskId, - credentialId = credentialId - )) + return Result( + credentialService.buildGetDetail( + projectId = projectId, + buildId = buildId, + taskId = taskId ?: oldTaskId, + credentialId = credentialId + ) + ) } + @AuditEntry(actionId = ActionId.CREDENTIAL_CREATE) override fun create(userId: String, projectId: String, credential: CredentialCreate): Result { if (userId.isBlank()) { throw ParamBlankException("Invalid userId") diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCertResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCertResourceImpl.kt index b81310417b5..8255d051f01 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCertResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCertResourceImpl.kt @@ -27,10 +27,12 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.web.RestResource import com.tencent.devops.ticket.api.ServiceCertResource @@ -73,16 +75,22 @@ class ServiceCertResourceImpl @Autowired constructor( return Result(Page(pageNotNull, pageSizeNotNull, result.count, result.records)) } + @AuditEntry( + actionId = ActionId.CERT_VIEW, + subActionIds = [ActionId.CREDENTIAL_VIEW] + ) override fun getAndroid(projectId: String, certId: String, publicKey: String): Result { checkParams(projectId, certId) return Result(certService.queryAndroidByProject(projectId, certId, publicKey)) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun getTls(projectId: String, certId: String, publicKey: String): Result { checkParams(projectId, certId) return Result(certService.queryTlsByProject(projectId, certId, publicKey)) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun getEnterprise(projectId: String, certId: String, publicKey: String): Result { checkParams(projectId, certId) return Result(certService.queryEnterpriseByProject(projectId, certId, publicKey)) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt index a5b4a9dda56..1c41be2c504 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt @@ -27,10 +27,12 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.service.prometheus.BkTimed import com.tencent.devops.common.web.RestResource @@ -50,6 +52,7 @@ class ServiceCredentialResourceImpl @Autowired constructor( private val credentialService: CredentialService ) : ServiceCredentialResource { + @AuditEntry(actionId = ActionId.CREDENTIAL_CREATE) @BkTimed(extraTags = ["operate", "create"]) override fun create(userId: String, projectId: String, credential: CredentialCreate): Result { if (userId.isBlank()) { @@ -69,6 +72,7 @@ class ServiceCredentialResourceImpl @Autowired constructor( } @BkTimed(extraTags = ["operate", "get"]) + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun get(projectId: String, credentialId: String, publicKey: String): Result { if (projectId.isBlank()) { throw ParamBlankException("Invalid projectId") diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCertResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCertResourceImpl.kt index e278c0048ff..a2b6f9e6422 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCertResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCertResourceImpl.kt @@ -27,12 +27,14 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.OperationException import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.web.RestResource import com.tencent.devops.common.web.utils.I18nUtil @@ -67,10 +69,12 @@ class UserCertResourceImpl @Autowired constructor( return Result(certPermissionService.validatePermission(userId, projectId, AuthPermission.CREATE)) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun getIos(userId: String, projectId: String, certId: String): Result { return Result(certService.getIos(userId, projectId, certId)) } + @AuditEntry(actionId = ActionId.CERT_CREATE) override fun uploadIos( userId: String, projectId: String, @@ -111,6 +115,7 @@ class UserCertResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CERT_EDIT) override fun updateIos( userId: String, projectId: String, @@ -137,10 +142,15 @@ class UserCertResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun getAndroid(userId: String, projectId: String, certId: String): Result { return Result(certService.getAndroid(userId, projectId, certId)) } + @AuditEntry( + actionId = ActionId.CERT_CREATE, + subActionIds = [ActionId.CREDENTIAL_VIEW] + ) override fun uploadAndroid( userId: String, projectId: String, @@ -185,6 +195,10 @@ class UserCertResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry( + actionId = ActionId.CERT_EDIT, + subActionIds = [ActionId.CREDENTIAL_VIEW] + ) override fun updateAndroid( userId: String, projectId: String, @@ -211,10 +225,12 @@ class UserCertResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun getTls(userId: String, projectId: String, certId: String): Result { return Result(certService.getTls(projectId, certId)) } + @AuditEntry(actionId = ActionId.CERT_CREATE) override fun uploadTls( userId: String, projectId: String, @@ -267,6 +283,7 @@ class UserCertResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CERT_EDIT) override fun updateTls( userId: String, projectId: String, @@ -368,6 +385,7 @@ class UserCertResourceImpl @Autowired constructor( } } + @AuditEntry(actionId = ActionId.CERT_EDIT) override fun updateEnterprise( userId: String, projectId: String, @@ -388,6 +406,7 @@ class UserCertResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CERT_CREATE) override fun uploadEnterprise( userId: String, projectId: String, @@ -399,7 +418,8 @@ class UserCertResourceImpl @Autowired constructor( checkParams(userId, projectId, certId) if (!mpDisposition.fileName.endsWith(".mobileprovision")) { throw IllegalArgumentException( - MessageUtil.getMessageByLocale(DESCRIPTION_FILE_TYPE_ERROR, + MessageUtil.getMessageByLocale( + DESCRIPTION_FILE_TYPE_ERROR, I18nUtil.getLanguage(userId), arrayOf(".mobileprovision") ) @@ -416,6 +436,7 @@ class UserCertResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CERT_VIEW) override fun getEnterprise( userId: String, projectId: String, diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCredentialResourceImpl.kt index fbcaa3e9bce..7163388be5c 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/UserCredentialResourceImpl.kt @@ -27,10 +27,12 @@ package com.tencent.devops.ticket.resources +import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission import com.tencent.devops.common.service.prometheus.BkTimed import com.tencent.devops.common.web.RestResource @@ -56,6 +58,7 @@ class UserCredentialResourceImpl @Autowired constructor( return Result(credentialPermissionService.validatePermission(userId, projectId, AuthPermission.CREATE)) } + @AuditEntry(actionId = ActionId.CREDENTIAL_CREATE) @BkTimed(extraTags = ["operate", "create"]) override fun create(userId: String, projectId: String, credential: CredentialCreate): Result { if (userId.isBlank()) { @@ -79,6 +82,7 @@ class UserCredentialResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CREDENTIAL_DELETE) override fun delete(userId: String, projectId: String, credentialId: String): Result { if (userId.isBlank()) { throw ParamBlankException("Invalid userId") @@ -204,6 +208,7 @@ class UserCredentialResourceImpl @Autowired constructor( return Result(result.records) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) @BkTimed(extraTags = ["operate", "get"]) override fun show(userId: String, projectId: String, credentialId: String): Result { if (userId.isBlank()) { @@ -218,6 +223,7 @@ class UserCredentialResourceImpl @Autowired constructor( return Result(credentialService.userShow(userId, projectId, credentialId)) } + @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) @BkTimed(extraTags = ["operate", "get"]) override fun get(userId: String, projectId: String, credentialId: String): Result { if (userId.isBlank()) { @@ -232,6 +238,7 @@ class UserCredentialResourceImpl @Autowired constructor( return Result(credentialService.userGet(userId, projectId, credentialId)) } + @AuditEntry(actionId = ActionId.CREDENTIAL_EDIT) override fun edit( userId: String, projectId: String, @@ -254,6 +261,7 @@ class UserCredentialResourceImpl @Autowired constructor( return Result(true) } + @AuditEntry(actionId = ActionId.CREDENTIAL_EDIT) override fun editSetting( userId: String, projectId: String, diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt index 2c33e7477ae..5336f91c20b 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt @@ -101,9 +101,6 @@ class CertServiceImpl @Autowired constructor( private val certMaxSize = 64 * 1024 private val certIdMaxSize = 32 - @AuditEntry( - actionId = ActionId.CERT_CREATE - ) @ActionAuditRecord( actionId = ActionId.CERT_CREATE, instance = AuditInstanceRecord( @@ -240,7 +237,6 @@ class CertServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CERT_EDIT) @ActionAuditRecord( actionId = ActionId.CERT_EDIT, instance = AuditInstanceRecord( @@ -374,7 +370,6 @@ class CertServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CERT_CREATE) @ActionAuditRecord( actionId = ActionId.CERT_CREATE, instance = AuditInstanceRecord( @@ -495,7 +490,6 @@ class CertServiceImpl @Autowired constructor( } } - @AuditEntry(actionId = ActionId.CERT_EDIT) @ActionAuditRecord( actionId = ActionId.CERT_EDIT, instance = AuditInstanceRecord( @@ -607,7 +601,6 @@ class CertServiceImpl @Autowired constructor( } } - @AuditEntry(actionId = ActionId.CERT_CREATE) @ActionAuditRecord( actionId = ActionId.CERT_CREATE, instance = AuditInstanceRecord( @@ -747,7 +740,6 @@ class CertServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CERT_EDIT) @ActionAuditRecord( actionId = ActionId.CERT_EDIT, instance = AuditInstanceRecord( @@ -890,7 +882,6 @@ class CertServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CERT_CREATE) @ActionAuditRecord( actionId = ActionId.CERT_CREATE, instance = AuditInstanceRecord( @@ -1040,7 +1031,6 @@ class CertServiceImpl @Autowired constructor( } } - @AuditEntry(actionId = ActionId.CERT_EDIT) @ActionAuditRecord( actionId = ActionId.CERT_EDIT, instance = AuditInstanceRecord( @@ -1330,7 +1320,6 @@ class CertServiceImpl @Autowired constructor( return SQLPage(count, certList) } - @AuditEntry(actionId = ActionId.CERT_VIEW) @ActionAuditRecord( actionId = ActionId.CERT_VIEW, instance = AuditInstanceRecord( @@ -1361,7 +1350,6 @@ class CertServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CERT_VIEW) @ActionAuditRecord( actionId = ActionId.CERT_VIEW, instance = AuditInstanceRecord( @@ -1380,7 +1368,6 @@ class CertServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CERT_VIEW) @ActionAuditRecord( actionId = ActionId.CERT_VIEW, instance = AuditInstanceRecord( @@ -1412,7 +1399,6 @@ class CertServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CERT_VIEW) @ActionAuditRecord( actionId = ActionId.CERT_VIEW, instance = AuditInstanceRecord( @@ -1435,6 +1421,15 @@ class CertServiceImpl @Autowired constructor( ) } + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun queryIos(projectId: String, buildId: String, certId: String, publicKey: String): CertIOS { val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) if (buildBasicInfoResult.isNotOk()) { @@ -1493,6 +1488,15 @@ class CertServiceImpl @Autowired constructor( return CertEnterprise(serverBase64PublicKey, mpFileName, mpBase64Content, mpFileSha1) } + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun queryEnterpriseByProject(projectId: String, certId: String, publicKey: String): CertEnterprise { val certRecord = certDao.get(dslContext, projectId, certId) // 生成公钥和密钥 @@ -1511,6 +1515,15 @@ class CertServiceImpl @Autowired constructor( return CertEnterprise(serverBase64PublicKey, mpFileName, mpBase64Content, mpFileSha1) } + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun queryAndroid(projectId: String, buildId: String, certId: String, publicKey: String): CertAndroid { val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) if (buildBasicInfoResult.isNotOk()) { @@ -1547,6 +1560,15 @@ class CertServiceImpl @Autowired constructor( ) } + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun queryAndroidByProject( projectId: String, certId: String, @@ -1603,6 +1625,15 @@ class CertServiceImpl @Autowired constructor( ) } + @ActionAuditRecord( + actionId = ActionId.CERT_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CERT, + instanceIds = "#certId", + instanceNames = "#certId" + ), + content = ActionAuditContent.CERT_VIEW_CONTENT + ) override fun queryTlsByProject(projectId: String, certId: String, publicKey: String): CertTls { val certTlsRecord = certTlsDao.get(dslContext, projectId, certId) val publicKeyByteArray = Base64.getDecoder().decode(publicKey) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index 973ab8f26ed..0803f000e12 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -126,7 +126,6 @@ class CredentialServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CREDENTIAL_CREATE) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_CREATE, instance = AuditInstanceRecord( @@ -214,7 +213,6 @@ class CredentialServiceImpl @Autowired constructor( credentialPermissionService.createResource(userId, projectId, credential.credentialId, authGroupList) } - @AuditEntry(actionId = ActionId.CREDENTIAL_EDIT) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_EDIT, instance = AuditInstanceRecord( @@ -257,7 +255,6 @@ class CredentialServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CREDENTIAL_EDIT) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_EDIT, instance = AuditInstanceRecord( @@ -300,7 +297,6 @@ class CredentialServiceImpl @Autowired constructor( ) > 0 } - @AuditEntry(actionId = ActionId.CREDENTIAL_DELETE) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_DELETE, instance = AuditInstanceRecord( @@ -471,7 +467,6 @@ class CredentialServiceImpl @Autowired constructor( } } - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_VIEW, instance = AuditInstanceRecord( @@ -526,7 +521,6 @@ class CredentialServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_VIEW, instance = AuditInstanceRecord( @@ -582,14 +576,6 @@ class CredentialServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) - @ActionAuditRecord( - actionId = ActionId.CREDENTIAL_VIEW, - instance = AuditInstanceRecord( - resourceType = ResourceTypeId.CREDENTIAL - ), - content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT - ) override fun buildGet( projectId: String, buildId: String, @@ -626,16 +612,6 @@ class CredentialServiceImpl @Autowired constructor( return serviceGetAcrossProject(targetProjectId, credentialId, publicKey) } - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) - @ActionAuditRecord( - actionId = ActionId.CREDENTIAL_VIEW, - instance = AuditInstanceRecord( - resourceType = ResourceTypeId.CREDENTIAL, - instanceNames = "#credentialId", - instanceIds = "#credentialId" - ), - content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT - ) override fun buildGetDetail( projectId: String, buildId: String, @@ -672,13 +648,21 @@ class CredentialServiceImpl @Autowired constructor( return ret } + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceNames = "#credentialId", + instanceIds = "#credentialId" + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun serviceGet(projectId: String, credentialId: String, publicKey: String): CredentialInfo? { val credentialRecord = credentialDao.getOrNull(dslContext, projectId, credentialId) ?: return null return credentialInfo(publicKey, credentialRecord) } - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_VIEW, instance = AuditInstanceRecord( @@ -743,7 +727,6 @@ class CredentialServiceImpl @Autowired constructor( ) } - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) @ActionAuditRecord( actionId = ActionId.CREDENTIAL_VIEW, instance = AuditInstanceRecord( @@ -832,14 +815,6 @@ class CredentialServiceImpl @Autowired constructor( } } - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) - @ActionAuditRecord( - actionId = ActionId.CREDENTIAL_VIEW, - instance = AuditInstanceRecord( - resourceType = ResourceTypeId.CREDENTIAL - ), - content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT - ) override fun searchByCredentialId( projectId: String, offset: Int, @@ -855,12 +830,6 @@ class CredentialServiceImpl @Autowired constructor( credentialId = credentialId ) val result = credentialRecords.map { - ActionAuditContext.current().addInstanceInfo( - it.credentialId, - it.credentialName, - null, - null - ) Credential( credentialId = it.credentialId, credentialName = it.credentialName ?: it.credentialId, From 610fadc57d2954be0bc54cfeb42efcdbe3afa533 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 11 Oct 2023 17:29:00 +0800 Subject: [PATCH 30/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/process/service/pipeline/PipelineBuildService.kt | 1 - .../devops/process/api/service/ServiceCallBackResourceImpl.kt | 2 -- .../devops/process/service/PipelineInfoFacadeService.kt | 1 - .../devops/process/service/template/TemplateFacadeService.kt | 3 +-- 4 files changed, 1 insertion(+), 6 deletions(-) diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt index 46569329991..1a1336541e7 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt @@ -28,7 +28,6 @@ package com.tencent.devops.process.service.pipeline import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.audit.ActionAuditContent diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt index 6d46b72f068..e309984f44c 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/service/ServiceCallBackResourceImpl.kt @@ -27,12 +27,10 @@ package com.tencent.devops.process.api.service -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.pojo.Page import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.api.util.PageUtil -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.pipeline.event.CallBackEvent import com.tencent.devops.common.pipeline.event.CallBackNetWorkRegionType import com.tencent.devops.common.pipeline.event.PipelineCallbackEvent diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 0d14c64cd73..54fbad4c155 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -30,7 +30,6 @@ package com.tencent.devops.process.service import com.fasterxml.jackson.core.JsonParseException import com.google.common.cache.CacheBuilder import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.bk.audit.context.ActionAuditContext diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt index 541b3ab720e..0d753055fb8 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt @@ -30,7 +30,6 @@ package com.tencent.devops.process.service.template import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.module.kotlin.readValue import com.tencent.bk.audit.annotations.ActionAuditRecord -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode @@ -94,8 +93,8 @@ import com.tencent.devops.process.pojo.PipelineId import com.tencent.devops.process.pojo.PipelineTemplateInfo import com.tencent.devops.process.pojo.enums.TemplateSortTypeEnum import com.tencent.devops.process.pojo.setting.PipelineSetting -import com.tencent.devops.process.pojo.template.MarketTemplateRequest import com.tencent.devops.process.pojo.template.CopyTemplateReq +import com.tencent.devops.process.pojo.template.MarketTemplateRequest import com.tencent.devops.process.pojo.template.OptionalTemplate import com.tencent.devops.process.pojo.template.OptionalTemplateList import com.tencent.devops.process.pojo.template.SaveAsTemplateReq From 9d08fb7e9451ffc19fce9e8edb2b7e92218ecf3d Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 12 Oct 2023 10:00:21 +0800 Subject: [PATCH 31/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/process/service/PipelineInfoFacadeService.kt | 1 - .../devops/process/service/template/TemplateFacadeService.kt | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 54fbad4c155..019b767820d 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -264,7 +264,6 @@ class PipelineInfoFacadeService @Autowired constructor( fun createPipeline( userId: String, projectId: String, - @AuditRequestBody model: Model, channelCode: ChannelCode, checkPermission: Boolean = true, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt index 0d753055fb8..e1f120a7336 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt @@ -588,7 +588,7 @@ class TemplateFacadeService @Autowired constructor( ): Boolean { logger.info("Start to update the template setting - [$projectId|$userId|$templateId]") checkPermission(projectId, userId) - ActionAuditContext.current().setInstanceId(templateId).setInstanceName(templateId) + ActionAuditContext.current().setInstanceId(templateId).setInstanceName(setting.pipelineName) dslContext.transaction { configuration -> val context = DSL.using(configuration) checkTemplateName( From 470d49bdfe756de933334054b60a8980cd1d0885 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 12 Oct 2023 10:08:12 +0800 Subject: [PATCH 32/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/process/service/PipelineInfoFacadeService.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 019b767820d..a2345e7b17d 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -31,7 +31,6 @@ import com.fasterxml.jackson.core.JsonParseException import com.google.common.cache.CacheBuilder import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE From 05c0731a7815dd14dd74240ef783eaf58f646b58 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 12 Oct 2023 11:06:11 +0800 Subject: [PATCH 33/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/process/api/UserPipelineResourceImpl.kt | 3 +++ .../devops/process/api/UserPipelineSettingResourceImpl.kt | 7 ++++++- .../service/pipeline/PipelineSettingFacadeService.kt | 2 -- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index 19e813ad6d5..ff05e55b2c5 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -28,6 +28,7 @@ package com.tencent.devops.process.api import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.devops.common.api.constant.CommonMessageCode.USER_NOT_PERMISSIONS_OPERATE_PIPELINE import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.InvalidParamException @@ -298,6 +299,7 @@ class UserPipelineResourceImpl @Autowired constructor( userId: String, projectId: String, pipelineId: String, + @AuditRequestBody setting: PipelineSetting ): Result { checkParam(userId, projectId) @@ -619,6 +621,7 @@ class UserPipelineResourceImpl @Autowired constructor( ) override fun uploadPipeline( userId: String, + @AuditRequestBody pipelineInfo: PipelineModelAndSetting, projectId: String ): Result { diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt index e0d06b5ff58..0441851dfbb 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineSettingResourceImpl.kt @@ -28,6 +28,7 @@ package com.tencent.devops.process.api import com.tencent.bk.audit.annotations.AuditEntry +import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource @@ -43,7 +44,11 @@ class UserPipelineSettingResourceImpl @Autowired constructor( ) : UserPipelineSettingResource { @AuditEntry(actionId = ActionId.PIPELINE_EDIT) - override fun saveSetting(userId: String, setting: PipelineSetting): Result { + override fun saveSetting( + userId: String, + @AuditRequestBody + setting: PipelineSetting + ): Result { return Result(pipelineSettingFacadeService.saveSetting(userId, setting)) } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt index 56a214965aa..4fbcd833a6d 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt @@ -29,7 +29,6 @@ package com.tencent.devops.process.service.pipeline import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_DEFAULT import com.tencent.devops.common.api.exception.PermissionForbiddenException @@ -98,7 +97,6 @@ class PipelineSettingFacadeService @Autowired constructor( ) fun saveSetting( userId: String, - @AuditRequestBody setting: PipelineSetting, checkPermission: Boolean = true, version: Int = 0, From c33fed1ca7758d5786ab6e54ec297e30d1ec43e7 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 12 Oct 2023 12:17:32 +0800 Subject: [PATCH 34/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/process/api/UserPipelineResourceImpl.kt | 1 + .../com/tencent/devops/ticket/service/CredentialServiceImpl.kt | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index ff05e55b2c5..ee180590e92 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -264,6 +264,7 @@ class UserPipelineResourceImpl @Autowired constructor( userId: String, projectId: String, pipelineId: String, + @AuditRequestBody modelAndSetting: PipelineModelAndSetting ): Result { checkParam(userId, projectId) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index 0803f000e12..00d638e02a8 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -226,7 +226,6 @@ class CredentialServiceImpl @Autowired constructor( userId: String, projectId: String, credentialId: String, - @AuditRequestBody credential: CredentialUpdate ) { val edit = AuthPermission.EDIT From 12afaadc366f439591eec3934ce7514cfb385219 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 12 Oct 2023 15:58:04 +0800 Subject: [PATCH 35/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/build.gradle.kts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/backend/ci/build.gradle.kts b/src/backend/ci/build.gradle.kts index e1f429eced8..2d746006d44 100644 --- a/src/backend/ci/build.gradle.kts +++ b/src/backend/ci/build.gradle.kts @@ -9,6 +9,13 @@ apply(plugin = "org.owasp.dependencycheck") allprojects { apply(plugin = "com.tencent.devops.boot") + configurations.all { + resolutionStrategy { + cacheChangingModulesFor(0, "seconds") + cacheDynamicVersionsFor( 0, "seconds") + } + } + // 包路径 group = "com.tencent.bk.devops.ci" // 版本 From 6633e320862977ba7d7a183a7e88fce93253b69a Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 12 Oct 2023 17:20:12 +0800 Subject: [PATCH 36/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/ticket/service/CredentialServiceImpl.kt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index 00d638e02a8..5de8e5bc5d6 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -575,6 +575,15 @@ class CredentialServiceImpl @Autowired constructor( ) } + @ActionAuditRecord( + actionId = ActionId.CREDENTIAL_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.CREDENTIAL, + instanceNames = "#credentialId", + instanceIds = "#credentialId" + ), + content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT + ) override fun buildGet( projectId: String, buildId: String, From 24770c96012b8e2b428106d29703e9c936211be5 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 17 Oct 2023 15:46:29 +0800 Subject: [PATCH 37/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/ticket/resources/BuildAgentCredentialResourceImpl.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt index 416cae71363..c69668a52de 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt @@ -42,7 +42,6 @@ class BuildAgentCredentialResourceImpl @Autowired constructor( private val credentialService: CredentialService ) : BuildAgentCredentialResource { - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun get( projectId: String, buildId: String, From 63440527ab4e50ad3ee808c402a9109b3dba3949 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 17 Oct 2023 16:07:03 +0800 Subject: [PATCH 38/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/ticket/resources/BuildAgentCredentialResourceImpl.kt | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt index c69668a52de..ed63e279d38 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildAgentCredentialResourceImpl.kt @@ -27,10 +27,8 @@ package com.tencent.devops.ticket.resources -import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.pojo.Result -import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.web.RestResource import com.tencent.devops.ticket.api.BuildAgentCredentialResource import com.tencent.devops.ticket.pojo.CredentialInfo From a6bdba2f9d61bddedf4640cb91f853231f702019 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 19 Oct 2023 12:08:48 +0800 Subject: [PATCH 39/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/ticket/resources/BuildCredentialResourceImpl.kt | 1 - .../devops/ticket/resources/ServiceCredentialResourceImpl.kt | 1 - 2 files changed, 2 deletions(-) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt index ddfb62f05cc..2e0d0b1bfa8 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/BuildCredentialResourceImpl.kt @@ -47,7 +47,6 @@ class BuildCredentialResourceImpl @Autowired constructor( @SensitiveApiPermission("get_credential") @BkTimed(extraTags = ["operate", "get"]) - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun get( projectId: String, buildId: String, diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt index 1c41be2c504..d69095bd33d 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/resources/ServiceCredentialResourceImpl.kt @@ -72,7 +72,6 @@ class ServiceCredentialResourceImpl @Autowired constructor( } @BkTimed(extraTags = ["operate", "get"]) - @AuditEntry(actionId = ActionId.CREDENTIAL_VIEW) override fun get(projectId: String, credentialId: String, publicKey: String): Result { if (projectId.isBlank()) { throw ParamBlankException("Invalid projectId") From c6b057af744359a573853c823fce900aae9ed626 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 19 Oct 2023 16:35:21 +0800 Subject: [PATCH 40/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/api/constant/CommonConstants.kt | 1 + .../devops/common/audit/BkAuditRequestProvider.kt | 15 +++++++++------ .../devops/common/web/FeignConfiguration.kt | 9 ++++++++- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonConstants.kt b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonConstants.kt index 421d1cc9bd8..72b788f9323 100644 --- a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonConstants.kt +++ b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonConstants.kt @@ -118,6 +118,7 @@ const val LOCALE_LANGUAGE = "BK_CI_LOCALE_LANGUAGE" // locale国际化语言信 const val DEFAULT_LOCALE_LANGUAGE = "zh_CN" // 默认语言信息 const val REQUEST_CHANNEL = "BK_CI_REQUEST_CHANNEL" // 请求渠道 const val API_PERMISSION = "BK_CI_API_PERMISSION" // 请求API权限 +const val REQUEST_IP = "X-Forwarded-For" // 请求IP const val BK_CREATE = "bkCreate" // 创建 const val BK_REVISE = "bkRevise" // 修改 diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index 4bd70b7541e..5d24adc5cab 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -6,6 +6,9 @@ import com.tencent.bk.audit.constants.UserIdentifyTypeEnum import com.tencent.bk.audit.exception.AuditException import com.tencent.bk.audit.model.AuditHttpRequest import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID +import com.tencent.devops.common.api.constant.REQUEST_CHANNEL +import com.tencent.devops.common.api.constant.REQUEST_IP +import com.tencent.devops.common.api.enums.RequestChannelTypeEnum import org.slf4j.LoggerFactory import org.springframework.web.context.request.RequestContextHolder import org.springframework.web.context.request.ServletRequestAttributes @@ -16,7 +19,7 @@ class BkAuditRequestProvider : AuditRequestProvider { private const val HEADER_USERNAME = AUTH_HEADER_USER_ID private const val HEADER_USER_IDENTIFY_TENANT_ID = "X-User-Identify-Tenant-Id" private const val HEADER_USER_IDENTIFY_TYPE = "X-User-Identify-Type" - private const val HEADER_ACCESS_TYPE = "USER-AGENT" + private const val HEADER_ACCESS_TYPE = REQUEST_CHANNEL private const val HEADER_REQUEST_ID = "X-DEVOPS-RID" private val logger = LoggerFactory.getLogger(BkAuditRequestProvider::class.java) } @@ -54,10 +57,10 @@ class BkAuditRequestProvider : AuditRequestProvider { override fun getAccessType(): AccessTypeEnum { val httpServletRequest = getHttpServletRequest() - val accessTypeHeader = httpServletRequest.getHeader(HEADER_ACCESS_TYPE) - return when { - accessTypeHeader.contains("Mozilla") -> AccessTypeEnum.WEB - accessTypeHeader.contains("API") -> AccessTypeEnum.API + return when (httpServletRequest.getHeader(HEADER_ACCESS_TYPE)) { + RequestChannelTypeEnum.USER.name, + RequestChannelTypeEnum.OP.name -> AccessTypeEnum.WEB + RequestChannelTypeEnum.OPEN.name -> AccessTypeEnum.API else -> AccessTypeEnum.OTHER } } @@ -69,7 +72,7 @@ class BkAuditRequestProvider : AuditRequestProvider { override fun getClientIp(): String? { val request = getHttpServletRequest() - val xff = request.getHeader("X-Forwarded-For") + val xff = request.getHeader(REQUEST_IP) return if (xff == null) { request.remoteAddr } else { diff --git a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt index 48e007d544a..4d1874be654 100644 --- a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt +++ b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt @@ -34,6 +34,7 @@ import com.tencent.devops.common.api.auth.AUTH_HEADER_PROJECT_ID import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID import com.tencent.devops.common.api.constant.API_PERMISSION import com.tencent.devops.common.api.constant.REQUEST_CHANNEL +import com.tencent.devops.common.api.constant.REQUEST_IP import com.tencent.devops.common.client.ms.MicroServiceTarget import com.tencent.devops.common.security.jwt.JwtManager import com.tencent.devops.common.security.util.EnvironmentUtil @@ -69,7 +70,7 @@ class FeignConfiguration @Autowired constructor( requestTemplate.decodeSlash(false) if (!requestTemplate.headers().containsKey(AUTH_HEADER_PROJECT_ID)) { - // 增加X-HEAD-CONSUL-TAG供下游服务获取相同的consul tag + // 增加X-HEAD-CONSUL-TAG供下游服务获取相同的consul tag val tag = bkTag.getFinalTag() requestTemplate.header(AUTH_HEADER_GATEWAY_TAG, tag) logger.debug("gateway tag is : $tag") @@ -128,6 +129,12 @@ class FeignConfiguration @Autowired constructor( if (!requestChannel.isNullOrBlank()) { requestTemplate.header(REQUEST_CHANNEL, requestChannel) } + // 设置请求IP + val requestIp = request.getHeader(REQUEST_IP) + if (!requestIp.isNullOrBlank()) { + requestTemplate.header(REQUEST_IP, requestIp) + } + logger.info("FeignConfiguration:requestIp($requestIp)") val cookies = request.cookies if (cookies != null && cookies.isNotEmpty()) { val cookieBuilder = StringBuilder() From 94087ac641b105819eeb655e2df4c874f9554b35 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 19 Oct 2023 16:46:22 +0800 Subject: [PATCH 41/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tencent/devops/common/audit/BkAuditRequestProvider.kt | 5 ++++- .../com/tencent/devops/common/web/FeignConfiguration.kt | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index 5d24adc5cab..dc2b4d919e0 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -57,7 +57,10 @@ class BkAuditRequestProvider : AuditRequestProvider { override fun getAccessType(): AccessTypeEnum { val httpServletRequest = getHttpServletRequest() - return when (httpServletRequest.getHeader(HEADER_ACCESS_TYPE)) { + val requestChannel = (httpServletRequest.getAttribute(REQUEST_CHANNEL) + ?: httpServletRequest.getHeader(REQUEST_CHANNEL))?.toString() + logger.debug("get request channel :$requestChannel") + return when (requestChannel) { RequestChannelTypeEnum.USER.name, RequestChannelTypeEnum.OP.name -> AccessTypeEnum.WEB RequestChannelTypeEnum.OPEN.name -> AccessTypeEnum.API diff --git a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt index 4d1874be654..96f6e16ff4f 100644 --- a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt +++ b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt @@ -129,12 +129,12 @@ class FeignConfiguration @Autowired constructor( if (!requestChannel.isNullOrBlank()) { requestTemplate.header(REQUEST_CHANNEL, requestChannel) } - // 设置请求IP + // 设置客户端的原始IP地址 val requestIp = request.getHeader(REQUEST_IP) if (!requestIp.isNullOrBlank()) { requestTemplate.header(REQUEST_IP, requestIp) } - logger.info("FeignConfiguration:requestIp($requestIp)") + logger.debug("FeignConfiguration:requestIp($requestIp)") val cookies = request.cookies if (cookies != null && cookies.isNotEmpty()) { val cookieBuilder = StringBuilder() From 6ec377e98c7ee0ac74ed1d0a2159d219dd936de3 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 19 Oct 2023 17:56:30 +0800 Subject: [PATCH 42/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/api/enums/RequestChannelTypeEnum.kt | 3 ++- .../common/audit/BkAuditRequestProvider.kt | 2 +- .../service/filter/RequestChannelFilter.kt | 17 +++++++---------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/enums/RequestChannelTypeEnum.kt b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/enums/RequestChannelTypeEnum.kt index 1fa2c6991d2..074e1e31673 100644 --- a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/enums/RequestChannelTypeEnum.kt +++ b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/enums/RequestChannelTypeEnum.kt @@ -32,5 +32,6 @@ enum class RequestChannelTypeEnum { SERVICE, BUILD, OP, - OPEN + OPEN, + API } diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index dc2b4d919e0..9cf1a8c28f0 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -63,7 +63,7 @@ class BkAuditRequestProvider : AuditRequestProvider { return when (requestChannel) { RequestChannelTypeEnum.USER.name, RequestChannelTypeEnum.OP.name -> AccessTypeEnum.WEB - RequestChannelTypeEnum.OPEN.name -> AccessTypeEnum.API + RequestChannelTypeEnum.API.name -> AccessTypeEnum.API else -> AccessTypeEnum.OTHER } } diff --git a/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt b/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt index c0cd4644e8a..005e5e92d55 100644 --- a/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt +++ b/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt @@ -51,16 +51,13 @@ class RequestChannelFilter : Filter { val httpServletRequest = request as HttpServletRequest val requestUrl = httpServletRequest.requestURI // 根据接口路径设置请求渠道信息 - val channel = if (requestUrl.contains("/api/build/")) { - RequestChannelTypeEnum.BUILD.name - } else if (requestUrl.contains("/api/user/")) { - RequestChannelTypeEnum.USER.name - } else if (requestUrl.contains("/api/op/")) { - RequestChannelTypeEnum.OP.name - } else if (requestUrl.contains("/api/open/")) { - RequestChannelTypeEnum.OPEN.name - } else { - null + val channel = when { + requestUrl.contains("/api/build/") -> RequestChannelTypeEnum.BUILD.name + requestUrl.contains("/api/user/") -> RequestChannelTypeEnum.USER.name + requestUrl.contains("/api/op/") -> RequestChannelTypeEnum.OP.name + requestUrl.contains("/api/open/") -> RequestChannelTypeEnum.OPEN.name + requestUrl.contains("/api/apigw") -> RequestChannelTypeEnum.API.name + else -> null } channel?.let { request.setAttribute(REQUEST_CHANNEL, channel) } chain.doFilter(request, response) From 1c2879c337cb50e7ab78e1f70cd1ff207366f961 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 19 Oct 2023 17:57:01 +0800 Subject: [PATCH 43/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/common/audit/BkAuditRequestProvider.kt | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index 9cf1a8c28f0..fc4a453812a 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -16,10 +16,8 @@ import javax.servlet.http.HttpServletRequest class BkAuditRequestProvider : AuditRequestProvider { companion object { - private const val HEADER_USERNAME = AUTH_HEADER_USER_ID private const val HEADER_USER_IDENTIFY_TENANT_ID = "X-User-Identify-Tenant-Id" private const val HEADER_USER_IDENTIFY_TYPE = "X-User-Identify-Type" - private const val HEADER_ACCESS_TYPE = REQUEST_CHANNEL private const val HEADER_REQUEST_ID = "X-DEVOPS-RID" private val logger = LoggerFactory.getLogger(BkAuditRequestProvider::class.java) } @@ -40,7 +38,7 @@ class BkAuditRequestProvider : AuditRequestProvider { override fun getUsername(): String? { val httpServletRequest = getHttpServletRequest() - return httpServletRequest.getHeader(HEADER_USERNAME) + return httpServletRequest.getHeader(AUTH_HEADER_USER_ID) } override fun getUserIdentifyType(): UserIdentifyTypeEnum? { From 3ed2e2dd7df42516efdd9af418024cb80cbd6d80 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 20 Oct 2023 09:31:15 +0800 Subject: [PATCH 44/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/service/filter/RequestChannelFilter.kt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt b/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt index 005e5e92d55..1a01522f6fb 100644 --- a/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt +++ b/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt @@ -29,6 +29,7 @@ package com.tencent.devops.common.service.filter import com.tencent.devops.common.api.constant.REQUEST_CHANNEL import com.tencent.devops.common.api.enums.RequestChannelTypeEnum +import org.slf4j.LoggerFactory import org.springframework.core.Ordered import org.springframework.core.annotation.Order import org.springframework.stereotype.Component @@ -44,12 +45,19 @@ import javax.servlet.http.HttpServletRequest class RequestChannelFilter : Filter { override fun destroy() = Unit + companion object { + val logger = LoggerFactory.getLogger(RequestChannelFilter::class.java) + } + override fun doFilter(request: ServletRequest?, response: ServletResponse?, chain: FilterChain?) { if (request == null || chain == null) { return } val httpServletRequest = request as HttpServletRequest val requestUrl = httpServletRequest.requestURI + logger.debug( + "Request Channel Filter:URL($requestUrl)" + ) // 根据接口路径设置请求渠道信息 val channel = when { requestUrl.contains("/api/build/") -> RequestChannelTypeEnum.BUILD.name From 024ae6240b4f6b5553ece0b7c16b45b9dde13688 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 20 Oct 2023 14:46:09 +0800 Subject: [PATCH 45/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ci/core/artifactory/biz-artifactory/build.gradle.kts | 1 + .../devops/common/service/filter/RequestChannelFilter.kt | 3 --- .../kotlin/com/tencent/devops/common/web/FeignConfiguration.kt | 1 - 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts b/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts index b8c12fcfbd9..f56a354aa4b 100644 --- a/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts +++ b/src/backend/ci/core/artifactory/biz-artifactory/build.gradle.kts @@ -32,6 +32,7 @@ dependencies { api(project(":core:common:common-archive")) api(project(":core:common:common-db")) api(project(":core:common:common-auth:common-auth-api")) + api(project(":core:common:common-audit")) api(project(":core:artifactory:api-artifactory")) api(project(":core:artifactory:model-artifactory")) api(project(":core:project:api-project")) diff --git a/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt b/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt index 1a01522f6fb..3c5702ef388 100644 --- a/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt +++ b/src/backend/ci/core/common/common-service/src/main/kotlin/com/tencent/devops/common/service/filter/RequestChannelFilter.kt @@ -55,9 +55,6 @@ class RequestChannelFilter : Filter { } val httpServletRequest = request as HttpServletRequest val requestUrl = httpServletRequest.requestURI - logger.debug( - "Request Channel Filter:URL($requestUrl)" - ) // 根据接口路径设置请求渠道信息 val channel = when { requestUrl.contains("/api/build/") -> RequestChannelTypeEnum.BUILD.name diff --git a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt index 96f6e16ff4f..67eda6a9efc 100644 --- a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt +++ b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt @@ -134,7 +134,6 @@ class FeignConfiguration @Autowired constructor( if (!requestIp.isNullOrBlank()) { requestTemplate.header(REQUEST_IP, requestIp) } - logger.debug("FeignConfiguration:requestIp($requestIp)") val cookies = request.cookies if (cookies != null && cookies.isNotEmpty()) { val cookieBuilder = StringBuilder() From 76e3b1ca1c340f9ebe89ecb8e46c95ec949a8350 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 26 Oct 2023 11:02:32 +0800 Subject: [PATCH 46/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../0003_resource_20221223_iam-rbac.json | 54 ++ ...0004_instance-views_20221213_iam-rbac.json | 54 ++ .../0005_action_20221213_iam-rbac.json | 516 ++++++++++++++++++ .../0006_group_20221213_iam-rbac.json | 72 +++ 4 files changed, 696 insertions(+) diff --git a/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json b/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json index 39d888cb289..b7e36b1b230 100644 --- a/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json +++ b/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json @@ -279,6 +279,60 @@ }, "version": 1 } + }, + { + "operation": "upsert_resource_type", + "data": { + "id": "cgs", + "name": "云桌面", + "name_en": "Cgs", + "parents": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + } + ], + "provider_config": { + "path": "/api/open/auth/resource/instances/list?x-devops-project-id=rbac-project" + }, + "version": 1 + } + }, + { + "operation": "upsert_resource_type", + "data": { + "id": "image", + "name": "镜像", + "name_en": "Image", + "parents": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + } + ], + "provider_config": { + "path": "/api/open/auth/resource/instances/list?x-devops-project-id=rbac-project" + }, + "version": 1 + } + }, + { + "operation": "upsert_resource_type", + "data": { + "id": "code_proxy", + "name": "代理仓库", + "name_en": "Code Proxy", + "parents": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + } + ], + "provider_config": { + "path": "/api/open/auth/resource/instances/list?x-devops-project-id=rbac-project" + }, + "version": 1 + } } ] } diff --git a/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json b/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json index f323af1e06e..1888d5d917e 100644 --- a/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json @@ -266,6 +266,60 @@ } ] } + }, + { + "operation": "upsert_instance_selection", + "data": { + "id": "cgs_instance", + "name": "云桌面", + "name_en": "Cgs", + "resource_type_chain": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + }, + { + "system_id": "bk_ci_rbac", + "id": "cgs" + } + ] + } + }, + { + "operation": "upsert_instance_selection", + "data": { + "id": "image_instance", + "name": "镜像", + "name_en": "Image", + "resource_type_chain": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + }, + { + "system_id": "bk_ci_rbac", + "id": "image" + } + ] + } + }, + { + "operation": "upsert_instance_selection", + "data": { + "id": "code_proxy_instance", + "name": "代理仓库", + "name_en": "Code Proxy", + "resource_type_chain": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + }, + { + "system_id": "bk_ci_rbac", + "id": "code_proxy" + } + ] + } } ] } diff --git a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json index 210591db2b6..17b6ee84b49 100644 --- a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json @@ -2123,6 +2123,522 @@ ], "version": 1 } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_create", + "name": "创建云桌面", + "name_en": "Cgs Create", + "auth_type": "rbac", + "type": "create", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "project_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_list", + "name": "云桌面列表", + "name_en": "Cgs List", + "auth_type": "rbac", + "type": "view", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_view", + "name": "查看云桌面", + "name_en": "Cgs View", + "auth_type": "rbac", + "type": "view", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_stop", + "name": "云桌面关机", + "name_en": "Cgs Stop", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_start", + "name": "云桌面开机", + "name_en": "Cgs Start", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_restart", + "name": "云桌面重启", + "name_en": "Cgs Restart", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_assign", + "name": "分配云桌面用户", + "name_en": "Cgs Assign", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_edit-type", + "name": "变更云桌面机型", + "name_en": "Cgs Modify Type", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_rebuild-system-disk", + "name": "重建系统盘", + "name_en": "Cgs Rebuild System Disk", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_make-image", + "name": "制作镜像", + "name_en": "Cgs Make Image", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_expand-disk", + "name": "磁盘扩容", + "name_en": "Cgs Expand Disk", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_delete", + "name": "删除云桌面", + "name_en": "Cgs Delete", + "auth_type": "rbac", + "type": "delete", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "image_list", + "name": "镜像列表", + "name_en": "Image List", + "auth_type": "rbac", + "type": "view", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "image_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "image delete", + "name": "镜像删除", + "name_en": "Image Delete", + "auth_type": "rbac", + "type": "delete", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "image_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "image_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "image_edit", + "name": "镜像修改", + "name_en": "Image Edit", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "image_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "image_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "code_proxy_create", + "name": "关联代理仓库", + "name_en": "Proxy Create", + "auth_type": "rbac", + "type": "create", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "project_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "code_proxy_list", + "name": "代理仓库列表", + "name_en": "Proxy List", + "auth_type": "rbac", + "type": "view", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "code_proxy_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "code_proxy_delete", + "name": "删除关联代理仓库", + "name_en": "Proxy Delete", + "auth_type": "rbac", + "type": "delete", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "code_proxy_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "proxy_list" + ], + "hidden": true, + "version": 1 + } } ] } diff --git a/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json b/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json index b85595071d3..3b93ab10525 100644 --- a/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json @@ -340,6 +340,78 @@ "id": "quality_group_edit" } ] + }, + { + "name": "云桌面", + "name_en": "Cgs Permissions", + "actions": [ + { + "id": "cgs_create" + }, + { + "id": "cgs_list" + }, + { + "id": "cgs_view" + }, + { + "id": "cgs_stop" + }, + { + "id": "cgs_start" + }, + { + "id": "cgs_restart" + }, + { + "id": "cgs_assign" + }, + { + "id": "cgs_edit-type" + }, + { + "id": "cgs_rebuild-system-disk" + }, + { + "id": "cgs_make-image" + }, + { + "id": "cgs_expand-disk" + }, + { + "id": "cgs_delete" + } + ] + }, + { + "name": "镜像", + "name_en": "Image Notice Group Permissions", + "actions": [ + { + "id": "image_list" + }, + { + "id": "image_delete" + }, + { + "id": "image_edit" + } + ] + }, + { + "name": "代理仓库", + "name_en": "Code Proxy Permissions", + "actions": [ + { + "id": "code_proxy_create" + }, + { + "id": "code_proxy_list" + }, + { + "id": "code_proxy_delete" + } + ] } ] } From 62769e50da09e8b80e04cb6a0a8e2ab24ed5eaae Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 26 Oct 2023 11:08:59 +0800 Subject: [PATCH 47/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json index 17b6ee84b49..2ca519a01b4 100644 --- a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json @@ -2500,7 +2500,7 @@ { "operation": "upsert_action", "data": { - "id": "image delete", + "id": "image_delete", "name": "镜像删除", "name_en": "Image Delete", "auth_type": "rbac", From 9afaedb9b82de8512e4c81d8b44f603bb75b6f51 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 26 Oct 2023 11:27:31 +0800 Subject: [PATCH 48/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/auth/api/ActionId.kt | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt index bd39db252d3..fba2299f347 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt @@ -29,4 +29,28 @@ object ActionId { const val CERT_DELETE = "cert_delete" const val CERT_LIST = "cert_list" const val CERT_USE = "cert_use" + + // 云桌面 + const val CGS_CREATE = "cgs_create" + const val CGS_LIST = "cgs_list" + const val CGS_VIEW = "cgs_view" + const val CGS_STOP = "cgs_stop" + const val CGS_START = "cgs_start" + const val CGS_RESTART = "cgs_restart" + const val CGS_ASSIGN = "cgs_assign" + const val CGS_EDIT_TYPE = "cgs_edit-type" + const val CGS_REBUILD_SYSTEM_DISK = "cgs_rebuild-system-disk" + const val CGS_MAKE_IMAGE = "cgs_make-image" + const val CGS_EXPAND_DISK = "cgs_expand-disk" + const val CGS_DELETE = "cgs_delete" + + // 镜像 + const val IMAGE_LIST = "image_list" + const val IMAGE_DELETE = "image_delete" + const val IMAGE_EDIT = "image_edit" + + // 代理仓库 + const val CODE_PROXY_CREATE = "code_proxy_create" + const val CODE_PROXY_LIST = "code_proxy_list" + const val CODE_PROXY_DELETE = "code_proxy_delete" } From 9f5ac1cd6296078fa098f279838b517fd3560ad7 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 26 Oct 2023 16:28:22 +0800 Subject: [PATCH 49/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../0005_action_20221213_iam-rbac.json | 58 +++++++++++++++++++ .../0006_group_20221213_iam-rbac.json | 6 ++ 2 files changed, 64 insertions(+) diff --git a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json index 2ca519a01b4..da0ff13fe96 100644 --- a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json @@ -2469,6 +2469,64 @@ "version": 1 } }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_share", + "name": "分享云桌面", + "name_en": "Cgs Share", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "cgs_edit", + "name": "编辑云桌面", + "name_en": "Cgs Edit", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "cgs_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "cgs_list" + ], + "hidden": true, + "version": 1 + } + }, { "operation": "upsert_action", "data": { diff --git a/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json b/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json index 3b93ab10525..6baca2cb83c 100644 --- a/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json @@ -380,6 +380,12 @@ }, { "id": "cgs_delete" + }, + { + "id": "cgs_share" + }, + { + "id": "cgs_edit" } ] }, From bdc598a6e90e3448b5e392adf5107fc281b896fd Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 30 Oct 2023 10:40:06 +0800 Subject: [PATCH 50/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../0003_resource_20221223_iam-rbac.json | 18 ++ ...0004_instance-views_20221213_iam-rbac.json | 18 ++ .../0005_action_20221213_iam-rbac.json | 204 ++++++++++++++++-- .../0006_group_20221213_iam-rbac.json | 24 +++ 4 files changed, 246 insertions(+), 18 deletions(-) diff --git a/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json b/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json index b7e36b1b230..76e67800139 100644 --- a/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json +++ b/support-files/bkiam-rbac/0003_resource_20221223_iam-rbac.json @@ -333,6 +333,24 @@ }, "version": 1 } + }, + { + "operation": "upsert_resource_type", + "data": { + "id": "pipeline_template", + "name": "流水线模板", + "name_en": "Pipeline Template", + "parents": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + } + ], + "provider_config": { + "path": "/api/open/auth/resource/instances/list?x-devops-project-id=rbac-project" + }, + "version": 1 + } } ] } diff --git a/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json b/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json index 1888d5d917e..84250541429 100644 --- a/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0004_instance-views_20221213_iam-rbac.json @@ -320,6 +320,24 @@ } ] } + }, + { + "operation": "upsert_instance_selection", + "data": { + "id": "pipeline_template_instance", + "name": "流水线模板", + "name_en": "Pipeline Template", + "resource_type_chain": [ + { + "system_id": "bk_ci_rbac", + "id": "project" + }, + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template" + } + ] + } } ] } diff --git a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json index da0ff13fe96..0b92514b9ec 100644 --- a/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0005_action_20221213_iam-rbac.json @@ -2163,7 +2163,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2191,7 +2191,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2219,7 +2219,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2248,7 +2248,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2277,7 +2277,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2306,7 +2306,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2335,7 +2335,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2364,7 +2364,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2393,7 +2393,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2422,7 +2422,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2451,7 +2451,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2480,7 +2480,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2509,7 +2509,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "cgs", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2538,7 +2538,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "image", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2566,7 +2566,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "image", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2595,7 +2595,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "image", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2652,7 +2652,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "code_proxy", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2680,7 +2680,7 @@ "related_resource_types": [ { "system_id": "bk_ci_rbac", - "id": "project", + "id": "code_proxy", "related_instance_selections": [ { "system_id": "bk_ci_rbac", @@ -2697,6 +2697,174 @@ "hidden": true, "version": 1 } + }, + { + "operation": "upsert_action", + "data": { + "id": "pipeline_template_create", + "name": "创建流水线模板", + "name_en": "Pipeline Template Create", + "auth_type": "rbac", + "type": "create", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "project", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "project_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "pipeline_template_list", + "name": "流水线模板列表", + "name_en": "Pipeline Template List", + "auth_type": "rbac", + "type": "view", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit" + ], + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "pipeline_template_delete", + "name": "删除流水线模板", + "name_en": "Pipeline Template Delete", + "auth_type": "rbac", + "type": "delete", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "pipeline_template_list" + ], + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "pipeline_template_view", + "name": "查看流水线模板", + "name_en": "Pipeline Template View", + "auth_type": "rbac", + "type": "view", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "pipeline_template_list" + ], + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "pipeline_template_edit", + "name": "编辑流水线模板", + "name_en": "Pipeline Template Edit", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "pipeline_template_list", + "pipeline_template_view" + ], + "version": 1 + } + }, + { + "operation": "upsert_action", + "data": { + "id": "pipeline_template_manage", + "name": "管理流水线模板", + "name_en": "Pipeline Template Manage", + "auth_type": "rbac", + "type": "edit", + "related_resource_types": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template", + "related_instance_selections": [ + { + "system_id": "bk_ci_rbac", + "id": "pipeline_template_instance", + "ignore_iam_path": true + } + ] + } + ], + "related_actions": [ + "project_visit", + "pipeline_template_list", + "pipeline_template_view" + ], + "version": 1 + } } ] } diff --git a/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json b/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json index 6baca2cb83c..9bd3f907bdb 100644 --- a/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json +++ b/support-files/bkiam-rbac/0006_group_20221213_iam-rbac.json @@ -418,6 +418,30 @@ "id": "code_proxy_delete" } ] + }, + { + "name": "流水线模板", + "name_en": "Pipeline Template Permissions", + "actions": [ + { + "id": "pipeline_template_view" + }, + { + "id": "pipeline_template_edit" + }, + { + "id": "pipeline_template_delete" + }, + { + "id": "pipeline_template_create" + }, + { + "id": "pipeline_template_list" + }, + { + "id": "pipeline_template_manage" + } + ] } ] } From 44a291ba63a7a6660403e10bfc1f565e1e3506a0 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 30 Oct 2023 20:11:32 +0800 Subject: [PATCH 51/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/build.gradle.kts | 8 -------- .../ci/buildSrc/src/main/kotlin/constants/Versions.kt | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/src/backend/ci/build.gradle.kts b/src/backend/ci/build.gradle.kts index 6e6db620de4..536435858f3 100644 --- a/src/backend/ci/build.gradle.kts +++ b/src/backend/ci/build.gradle.kts @@ -8,14 +8,6 @@ apply(plugin = "org.owasp.dependencycheck") allprojects { apply(plugin = "com.tencent.devops.boot") - - configurations.all { - resolutionStrategy { - cacheChangingModulesFor(0, "seconds") - cacheDynamicVersionsFor( 0, "seconds") - } - } - // 包路径 group = "com.tencent.bk.devops.ci" // 版本 diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index ea808c5c0cb..64540dd7427 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -48,5 +48,5 @@ object Versions { const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.39-SNAPSHOT" const val disklrucache = "2.0.2" - const val audit = "1.0.6-SNAPSHOT" + const val audit = "1.0.6" } From ef6a8cae24e19a8bef8293e97b533b9cb3b42fb1 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 30 Oct 2023 20:49:23 +0800 Subject: [PATCH 52/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/build.gradle.kts | 2 +- .../devops/common/audit/ActionAuditContent.kt | 40 +++++++++++++--- .../devops/common/auth/api/ActionId.kt | 7 +++ .../devops/common/auth/api/ResourceTypeId.kt | 4 ++ .../api/template/UserPTemplateResourceImpl.kt | 16 +++---- .../service/template/TemplateFacadeService.kt | 48 +++++++++---------- 6 files changed, 78 insertions(+), 39 deletions(-) diff --git a/src/backend/ci/build.gradle.kts b/src/backend/ci/build.gradle.kts index 536435858f3..b794de70bed 100644 --- a/src/backend/ci/build.gradle.kts +++ b/src/backend/ci/build.gradle.kts @@ -12,7 +12,7 @@ allprojects { group = "com.tencent.bk.devops.ci" // 版本 version = (System.getProperty("ci_version") ?: "1.9.0") + - if (System.getProperty("snapshot") == "true") "-SNAPSHOT" else "" + if (System.getProperty("snapshot") == "true") "-SNAPSHOT" else "" // 加载boot的插件 if (name.startsWith("boot-")) { diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt index dffce4c3cf0..3d393a915af 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -8,12 +8,6 @@ object ActionAuditContent { // 项目 const val PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT = "restore pipeline $CONTENT_TEMPLATE" - const val PROJECT_MANAGE_CREATE_TEMPLATE_CONTENT = "create template $CONTENT_TEMPLATE" - const val PROJECT_MANAGE_COPY_TEMPLATE_CONTENT = "copy template $CONTENT_TEMPLATE" - const val PROJECT_MANAGE_SAVE_AS_TEMPLATE_CONTENT = "save as template $CONTENT_TEMPLATE" - const val PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT = "delete template $CONTENT_TEMPLATE" - const val PROJECT_MANAGE_UPDATE_TEMPLATE_SETTING_CONTENT = "update template setting $CONTENT_TEMPLATE" - const val PROJECT_MANAGE_UPDATE_TEMPLATE_CONTENT = "update template $CONTENT_TEMPLATE" // 流水线 const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE" @@ -29,6 +23,14 @@ object ActionAuditContent { const val PIPELINE_DELETE_VERSION_CONTENT = "delete pipeline version $CONTENT_TEMPLATE" const val PIPELINE_EXECUTE_CONTENT = "execute pipeline $CONTENT_TEMPLATE" + // 流水线模板 + const val PIPELINE_TEMPLATE_CREATE_CONTENT = "create template $CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_COPY_CONTENT = "copy template $CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_SAVE_AS_CONTENT = "save as template $CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_DELETE_CONTENT = "delete template $CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_SETTING_CONTENT = "update template setting $CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_CONTENT = "update template $CONTENT_TEMPLATE" + // 证书 const val CERT_CREATE_CONTENT = "create cert $CONTENT_TEMPLATE" const val CERT_VIEW_CONTENT = "get cert info $CONTENT_TEMPLATE" @@ -45,4 +47,30 @@ object ActionAuditContent { const val CREDENTIAL_DELETE_CONTENT = "delete credential $CONTENT_TEMPLATE" const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE" const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE" + + // 云桌面 + const val CGS_CREATE_CONTENT = "create work space $CONTENT_TEMPLATE" + const val CGS_LIST_CONTENT = "list work space $CONTENT_TEMPLATE" + const val CGS_VIEW_CONTENT = "get work space $CONTENT_TEMPLATE" + const val CGS_STOP_CONTENT = "stop work space $CONTENT_TEMPLATE" + const val CGS_START_CONTENT = "start work space $CONTENT_TEMPLATE" + const val CGS_RESTART_CONTENT = "restart work space $CONTENT_TEMPLATE" + const val CGS_ASSIGN_CONTENT = "assign work space $CONTENT_TEMPLATE" + const val CGS_EDIT_TYPE_CONTENT = "modify work space type $CONTENT_TEMPLATE" + const val CGS_REBUILD_SYSTEM_DISK_CONTENT = "rebuild work space system disk $CONTENT_TEMPLATE" + const val CGS_MAKE_IMAGE_CONTENT = "make work space image $CONTENT_TEMPLATE" + const val CGS_EXPAND_DISK_CONTENT = "expand work space disk $CONTENT_TEMPLATE" + const val CGS_DELETE_CONTENT = "delete work space $CONTENT_TEMPLATE" + const val CGS_SHARE_CONTENT = "share work space $CONTENT_TEMPLATE" + const val CGS_EDIT_CONTENT = "edit work space $CONTENT_TEMPLATE" + + // 云桌面镜像 + const val IMAGE_LIST_CONTENT = "list work space image $CONTENT_TEMPLATE" + const val IMAGE_DELETE_CONTENT = "delete work space image $CONTENT_TEMPLATE" + const val IMAGE_EDIT_CONTENT = "modify work space image $CONTENT_TEMPLATE" + + // 代理仓库 + const val CODE_PROXY_CREATE_CONTENT = "create code proxy $CONTENT_TEMPLATE" + const val CODE_PROXY_LIST_CONTENT = "list code proxy $CONTENT_TEMPLATE" + const val CODE_PROXY_DELETE_CONTENT = "delete code proxy $CONTENT_TEMPLATE" } diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt index fba2299f347..8750a10b2a8 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt @@ -14,6 +14,11 @@ object ActionId { const val PIPELINE_SHARE = "pipeline_share" const val PIPELINE_DOWNLOAD = "pipeline_download" + // 流水线模板 + const val PIPELINE_TEMPLATE_CREATE = "pipeline_template_create" + const val PIPELINE_TEMPLATE_EDIT = "pipeline_template_edit" + const val PIPELINE_TEMPLATE_DELETE = "pipeline_template_delete" + // 凭据 const val CREDENTIAL_CREATE = "credential_create" const val CREDENTIAL_VIEW = "credential_view" @@ -43,6 +48,8 @@ object ActionId { const val CGS_MAKE_IMAGE = "cgs_make-image" const val CGS_EXPAND_DISK = "cgs_expand-disk" const val CGS_DELETE = "cgs_delete" + const val CGS_SHARE = "cgs_share" + const val CGS_EDIT = "cgs_edit" // 镜像 const val IMAGE_LIST = "image_list" diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt index 271c326aaef..bd470ca06bd 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt @@ -3,6 +3,10 @@ package com.tencent.devops.common.auth.api object ResourceTypeId { const val PROJECT = "project" const val PIPELINE = "pipeline" + const val PIPELINE_TEMPLATE = "pipeline_template" const val CREDENTIAL = "credential" const val CERT = "cert" + const val CGS = "cgs" + const val IMAGE = "image" + const val CODE_PROXY = "code_proxy" } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt index 77d261bb499..7fce13126cf 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/template/UserPTemplateResourceImpl.kt @@ -59,17 +59,17 @@ import org.springframework.beans.factory.annotation.Autowired class UserPTemplateResourceImpl @Autowired constructor(private val templateFacadeService: TemplateFacadeService) : UserPTemplateResource { - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_CREATE) override fun createTemplate(userId: String, projectId: String, template: Model): Result { return Result(TemplateId(templateFacadeService.createTemplate(projectId, userId, template))) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_DELETE) override fun deleteTemplate(userId: String, projectId: String, templateId: String): Result { return Result(templateFacadeService.deleteTemplate(projectId, userId, templateId)) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_DELETE) override fun deleteTemplate(userId: String, projectId: String, templateId: String, version: Long): Result { return Result(templateFacadeService.deleteTemplate( projectId = projectId, @@ -79,7 +79,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad )) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_DELETE) override fun deleteTemplate( userId: String, projectId: String, @@ -94,7 +94,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad )) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_EDIT) override fun updateTemplate( userId: String, projectId: String, @@ -136,7 +136,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad } @Suppress("ALL") - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_EDIT) override fun updateTemplateSetting( userId: String, projectId: String, @@ -169,7 +169,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad return Result(templateFacadeService.getTemplateSetting(projectId, userId, templateId)) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_EDIT) override fun copyTemplate( userId: String, projectId: String, @@ -179,7 +179,7 @@ class UserPTemplateResourceImpl @Autowired constructor(private val templateFacad return Result(TemplateId(templateFacadeService.copyTemplate(userId, projectId, templateId, copyTemplateReq))) } - @AuditEntry(actionId = ActionId.PROJECT_MANAGE) + @AuditEntry(actionId = ActionId.PIPELINE_TEMPLATE_EDIT) override fun saveAsTemplate( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt index 845a8d93604..caf14127847 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt @@ -193,11 +193,11 @@ class TemplateFacadeService @Autowired constructor( private val maxErrorReasonLength: Int = 200 @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_CREATE, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT + resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), - content = ActionAuditContent.PROJECT_MANAGE_CREATE_TEMPLATE_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_CREATE_CONTENT ) fun createTemplate(projectId: String, userId: String, template: Model): String { logger.info("Start to create the template ${template.name} by user $userId") @@ -234,13 +234,13 @@ class TemplateFacadeService @Autowired constructor( } @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_EDIT, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT, + resourceType = ResourceTypeId.PIPELINE_TEMPLATE, instanceIds = "#srcTemplateId", instanceNames = "#copyTemplateReq?.templateName" ), - content = ActionAuditContent.PROJECT_MANAGE_COPY_TEMPLATE_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_COPY_CONTENT ) fun copyTemplate( userId: String, @@ -305,11 +305,11 @@ class TemplateFacadeService @Autowired constructor( * 流水线另存为模版 */ @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_EDIT, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT + resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), - content = ActionAuditContent.PROJECT_MANAGE_SAVE_AS_TEMPLATE_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_SAVE_AS_CONTENT ) fun saveAsTemplate( userId: String, @@ -369,11 +369,11 @@ class TemplateFacadeService @Autowired constructor( } @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_DELETE, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT + resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), - content = ActionAuditContent.PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_DELETE_CONTENT ) fun deleteTemplate(projectId: String, userId: String, templateId: String): Boolean { logger.info("Start to delete the template $templateId by user $userId") @@ -420,11 +420,11 @@ class TemplateFacadeService @Autowired constructor( } @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_DELETE, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT + resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), - content = ActionAuditContent.PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_DELETE_CONTENT ) fun deleteTemplate(projectId: String, userId: String, templateId: String, version: Long): Boolean { logger.info("Start to delete the template [$projectId|$userId|$templateId|$version]") @@ -457,11 +457,11 @@ class TemplateFacadeService @Autowired constructor( } @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_DELETE, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT + resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), - content = ActionAuditContent.PROJECT_MANAGE_DELETE_TEMPLATE_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_DELETE_CONTENT ) fun deleteTemplate(projectId: String, userId: String, templateId: String, versionName: String): Boolean { logger.info("Start to delete the template [$projectId|$userId|$templateId|$versionName]") @@ -498,11 +498,11 @@ class TemplateFacadeService @Autowired constructor( } @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_EDIT, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT + resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), - content = ActionAuditContent.PROJECT_MANAGE_UPDATE_TEMPLATE_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_CONTENT ) fun updateTemplate( projectId: String, @@ -573,11 +573,11 @@ class TemplateFacadeService @Autowired constructor( } @ActionAuditRecord( - actionId = ActionId.PROJECT_MANAGE, + actionId = ActionId.PIPELINE_TEMPLATE_EDIT, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PROJECT + resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), - content = ActionAuditContent.PROJECT_MANAGE_UPDATE_TEMPLATE_SETTING_CONTENT + content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_SETTING_CONTENT ) fun updateTemplateSetting( projectId: String, From 97b4990998dd1997afddf90d6ebe07a70e9d7193 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 1 Nov 2023 16:01:47 +0800 Subject: [PATCH 53/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index 64540dd7427..7a4e5997c71 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -48,5 +48,5 @@ object Versions { const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.39-SNAPSHOT" const val disklrucache = "2.0.2" - const val audit = "1.0.6" + const val audit = "1.0.7-SNAPSHOT" } From 34a8702b43bf374804afdf70665688b7af38245a Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 8 Nov 2023 17:06:05 +0800 Subject: [PATCH 54/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/audit/ActionAuditContent.kt | 115 ++++++++++-------- .../service/PipelineRepositoryService.kt | 3 +- .../service/pipeline/PipelineBuildService.kt | 3 + .../service/PipelineVersionFacadeService.kt | 4 +- .../service/ProjectPipelineCallBackService.kt | 5 +- .../service/PipelineInfoFacadeService.kt | 12 +- .../service/PipelineListFacadeService.kt | 4 + .../pipeline/PipelineSettingFacadeService.kt | 5 +- .../service/template/TemplateFacadeService.kt | 34 +++++- .../devops/ticket/service/CertServiceImpl.kt | 54 ++++++-- .../ticket/service/CredentialServiceImpl.kt | 34 ++++-- 11 files changed, 192 insertions(+), 81 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt index 3d393a915af..90aeebe7cbc 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -4,73 +4,84 @@ import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_ID import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_NAME object ActionAuditContent { - private const val CONTENT_TEMPLATE = "[{{$INSTANCE_NAME}}]({{$INSTANCE_ID}})" + const val CONTENT_TEMPLATE = "[{{$INSTANCE_NAME}}]({{$INSTANCE_ID}})" + const val PROJECT_CODE_TEMPLATE = "[{{@PROJECT_CODE}}]" // 项目 const val PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT = "restore pipeline $CONTENT_TEMPLATE" // 流水线 - const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE" - const val PIPELINE_SHARE_CONTENT = "share pipeline $CONTENT_TEMPLATE" - const val PIPELINE_CREATE_CONTENT = "create pipeline $CONTENT_TEMPLATE" - const val PIPELINE_LIST_CONTENT = "list pipeline $CONTENT_TEMPLATE" - const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE" - const val PIPELINE_EDIT_CONTENT = "update pipeline $CONTENT_TEMPLATE" - const val PIPELINE_EDIT_SAVE_SETTING_CONTENT = "save pipeline setting $CONTENT_TEMPLATE" - const val PIPELINE_EDIT_EXPORT_PIPELINE_CONTENT = "export pipeline $CONTENT_TEMPLATE" - const val PIPELINE_EDIT_BIND_PIPELINE_CALLBACK_CONTENT = "bind pipeline call back $CONTENT_TEMPLATE" - const val PIPELINE_DELETE_CONTENT = "delete pipeline $CONTENT_TEMPLATE" - const val PIPELINE_DELETE_VERSION_CONTENT = "delete pipeline version $CONTENT_TEMPLATE" - const val PIPELINE_EXECUTE_CONTENT = "execute pipeline $CONTENT_TEMPLATE" + const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_SHARE_CONTENT = "share pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_CREATE_CONTENT = "create pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_LIST_CONTENT = "list pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_EDIT_CONTENT = "update pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_EDIT_SAVE_SETTING_CONTENT = "save pipeline setting $CONTENT_TEMPLATE " + + "in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_EDIT_EXPORT_PIPELINE_CONTENT = "export pipeline $CONTENT_TEMPLATE " + + "in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_EDIT_BIND_PIPELINE_CALLBACK_CONTENT = "bind pipeline call back $CONTENT_TEMPLATE" + + " in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_DELETE_CONTENT = "delete pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_DELETE_VERSION_CONTENT = "delete pipeline version $CONTENT_TEMPLATE " + + "in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_EXECUTE_CONTENT = "execute pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" // 流水线模板 - const val PIPELINE_TEMPLATE_CREATE_CONTENT = "create template $CONTENT_TEMPLATE" - const val PIPELINE_TEMPLATE_EDIT_COPY_CONTENT = "copy template $CONTENT_TEMPLATE" - const val PIPELINE_TEMPLATE_EDIT_SAVE_AS_CONTENT = "save as template $CONTENT_TEMPLATE" - const val PIPELINE_TEMPLATE_DELETE_CONTENT = "delete template $CONTENT_TEMPLATE" - const val PIPELINE_TEMPLATE_EDIT_SETTING_CONTENT = "update template setting $CONTENT_TEMPLATE" - const val PIPELINE_TEMPLATE_EDIT_CONTENT = "update template $CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_CREATE_CONTENT = "create template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_COPY_CONTENT = "copy template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_SAVE_AS_CONTENT = "save as template $CONTENT_TEMPLATE " + + "in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_TEMPLATE_DELETE_CONTENT = "delete template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_SETTING_CONTENT = "update template setting $CONTENT_TEMPLATE " + + "in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_CONTENT = "update template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" // 证书 - const val CERT_CREATE_CONTENT = "create cert $CONTENT_TEMPLATE" - const val CERT_VIEW_CONTENT = "get cert info $CONTENT_TEMPLATE" - const val CERT_EDIT_CONTENT = "update cert $CONTENT_TEMPLATE" - const val CERT_DELETE_CONTENT = "delete cert $CONTENT_TEMPLATE" - const val CERT_LIST_CONTENT = "list cert $CONTENT_TEMPLATE" - const val CERT_USE_CONTENT = "use cert $CONTENT_TEMPLATE" + const val CERT_CREATE_CONTENT = "create cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CERT_VIEW_CONTENT = "get cert info $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CERT_EDIT_CONTENT = "update cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CERT_DELETE_CONTENT = "delete cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CERT_LIST_CONTENT = "list cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CERT_USE_CONTENT = "use cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" // 凭据 - const val CREDENTIAL_CREATE_CONTENT = "create credential $CONTENT_TEMPLATE" - const val CREDENTIAL_VIEW_CONTENT = "get credential info $CONTENT_TEMPLATE" - const val CREDENTIAL_EDIT_CONTENT = "update credential $CONTENT_TEMPLATE" - const val CREDENTIAL_EDIT_SETTING_CONTENT = "update credential setting $CONTENT_TEMPLATE" - const val CREDENTIAL_DELETE_CONTENT = "delete credential $CONTENT_TEMPLATE" - const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE" - const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE" + const val CREDENTIAL_CREATE_CONTENT = "create credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CREDENTIAL_VIEW_CONTENT = "get credential info $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CREDENTIAL_EDIT_CONTENT = "update credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CREDENTIAL_EDIT_SETTING_CONTENT = "update credential setting $CONTENT_TEMPLATE " + + "in project $PROJECT_CODE_TEMPLATE" + const val CREDENTIAL_DELETE_CONTENT = "delete credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" // 云桌面 - const val CGS_CREATE_CONTENT = "create work space $CONTENT_TEMPLATE" - const val CGS_LIST_CONTENT = "list work space $CONTENT_TEMPLATE" - const val CGS_VIEW_CONTENT = "get work space $CONTENT_TEMPLATE" - const val CGS_STOP_CONTENT = "stop work space $CONTENT_TEMPLATE" - const val CGS_START_CONTENT = "start work space $CONTENT_TEMPLATE" - const val CGS_RESTART_CONTENT = "restart work space $CONTENT_TEMPLATE" - const val CGS_ASSIGN_CONTENT = "assign work space $CONTENT_TEMPLATE" - const val CGS_EDIT_TYPE_CONTENT = "modify work space type $CONTENT_TEMPLATE" - const val CGS_REBUILD_SYSTEM_DISK_CONTENT = "rebuild work space system disk $CONTENT_TEMPLATE" - const val CGS_MAKE_IMAGE_CONTENT = "make work space image $CONTENT_TEMPLATE" - const val CGS_EXPAND_DISK_CONTENT = "expand work space disk $CONTENT_TEMPLATE" - const val CGS_DELETE_CONTENT = "delete work space $CONTENT_TEMPLATE" - const val CGS_SHARE_CONTENT = "share work space $CONTENT_TEMPLATE" - const val CGS_EDIT_CONTENT = "edit work space $CONTENT_TEMPLATE" + const val CGS_CREATE_CONTENT = "create workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_LIST_CONTENT = "list workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_VIEW_CONTENT = "get workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_STOP_CONTENT = "stop workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_START_CONTENT = "start workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_RESTART_CONTENT = "restart workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_ASSIGN_USER_CONTENT = "assign workspace $CONTENT_TEMPLATE " + + "to [{{@ASSIGNS}}] from $PROJECT_CODE_TEMPLATE" + const val CGS_ASSIGN_PROJECT_CONTENT = "assign workspace $CONTENT_TEMPLATE to project $PROJECT_CODE_TEMPLATE" + const val CGS_EDIT_TYPE_CONTENT = "modify workspace type $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_REBUILD_SYSTEM_DISK_CONTENT = "rebuild workspace system disk $CONTENT_TEMPLATE " + + "in project $PROJECT_CODE_TEMPLATE" + const val CGS_MAKE_IMAGE_CONTENT = "make workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_EXPAND_DISK_CONTENT = "expand workspace disk $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_DELETE_CONTENT = "delete workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_SHARE_CONTENT = "share workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_EDIT_CONTENT = "edit workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" // 云桌面镜像 - const val IMAGE_LIST_CONTENT = "list work space image $CONTENT_TEMPLATE" - const val IMAGE_DELETE_CONTENT = "delete work space image $CONTENT_TEMPLATE" - const val IMAGE_EDIT_CONTENT = "modify work space image $CONTENT_TEMPLATE" + const val IMAGE_LIST_CONTENT = "list workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val IMAGE_DELETE_CONTENT = "delete workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val IMAGE_EDIT_CONTENT = "modify workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" // 代理仓库 - const val CODE_PROXY_CREATE_CONTENT = "create code proxy $CONTENT_TEMPLATE" - const val CODE_PROXY_LIST_CONTENT = "list code proxy $CONTENT_TEMPLATE" - const val CODE_PROXY_DELETE_CONTENT = "delete code proxy $CONTENT_TEMPLATE" + const val CODE_PROXY_CREATE_CONTENT = "create code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CODE_PROXY_LIST_CONTENT = "list code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CODE_PROXY_DELETE_CONTENT = "delete code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" } diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt index 72aca1e8dc8..46e5c09c252 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt @@ -35,6 +35,7 @@ import com.tencent.devops.common.api.pojo.PipelineAsCodeSettings import com.tencent.devops.common.api.util.DateTimeUtil import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.MessageUtil +import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.client.Client import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.pojo.pipeline.PipelineModelAnalysisEvent @@ -1136,7 +1137,7 @@ class PipelineRepositoryService constructor( pipelineModelVersion.pipelineId, null, pipelineModelVersion.model - ) + ).addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, pipelineModelVersion.projectId) pipelineResDao.updatePipelineModel(dslContext, userId, pipelineModelVersion) } finally { lock.unlock() diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt index 1a1336541e7..c930aa7c0a2 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt @@ -29,6 +29,7 @@ package com.tencent.devops.process.service.pipeline import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.auth.api.ActionId @@ -133,6 +134,8 @@ class PipelineBuildService( params = arrayOf(projectVO.englishName) ) } + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, pipeline.projectId) val setting = pipelineRepositoryService.getSetting(pipeline.projectId, pipeline.pipelineId) val bucketSize = setting!!.maxConRunningQueueSize diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt index 510bbf20f89..f110a8513ce 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt @@ -29,6 +29,7 @@ package com.tencent.devops.process.engine.service import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.model.SQLLimit import com.tencent.devops.common.api.util.MessageUtil @@ -87,7 +88,8 @@ class PipelineVersionFacadeService @Autowired constructor( ) ) } - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) pipelineRepositoryVersionService.deletePipelineVer( projectId = projectId, pipelineId = pipelineId, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt index 275f55eaeb9..9b668af8e94 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt @@ -29,6 +29,7 @@ package com.tencent.devops.process.engine.service import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.model.SQLPage @@ -267,7 +268,7 @@ class ProjectPipelineCallBackService @Autowired constructor( } catch (e: Exception) { logger.warn( "Failure to send disable notify message for " + - "[${callBack.projectId}|${callBack.callBackUrl}|${callBack.events}]", e + "[${callBack.projectId}|${callBack.callBackUrl}|${callBack.events}]", e ) } } @@ -494,6 +495,8 @@ class ProjectPipelineCallBackService @Autowired constructor( pipelineId = pipelineId, permission = AuthPermission.EDIT ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (!OkhttpUtils.validUrl(callbackInfo.callbackUrl)) { throw ErrorCodeException(errorCode = ProcessMessageCode.ERROR_CALLBACK_URL_INVALID) } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index a2345e7b17d..90b4937047f 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -154,6 +154,8 @@ class PipelineInfoFacadeService @Autowired constructor( ) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val settingInfo = pipelineRepositoryService.getSetting(projectId, pipelineId) ?: throw OperationException( @@ -300,6 +302,8 @@ class PipelineInfoFacadeService @Autowired constructor( ) watcher.stop() } + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (isPipelineExist( projectId = projectId, @@ -725,7 +729,8 @@ class PipelineInfoFacadeService @Autowired constructor( ) ) } - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (isPipelineExist( projectId = projectId, pipelineId = pipelineId, @@ -878,6 +883,8 @@ class PipelineInfoFacadeService @Autowired constructor( ) } + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val pipelineInfo = pipelineRepositoryService.getPipelineInfo(projectId, pipelineId) ?: throw ErrorCodeException( statusCode = Response.Status.NOT_FOUND.statusCode, @@ -987,6 +994,9 @@ class PipelineInfoFacadeService @Autowired constructor( watcher.stop() } + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) + val existModel = pipelineRepositoryService.getModel(projectId, pipelineId) ?: throw ErrorCodeException( statusCode = Response.Status.NOT_FOUND.statusCode, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index e297eb3311b..aa03bcbb5e3 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -209,6 +209,8 @@ class PipelineListFacadeService @Autowired constructor( ) } } + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val buildPipelineRecords = pipelineBuildSummaryDao.listPipelineInfoBuildSummary( dslContext = dslContext, projectId = projectId, @@ -1757,6 +1759,8 @@ class PipelineListFacadeService @Autowired constructor( ) ) } + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val pipelineInfo = pipelineInfoDao.getPipelineInfo( dslContext = dslContext, projectId = projectId, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt index 4fbcd833a6d..610ab389f4a 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt @@ -29,6 +29,7 @@ package com.tencent.devops.process.service.pipeline import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_DEFAULT import com.tencent.devops.common.api.exception.PermissionForbiddenException @@ -123,7 +124,8 @@ class PipelineSettingFacadeService @Autowired constructor( ) ) } - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, setting.projectId) val pipelineName = pipelineRepositoryService.saveSetting( userId = userId, setting = setting, @@ -319,7 +321,6 @@ class PipelineSettingFacadeService @Autowired constructor( ) } } - pipelineRepositoryService.batchUpdatePipelineModel( userId = userId, pipelineModelVersionList = pipelineModelVersionList diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt index caf14127847..d7820ed9eae 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt @@ -229,7 +229,10 @@ class TemplateFacadeService @Autowired constructor( ) logger.info("Get the template version $version") } - ActionAuditContext.current().setInstanceId(templateId).setInstanceName(template.name) + ActionAuditContext.current() + .setInstanceId(templateId) + .setInstanceName(template.name) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return templateId } @@ -251,6 +254,8 @@ class TemplateFacadeService @Autowired constructor( logger.info("Start to copy the template, $srcTemplateId | $userId | $copyTemplateReq") checkPermission(projectId, userId) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) var latestTemplate = templateDao.getLatestTemplate(dslContext, projectId, srcTemplateId) val template = latestTemplate @@ -319,6 +324,8 @@ class TemplateFacadeService @Autowired constructor( logger.info("Start to saveAsTemplate, $userId | $projectId | $saveAsTemplateReq") checkPermission(projectId, userId) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val template = pipelineResDao.getLatestVersionModelString(dslContext, projectId, saveAsTemplateReq.pipelineId) ?: throw ErrorCodeException( @@ -379,7 +386,10 @@ class TemplateFacadeService @Autowired constructor( logger.info("Start to delete the template $templateId by user $userId") checkPermission(projectId, userId) val template = templateDao.getLatestTemplate(dslContext, templateId) - ActionAuditContext.current().setInstanceId(templateId).setInstanceName(template.templateName) + ActionAuditContext.current() + .setInstanceId(templateId) + .setInstanceName(template.templateName) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) dslContext.transaction { configuration -> val context = DSL.using(configuration) val instanceSize = templatePipelineDao.countByVersionFeat( @@ -429,7 +439,10 @@ class TemplateFacadeService @Autowired constructor( fun deleteTemplate(projectId: String, userId: String, templateId: String, version: Long): Boolean { logger.info("Start to delete the template [$projectId|$userId|$templateId|$version]") checkPermission(projectId, userId) - ActionAuditContext.current().setInstanceId(templateId).setInstanceName(templateId) + ActionAuditContext.current() + .setInstanceId(templateId) + .setInstanceName(templateId) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return dslContext.transactionResult { configuration -> val context = DSL.using(configuration) val instanceSize = @@ -466,7 +479,10 @@ class TemplateFacadeService @Autowired constructor( fun deleteTemplate(projectId: String, userId: String, templateId: String, versionName: String): Boolean { logger.info("Start to delete the template [$projectId|$userId|$templateId|$versionName]") checkPermission(projectId, userId) - ActionAuditContext.current().setInstanceId(templateId).setInstanceName(templateId) + ActionAuditContext.current() + .setInstanceId(templateId) + .setInstanceName(templateId) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) dslContext.transaction { configuration -> val context = DSL.using(configuration) val instanceSize = @@ -522,7 +538,10 @@ class TemplateFacadeService @Autowired constructor( } var version: Long = 0 checkTemplateName(dslContext, template.name, projectId, templateId) - ActionAuditContext.current().setInstanceId(templateId).setInstanceName(template.name) + ActionAuditContext.current() + .setInstanceId(templateId) + .setInstanceName(template.name) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) updateModelParam(template) dslContext.transaction { configuration -> val context = DSL.using(configuration) @@ -587,7 +606,10 @@ class TemplateFacadeService @Autowired constructor( ): Boolean { logger.info("Start to update the template setting - [$projectId|$userId|$templateId]") checkPermission(projectId, userId) - ActionAuditContext.current().setInstanceId(templateId).setInstanceName(setting.pipelineName) + ActionAuditContext.current() + .setInstanceId(templateId) + .setInstanceName(setting.pipelineName) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) dslContext.transaction { configuration -> val context = DSL.using(configuration) checkTemplateName( diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt index 5336f91c20b..826756b2d17 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt @@ -30,6 +30,7 @@ package com.tencent.devops.ticket.service import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.OperationException import com.tencent.devops.common.api.exception.RemoteServiceException import com.tencent.devops.common.api.model.SQLPage @@ -137,7 +138,8 @@ class CertServiceImpl @Autowired constructor( ) ) ) - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (certCredentialId != null) { val use = AuthPermission.USE certPermissionService.validatePermission( @@ -167,11 +169,11 @@ class CertServiceImpl @Autowired constructor( val mpFileContent = read(mpInputStream) if (p12FileContent.size > certMaxSize) { throw OperationException( - MessageUtil.getMessageByLocale( - FILE_SIZE_CANT_EXCEED, - I18nUtil.getLanguage(userId), - arrayOf("p12", "64k") - ) + MessageUtil.getMessageByLocale( + FILE_SIZE_CANT_EXCEED, + I18nUtil.getLanguage(userId), + arrayOf("p12", "64k") + ) ) } if (mpFileContent.size > certMaxSize) { @@ -274,6 +276,8 @@ class CertServiceImpl @Autowired constructor( ) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (!certDao.has(dslContext, projectId, certId)) { throw OperationException( MessageUtil.getMessageByLocale(NAME_NO_EXISTS, I18nUtil.getLanguage(userId), arrayOf(certId)) @@ -403,6 +407,8 @@ class CertServiceImpl @Autowired constructor( ) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (certDao.has(dslContext, projectId, certId)) { throw OperationException( @@ -524,6 +530,9 @@ class CertServiceImpl @Autowired constructor( ) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) + if (!certDao.has(dslContext, projectId, certId)) { throw OperationException( MessageUtil.getMessageByLocale(NAME_ALREADY_EXISTS, I18nUtil.getLanguage(userId), arrayOf(certId)) @@ -637,6 +646,8 @@ class CertServiceImpl @Autowired constructor( ) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val use = AuthPermission.USE certPermissionService.validatePermission( userId = userId, @@ -777,7 +788,8 @@ class CertServiceImpl @Autowired constructor( ) ) ) - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.getOrNull(dslContext, projectId, certId) ?: throw OperationException( MessageUtil.getMessageByLocale(CERT_NOT_FOUND, I18nUtil.getLanguage(userId), arrayOf(certId)) @@ -921,6 +933,9 @@ class CertServiceImpl @Autowired constructor( ) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) + if (certDao.has(dslContext, projectId, certId)) { throw OperationException( MessageUtil.getMessageByLocale(CERT_USED_BY_OTHERS, I18nUtil.getLanguage(userId), arrayOf(certId)) @@ -1071,6 +1086,9 @@ class CertServiceImpl @Autowired constructor( ) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) + if (!certDao.has(dslContext, projectId, certId)) { throw OperationException( MessageUtil.getMessageByLocale(CERT_NOT_FOUND, I18nUtil.getLanguage(userId), arrayOf(certId)) @@ -1214,7 +1232,8 @@ class CertServiceImpl @Autowired constructor( ) ) ) - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) certPermissionService.deleteResource(projectId, certId) dslContext.transaction { configuration -> val transactionContext = DSL.using(configuration) @@ -1340,6 +1359,8 @@ class CertServiceImpl @Autowired constructor( params = arrayOf(userId, projectId, certId, AuthPermission.VIEW.getI18n(I18nUtil.getLanguage(userId))) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.get(dslContext, projectId, certId) return CertIOSInfo( certId = certId, @@ -1361,6 +1382,8 @@ class CertServiceImpl @Autowired constructor( ) override fun getEnterprise(projectId: String, certId: String): CertEnterpriseInfo { val certRecord = certDao.get(dslContext, projectId, certId) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return CertEnterpriseInfo( certId = certId, mobileProvisionFileName = certRecord.certMpFileName, @@ -1388,6 +1411,9 @@ class CertServiceImpl @Autowired constructor( params = arrayOf(userId, projectId, certId, AuthPermission.VIEW.getI18n(I18nUtil.getLanguage(userId))) ) ) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) + val certRecord = certDao.get(dslContext, projectId, certId) return CertAndroidInfo( certId = certId, @@ -1411,6 +1437,8 @@ class CertServiceImpl @Autowired constructor( override fun getTls(projectId: String, certId: String): CertTlsInfo { val certRecord = certDao.get(dslContext, projectId, certId) val certTlsRecord = certTlsDao.get(dslContext, projectId, certId) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return CertTlsInfo( certId = certId, serverCrtFileName = certTlsRecord.certServerCrtFileName, @@ -1431,6 +1459,8 @@ class CertServiceImpl @Autowired constructor( content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryIos(projectId: String, buildId: String, certId: String, publicKey: String): CertIOS { + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) if (buildBasicInfoResult.isNotOk()) { throw RemoteServiceException("Failed to build the basic information based on the buildId") @@ -1498,6 +1528,8 @@ class CertServiceImpl @Autowired constructor( content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryEnterpriseByProject(projectId: String, certId: String, publicKey: String): CertEnterprise { + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.get(dslContext, projectId, certId) // 生成公钥和密钥 val publicKeyByteArray = Base64.getDecoder().decode(publicKey) @@ -1526,6 +1558,8 @@ class CertServiceImpl @Autowired constructor( ) override fun queryAndroid(projectId: String, buildId: String, certId: String, publicKey: String): CertAndroid { val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (buildBasicInfoResult.isNotOk()) { throw RemoteServiceException("Failed to build the basic information based on the buildId") } @@ -1574,6 +1608,8 @@ class CertServiceImpl @Autowired constructor( certId: String, publicKey: String ): CertAndroidWithCredential { + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.get(dslContext, projectId, certId) val publicKeyByteArray = Base64.getDecoder().decode(publicKey) val serverDHKeyPair = DHUtil.initKey(publicKeyByteArray) @@ -1635,6 +1671,8 @@ class CertServiceImpl @Autowired constructor( content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryTlsByProject(projectId: String, certId: String, publicKey: String): CertTls { + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certTlsRecord = certTlsDao.get(dslContext, projectId, certId) val publicKeyByteArray = Base64.getDecoder().decode(publicKey) val serverDHKeyPair = DHUtil.initKey(publicKeyByteArray) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index 5de8e5bc5d6..0764c147332 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -157,7 +157,8 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (credentialDao.has(dslContext, projectId, credential.credentialId)) { throw ErrorCodeException( errorCode = TicketMessageCode.CREDENTIAL_EXIST, @@ -216,9 +217,7 @@ class CredentialServiceImpl @Autowired constructor( @ActionAuditRecord( actionId = ActionId.CREDENTIAL_EDIT, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.CREDENTIAL, - instanceIds = "#credentialId", - instanceNames = "#credential?.credentialName" + resourceType = ResourceTypeId.CREDENTIAL ), content = ActionAuditContent.CREDENTIAL_EDIT_CONTENT ) @@ -245,7 +244,11 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - + ActionAuditContext.current() + .setInstanceId(credentialId) + .setInstanceName(credential.credentialName) + .setInstance(credential) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) serviceEdit( userId = userId, projectId = projectId, @@ -267,7 +270,6 @@ class CredentialServiceImpl @Autowired constructor( userId: String, projectId: String, credentialId: String, - @AuditRequestBody credentialSetting: CredentialSettingUpdate ): Boolean { val edit = AuthPermission.EDIT @@ -288,6 +290,11 @@ class CredentialServiceImpl @Autowired constructor( ) ) + ActionAuditContext.current() + .setInstanceId(credentialId) + .setInstanceName(credentialId) + .setInstance(credentialSetting) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return credentialDao.updateSetting( dslContext = dslContext, projectId = projectId, @@ -323,7 +330,8 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) logger.info("$userId delete credential $credentialId") credentialPermissionService.deleteResource(projectId, credentialId) credentialDao.delete(dslContext, projectId, credentialId) @@ -491,7 +499,8 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val hasViewPermission = true val hasDeletePermission = credentialPermissionService.validatePermission(userId, projectId, credentialId, AuthPermission.DELETE) @@ -545,7 +554,8 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val hasViewPermission = true val hasDeletePermission = credentialPermissionService.validatePermission(userId, projectId, credentialId, AuthPermission.DELETE) @@ -591,6 +601,8 @@ class CredentialServiceImpl @Autowired constructor( publicKey: String, taskId: String? ): CredentialInfo? { + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) if (buildBasicInfoResult.isNotOk()) { throw RemoteServiceException("Failed to build the basic information based on the buildId") @@ -666,6 +678,8 @@ class CredentialServiceImpl @Autowired constructor( content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun serviceGet(projectId: String, credentialId: String, publicKey: String): CredentialInfo? { + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val credentialRecord = credentialDao.getOrNull(dslContext, projectId, credentialId) ?: return null return credentialInfo(publicKey, credentialRecord) @@ -685,6 +699,8 @@ class CredentialServiceImpl @Autowired constructor( credentialId: String, publicKey: String ): CredentialInfo? { + // 审计 + ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, targetProjectId) val credentialRecord = credentialDao.getOrNull(dslContext, targetProjectId, credentialId)?.let { if (!it.allowAcrossProject) { throw CustomException(Response.Status.FORBIDDEN, "credential not allow across project") From 58bf2681629b44c73e6465f3524adbbc8a12b153 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 8 Nov 2023 18:11:06 +0800 Subject: [PATCH 55/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/ticket/service/CredentialServiceImpl.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index 0764c147332..61edcf6d524 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -30,7 +30,6 @@ package com.tencent.devops.ticket.service import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.annotations.AuditRequestBody import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.TEMPLATE_ACROSS_INFO_ID import com.tencent.devops.common.api.exception.CustomException From 64a23f8469b47f5a83bfc13a95fb3a79f132cc64 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 8 Nov 2023 23:20:11 +0800 Subject: [PATCH 56/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/audit/ActionAuditContent.kt | 110 +++++++++--------- 1 file changed, 56 insertions(+), 54 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt index 90aeebe7cbc..98022f1e6b2 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -3,85 +3,87 @@ package com.tencent.devops.common.audit import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_ID import com.tencent.bk.audit.constants.AuditAttributeNames.INSTANCE_NAME +@Suppress("MaxLineLength") object ActionAuditContent { - const val CONTENT_TEMPLATE = "[{{$INSTANCE_NAME}}]({{$INSTANCE_ID}})" - const val PROJECT_CODE_TEMPLATE = "[{{@PROJECT_CODE}}]" + private const val CONTENT_TEMPLATE = "[{{$INSTANCE_NAME}}]({{$INSTANCE_ID}})" + private const val PROJECT_CODE_CONTENT_TEMPLATE = "[{{@PROJECT_CODE}}]" + const val PROJECT_CODE_TEMPLATE = "@PROJECT_CODE" // 项目 const val PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT = "restore pipeline $CONTENT_TEMPLATE" // 流水线 - const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_SHARE_CONTENT = "share pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_CREATE_CONTENT = "create pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_LIST_CONTENT = "list pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_EDIT_CONTENT = "update pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_SHARE_CONTENT = "share pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_CREATE_CONTENT = "create pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_LIST_CONTENT = "list pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_EDIT_CONTENT = "update pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_EDIT_SAVE_SETTING_CONTENT = "save pipeline setting $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_TEMPLATE" + "in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_EDIT_EXPORT_PIPELINE_CONTENT = "export pipeline $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_TEMPLATE" + "in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_EDIT_BIND_PIPELINE_CALLBACK_CONTENT = "bind pipeline call back $CONTENT_TEMPLATE" + - " in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_DELETE_CONTENT = "delete pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + " in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_DELETE_CONTENT = "delete pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_DELETE_VERSION_CONTENT = "delete pipeline version $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_EXECUTE_CONTENT = "execute pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + "in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_EXECUTE_CONTENT = "execute pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" // 流水线模板 - const val PIPELINE_TEMPLATE_CREATE_CONTENT = "create template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_TEMPLATE_EDIT_COPY_CONTENT = "copy template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val PIPELINE_TEMPLATE_CREATE_CONTENT = "create template $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_COPY_CONTENT = "copy template $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_TEMPLATE_EDIT_SAVE_AS_CONTENT = "save as template $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_TEMPLATE_DELETE_CONTENT = "delete template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + "in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_DELETE_CONTENT = "delete template $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_TEMPLATE_EDIT_SETTING_CONTENT = "update template setting $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_TEMPLATE" - const val PIPELINE_TEMPLATE_EDIT_CONTENT = "update template $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + "in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_TEMPLATE_EDIT_CONTENT = "update template $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" // 证书 - const val CERT_CREATE_CONTENT = "create cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CERT_VIEW_CONTENT = "get cert info $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CERT_EDIT_CONTENT = "update cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CERT_DELETE_CONTENT = "delete cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CERT_LIST_CONTENT = "list cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CERT_USE_CONTENT = "use cert $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CERT_CREATE_CONTENT = "create cert $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CERT_VIEW_CONTENT = "get cert info $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CERT_EDIT_CONTENT = "update cert $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CERT_DELETE_CONTENT = "delete cert $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CERT_LIST_CONTENT = "list cert $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CERT_USE_CONTENT = "use cert $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" // 凭据 - const val CREDENTIAL_CREATE_CONTENT = "create credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CREDENTIAL_VIEW_CONTENT = "get credential info $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CREDENTIAL_EDIT_CONTENT = "update credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CREDENTIAL_CREATE_CONTENT = "create credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CREDENTIAL_VIEW_CONTENT = "get credential info $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CREDENTIAL_EDIT_CONTENT = "update credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val CREDENTIAL_EDIT_SETTING_CONTENT = "update credential setting $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_TEMPLATE" - const val CREDENTIAL_DELETE_CONTENT = "delete credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + "in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CREDENTIAL_DELETE_CONTENT = "delete credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" // 云桌面 - const val CGS_CREATE_CONTENT = "create workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_LIST_CONTENT = "list workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_VIEW_CONTENT = "get workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_STOP_CONTENT = "stop workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_START_CONTENT = "start workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_RESTART_CONTENT = "restart workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CGS_CREATE_CONTENT = "create workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_LIST_CONTENT = "list workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_VIEW_CONTENT = "get workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_STOP_CONTENT = "stop workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_START_CONTENT = "start workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_RESTART_CONTENT = "restart workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val CGS_ASSIGN_USER_CONTENT = "assign workspace $CONTENT_TEMPLATE " + - "to [{{@ASSIGNS}}] from $PROJECT_CODE_TEMPLATE" - const val CGS_ASSIGN_PROJECT_CONTENT = "assign workspace $CONTENT_TEMPLATE to project $PROJECT_CODE_TEMPLATE" - const val CGS_EDIT_TYPE_CONTENT = "modify workspace type $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + "to [{{@ASSIGNS}}] from $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_ASSIGN_PROJECT_CONTENT = "assign workspace $CONTENT_TEMPLATE to project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_EDIT_TYPE_CONTENT = "modify workspace type $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val CGS_REBUILD_SYSTEM_DISK_CONTENT = "rebuild workspace system disk $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_TEMPLATE" - const val CGS_MAKE_IMAGE_CONTENT = "make workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_EXPAND_DISK_CONTENT = "expand workspace disk $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_DELETE_CONTENT = "delete workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_SHARE_CONTENT = "share workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CGS_EDIT_CONTENT = "edit workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + "in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_MAKE_IMAGE_CONTENT = "make workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_EXPAND_DISK_CONTENT = "expand workspace disk $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_DELETE_CONTENT = "delete workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_SHARE_CONTENT = "share workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CGS_EDIT_CONTENT = "edit workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" // 云桌面镜像 - const val IMAGE_LIST_CONTENT = "list workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val IMAGE_DELETE_CONTENT = "delete workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val IMAGE_EDIT_CONTENT = "modify workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val IMAGE_LIST_CONTENT = "list workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val IMAGE_DELETE_CONTENT = "delete workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val IMAGE_EDIT_CONTENT = "modify workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" // 代理仓库 - const val CODE_PROXY_CREATE_CONTENT = "create code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CODE_PROXY_LIST_CONTENT = "list code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" - const val CODE_PROXY_DELETE_CONTENT = "delete code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_TEMPLATE" + const val CODE_PROXY_CREATE_CONTENT = "create code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CODE_PROXY_LIST_CONTENT = "list code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val CODE_PROXY_DELETE_CONTENT = "delete code proxy $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" } From c5b626358ec787ae2a2ab89f74c877dde11fa128 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 9 Nov 2023 16:09:00 +0800 Subject: [PATCH 57/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common-service/src/main/resources/logback/appender.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml b/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml index e037cfd024a..51236a60584 100644 --- a/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml +++ b/src/backend/ci/core/common/common-service/src/main/resources/logback/appender.xml @@ -61,7 +61,7 @@ ${service.log.dir}/audit_event.%d{yyyy-MM-dd}.%i.log 1GB - 10 + 3 5GB From 8fb9a51c71813608521b8da6997eb12a0533fdda Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 9 Nov 2023 16:30:27 +0800 Subject: [PATCH 58/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/core/openapi/biz-openapi/build.gradle.kts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts b/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts index 34f917034e5..2c058459137 100644 --- a/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts +++ b/src/backend/ci/core/openapi/biz-openapi/build.gradle.kts @@ -34,7 +34,6 @@ dependencies { api(project(":core:environment:api-environment")) api(project(":core:artifactory:api-artifactory")) api(project(":core:common:common-client")) - api(project(":core:common:common-audit")) api("io.jsonwebtoken:jjwt-api") runtimeOnly("io.jsonwebtoken:jjwt-impl") runtimeOnly("io.jsonwebtoken:jjwt-jackson") From d807eac4dec9822836c25430121d8b1611863d4b Mon Sep 17 00:00:00 2001 From: greysonfang Date: Sat, 11 Nov 2023 15:38:52 +0800 Subject: [PATCH 59/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ci/buildSrc/src/main/kotlin/constants/Versions.kt | 2 +- .../process/service/pipeline/PipelineBuildService.kt | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index 7a4e5997c71..8296afea44e 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -48,5 +48,5 @@ object Versions { const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.39-SNAPSHOT" const val disklrucache = "2.0.2" - const val audit = "1.0.7-SNAPSHOT" + const val audit = "1.0.8-SNAPSHOT" } diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt index c930aa7c0a2..ef942f34c60 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt @@ -28,8 +28,8 @@ package com.tencent.devops.process.service.pipeline import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.audit.ActionAuditContent import com.tencent.devops.common.auth.api.ActionId @@ -106,6 +106,9 @@ class PipelineBuildService( instanceIds = "#pipeline?.pipelineId", instanceNames = "#pipeline?.pipelineName" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#pipeline?.projectId")], + scopeId = "#pipeline?.projectId", + scopeType = ResourceTypeId.PROJECT, content = ActionAuditContent.PIPELINE_EXECUTE_CONTENT ) fun startPipeline( @@ -134,8 +137,6 @@ class PipelineBuildService( params = arrayOf(projectVO.englishName) ) } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, pipeline.projectId) val setting = pipelineRepositoryService.getSetting(pipeline.projectId, pipeline.pipelineId) val bucketSize = setting!!.maxConRunningQueueSize From 0fa8b2a95c1c3719f1a4232257084b39dc8611f8 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Sat, 11 Nov 2023 15:50:36 +0800 Subject: [PATCH 60/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/audit/BkAuditConfiguration.kt | 5 +++++ .../tencent/devops/common/audit/BkAuditPostFilter.kt | 11 +++++++++++ .../process/service/pipeline/PipelineBuildService.kt | 1 - 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditPostFilter.kt diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt index 3a3240af8ab..f048c47a558 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt @@ -12,4 +12,9 @@ class BkAuditConfiguration { fun bkAuditRequestProvider(): AuditRequestProvider { return BkAuditRequestProvider() } + + @Bean + fun bkAuditPostFilter(): BkAuditPostFilter { + return BkAuditPostFilter() + } } diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditPostFilter.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditPostFilter.kt new file mode 100644 index 00000000000..a0ba22a3a46 --- /dev/null +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditPostFilter.kt @@ -0,0 +1,11 @@ +package com.tencent.devops.common.audit + +import com.tencent.bk.audit.filter.AuditPostFilter +import com.tencent.bk.audit.model.AuditEvent + +class BkAuditPostFilter : AuditPostFilter { + override fun map(auditEvent: AuditEvent): AuditEvent { + auditEvent.scopeType = "project" + return auditEvent + } +} diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt index ef942f34c60..7276e9e782e 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineBuildService.kt @@ -108,7 +108,6 @@ class PipelineBuildService( ), attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#pipeline?.projectId")], scopeId = "#pipeline?.projectId", - scopeType = ResourceTypeId.PROJECT, content = ActionAuditContent.PIPELINE_EXECUTE_CONTENT ) fun startPipeline( From cdfe290de3ffae45a290de60448b3f1b944be6a8 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Sat, 11 Nov 2023 16:51:30 +0800 Subject: [PATCH 61/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/audit/ActionAuditContent.kt | 2 +- .../service/PipelineRepositoryService.kt | 4 +- .../service/PipelineVersionFacadeService.kt | 6 +- .../service/ProjectPipelineCallBackService.kt | 6 +- .../service/PipelineInfoFacadeService.kt | 25 ++++--- .../service/PipelineListFacadeService.kt | 9 ++- .../pipeline/PipelineSettingFacadeService.kt | 6 +- .../service/template/TemplateFacadeService.kt | 41 +++++----- .../devops/ticket/service/CertServiceImpl.kt | 74 +++++++++---------- .../ticket/service/CredentialServiceImpl.kt | 39 ++++++---- 10 files changed, 115 insertions(+), 97 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt index 98022f1e6b2..f1542af951a 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -10,7 +10,7 @@ object ActionAuditContent { const val PROJECT_CODE_TEMPLATE = "@PROJECT_CODE" // 项目 - const val PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT = "restore pipeline $CONTENT_TEMPLATE" + const val PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT = "restore pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" // 流水线 const val PIPELINE_VIEW_CONTENT = "get pipeline info $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" diff --git a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt index 46e5c09c252..3cbad8ea9f2 100644 --- a/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt +++ b/src/backend/ci/core/process/biz-base/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineRepositoryService.kt @@ -1137,7 +1137,9 @@ class PipelineRepositoryService constructor( pipelineModelVersion.pipelineId, null, pipelineModelVersion.model - ).addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, pipelineModelVersion.projectId) + ) + .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, pipelineModelVersion.projectId) + .scopeId = pipelineModelVersion.projectId pipelineResDao.updatePipelineModel(dslContext, userId, pipelineModelVersion) } finally { lock.unlock() diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt index f110a8513ce..5f83d736118 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/PipelineVersionFacadeService.kt @@ -28,8 +28,8 @@ package com.tencent.devops.process.engine.service import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.model.SQLLimit import com.tencent.devops.common.api.util.MessageUtil @@ -59,6 +59,8 @@ class PipelineVersionFacadeService @Autowired constructor( instanceNames = "#$", instanceIds = "#pipelineId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_DELETE_VERSION_CONTENT ) fun deletePipelineVersion( @@ -88,8 +90,6 @@ class PipelineVersionFacadeService @Autowired constructor( ) ) } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) pipelineRepositoryVersionService.deletePipelineVer( projectId = projectId, pipelineId = pipelineId, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt index 9b668af8e94..ccdebb341ca 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/engine/service/ProjectPipelineCallBackService.kt @@ -28,8 +28,8 @@ package com.tencent.devops.process.engine.service import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException import com.tencent.devops.common.api.model.SQLPage @@ -480,6 +480,8 @@ class ProjectPipelineCallBackService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_EDIT_BIND_PIPELINE_CALLBACK_CONTENT ) fun bindPipelineCallBack( @@ -495,8 +497,6 @@ class ProjectPipelineCallBackService @Autowired constructor( pipelineId = pipelineId, permission = AuthPermission.EDIT ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (!OkhttpUtils.validUrl(callbackInfo.callbackUrl)) { throw ErrorCodeException(errorCode = ProcessMessageCode.ERROR_CALLBACK_URL_INVALID) } diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index 90b4937047f..a8a46bd33e6 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -30,6 +30,7 @@ package com.tencent.devops.process.service import com.fasterxml.jackson.core.JsonParseException import com.google.common.cache.CacheBuilder import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode @@ -133,6 +134,8 @@ class PipelineInfoFacadeService @Autowired constructor( resourceType = ResourceTypeId.PIPELINE, instanceIds = "#pipelineId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_EDIT_EXPORT_PIPELINE_CONTENT ) fun exportPipeline(userId: String, projectId: String, pipelineId: String): Response { @@ -154,8 +157,6 @@ class PipelineInfoFacadeService @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val settingInfo = pipelineRepositoryService.getSetting(projectId, pipelineId) ?: throw OperationException( @@ -260,6 +261,8 @@ class PipelineInfoFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_CREATE_CONTENT ) fun createPipeline( @@ -302,8 +305,6 @@ class PipelineInfoFacadeService @Autowired constructor( ) watcher.stop() } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (isPipelineExist( projectId = projectId, @@ -510,6 +511,8 @@ class PipelineInfoFacadeService @Autowired constructor( resourceType = ResourceTypeId.PROJECT, instanceIds = "#pipelineId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT ) fun restorePipeline( @@ -689,6 +692,8 @@ class PipelineInfoFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_EDIT_CONTENT ) fun editPipeline( @@ -729,8 +734,6 @@ class PipelineInfoFacadeService @Autowired constructor( ) ) } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (isPipelineExist( projectId = projectId, pipelineId = pipelineId, @@ -853,6 +856,8 @@ class PipelineInfoFacadeService @Autowired constructor( instanceNames = "#$?.name", instanceIds = "#pipelineId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_VIEW_CONTENT ) fun getPipeline( @@ -882,9 +887,6 @@ class PipelineInfoFacadeService @Autowired constructor( ) ) } - - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val pipelineInfo = pipelineRepositoryService.getPipelineInfo(projectId, pipelineId) ?: throw ErrorCodeException( statusCode = Response.Status.NOT_FOUND.statusCode, @@ -959,6 +961,8 @@ class PipelineInfoFacadeService @Autowired constructor( instanceNames = "#$?.pipelineName", instanceIds = "#pipelineId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_DELETE_CONTENT ) fun deletePipeline( @@ -994,9 +998,6 @@ class PipelineInfoFacadeService @Autowired constructor( watcher.stop() } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) - val existModel = pipelineRepositoryService.getModel(projectId, pipelineId) ?: throw ErrorCodeException( statusCode = Response.Status.NOT_FOUND.statusCode, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt index aa03bcbb5e3..e175d0c7093 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineListFacadeService.kt @@ -29,6 +29,7 @@ package com.tencent.devops.process.service import com.fasterxml.jackson.core.type.TypeReference import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode @@ -184,6 +185,8 @@ class PipelineListFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_VIEW_CONTENT ) fun getBatchPipelinesWithModel( @@ -209,8 +212,6 @@ class PipelineListFacadeService @Autowired constructor( ) } } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val buildPipelineRecords = pipelineBuildSummaryDao.listPipelineInfoBuildSummary( dslContext = dslContext, projectId = projectId, @@ -1731,6 +1732,8 @@ class PipelineListFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_VIEW_CONTENT ) fun getPipelineDetail( @@ -1759,8 +1762,6 @@ class PipelineListFacadeService @Autowired constructor( ) ) } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val pipelineInfo = pipelineInfoDao.getPipelineInfo( dslContext = dslContext, projectId = projectId, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt index 610ab389f4a..301fa1098b6 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt @@ -28,8 +28,8 @@ package com.tencent.devops.process.service.pipeline import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_DEFAULT import com.tencent.devops.common.api.exception.PermissionForbiddenException @@ -94,6 +94,8 @@ class PipelineSettingFacadeService @Autowired constructor( instanceIds = "#setting?.pipelineId", instanceNames = "#setting?.pipelineName" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#setting?.projectId")], + scopeId = "#setting?.projectId", content = ActionAuditContent.PIPELINE_EDIT_SAVE_SETTING_CONTENT ) fun saveSetting( @@ -124,8 +126,6 @@ class PipelineSettingFacadeService @Autowired constructor( ) ) } - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, setting.projectId) val pipelineName = pipelineRepositoryService.saveSetting( userId = userId, setting = setting, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt index d7820ed9eae..4041c716819 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/template/TemplateFacadeService.kt @@ -30,6 +30,7 @@ package com.tencent.devops.process.service.template import com.fasterxml.jackson.databind.ObjectMapper import com.fasterxml.jackson.module.kotlin.readValue import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode @@ -128,12 +129,6 @@ import com.tencent.devops.repository.api.ServiceRepositoryResource import com.tencent.devops.store.api.common.ServiceStoreResource import com.tencent.devops.store.api.template.ServiceTemplateResource import com.tencent.devops.store.pojo.common.enums.StoreTypeEnum -import java.text.MessageFormat -import java.time.LocalDateTime -import javax.ws.rs.NotFoundException -import javax.ws.rs.core.Response -import kotlin.reflect.full.declaredMemberProperties -import kotlin.reflect.jvm.isAccessible import org.jooq.DSLContext import org.jooq.Record import org.jooq.Result @@ -144,6 +139,12 @@ import org.springframework.beans.factory.annotation.Value import org.springframework.cloud.context.config.annotation.RefreshScope import org.springframework.dao.DuplicateKeyException import org.springframework.stereotype.Service +import java.text.MessageFormat +import java.time.LocalDateTime +import javax.ws.rs.NotFoundException +import javax.ws.rs.core.Response +import kotlin.reflect.full.declaredMemberProperties +import kotlin.reflect.jvm.isAccessible @Suppress("ALL") @Service @@ -197,6 +198,8 @@ class TemplateFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_CREATE_CONTENT ) fun createTemplate(projectId: String, userId: String, template: Model): String { @@ -232,7 +235,6 @@ class TemplateFacadeService @Autowired constructor( ActionAuditContext.current() .setInstanceId(templateId) .setInstanceName(template.name) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return templateId } @@ -243,6 +245,8 @@ class TemplateFacadeService @Autowired constructor( instanceIds = "#srcTemplateId", instanceNames = "#copyTemplateReq?.templateName" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_COPY_CONTENT ) fun copyTemplate( @@ -254,8 +258,6 @@ class TemplateFacadeService @Autowired constructor( logger.info("Start to copy the template, $srcTemplateId | $userId | $copyTemplateReq") checkPermission(projectId, userId) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) var latestTemplate = templateDao.getLatestTemplate(dslContext, projectId, srcTemplateId) val template = latestTemplate @@ -314,6 +316,8 @@ class TemplateFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_SAVE_AS_CONTENT ) fun saveAsTemplate( @@ -324,8 +328,6 @@ class TemplateFacadeService @Autowired constructor( logger.info("Start to saveAsTemplate, $userId | $projectId | $saveAsTemplateReq") checkPermission(projectId, userId) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val template = pipelineResDao.getLatestVersionModelString(dslContext, projectId, saveAsTemplateReq.pipelineId) ?: throw ErrorCodeException( @@ -380,6 +382,8 @@ class TemplateFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_DELETE_CONTENT ) fun deleteTemplate(projectId: String, userId: String, templateId: String): Boolean { @@ -389,7 +393,6 @@ class TemplateFacadeService @Autowired constructor( ActionAuditContext.current() .setInstanceId(templateId) .setInstanceName(template.templateName) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) dslContext.transaction { configuration -> val context = DSL.using(configuration) val instanceSize = templatePipelineDao.countByVersionFeat( @@ -434,6 +437,8 @@ class TemplateFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_DELETE_CONTENT ) fun deleteTemplate(projectId: String, userId: String, templateId: String, version: Long): Boolean { @@ -442,7 +447,6 @@ class TemplateFacadeService @Autowired constructor( ActionAuditContext.current() .setInstanceId(templateId) .setInstanceName(templateId) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return dslContext.transactionResult { configuration -> val context = DSL.using(configuration) val instanceSize = @@ -474,6 +478,8 @@ class TemplateFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_DELETE_CONTENT ) fun deleteTemplate(projectId: String, userId: String, templateId: String, versionName: String): Boolean { @@ -482,7 +488,6 @@ class TemplateFacadeService @Autowired constructor( ActionAuditContext.current() .setInstanceId(templateId) .setInstanceName(templateId) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) dslContext.transaction { configuration -> val context = DSL.using(configuration) val instanceSize = @@ -518,6 +523,8 @@ class TemplateFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_CONTENT ) fun updateTemplate( @@ -541,7 +548,6 @@ class TemplateFacadeService @Autowired constructor( ActionAuditContext.current() .setInstanceId(templateId) .setInstanceName(template.name) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) updateModelParam(template) dslContext.transaction { configuration -> val context = DSL.using(configuration) @@ -596,6 +602,8 @@ class TemplateFacadeService @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.PIPELINE_TEMPLATE ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.PIPELINE_TEMPLATE_EDIT_SETTING_CONTENT ) fun updateTemplateSetting( @@ -608,8 +616,7 @@ class TemplateFacadeService @Autowired constructor( checkPermission(projectId, userId) ActionAuditContext.current() .setInstanceId(templateId) - .setInstanceName(setting.pipelineName) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) + .setInstanceName(templateId) dslContext.transaction { configuration -> val context = DSL.using(configuration) checkTemplateName( diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt index 826756b2d17..eb5b85806dd 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CertServiceImpl.kt @@ -28,9 +28,9 @@ package com.tencent.devops.ticket.service import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord -import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.exception.OperationException import com.tencent.devops.common.api.exception.RemoteServiceException import com.tencent.devops.common.api.model.SQLPage @@ -109,6 +109,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_CREATE_CONTENT ) override fun uploadIos( @@ -138,8 +140,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (certCredentialId != null) { val use = AuthPermission.USE certPermissionService.validatePermission( @@ -246,6 +246,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_EDIT_CONTENT ) override fun updateIos( @@ -276,8 +278,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (!certDao.has(dslContext, projectId, certId)) { throw OperationException( MessageUtil.getMessageByLocale(NAME_NO_EXISTS, I18nUtil.getLanguage(userId), arrayOf(certId)) @@ -381,6 +381,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_CREATE_CONTENT ) override fun uploadEnterprise( @@ -407,8 +409,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (certDao.has(dslContext, projectId, certId)) { throw OperationException( @@ -503,6 +503,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_EDIT_CONTENT ) override fun updateEnterprise( @@ -530,8 +532,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (!certDao.has(dslContext, projectId, certId)) { throw OperationException( @@ -617,6 +617,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_CREATE_CONTENT ) override fun uploadAndroid( @@ -646,8 +648,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val use = AuthPermission.USE certPermissionService.validatePermission( userId = userId, @@ -758,6 +758,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_EDIT_CONTENT ) override fun updateAndroid( @@ -788,8 +790,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.getOrNull(dslContext, projectId, certId) ?: throw OperationException( MessageUtil.getMessageByLocale(CERT_NOT_FOUND, I18nUtil.getLanguage(userId), arrayOf(certId)) @@ -901,6 +901,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_CREATE_CONTENT ) override fun uploadTls( @@ -933,8 +935,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (certDao.has(dslContext, projectId, certId)) { throw OperationException( @@ -1053,6 +1053,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_EDIT_CONTENT ) override fun updateTls( @@ -1086,8 +1088,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (!certDao.has(dslContext, projectId, certId)) { throw OperationException( @@ -1212,6 +1212,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_DELETE_CONTENT ) override fun delete(userId: String, projectId: String, certId: String) { @@ -1232,8 +1234,6 @@ class CertServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) certPermissionService.deleteResource(projectId, certId) dslContext.transaction { configuration -> val transactionContext = DSL.using(configuration) @@ -1346,6 +1346,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun getIos(userId: String, projectId: String, certId: String): CertIOSInfo { @@ -1359,8 +1361,6 @@ class CertServiceImpl @Autowired constructor( params = arrayOf(userId, projectId, certId, AuthPermission.VIEW.getI18n(I18nUtil.getLanguage(userId))) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.get(dslContext, projectId, certId) return CertIOSInfo( certId = certId, @@ -1378,12 +1378,12 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun getEnterprise(projectId: String, certId: String): CertEnterpriseInfo { val certRecord = certDao.get(dslContext, projectId, certId) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return CertEnterpriseInfo( certId = certId, mobileProvisionFileName = certRecord.certMpFileName, @@ -1398,6 +1398,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun getAndroid(userId: String, projectId: String, certId: String): CertAndroidInfo { @@ -1411,8 +1413,6 @@ class CertServiceImpl @Autowired constructor( params = arrayOf(userId, projectId, certId, AuthPermission.VIEW.getI18n(I18nUtil.getLanguage(userId))) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.get(dslContext, projectId, certId) return CertAndroidInfo( @@ -1432,13 +1432,13 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun getTls(projectId: String, certId: String): CertTlsInfo { val certRecord = certDao.get(dslContext, projectId, certId) val certTlsRecord = certTlsDao.get(dslContext, projectId, certId) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return CertTlsInfo( certId = certId, serverCrtFileName = certTlsRecord.certServerCrtFileName, @@ -1456,11 +1456,11 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryIos(projectId: String, buildId: String, certId: String, publicKey: String): CertIOS { - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) if (buildBasicInfoResult.isNotOk()) { throw RemoteServiceException("Failed to build the basic information based on the buildId") @@ -1525,11 +1525,11 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryEnterpriseByProject(projectId: String, certId: String, publicKey: String): CertEnterprise { - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.get(dslContext, projectId, certId) // 生成公钥和密钥 val publicKeyByteArray = Base64.getDecoder().decode(publicKey) @@ -1554,12 +1554,12 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryAndroid(projectId: String, buildId: String, certId: String, publicKey: String): CertAndroid { val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (buildBasicInfoResult.isNotOk()) { throw RemoteServiceException("Failed to build the basic information based on the buildId") } @@ -1601,6 +1601,8 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryAndroidByProject( @@ -1608,8 +1610,6 @@ class CertServiceImpl @Autowired constructor( certId: String, publicKey: String ): CertAndroidWithCredential { - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certRecord = certDao.get(dslContext, projectId, certId) val publicKeyByteArray = Base64.getDecoder().decode(publicKey) val serverDHKeyPair = DHUtil.initKey(publicKeyByteArray) @@ -1668,11 +1668,11 @@ class CertServiceImpl @Autowired constructor( instanceIds = "#certId", instanceNames = "#certId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CERT_VIEW_CONTENT ) override fun queryTlsByProject(projectId: String, certId: String, publicKey: String): CertTls { - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val certTlsRecord = certTlsDao.get(dslContext, projectId, certId) val publicKeyByteArray = Base64.getDecoder().decode(publicKey) val serverDHKeyPair = DHUtil.initKey(publicKeyByteArray) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index 61edcf6d524..ed8459d08a5 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -28,6 +28,7 @@ package com.tencent.devops.ticket.service import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditEntry import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.bk.audit.context.ActionAuditContext @@ -132,6 +133,8 @@ class CredentialServiceImpl @Autowired constructor( instanceIds = "#credential?.credentialId", instanceNames = "#credential?.credentialName" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_CREATE_CONTENT ) override fun userCreate( @@ -156,8 +159,6 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) if (credentialDao.has(dslContext, projectId, credential.credentialId)) { throw ErrorCodeException( errorCode = TicketMessageCode.CREDENTIAL_EXIST, @@ -218,6 +219,8 @@ class CredentialServiceImpl @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.CREDENTIAL ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_EDIT_CONTENT ) override fun userEdit( @@ -247,7 +250,6 @@ class CredentialServiceImpl @Autowired constructor( .setInstanceId(credentialId) .setInstanceName(credential.credentialName) .setInstance(credential) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) serviceEdit( userId = userId, projectId = projectId, @@ -263,6 +265,8 @@ class CredentialServiceImpl @Autowired constructor( instanceIds = "#credentialId", instanceNames = "#credentialId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_EDIT_SETTING_CONTENT ) override fun userSettingEdit( @@ -293,7 +297,6 @@ class CredentialServiceImpl @Autowired constructor( .setInstanceId(credentialId) .setInstanceName(credentialId) .setInstance(credentialSetting) - .addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) return credentialDao.updateSetting( dslContext = dslContext, projectId = projectId, @@ -309,6 +312,8 @@ class CredentialServiceImpl @Autowired constructor( instanceIds = "#credentialId", instanceNames = "#credentialId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_DELETE_CONTENT ) override fun userDelete(userId: String, projectId: String, credentialId: String) { @@ -329,8 +334,6 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) logger.info("$userId delete credential $credentialId") credentialPermissionService.deleteResource(projectId, credentialId) credentialDao.delete(dslContext, projectId, credentialId) @@ -478,6 +481,8 @@ class CredentialServiceImpl @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.CREDENTIAL ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun userShow(userId: String, projectId: String, credentialId: String): CredentialWithPermission { @@ -498,8 +503,6 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val hasViewPermission = true val hasDeletePermission = credentialPermissionService.validatePermission(userId, projectId, credentialId, AuthPermission.DELETE) @@ -533,6 +536,8 @@ class CredentialServiceImpl @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.CREDENTIAL ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun userGet(userId: String, projectId: String, credentialId: String): CredentialWithPermission { @@ -553,8 +558,6 @@ class CredentialServiceImpl @Autowired constructor( ) ) ) - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val hasViewPermission = true val hasDeletePermission = credentialPermissionService.validatePermission(userId, projectId, credentialId, AuthPermission.DELETE) @@ -591,6 +594,8 @@ class CredentialServiceImpl @Autowired constructor( instanceNames = "#credentialId", instanceIds = "#credentialId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun buildGet( @@ -600,8 +605,6 @@ class CredentialServiceImpl @Autowired constructor( publicKey: String, taskId: String? ): CredentialInfo? { - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val buildBasicInfoResult = client.get(ServiceBuildResource::class).serviceBasic(projectId, buildId) if (buildBasicInfoResult.isNotOk()) { throw RemoteServiceException("Failed to build the basic information based on the buildId") @@ -674,11 +677,11 @@ class CredentialServiceImpl @Autowired constructor( instanceNames = "#credentialId", instanceIds = "#credentialId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun serviceGet(projectId: String, credentialId: String, publicKey: String): CredentialInfo? { - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, projectId) val credentialRecord = credentialDao.getOrNull(dslContext, projectId, credentialId) ?: return null return credentialInfo(publicKey, credentialRecord) @@ -691,6 +694,8 @@ class CredentialServiceImpl @Autowired constructor( instanceNames = "#credentialId", instanceIds = "#credentialId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#targetProjectId")], + scopeId = "#targetProjectId", content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun serviceGetAcrossProject( @@ -698,8 +703,6 @@ class CredentialServiceImpl @Autowired constructor( credentialId: String, publicKey: String ): CredentialInfo? { - // 审计 - ActionAuditContext.current().addAttribute(ActionAuditContent.PROJECT_CODE_TEMPLATE, targetProjectId) val credentialRecord = credentialDao.getOrNull(dslContext, targetProjectId, credentialId)?.let { if (!it.allowAcrossProject) { throw CustomException(Response.Status.FORBIDDEN, "credential not allow across project") @@ -757,6 +760,8 @@ class CredentialServiceImpl @Autowired constructor( instanceNames = "#credentialId", instanceIds = "#credentialId" ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun serviceGet(projectId: String, credentialId: String): Credential { @@ -803,6 +808,8 @@ class CredentialServiceImpl @Autowired constructor( instance = AuditInstanceRecord( resourceType = ResourceTypeId.CREDENTIAL ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", content = ActionAuditContent.CREDENTIAL_VIEW_CONTENT ) override fun getCredentialByIds(projectId: String?, credentialIds: Set): List? { From 7dab269ae535edf28f3552e7de8164a32a844027 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 13 Nov 2023 11:20:34 +0800 Subject: [PATCH 62/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/common/audit/ActionAuditContent.kt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt index f1542af951a..249f5fbabdf 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -8,6 +8,8 @@ object ActionAuditContent { private const val CONTENT_TEMPLATE = "[{{$INSTANCE_NAME}}]({{$INSTANCE_ID}})" private const val PROJECT_CODE_CONTENT_TEMPLATE = "[{{@PROJECT_CODE}}]" const val PROJECT_CODE_TEMPLATE = "@PROJECT_CODE" + const val BUILD_ID_TEMPLATE = "@BUILD_ID" + const val ASSIGNS_TEMPLATE = "@ASSIGNS" // 项目 const val PROJECT_MANAGE_RESTORE_PIPELINE_CONTENT = "restore pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" @@ -17,7 +19,8 @@ object ActionAuditContent { const val PIPELINE_SHARE_CONTENT = "share pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_CREATE_CONTENT = "create pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_LIST_CONTENT = "list pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" + const val PIPELINE_DOWNLOAD_CONTENT = "download pipeline $CONTENT_TEMPLATE buildId [{{$BUILD_ID_TEMPLATE}}] " + + "in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_EDIT_CONTENT = "update pipeline $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val PIPELINE_EDIT_SAVE_SETTING_CONTENT = "save pipeline setting $CONTENT_TEMPLATE " + "in project $PROJECT_CODE_CONTENT_TEMPLATE" @@ -66,7 +69,7 @@ object ActionAuditContent { const val CGS_START_CONTENT = "start workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val CGS_RESTART_CONTENT = "restart workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val CGS_ASSIGN_USER_CONTENT = "assign workspace $CONTENT_TEMPLATE " + - "to [{{@ASSIGNS}}] from $PROJECT_CODE_CONTENT_TEMPLATE" + "to [{{$ASSIGNS_TEMPLATE}}] from $PROJECT_CODE_CONTENT_TEMPLATE" const val CGS_ASSIGN_PROJECT_CONTENT = "assign workspace $CONTENT_TEMPLATE to project $PROJECT_CODE_CONTENT_TEMPLATE" const val CGS_EDIT_TYPE_CONTENT = "modify workspace type $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val CGS_REBUILD_SYSTEM_DISK_CONTENT = "rebuild workspace system disk $CONTENT_TEMPLATE " + From 723c82e033f4217dab31b1935e1fa27e13a013ff Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 15 Nov 2023 14:37:10 +0800 Subject: [PATCH 63/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/process/api/UserPipelineResourceImpl.kt | 1 - .../process/service/pipeline/PipelineSettingFacadeService.kt | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt index ee180590e92..ff05e55b2c5 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserPipelineResourceImpl.kt @@ -264,7 +264,6 @@ class UserPipelineResourceImpl @Autowired constructor( userId: String, projectId: String, pipelineId: String, - @AuditRequestBody modelAndSetting: PipelineModelAndSetting ): Result { checkParam(userId, projectId) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt index 301fa1098b6..da6f39f8078 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/pipeline/PipelineSettingFacadeService.kt @@ -30,6 +30,7 @@ package com.tencent.devops.process.service.pipeline import com.tencent.bk.audit.annotations.ActionAuditRecord import com.tencent.bk.audit.annotations.AuditAttribute import com.tencent.bk.audit.annotations.AuditInstanceRecord +import com.tencent.bk.audit.context.ActionAuditContext import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.constant.KEY_DEFAULT import com.tencent.devops.common.api.exception.PermissionForbiddenException @@ -126,6 +127,8 @@ class PipelineSettingFacadeService @Autowired constructor( ) ) } + ActionAuditContext.current().setInstance(setting) + val pipelineName = pipelineRepositoryService.saveSetting( userId = userId, setting = setting, From 0320e8c600e7c410b65aa1f3e346e24653210118 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 17 Nov 2023 09:52:40 +0800 Subject: [PATCH 64/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt index 8296afea44e..4dec17a77a0 100644 --- a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt +++ b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt @@ -48,5 +48,5 @@ object Versions { const val jgit = "5.13.1.202206130422-r" const val iam = "1.0.39-SNAPSHOT" const val disklrucache = "2.0.2" - const val audit = "1.0.8-SNAPSHOT" + const val audit = "1.0.8" } From 595d4e4db87afa96fa360272c4d7a654ba19b802 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 17 Nov 2023 11:42:47 +0800 Subject: [PATCH 65/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/bkenv.properties | 3 ++- support-files/templates/#etc#ci#common.yml | 18 +++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/scripts/bkenv.properties b/scripts/bkenv.properties index 50bd5b37007..3c6f9cba05b 100644 --- a/scripts/bkenv.properties +++ b/scripts/bkenv.properties @@ -347,7 +347,8 @@ BK_CI_OPENAPI_API_PUB_OUTER= BK_CI_OPENAPI_API_AUTH=true # BK_CI_OPENAPI_VERIFY_PROJECT 在 blueking api filter 中使用,是否开启projectId强校验。 BK_CI_OPENAPI_VERIFY_PROJECT=false - +# 是否开启审计,默认不开启 +BK_CI_AUDIT_ENABLED=false ########## # 4-微服务依赖 diff --git a/support-files/templates/#etc#ci#common.yml b/support-files/templates/#etc#ci#common.yml index c1484c8bb60..0db6d84cb5e 100644 --- a/support-files/templates/#etc#ci#common.yml +++ b/support-files/templates/#etc#ci#common.yml @@ -57,7 +57,7 @@ spring: metrics: servo: enabled: false - datasource: + datasource: # 数据库表规则配置 tableRuleConfigs: - index: 0 @@ -219,7 +219,7 @@ spring: - index: 52 name: T_PIPELINE_BUILD_RECORD_TASK databaseShardingStrategy: SHARDING - + endpoints: metrics: @@ -252,7 +252,7 @@ devopsGateway: ossProxy: __BK_CI_PRIVATE_URL__ # not used yet. keep it same as `host' property. fileDevnetGateway: __BK_CI_PRIVATE_URL__ # not used yet. keep it same as `host' property. fileIdcGateway: __BK_CI_PRIVATE_URL__ # not used yet. keep it same as `host' property. - + # certificate server 配置 certificate: server: __BK_LICENSE_PRIVATE_URL__/certificate @@ -326,7 +326,7 @@ bkci: enable: false defaultLocale: __BK_CI_DEFAULT_LOCALE__ supportLanguages: __BK_CI_SUPPORT_LANGUAGES__ - + process: clearBaseBuildData: true # 是否开启清理【被彻底删除的流水线】的基础构建流水数据(建议开启)5672 deletedPipelineStoreDays: 30 # 回收站已删除流水线保存天数 @@ -358,13 +358,13 @@ sharding: cluster: tag: __BK_CI_CLUSTER_TAG__ -# bkrepo仓库配置 +# bkrepo仓库配置 bkrepo: bkrepoApiUrl: __BK_HTTP_SCHEMA__://__BK_REPO_HOST__/api/generic staticRepoPrefixUrl: __BK_HTTP_SCHEMA__://__BK_REPO_HOST__/generic/{0}/{1} staticUserName: __BK_REPO_USERNAME__ - staticPassword: __BK_REPO_PASSWORD__ - + staticPassword: __BK_REPO_PASSWORD__ + # 企业微信api配置 wechatWork: corpId: __BK_CI_WECHATWORK_CORPID__ @@ -373,3 +373,7 @@ wechatWork: token: __BK_CI_WECHATWORK_TOKEN__ aesKey: __BK_CI_WECHATWORK_AESKEY__ url: __BK_CI_WECHATWORK_URL__ + +# 是否开启审计 +audit: + enabled: __BK_CI_AUDIT_ENABLED__ From 35a68d8d14e15360541b9e20ce90b609e3367fd2 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 17 Nov 2023 12:05:08 +0800 Subject: [PATCH 66/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/common/audit/BkAuditConfiguration.kt | 2 ++ .../common-audit/src/main/resources/META-INF/spring.factories | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt index f048c47a558..c5e5a14d7d8 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditConfiguration.kt @@ -1,11 +1,13 @@ package com.tencent.devops.common.audit import com.tencent.bk.audit.AuditRequestProvider +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Primary @Configuration +@ConditionalOnProperty(name = ["audit.enabled"], havingValue = "true", matchIfMissing = true) class BkAuditConfiguration { @Bean @Primary diff --git a/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories index 9549f2a3693..039c7ec08d5 100644 --- a/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories +++ b/src/backend/ci/core/common/common-audit/src/main/resources/META-INF/spring.factories @@ -1,3 +1,2 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ -com.tencent.bk.audit.config.AuditAutoConfiguration,\ com.tencent.devops.common.audit.BkAuditConfiguration From 07205240849031506ae8582a2eccda59f417423a Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 20 Nov 2023 09:20:47 +0800 Subject: [PATCH 67/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/common/audit/BkAuditRequestProvider.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index fc4a453812a..1106d37bb99 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -57,7 +57,6 @@ class BkAuditRequestProvider : AuditRequestProvider { val httpServletRequest = getHttpServletRequest() val requestChannel = (httpServletRequest.getAttribute(REQUEST_CHANNEL) ?: httpServletRequest.getHeader(REQUEST_CHANNEL))?.toString() - logger.debug("get request channel :$requestChannel") return when (requestChannel) { RequestChannelTypeEnum.USER.name, RequestChannelTypeEnum.OP.name -> AccessTypeEnum.WEB From e9c72763f073477738c38cb45d1010eab5c8e55c Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 20 Nov 2023 09:27:26 +0800 Subject: [PATCH 68/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/common/audit/BkAuditRequestProvider.kt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index 1106d37bb99..fc4a453812a 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -57,6 +57,7 @@ class BkAuditRequestProvider : AuditRequestProvider { val httpServletRequest = getHttpServletRequest() val requestChannel = (httpServletRequest.getAttribute(REQUEST_CHANNEL) ?: httpServletRequest.getHeader(REQUEST_CHANNEL))?.toString() + logger.debug("get request channel :$requestChannel") return when (requestChannel) { RequestChannelTypeEnum.USER.name, RequestChannelTypeEnum.OP.name -> AccessTypeEnum.WEB From fdc36ddcbbb0104b6b8a4b6cbd1bfc74d2a3396d Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 20 Nov 2023 09:45:52 +0800 Subject: [PATCH 69/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/common/audit/BkAuditRequestProvider.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt index fc4a453812a..188a052ab3c 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/BkAuditRequestProvider.kt @@ -57,7 +57,7 @@ class BkAuditRequestProvider : AuditRequestProvider { val httpServletRequest = getHttpServletRequest() val requestChannel = (httpServletRequest.getAttribute(REQUEST_CHANNEL) ?: httpServletRequest.getHeader(REQUEST_CHANNEL))?.toString() - logger.debug("get request channel :$requestChannel") + logger.debug("get request channel:$requestChannel") return when (requestChannel) { RequestChannelTypeEnum.USER.name, RequestChannelTypeEnum.OP.name -> AccessTypeEnum.WEB From 6d61eb353d69dfae75d59cb0e59293798100212c Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 20 Nov 2023 09:54:24 +0800 Subject: [PATCH 70/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/process/service/PipelineInfoFacadeService.kt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt index a8a46bd33e6..8d41f048db6 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt @@ -957,9 +957,7 @@ class PipelineInfoFacadeService @Autowired constructor( @ActionAuditRecord( actionId = ActionId.PIPELINE_DELETE, instance = AuditInstanceRecord( - resourceType = ResourceTypeId.PIPELINE, - instanceNames = "#$?.pipelineName", - instanceIds = "#pipelineId" + resourceType = ResourceTypeId.PIPELINE ), attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], scopeId = "#projectId", @@ -1003,6 +1001,7 @@ class PipelineInfoFacadeService @Autowired constructor( statusCode = Response.Status.NOT_FOUND.statusCode, errorCode = ProcessMessageCode.ERROR_PIPELINE_MODEL_NOT_EXISTS ) + ActionAuditContext.current().addInstanceInfo(pipelineId, existModel.name, null, null) // 对已经存在的模型做删除前处理 val param = BeforeDeleteParam( userId = userId, From b5ee66d297d417e7fc01d80c21f1b260714870ea Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 20 Nov 2023 12:06:07 +0800 Subject: [PATCH 71/71] =?UTF-8?q?feat=EF=BC=9A=E6=8E=A5=E5=85=A5=E5=AE=A1?= =?UTF-8?q?=E8=AE=A1=E4=B8=AD=E5=BF=83=20#9414?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/ticket/service/CredentialServiceImpl.kt | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt index ed8459d08a5..c468f9aa8d5 100644 --- a/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt +++ b/src/backend/ci/core/ticket/biz-ticket/src/main/kotlin/com/tencent/devops/ticket/service/CredentialServiceImpl.kt @@ -511,7 +511,9 @@ class CredentialServiceImpl @Autowired constructor( val credentialRecord = credentialDao.get(dslContext, projectId, credentialId) - ActionAuditContext.current().setInstanceName(credentialRecord.credentialName).setInstanceId(credentialRecord.credentialId) + ActionAuditContext.current() + .setInstanceName(credentialRecord.credentialName) + .setInstanceId(credentialRecord.credentialId) return CredentialWithPermission( credentialId = credentialId, credentialName = credentialRecord.credentialName ?: credentialId, @@ -566,7 +568,9 @@ class CredentialServiceImpl @Autowired constructor( val credentialRecord = credentialDao.get(dslContext, projectId, credentialId) - ActionAuditContext.current().setInstanceId(credentialRecord.credentialId).setInstanceName(credentialRecord.credentialName) + ActionAuditContext.current() + .setInstanceId(credentialRecord.credentialId) + .setInstanceName(credentialRecord.credentialName) return CredentialWithPermission( credentialId = credentialId, credentialName = credentialRecord.credentialName ?: credentialId,