diff --git a/src/common/definitions.go b/src/common/definitions.go index 6bbe0f56ba..69295002bb 100644 --- a/src/common/definitions.go +++ b/src/common/definitions.go @@ -553,6 +553,13 @@ const ( // BKExtendResourceNameField the audit extend resource name field BKExtendResourceNameField = "extend_resource_name" + // BKSceneField the audit scene field + BKSceneField = "scene" + // BKSceneDescField the audit scene description field + BKSceneDescField = "scene_desc" + // BKSceneCodeField the audit scene code field + BKSceneCodeField = "scene_code" + // BKLabelField the audit resource name field BKLabelField = "label" diff --git a/src/common/http/header/accessor.go b/src/common/http/header/accessor.go index 32e68f0ec6..347ebd7c7c 100644 --- a/src/common/http/header/accessor.go +++ b/src/common/http/header/accessor.go @@ -216,3 +216,33 @@ func IsInnerReq(header http.Header) bool { func SetIsInnerReqHeader(header http.Header) { header.Set(IsInnerReqHeader, "true") } + +// GetScene get audit scene from http header +func GetScene(header http.Header) string { + return header.Get(CCSceneHeader) +} + +// GetSceneDesc get audit scene description from http header +func GetSceneDesc(header http.Header) string { + return header.Get(CCSceneDescHeader) +} + +// GetSceneCode get audit scene code from http header +func GetSceneCode(header http.Header) string { + return header.Get(CCSceneCodeHeader) +} + +// SetScene set audit scene to http header +func SetScene(header http.Header, value string) { + header.Set(CCSceneHeader, value) +} + +// SetSceneDesc set audit scene description to http header +func SetSceneDesc(header http.Header, value string) { + header.Set(CCSceneDescHeader, value) +} + +// SetSceneCode set audit scene code to http header +func SetSceneCode(header http.Header, value string) { + header.Set(CCSceneCodeHeader, value) +} diff --git a/src/common/http/header/header.go b/src/common/http/header/header.go index d07cc4422b..838014a776 100644 --- a/src/common/http/header/header.go +++ b/src/common/http/header/header.go @@ -75,4 +75,13 @@ const ( // IsInnerReqHeader is the http header key that represents if request is an inner request IsInnerReqHeader = "X-Bkcmdb-Is-Inner-Request" + + // CCSceneHeader is the audit scene http header key + CCSceneHeader = "X-CC-Scene" + + // CCSceneDescHeader is the audit scene description http header key + CCSceneDescHeader = "X-CC-Scene-Desc" + + // CCSceneCodeHeader is the audit scene code http header key + CCSceneCodeHeader = "X-CC-Scene-Code" ) diff --git a/src/common/http/header/util/util.go b/src/common/http/header/util/util.go index 22adbdbc0d..69314df9e7 100644 --- a/src/common/http/header/util/util.go +++ b/src/common/http/header/util/util.go @@ -41,6 +41,9 @@ func CCHeader(header http.Header) http.Header { httpheader.SetReqFromWeb(newHeader) } newHeader.Add(common.ReadReferenceKey, header.Get(common.ReadReferenceKey)) + httpheader.SetScene(newHeader, httpheader.GetScene(header)) + httpheader.SetSceneDesc(newHeader, httpheader.GetSceneDesc(header)) + httpheader.SetSceneCode(newHeader, httpheader.GetSceneCode(header)) return newHeader } @@ -96,6 +99,11 @@ func NewHeader(header http.Header) http.Header { httpheader.SetReqFromWeb(newHeader) } + // Copy audit scene headers + httpheader.SetScene(newHeader, httpheader.GetScene(header)) + httpheader.SetSceneDesc(newHeader, httpheader.GetSceneDesc(header)) + httpheader.SetSceneCode(newHeader, httpheader.GetSceneCode(header)) + return newHeader } diff --git a/src/common/metadata/audit.go b/src/common/metadata/audit.go index 4eff5d04f6..33ab54b5ca 100644 --- a/src/common/metadata/audit.go +++ b/src/common/metadata/audit.go @@ -96,6 +96,10 @@ type AuditQueryCondition struct { FuzzyQuery bool `json:"fuzzy_query"` // Condition is used for new way to search audit log by user or resource_name Condition []querybuilder.AtomRule `json:"condition"` + // Scene filters audit logs by operation scene + Scene string `json:"scene"` + // SceneCode filters audit logs by operation scene code + SceneCode string `json:"scene_code"` } // Validate is a AuditQueryCondition validator to validate user resource_name condition whether exist at the same time @@ -172,6 +176,10 @@ type InstAuditCondition struct { OperationTime OperationTimeCondition `json:"operation_time"` // ID is an audit record's id ID []int64 `json:"id"` + // Scene filters audit logs by operation scene + Scene string `json:"scene"` + // SceneCode filters audit logs by operation scene code + SceneCode string `json:"scene_code"` } // AuditLog struct for audit log @@ -209,6 +217,12 @@ type AuditLog struct { RequestID string `json:"rid,omitempty" bson:"rid,omitempty"` // todo ExtendResourceName for the temporary solution of ipv6 ExtendResourceName string `json:"extend_resource_name" bson:"extend_resource_name"` + // Scene the operation scene of the audit log + Scene string `json:"scene" bson:"scene"` + // SceneDesc the operation scene description of the audit log + SceneDesc string `json:"scene_desc" bson:"scene_desc"` + // SceneCode the operation scene code of the audit log + SceneCode string `json:"scene_code" bson:"scene_code"` } type bsonAuditLog struct { @@ -227,6 +241,9 @@ type bsonAuditLog struct { AppCode string `json:"code" bson:"code"` RequestID string `json:"rid" bson:"rid"` ExtendResourceName string `json:"extend_resource_name" bson:"extend_resource_name"` + Scene string `json:"scene" bson:"scene"` + SceneDesc string `json:"scene_desc" bson:"scene_desc"` + SceneCode string `json:"scene_code" bson:"scene_code"` } type jsonAuditLog struct { @@ -245,6 +262,9 @@ type jsonAuditLog struct { AppCode string `json:"code" bson:"code"` RequestID string `json:"rid" bson:"rid"` ExtendResourceName string `json:"extend_resource_name" bson:"extend_resource_name"` + Scene string `json:"scene" bson:"scene"` + SceneDesc string `json:"scene_desc" bson:"scene_desc"` + SceneCode string `json:"scene_code" bson:"scene_code"` } // DetailFactory TODO @@ -293,6 +313,9 @@ func (auditLog *AuditLog) UnmarshalJSON(data []byte) error { auditLog.AppCode = audit.AppCode auditLog.RequestID = audit.RequestID auditLog.ExtendResourceName = audit.ExtendResourceName + auditLog.Scene = audit.Scene + auditLog.SceneDesc = audit.SceneDesc + auditLog.SceneCode = audit.SceneCode if audit.OperationDetail == nil { return nil @@ -357,6 +380,9 @@ func (auditLog *AuditLog) UnmarshalBSON(data []byte) error { auditLog.AppCode = audit.AppCode auditLog.RequestID = audit.RequestID auditLog.ExtendResourceName = audit.ExtendResourceName + auditLog.Scene = audit.Scene + auditLog.SceneDesc = audit.SceneDesc + auditLog.SceneCode = audit.SceneCode if audit.OperationDetail == nil { return nil @@ -416,6 +442,9 @@ func (auditLog AuditLog) MarshalBSON() ([]byte, error) { audit.AppCode = auditLog.AppCode audit.RequestID = auditLog.RequestID audit.ExtendResourceName = auditLog.ExtendResourceName + audit.Scene = auditLog.Scene + audit.SceneDesc = auditLog.SceneDesc + audit.SceneCode = auditLog.SceneCode var err error switch val := auditLog.OperationDetail.(type) { default: diff --git a/src/scene_server/admin_server/imports.go b/src/scene_server/admin_server/imports.go index b3720329a2..24fbfd8bfa 100644 --- a/src/scene_server/admin_server/imports.go +++ b/src/scene_server/admin_server/imports.go @@ -120,4 +120,5 @@ import ( _ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202405141035" _ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202410100930" _ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202502101200" + _ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202601121450" ) diff --git a/src/scene_server/admin_server/upgrader/y3.14.202601121450/add_audit_scene_index.go b/src/scene_server/admin_server/upgrader/y3.14.202601121450/add_audit_scene_index.go new file mode 100644 index 0000000000..2c2c802919 --- /dev/null +++ b/src/scene_server/admin_server/upgrader/y3.14.202601121450/add_audit_scene_index.go @@ -0,0 +1,60 @@ +/* + * Tencent is pleased to support the open source community by making + * 蓝鲸智云 - 配置平台 (BlueKing - Configuration System) available. + * Copyright (C) 2017 Tencent. All rights reserved. + * Licensed under the MIT License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on + * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + * We undertake not to change the open source license (MIT license) applicable + * to the current version of the project delivered to anyone in the future. + */ + +package y3_14_202601121450 + +import ( + "context" + + "configcenter/src/common" + "configcenter/src/common/blog" + "configcenter/src/scene_server/admin_server/upgrader" + "configcenter/src/storage/dal" + "configcenter/src/storage/dal/types" + + "go.mongodb.org/mongo-driver/bson" +) + +func addAuditLogSceneIndex(ctx context.Context, db dal.RDB, conf *upgrader.Config) error { + idxArr, err := db.Table(common.BKTableNameAuditLog).Indexes(ctx) + if err != nil { + blog.Errorf("get table %s index error. err:%s", common.BKTableNameAuditLog, err.Error()) + return err + } + + createIdxArr := []types.Index{ + {Name: "index_scene", Keys: bson.D{{common.BKSceneField, 1}}, Background: true}, + {Name: "index_scene_code", Keys: bson.D{{common.BKSceneCodeField, 1}}, Background: true}, + } + for _, idx := range createIdxArr { + exist := false + for _, existIdx := range idxArr { + if existIdx.Name == idx.Name { + exist = true + break + } + } + if exist { + continue + } + if err := db.Table(common.BKTableNameAuditLog).CreateIndex(ctx, idx); err != nil && !db.IsDuplicatedError(err) { + blog.ErrorJSON("create index to BKTableNameAuditLog error, err:%s, current index:%s, all create index:%s", err.Error(), idx, createIdxArr) + return err + } + } + + return nil +} diff --git a/src/scene_server/admin_server/upgrader/y3.14.202601121450/pkg.go b/src/scene_server/admin_server/upgrader/y3.14.202601121450/pkg.go new file mode 100644 index 0000000000..3259406874 --- /dev/null +++ b/src/scene_server/admin_server/upgrader/y3.14.202601121450/pkg.go @@ -0,0 +1,42 @@ +/* + * Tencent is pleased to support the open source community by making + * 蓝鲸智云 - 配置平台 (BlueKing - Configuration System) available. + * Copyright (C) 2017 Tencent. All rights reserved. + * Licensed under the MIT License (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at http://opensource.org/licenses/MIT + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on + * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + * We undertake not to change the open source license (MIT license) applicable + * to the current version of the project delivered to anyone in the future. + */ + +package y3_14_202601121450 + +import ( + "context" + + "configcenter/src/common/blog" + "configcenter/src/scene_server/admin_server/upgrader" + "configcenter/src/storage/dal" +) + +func init() { + upgrader.RegistUpgrader("y3.14.202601121450", upgrade) +} + +func upgrade(ctx context.Context, db dal.RDB, conf *upgrader.Config) (err error) { + + blog.Infof("start execute y3.14.202601121450") + err = addAuditLogSceneIndex(ctx, db, conf) + if err != nil { + blog.Errorf("upgrade y3.14.202601121450 add audit log scene index failed, error: %v", err) + return err + } + blog.Infof("execute y3.14.202601121450, add audit log scene index success!") + + return nil +} diff --git a/src/scene_server/topo_server/service/auditlog.go b/src/scene_server/topo_server/service/auditlog.go index 8226f44ec7..7112775925 100644 --- a/src/scene_server/topo_server/service/auditlog.go +++ b/src/scene_server/topo_server/service/auditlog.go @@ -60,7 +60,7 @@ func (s *Service) SearchAuditList(ctx *rest.Contexts) { // the front-end table display fields fields := []string{common.BKFieldID, common.BKUser, common.BKResourceTypeField, common.BKActionField, common.BKOperationTimeField, common.BKAppIDField, common.BKResourceIDField, common.BKResourceNameField, - common.BKExtendResourceNameField} + common.BKExtendResourceNameField, common.BKSceneField, common.BKSceneDescField, common.BKSceneCodeField} cond := mapstr.MapStr{} condition := query.Condition @@ -171,6 +171,14 @@ func (s *Service) parseAuditCond(kit *rest.Kit, condition metadata.AuditQueryCon cond[common.BKAppIDField] = condition.BizID } + if condition.Scene != "" { + cond[common.BKSceneField] = condition.Scene + } + + if condition.SceneCode != "" { + cond[common.BKSceneCodeField] = condition.SceneCode + } + if condition.ResourceID != nil { cond[common.BKResourceIDField] = condition.ResourceID } @@ -367,6 +375,14 @@ func buildInstAuditCondition(ctx *rest.Contexts, query metadata.InstAuditConditi cond[common.BKFieldID] = mapstr.MapStr{common.BKDBIN: query.ID} } + if query.Scene != "" { + cond[common.BKSceneField] = query.Scene + } + + if query.SceneCode != "" { + cond[common.BKSceneCodeField] = query.SceneCode + } + timeCond, err := parseOperationTimeCondition(ctx.Kit, query.OperationTime) if err != nil { blog.Errorf("parse operation time condition failed, err: %v, rid: %s", err, ctx.Kit.Rid) diff --git a/src/source_controller/coreservice/core/auditlog/audit.go b/src/source_controller/coreservice/core/auditlog/audit.go index 7d3f842176..0997b6b52b 100644 --- a/src/source_controller/coreservice/core/auditlog/audit.go +++ b/src/source_controller/coreservice/core/auditlog/audit.go @@ -72,6 +72,10 @@ func (m *auditManager) CreateAuditLog(kit *rest.Kit, logs ...metadata.AuditLog) if rid := kit.Rid; len(rid) > 0 { log.RequestID = kit.Rid } + + log.Scene = httpheader.GetScene(kit.Header) + log.SceneDesc = httpheader.GetSceneDesc(kit.Header) + log.SceneCode = httpheader.GetSceneCode(kit.Header) log.OperationTime = metadata.Now() log.ID = int64(ids[index])