feat: 审计日志增加scen,scen_code,scen_desc字段，支撑上层应用使用 --story=129221126

src/common/definitions.go

@@ -553,6 +553,13 @@ const (
 	// BKExtendResourceNameField the audit extend resource name field
 	BKExtendResourceNameField = "extend_resource_name"
 
+	// BKSceneField the audit scene field
+	BKSceneField = "scene"
+	// BKSceneDescField the audit scene description field
+	BKSceneDescField = "scene_desc"
+	// BKSceneCodeField the audit scene code field
+	BKSceneCodeField = "scene_code"
+
 	// BKLabelField the audit resource name field
 	BKLabelField = "label"
 

src/common/http/header/accessor.go

@@ -216,3 +216,33 @@ func IsInnerReq(header http.Header) bool {
 func SetIsInnerReqHeader(header http.Header) {
 	header.Set(IsInnerReqHeader, "true")
 }
+
+// GetScene get audit scene from http header
+func GetScene(header http.Header) string {
+	return header.Get(CCSceneHeader)
+}
+
+// GetSceneDesc get audit scene description from http header
+func GetSceneDesc(header http.Header) string {
+	return header.Get(CCSceneDescHeader)
+}
+
+// GetSceneCode get audit scene code from http header
+func GetSceneCode(header http.Header) string {
+	return header.Get(CCSceneCodeHeader)
+}
+
+// SetScene set audit scene to http header
+func SetScene(header http.Header, value string) {
+	header.Set(CCSceneHeader, value)
+}
+
+// SetSceneDesc set audit scene description to http header
+func SetSceneDesc(header http.Header, value string) {
+	header.Set(CCSceneDescHeader, value)
+}
+
+// SetSceneCode set audit scene code to http header
+func SetSceneCode(header http.Header, value string) {
+	header.Set(CCSceneCodeHeader, value)
+}

src/common/http/header/header.go

@@ -75,4 +75,13 @@ const (
 
 	// IsInnerReqHeader is the http header key that represents if request is an inner request
 	IsInnerReqHeader = "X-Bkcmdb-Is-Inner-Request"
+
+	// CCSceneHeader is the audit scene http header key
+	CCSceneHeader = "X-CC-Scene"
+
+	// CCSceneDescHeader is the audit scene description http header key
+	CCSceneDescHeader = "X-CC-Scene-Desc"
+
+	// CCSceneCodeHeader is the audit scene code http header key
+	CCSceneCodeHeader = "X-CC-Scene-Code"
 )

src/common/http/header/util/util.go

@@ -41,6 +41,9 @@ func CCHeader(header http.Header) http.Header {
 		httpheader.SetReqFromWeb(newHeader)
 	}
 	newHeader.Add(common.ReadReferenceKey, header.Get(common.ReadReferenceKey))
+	httpheader.SetScene(newHeader, httpheader.GetScene(header))
+	httpheader.SetSceneDesc(newHeader, httpheader.GetSceneDesc(header))
+	httpheader.SetSceneCode(newHeader, httpheader.GetSceneCode(header))
 
 	return newHeader
 }
@@ -96,6 +99,11 @@ func NewHeader(header http.Header) http.Header {
 		httpheader.SetReqFromWeb(newHeader)
 	}
 
+	// Copy audit scene headers
+	httpheader.SetScene(newHeader, httpheader.GetScene(header))
+	httpheader.SetSceneDesc(newHeader, httpheader.GetSceneDesc(header))
+	httpheader.SetSceneCode(newHeader, httpheader.GetSceneCode(header))
+
 	return newHeader
 }
 

src/common/metadata/audit.go

@@ -96,6 +96,10 @@ type AuditQueryCondition struct {
 	FuzzyQuery bool `json:"fuzzy_query"`
 	// Condition is used for new way to search audit log by user or resource_name
 	Condition []querybuilder.AtomRule `json:"condition"`
+	// Scene filters audit logs by operation scene
+	Scene string `json:"scene"`
+	// SceneCode filters audit logs by operation scene code
+	SceneCode string `json:"scene_code"`
 }
 
 // Validate is a AuditQueryCondition validator to validate user resource_name condition whether exist at the same time
@@ -172,6 +176,10 @@ type InstAuditCondition struct {
 	OperationTime OperationTimeCondition `json:"operation_time"`
 	// ID is an audit record's id
 	ID []int64 `json:"id"`
+	// Scene filters audit logs by operation scene
+	Scene string `json:"scene"`
+	// SceneCode filters audit logs by operation scene code
+	SceneCode string `json:"scene_code"`
 }
 
 // AuditLog struct for audit log
@@ -209,6 +217,12 @@ type AuditLog struct {
 	RequestID string `json:"rid,omitempty" bson:"rid,omitempty"`
 	// todo ExtendResourceName for the temporary solution of ipv6
 	ExtendResourceName string `json:"extend_resource_name" bson:"extend_resource_name"`
+	// Scene the operation scene of the audit log
+	Scene string `json:"scene" bson:"scene"`
+	// SceneDesc the operation scene description of the audit log
+	SceneDesc string `json:"scene_desc" bson:"scene_desc"`
+	// SceneCode the operation scene code of the audit log
+	SceneCode string `json:"scene_code" bson:"scene_code"`
 }
 
 type bsonAuditLog struct {
@@ -227,6 +241,9 @@ type bsonAuditLog struct {
 	AppCode            string          `json:"code" bson:"code"`
 	RequestID          string          `json:"rid" bson:"rid"`
 	ExtendResourceName string          `json:"extend_resource_name" bson:"extend_resource_name"`
+	Scene              string          `json:"scene" bson:"scene"`
+	SceneDesc          string          `json:"scene_desc" bson:"scene_desc"`
+	SceneCode          string          `json:"scene_code" bson:"scene_code"`
 }
 
 type jsonAuditLog struct {
@@ -245,6 +262,9 @@ type jsonAuditLog struct {
 	AppCode            string          `json:"code" bson:"code"`
 	RequestID          string          `json:"rid" bson:"rid"`
 	ExtendResourceName string          `json:"extend_resource_name" bson:"extend_resource_name"`
+	Scene              string          `json:"scene" bson:"scene"`
+	SceneDesc          string          `json:"scene_desc" bson:"scene_desc"`
+	SceneCode          string          `json:"scene_code" bson:"scene_code"`
 }
 
 // DetailFactory TODO
@@ -293,6 +313,9 @@ func (auditLog *AuditLog) UnmarshalJSON(data []byte) error {
 	auditLog.AppCode = audit.AppCode
 	auditLog.RequestID = audit.RequestID
 	auditLog.ExtendResourceName = audit.ExtendResourceName
+	auditLog.Scene = audit.Scene
+	auditLog.SceneDesc = audit.SceneDesc
+	auditLog.SceneCode = audit.SceneCode
 
 	if audit.OperationDetail == nil {
 		return nil
@@ -357,6 +380,9 @@ func (auditLog *AuditLog) UnmarshalBSON(data []byte) error {
 	auditLog.AppCode = audit.AppCode
 	auditLog.RequestID = audit.RequestID
 	auditLog.ExtendResourceName = audit.ExtendResourceName
+	auditLog.Scene = audit.Scene
+	auditLog.SceneDesc = audit.SceneDesc
+	auditLog.SceneCode = audit.SceneCode
 
 	if audit.OperationDetail == nil {
 		return nil
@@ -416,6 +442,9 @@ func (auditLog AuditLog) MarshalBSON() ([]byte, error) {
 	audit.AppCode = auditLog.AppCode
 	audit.RequestID = auditLog.RequestID
 	audit.ExtendResourceName = auditLog.ExtendResourceName
+	audit.Scene = auditLog.Scene
+	audit.SceneDesc = auditLog.SceneDesc
+	audit.SceneCode = auditLog.SceneCode
 	var err error
 	switch val := auditLog.OperationDetail.(type) {
 	default:

src/scene_server/admin_server/imports.go

@@ -120,4 +120,5 @@ import (
 	_ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202405141035"
 	_ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202410100930"
 	_ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202502101200"
+	_ "configcenter/src/scene_server/admin_server/upgrader/y3.14.202601121450"
 )

src/scene_server/admin_server/upgrader/y3.14.202601121450/add_audit_scene_index.go

@@ -0,0 +1,60 @@
+/*
+ * Tencent is pleased to support the open source community by making
+ * 蓝鲸智云 - 配置平台 (BlueKing - Configuration System) available.
+ * Copyright (C) 2017 Tencent. All rights reserved.
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at http://opensource.org/licenses/MIT
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ * We undertake not to change the open source license (MIT license) applicable
+ * to the current version of the project delivered to anyone in the future.
+ */
+
+package y3_14_202601121450
+
+import (
+	"context"
+
+	"configcenter/src/common"
+	"configcenter/src/common/blog"
+	"configcenter/src/scene_server/admin_server/upgrader"
+	"configcenter/src/storage/dal"
+	"configcenter/src/storage/dal/types"
+
+	"go.mongodb.org/mongo-driver/bson"
+)
+
+func addAuditLogSceneIndex(ctx context.Context, db dal.RDB, conf *upgrader.Config) error {
+	idxArr, err := db.Table(common.BKTableNameAuditLog).Indexes(ctx)
+	if err != nil {
+		blog.Errorf("get table %s index error. err:%s", common.BKTableNameAuditLog, err.Error())
+		return err
+	}
+
+	createIdxArr := []types.Index{
+		{Name: "index_scene", Keys: bson.D{{common.BKSceneField, 1}}, Background: true},
+		{Name: "index_scene_code", Keys: bson.D{{common.BKSceneCodeField, 1}}, Background: true},
+	}
+	for _, idx := range createIdxArr {
+		exist := false
+		for _, existIdx := range idxArr {
+			if existIdx.Name == idx.Name {
+				exist = true
+				break
+			}
+		}
+		if exist {
+			continue
+		}
+		if err := db.Table(common.BKTableNameAuditLog).CreateIndex(ctx, idx); err != nil && !db.IsDuplicatedError(err) {
+			blog.ErrorJSON("create index to BKTableNameAuditLog error, err:%s, current index:%s, all create index:%s", err.Error(), idx, createIdxArr)
+			return err
+		}
+	}
+
+	return nil
+}

src/scene_server/admin_server/upgrader/y3.14.202601121450/pkg.go

@@ -0,0 +1,42 @@
+/*
+ * Tencent is pleased to support the open source community by making
+ * 蓝鲸智云 - 配置平台 (BlueKing - Configuration System) available.
+ * Copyright (C) 2017 Tencent. All rights reserved.
+ * Licensed under the MIT License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at http://opensource.org/licenses/MIT
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ * We undertake not to change the open source license (MIT license) applicable
+ * to the current version of the project delivered to anyone in the future.
+ */
+
+package y3_14_202601121450
+
+import (
+	"context"
+
+	"configcenter/src/common/blog"
+	"configcenter/src/scene_server/admin_server/upgrader"
+	"configcenter/src/storage/dal"
+)
+
+func init() {
+	upgrader.RegistUpgrader("y3.14.202601121450", upgrade)
+}
+
+func upgrade(ctx context.Context, db dal.RDB, conf *upgrader.Config) (err error) {
+
+	blog.Infof("start execute y3.14.202601121450")
+	err = addAuditLogSceneIndex(ctx, db, conf)
+	if err != nil {
+		blog.Errorf("upgrade y3.14.202601121450 add audit log scene index failed, error: %v", err)
+		return err
+	}
+	blog.Infof("execute y3.14.202601121450, add audit log scene index success!")
+
+	return nil
+}

src/scene_server/topo_server/service/auditlog.go

@@ -60,7 +60,7 @@ func (s *Service) SearchAuditList(ctx *rest.Contexts) {
 	// the front-end table display fields
 	fields := []string{common.BKFieldID, common.BKUser, common.BKResourceTypeField, common.BKActionField,
 		common.BKOperationTimeField, common.BKAppIDField, common.BKResourceIDField, common.BKResourceNameField,
-		common.BKExtendResourceNameField}
+		common.BKExtendResourceNameField, common.BKSceneField, common.BKSceneDescField, common.BKSceneCodeField}
 
 	cond := mapstr.MapStr{}
 	condition := query.Condition
@@ -171,6 +171,14 @@ func (s *Service) parseAuditCond(kit *rest.Kit, condition metadata.AuditQueryCon
 		cond[common.BKAppIDField] = condition.BizID
 	}
 
+	if condition.Scene != "" {
+		cond[common.BKSceneField] = condition.Scene
+	}
+
+	if condition.SceneCode != "" {
+		cond[common.BKSceneCodeField] = condition.SceneCode
+	}
+
 	if condition.ResourceID != nil {
 		cond[common.BKResourceIDField] = condition.ResourceID
 	}
@@ -367,6 +375,14 @@ func buildInstAuditCondition(ctx *rest.Contexts, query metadata.InstAuditConditi
 		cond[common.BKFieldID] = mapstr.MapStr{common.BKDBIN: query.ID}
 	}
 
+	if query.Scene != "" {
+		cond[common.BKSceneField] = query.Scene
+	}
+
+	if query.SceneCode != "" {
+		cond[common.BKSceneCodeField] = query.SceneCode
+	}
+
 	timeCond, err := parseOperationTimeCondition(ctx.Kit, query.OperationTime)
 	if err != nil {
 		blog.Errorf("parse operation time condition failed, err: %v, rid: %s", err, ctx.Kit.Rid)

src/source_controller/coreservice/core/auditlog/audit.go

@@ -72,6 +72,10 @@ func (m *auditManager) CreateAuditLog(kit *rest.Kit, logs ...metadata.AuditLog)
 		if rid := kit.Rid; len(rid) > 0 {
 			log.RequestID = kit.Rid
 		}
+
+		log.Scene = httpheader.GetScene(kit.Header)
+		log.SceneDesc = httpheader.GetSceneDesc(kit.Header)
+		log.SceneCode = httpheader.GetSceneCode(kit.Header)
 		log.OperationTime = metadata.Now()
 		log.ID = int64(ids[index])