[Server] fix agent permission

deepflowio · May 30, 2024 · 73ed65a · 73ed65a
1 parent 9fd5b4c
commit 73ed65a
Show file tree

Hide file tree

Showing 14 changed files with 97 additions and 68 deletions.
diff --git a/cli/ctl/agent_group.go b/cli/ctl/agent_group.go
@@ -122,7 +122,7 @@ func createAgentGroup(cmd *cobra.Command, args []string, groupID string) {
 	url := fmt.Sprintf("http://%s:%d/v1/vtap-groups/", server.IP, server.Port)
 
 	// 调用采集器组API，并输出返回结果
-	body := map[string]interface{}{"name": args[0], "group_id": groupID}
+	body := map[string]interface{}{"name": args[0], "group_id": groupID, "team_id": 1, "user_id": 1}
 	_, err := common.CURLPerform("POST", url, body, "",
 		[]common.HTTPOption{common.WithTimeout(common.GetTimeout(cmd)), common.WithORGID(common.GetORGID(cmd))}...)
 	if err != nil {

diff --git a/server/controller/common/const.go b/server/controller/common/const.go
@@ -695,7 +695,9 @@ const (
 	SET_RESOURCE_TYPE_DOMAIN     = "domain"
 	SET_RESOURCE_TYPE_SUB_DOMAIN = "sub_domain"
 
-	SET_RESOURCE_TYPE_AGENT = "agent"
+	SET_RESOURCE_TYPE_AGENT              = "agent"
+	SET_RESOURCE_TYPE_AGENT_GROUP        = "agent_group"
+	SET_RESOURCE_TYPE_AGENT_GROUP_CONFIG = "agent_group_config"
 )
 
 const TRISOLARIS_NODE_TYPE_MASTER = "master"
diff --git a/server/controller/db/mysql/migration/rawsql/init.sql b/server/controller/db/mysql/migration/rawsql/init.sql
@@ -1536,7 +1536,8 @@ TRUNCATE TABLE policy_acl_group;
 
 CREATE TABLE IF NOT EXISTS vtap_group_configuration(
     id                                      INTEGER        NOT NULL AUTO_INCREMENT PRIMARY KEY,
-    team_id                                 INTEGER,
+    user_id                                 INTEGER DEFAULT 1,
+    team_id                                 INTEGER DEFAULT 1,
     max_collect_pps                         INTEGER        DEFAULT NULL,
     max_npb_bps                             BIGINT         DEFAULT NULL     COMMENT 'unit: bps',
     max_cpus                                INTEGER        DEFAULT NULL,

diff --git a/server/controller/db/mysql/migration/rawsql/issu/6.5.1.32.sql b/server/controller/db/mysql/migration/rawsql/issu/6.5.1.32.sql
@@ -31,6 +31,8 @@ CALL AddColumnIfNotExists('sub_domain', 'team_id', 'id');
 
 DROP PROCEDURE AddColumnIfNotExists;
 
+
+
 -- update db_version to latest, remeber update DB_VERSION_EXPECT in migrate/init.go
 UPDATE db_version SET version='6.5.1.32';
 -- modify end
diff --git a/server/controller/db/mysql/migration/rawsql/issu/6.5.1.37.sql b/server/controller/db/mysql/migration/rawsql/issu/6.5.1.37.sql
@@ -0,0 +1,37 @@
+-- modify start, add upgrade sql
+DROP PROCEDURE IF EXISTS AddColumnIfNotExists;
+
+CREATE PROCEDURE AddColumnIfNotExists(
+    IN tableName VARCHAR(255),
+    IN colName VARCHAR(255),
+    IN afterCol VARCHAR(255)
+)
+BEGIN
+    DECLARE column_count INT;
+
+    -- 检查列是否存在
+    SELECT COUNT(*)
+    INTO column_count
+    FROM information_schema.columns
+    WHERE TABLE_SCHEMA = DATABASE()
+    AND TABLE_NAME = tableName
+    AND column_name = colName;
+
+    -- 如果列不存在，则添加列
+    IF column_count = 0 THEN
+        SET @sql = CONCAT('ALTER TABLE ', tableName, ' ADD COLUMN ', colName, ' INTEGER DEFAULT null AFTER ', afterCol);
+        PREPARE stmt FROM @sql;
+        EXECUTE stmt;
+        DEALLOCATE PREPARE stmt;
+    END IF;
+END;
+
+CALL AddColumnIfNotExists('vtap_group', 'user_id', 'id');
+
+DROP PROCEDURE AddColumnIfNotExists;
+
+UPDATE vtap_group SET user_id=1 WHERE user_id IS NULL; 
+
+-- update db_version to latest, remeber update DB_VERSION_EXPECT in migrate/init.go
+UPDATE db_version SET version='6.5.1.37';
+-- modify end
diff --git a/server/controller/db/mysql/migration/version.go b/server/controller/db/mysql/migration/version.go
@@ -18,5 +18,5 @@ package migration
 
 const (
 	DB_VERSION_TABLE    = "db_version"
-	DB_VERSION_EXPECTED = "6.5.1.36"
+	DB_VERSION_EXPECTED = "6.5.1.37"
 )
diff --git a/server/controller/db/mysql/model.go b/server/controller/db/mysql/model.go
@@ -213,6 +213,7 @@ type VTapGroup struct {
 	Lcuuid    string    `gorm:"column:lcuuid;type:char(64);not null" json:"LCUUID"`
 	ShortUUID string    `gorm:"column:short_uuid;type:char(32);default:null" json:"SHORT_UUID"`
 	TeamID    int       `gorm:"column:team_id;type:int;default:0" json:"TEAM_ID"`
+	UserID    int       `gorm:"column:user_id;type:int;default:null" json:"USER_ID"`
 }
 
 func (VTapGroup) TableName() string {

diff --git a/server/controller/http/router/vtap_group.go b/server/controller/http/router/vtap_group.go
@@ -66,6 +66,9 @@ func (v *VtapGroup) getVtapGroups() gin.HandlerFunc {
 		if value, ok := c.GetQuery("team_id"); ok {
 			args["team_id"] = value
 		}
+		if value, ok := c.GetQuery("user_id"); ok {
+			args["user_id"] = value
+		}
 		agentGroupService := service.NewAgentGroup(httpcommon.GetUserInfo(c), v.cfg)
 		data, err := agentGroupService.Get(args)
 		JsonResponse(c, data, err)
@@ -98,7 +101,6 @@ func (v *VtapGroup) updateVtapGroup() gin.HandlerFunc {
 		var err error
 		var vtapGroupUpdate model.VtapGroupUpdate
 
-		// 参数校验
 		err = c.ShouldBindBodyWith(&vtapGroupUpdate, binding.JSON)
 		if err != nil {
 			BadRequestResponse(c, httpcommon.INVALID_PARAMETERS, err.Error())
@@ -108,14 +110,13 @@ func (v *VtapGroup) updateVtapGroup() gin.HandlerFunc {
 		// 接收参数
 		// 避免struct会有默认值，这里转为map作为函数入参
 		patchMap := map[string]interface{}{}
-		c.ShouldBindBodyWith(&patchMap, binding.JSON)
-		if _, ok := patchMap["TEAM_ID"]; !ok {
-			patchMap["TEAM_ID"] = 1
+		if err := c.ShouldBindBodyWith(&patchMap, binding.JSON); err != nil {
+			BadRequestResponse(c, httpcommon.SERVER_ERROR, err.Error())
+			return
 		}
 
-		lcuuid := c.Param("lcuuid")
 		agentGroupService := service.NewAgentGroup(httpcommon.GetUserInfo(c), v.cfg)
-		data, err := agentGroupService.Update(lcuuid, patchMap, v.cfg)
+		data, err := agentGroupService.Update(c.Param("lcuuid"), patchMap, v.cfg)
 		JsonResponse(c, data, err)
 	})
 }

diff --git a/server/controller/http/router/vtap_group_config.go b/server/controller/http/router/vtap_group_config.go
@@ -79,15 +79,14 @@ func deleteVTapGroupConfig(cfg *config.ControllerConfig) gin.HandlerFunc {
 
 func updateVTapGroupConfig(cfg *config.ControllerConfig) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		lcuuid := c.Param("lcuuid")
 		vTapGroupConfig := &agent_config.AgentGroupConfig{}
-		err := c.ShouldBindBodyWith(&vTapGroupConfig, binding.JSON)
-		if err == nil {
-			data, err := service.NewAgentGroupConfig(common.GetUserInfo(c), cfg).UpdateVTapGroupConfig(common.GetUserInfo(c).ORGID, lcuuid, vTapGroupConfig)
-			JsonResponse(c, data, err)
-		} else {
-			JsonResponse(c, nil, err)
+		if err := c.ShouldBindBodyWith(&vTapGroupConfig, binding.JSON); err != nil {
+			BadRequestResponse(c, common.INVALID_PARAMETERS, err.Error())
+			return
 		}
+		data, err := service.NewAgentGroupConfig(common.GetUserInfo(c), cfg).
+			UpdateVTapGroupConfig(common.GetUserInfo(c).ORGID, c.Param("lcuuid"), vTapGroupConfig)
+		JsonResponse(c, data, err)
 	}
 }
 

diff --git a/server/controller/http/service/vtap_group.go b/server/controller/http/service/vtap_group.go
@@ -66,17 +66,10 @@ func (a *AgentGroup) Get(filter map[string]interface{}) (resp []model.VtapGroup,
 		return nil, err
 	}
 	Db, vtapDB := dbInfo.DB, dbInfo.DB
-	if _, ok := filter["lcuuid"]; ok {
-		Db = Db.Where("lcuuid = ?", filter["lcuuid"])
-	}
-	if _, ok := filter["name"]; ok {
-		Db = Db.Where("name = ?", filter["name"])
-	}
-	if _, ok := filter["short_uuid"]; ok {
-		Db = Db.Where("short_uuid = ?", filter["short_uuid"])
-	}
-	if _, ok := filter["team_id"]; ok {
-		Db = Db.Where("team_id = ?", filter["team_id"])
+	for _, field := range []string{"lcuuid", "name", "short_uuid", "team_id", "user_id"} {
+		if v, ok := filter[field]; ok {
+			Db = Db.Where(fmt.Sprintf("%s = ?", field), v)
+		}
 	}
 	Db.Order("created_at DESC").Find(&allVTapGroups)
 	vtapGroups, err := getAgentGroupByUser(userInfo, &a.cfg.FPermit, allVTapGroups)
@@ -114,6 +107,7 @@ func (a *AgentGroup) Get(filter map[string]interface{}) (resp []model.VtapGroup,
 			ShortUUID:          vtapGroup.ShortUUID,
 			Lcuuid:             vtapGroup.Lcuuid,
 			TeamID:             vtapGroup.TeamID,
+			UserID:             vtapGroup.UserID,
 			UpdatedAt:          vtapGroup.UpdatedAt.Format(common.GO_BIRTHDAY),
 			VtapLcuuids:        []string{},
 			PendingVtapLcuuids: []string{},
@@ -140,14 +134,14 @@ func (a *AgentGroup) Get(filter map[string]interface{}) (resp []model.VtapGroup,
 }
 
 func (a *AgentGroup) Create(vtapGroupCreate model.VtapGroupCreate) (resp model.VtapGroup, err error) {
-	userInfo := a.resourceAccess.userInfo
-	if err := a.resourceAccess.CanAddResource(vtapGroupCreate.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
+	lcuuid := uuid.New().String()
+	if err := a.resourceAccess.CanAddResource(vtapGroupCreate.TeamID, common.SET_RESOURCE_TYPE_AGENT_GROUP, lcuuid); err != nil {
 		return model.VtapGroup{}, err
 	}
 
 	cfg := a.cfg
 	var vtapGroupCount int64
-
+	userInfo := a.resourceAccess.userInfo
 	dbInfo, err := mysql.GetDB(userInfo.ORGID)
 	if err != nil {
 		return model.VtapGroup{}, err
@@ -184,11 +178,11 @@ func (a *AgentGroup) Create(vtapGroupCreate model.VtapGroupCreate) (resp model.V
 	}
 
 	vtapGroup := mysql.VTapGroup{}
-	lcuuid := uuid.New().String()
 	vtapGroup.Lcuuid = lcuuid
 	vtapGroup.ShortUUID = shortUUID
 	vtapGroup.Name = vtapGroupCreate.Name
 	vtapGroup.TeamID = vtapGroupCreate.TeamID
+	vtapGroup.UserID = a.resourceAccess.userInfo.ID
 	db.Create(&vtapGroup)
 
 	var allVTaps []mysql.VTap
@@ -245,7 +239,12 @@ func (a *AgentGroup) Update(lcuuid string, vtapGroupUpdate map[string]interface{
 	if ret := db.Where("lcuuid = ?", lcuuid).First(&vtapGroup); ret.Error != nil {
 		return model.VtapGroup{}, NewError(httpcommon.RESOURCE_NOT_FOUND, fmt.Sprintf("vtap_group (%s) not found", lcuuid))
 	}
-	if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, "", nil); err != nil {
+	resourceUpdate := map[string]interface{}{
+		"team_id":       vtapGroupUpdate["TEAM_ID"],
+		"owner_user_id": vtapGroupUpdate["USER_ID"],
+	}
+	if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID,
+		common.SET_RESOURCE_TYPE_AGENT_GROUP, vtapGroup.Lcuuid, resourceUpdate); err != nil {
 		return model.VtapGroup{}, err
 	}
 
@@ -268,14 +267,9 @@ func (a *AgentGroup) Update(lcuuid string, vtapGroupUpdate map[string]interface{
 
 	if _, ok := vtapGroupUpdate["TEAM_ID"]; ok {
 		dbUpdateMap["team_id"] = vtapGroupUpdate["TEAM_ID"]
-		// update vtap team id
-		var vtaps []mysql.VTap
-		db.Where("vtap_group_lcuuid IN (?)", vtapGroup.Lcuuid).Find(&vtaps)
-		for _, vtap := range vtaps {
-			log.Infof("ORG(id=%d database=%s) update team(%v -> %v)",
-				dbInfo.ORGID, dbInfo.Name, vtap.TeamID, dbUpdateMap["team_id"])
-			db.Model(vtap).Update("team_id", dbUpdateMap["team_id"])
-		}
+	}
+	if _, ok := vtapGroupUpdate["USER_ID"]; ok {
+		dbUpdateMap["user_id"] = vtapGroupUpdate["USER_ID"]
 	}
 
 	// 修改组内采集器
@@ -325,20 +319,16 @@ func (a *AgentGroup) Update(lcuuid string, vtapGroupUpdate map[string]interface{
 
 		for _, lcuuid := range delVtapLcuuids.ToSlice() {
 			vtap := lcuuidToOldVtap[lcuuid.(string)]
-			log.Infof("ORG(id=%d database=%s) update vtap group lcuuid(%s -> %s), team(%v -> %v)",
-				dbInfo.ORGID, dbInfo.Name, vtap.VtapGroupLcuuid, defaultVtapGroup.Lcuuid, vtapGroup.TeamID, common.DEFAULT_TEAM_ID)
-			db.Model(vtap).Updates(map[string]interface{}{"vtap_group_lcuuid": defaultVtapGroup.Lcuuid, "team_id": common.DEFAULT_TEAM_ID})
+			log.Infof("ORG(id=%d database=%s) update vtap group lcuuid(%s -> %s)",
+				dbInfo.ORGID, dbInfo.Name, vtap.VtapGroupLcuuid, defaultVtapGroup.Lcuuid)
+			db.Model(vtap).Updates(map[string]interface{}{"vtap_group_lcuuid": defaultVtapGroup.Lcuuid})
 		}
 
-		teamID := dbUpdateMap["team_id"]
-		if teamID == "" {
-			teamID = vtapGroup.TeamID
-		}
 		for _, lcuuid := range addVtapLcuuids.ToSlice() {
 			vtap := lcuuidToNewVtap[lcuuid.(string)]
-			log.Infof("ORG(id=%d database=%s) update vtap group lcuuid(%s - > %s), team(%v -> %v)",
-				dbInfo.ORGID, dbInfo.Name, vtap.VtapGroupLcuuid, vtapGroup.Lcuuid, vtapGroup.TeamID, teamID)
-			db.Model(vtap).Updates(map[string]interface{}{"vtap_group_lcuuid": vtapGroup.Lcuuid, "team_id": teamID})
+			log.Infof("ORG(id=%d database=%s) update vtap group lcuuid(%s - > %s)",
+				dbInfo.ORGID, dbInfo.Name, vtap.VtapGroupLcuuid, vtapGroup.Lcuuid)
+			db.Model(vtap).Updates(map[string]interface{}{"vtap_group_lcuuid": vtapGroup.Lcuuid})
 		}
 	}
 
@@ -362,7 +352,7 @@ func (a *AgentGroup) Delete(lcuuid string) (resp map[string]string, err error) {
 	if ret := db.Where("lcuuid = ?", lcuuid).First(&vtapGroup); ret.Error != nil {
 		return map[string]string{}, NewError(httpcommon.RESOURCE_NOT_FOUND, fmt.Sprintf("vtap_group (%s) not found", lcuuid))
 	}
-	if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
+	if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT_GROUP, vtapGroup.Lcuuid); err != nil {
 		return nil, err
 	}
 

diff --git a/server/controller/http/service/vtap_group_config.go b/server/controller/http/service/vtap_group_config.go
@@ -536,14 +536,14 @@ func (a *AgentGroupConfig) CreateVTapGroupConfig(orgID int, createData *agent_co
 		return nil, fmt.Errorf("vtapgroup (%s) not found", vTapGroupLcuuid)
 	}
 
-	if err := a.resourceAccess.CanAddResource(dbGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
+	lcuuid := uuid.New().String()
+	if err := a.resourceAccess.CanAddResource(dbGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT_GROUP_CONFIG, lcuuid); err != nil {
 		return nil, err
 	}
 
 	dbData := &agent_config.AgentGroupConfigModel{}
 	convertJsonToDb(createData, dbData)
 	dbData.VTapGroupLcuuid = createData.VTapGroupLcuuid
-	lcuuid := uuid.New().String()
 	dbData.Lcuuid = &lcuuid
 	db.Create(dbData)
 	refresh.RefreshCache(orgID, []common.DataChanged{common.DATA_CHANGED_VTAP})
@@ -569,7 +569,7 @@ func (a *AgentGroupConfig) DeleteVTapGroupConfig(orgID int, lcuuid string) (*age
 	if err := db.Where("lcuuid = ?", dbConfig.VTapGroupLcuuid).First(&vtapGroup).Error; err != nil {
 		return nil, err
 	}
-	if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, ""); err != nil {
+	if err := a.resourceAccess.CanDeleteResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT_GROUP_CONFIG, lcuuid); err != nil {
 		return nil, err
 	}
 
@@ -597,7 +597,8 @@ func (a *AgentGroupConfig) UpdateVTapGroupConfig(orgID int, lcuuid string, updat
 	if err := db.Where("lcuuid = ?", dbConfig.VTapGroupLcuuid).First(&vtapGroup).Error; err != nil {
 		return nil, err
 	}
-	if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID, common.SET_RESOURCE_TYPE_AGENT, "", nil); err != nil {
+	if err := a.resourceAccess.CanUpdateResource(vtapGroup.TeamID,
+		common.SET_RESOURCE_TYPE_AGENT_GROUP_CONFIG, lcuuid, nil); err != nil {
 		return nil, err
 	}
 

diff --git a/server/controller/model/model.go b/server/controller/model/model.go
@@ -227,6 +227,7 @@ type VtapGroup struct {
 	ShortUUID          string   `json:"SHORT_UUID"`
 	Lcuuid             string   `json:"LCUUID"`
 	TeamID             int      `json:"TEAM_ID"`
+	UserID             int      `json:"USER_ID"`
 	VtapLcuuids        []string `json:"VTAP_LCUUIDS"`
 	DisableVtapLcuuids []string `json:"DISABLE_VTAP_LCUUIDS"`
 	PendingVtapLcuuids []string `json:"PENDING_VTAP_LCUUIDS"`

diff --git a/server/controller/tagrecorder/check/ch_chost_cloud_tags.go b/server/controller/tagrecorder/check/ch_chost_cloud_tags.go
@@ -39,7 +39,7 @@ func NewChChostCloudTags() *ChChostCloudTags {
 
 func (c *ChChostCloudTags) generateNewData() (map[CloudTagsKey]mysql.ChChostCloudTags, bool) {
 	var vms []mysql.VM
-	err := mysql.Db.Unscoped().Find(&vms).Error
+	err := c.db.Unscoped().Find(&vms).Error
 	if err != nil {
 		log.Errorf(dbQueryResourceFailed(c.resourceTypeName, err))
 		return nil, false

diff --git a/server/controller/trisolaris/services/grpc/synchronize/remote_execute.go b/server/controller/trisolaris/services/grpc/synchronize/remote_execute.go
@@ -19,7 +19,6 @@ package synchronize
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 
@@ -87,10 +86,7 @@ func (e *VTapEvent) RemoteExecute(stream api.Synchronizer_RemoteExecuteServer) e
 					continue
 				}
 
-				err = handleResponse(resp)
-				if err != nil {
-					log.Error(err)
-				}
+				handleResponse(resp)
 			}
 		}
 	}()
@@ -112,8 +108,6 @@ func (e *VTapEvent) RemoteExecute(stream api.Synchronizer_RemoteExecuteServer) e
 	}
 }
 
-var ErrEndRecv = errors.New("end receive")
-
 func handleResponse(resp *trident.RemoteExecResponse) error {
 	key := resp.AgentId.GetIp() + "-" + resp.AgentId.GetMac()
 	manager, ok := service.AgentRemoteExecMap[key]
@@ -133,15 +127,15 @@ func handleResponse(resp *trident.RemoteExecResponse) error {
 			manager.AppendNamespaces(resp.LinuxNamespaces)
 		}
 		manager.LinuxNamespaceDoneCH <- struct{}{}
-		return ErrEndRecv
+		return nil
 	case len(resp.Commands) > 0:
 		if len(manager.GetCommands()) > 0 {
 			manager.InitCommands(resp.Commands)
 		} else {
 			manager.AppendCommands(resp.Commands)
 		}
 		manager.RemoteCMDDoneCH <- struct{}{}
-		return ErrEndRecv
+		return nil
 	default:
 		log.Infof("agent(key: %s) command response", key)
 		result := resp.CommandResult
@@ -156,14 +150,14 @@ func handleResponse(resp *trident.RemoteExecResponse) error {
 				key, *result.Errmsg)
 			manager.AppendErr(result.Errmsg)
 			manager.ExecDoneCH <- struct{}{}
-			return ErrEndRecv
+			return nil
 		}
 		if result.Content != nil {
 			manager.AppendContent(result.Content)
 		}
 		if result.Md5 != nil {
 			manager.ExecDoneCH <- struct{}{}
-			return ErrEndRecv
+			return nil
 		}
 	}
 	return nil