bcs-project-manager、bcs-helm-manager、bcs-monitor、cluster-resources添加查…

…看审计类型 (#2720)
TencentBlueKing · Oct 31, 2023 · e6fa0b8 · e6fa0b8
1 parent 2cd3607
commit e6fa0b8
Show file tree

Hide file tree

Showing 8 changed files with 203 additions and 61 deletions.
diff --git a/bcs-services/bcs-helm-manager/go.mod b/bcs-services/bcs-helm-manager/go.mod
@@ -43,7 +43,7 @@ require (
 require (
 	github.com/Tencent/bk-bcs/bcs-common v0.0.0-20230607093333-1f5cd2719e19
 	github.com/Tencent/bk-bcs/bcs-common/common/encryptv2 v0.0.0-20230911112816-85f490b1c029
-	github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20230908014411-0783f4d68dd5
+	github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20231030071618-1e6240162176
 	github.com/Tencent/bk-bcs/bcs-services/pkg v0.0.0-20230908014411-0783f4d68dd5
 	github.com/chartmuseum/helm-push v0.10.4
 	github.com/goccy/go-yaml v1.9.6

diff --git a/bcs-services/bcs-helm-manager/internal/wrapper/response.go b/bcs-services/bcs-helm-manager/internal/wrapper/response.go
@@ -155,64 +155,134 @@ func getResourceID(req server.Request) resource {
 	return resourceID
 }
 
-var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.Resource, audit.Action){
-	"HelmManager.DeleteChart": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+var auditFuncMap = map[string]func(req server.Request) (audit.Resource, audit.Action){
+	"HelmManager.GetChartDetailV1": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_chart_detail", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.GetVersionDetailV1": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_version_detail", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.DeleteChart": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "delete_chart", ActivityType: audit.ActivityTypeDelete}
 	},
-	"HelmManager.DeleteChartVersion": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.DeleteChartVersion": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "delete_chart_version", ActivityType: audit.ActivityTypeDelete}
 	},
-	"HelmManager.InstallReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.GetChartRelease": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_chart_release", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.GetReleaseDetailV1": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_release_detail", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.InstallReleaseV1": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "install_release", ActivityType: audit.ActivityTypeCreate}
 	},
-	"HelmManager.UninstallReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.UninstallReleaseV1": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "uninstall_release", ActivityType: audit.ActivityTypeDelete}
 	},
-	"HelmManager.UpgradeReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.UpgradeReleaseV1": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "upgrade_release", ActivityType: audit.ActivityTypeUpdate}
 	},
-	"HelmManager.RollbackReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.RollbackReleaseV1": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "rollback_release", ActivityType: audit.ActivityTypeUpdate}
 	},
-	"HelmManager.InstallAddons": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.ReleasePreview": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "release_preview", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.GetReleaseHistory": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_release_history", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.GetReleaseManifest": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_release_manifest", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.GetReleaseStatus": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_release_status", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.GetReleasePods": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_release_pods", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.GetAddonsDetail": func(req server.Request) (audit.Resource, audit.Action) {
+		res := getResourceID(req)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_addons_detail", ActivityType: audit.ActivityTypeView}
+	},
+	"HelmManager.InstallAddons": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "install_addons", ActivityType: audit.ActivityTypeCreate}
 	},
-	"HelmManager.UpgradeAddons": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.UpgradeAddons": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name,
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "upgrade_addons", ActivityType: audit.ActivityTypeUpdate}
 	},
-	"HelmManager.UninstallAddons": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint
+	"HelmManager.UninstallAddons": func(req server.Request) (audit.Resource, audit.Action) {
 		res := getResourceID(req)
 		return audit.Resource{
 			ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name,
@@ -228,7 +298,7 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim
 		return
 	}
 
-	res, act := fn(req, rsp)
+	res, act := fn(req)
 
 	auditCtx := audit.RecorderContext{
 		Username:  auth.GetUserFromCtx(ctx),
@@ -269,6 +339,12 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim
 	if result.ResultCode != int(common.ErrHelmManagerSuccess) {
 		result.Status = audit.ActivityStatusFailed
 	}
-	_ = component.GetAuditClient().R().
-		SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do()
+
+	// add audit
+	auditAction := component.GetAuditClient().R()
+	// 查看类型不用记录 activity
+	if act.ActivityType == audit.ActivityTypeView {
+		auditAction.DisableActivity()
+	}
+	_ = auditAction.SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do()
 }
diff --git a/bcs-services/bcs-monitor/go.mod b/bcs-services/bcs-monitor/go.mod
@@ -4,7 +4,7 @@ go 1.20
 
 require (
 	github.com/Tencent/bk-bcs/bcs-common v0.0.0-20230920065036-5ec367ec2378
-	github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20230921024236-fc3b5f7e6d87
+	github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20231027074658-46b201bef8d8
 	github.com/Tencent/bk-bcs/bcs-common/pkg/auth v0.0.0-20230918042150-6020611e4f01
 	github.com/Tencent/bk-bcs/bcs-common/pkg/otel v0.0.0-20230901032130-5c3e207129c5
 	github.com/Tencent/bk-bcs/bcs-runtime/bcs-k8s/kubebkbcs v0.0.0-20230506100250-1d5620f4abf4

diff --git a/bcs-services/bcs-monitor/pkg/rest/rest.go b/bcs-services/bcs-monitor/pkg/rest/rest.go
@@ -209,6 +209,14 @@ func getResourceID(b []byte, ctx *Context) resource {
 }
 
 var auditFuncMap = map[string]func(b []byte, ctx *Context) (audit.Resource, audit.Action){
+	"POST./projects/:projectId/clusters/:clusterId/log_collector/entrypoints": func(
+		b []byte, ctx *Context) (audit.Resource, audit.Action) {
+		res := getResourceID(b, ctx)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeLogRule, ResourceID: res.ClusterID, ResourceName: res.ClusterID,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_log_rule", ActivityType: audit.ActivityTypeView}
+	},
 	"POST./projects/:projectId/clusters/:clusterId/log_collector/rules": func(
 		b []byte, ctx *Context) (audit.Resource, audit.Action) {
 		// resourceData解析
@@ -218,6 +226,14 @@ var auditFuncMap = map[string]func(b []byte, ctx *Context) (audit.Resource, audi
 			ResourceData: res.toMap(),
 		}, audit.Action{ActionID: "create_log_rule", ActivityType: audit.ActivityTypeCreate}
 	},
+	"GET./projects/:projectId/clusters/:clusterId/log_collector/rules/:id": func(
+		b []byte, ctx *Context) (audit.Resource, audit.Action) {
+		res := getResourceID(b, ctx)
+		return audit.Resource{
+			ResourceType: audit.ResourceTypeLogRule, ResourceID: res.RuleID, ResourceName: res.RuleID,
+			ResourceData: res.toMap(),
+		}, audit.Action{ActionID: "get_log_rule", ActivityType: audit.ActivityTypeView}
+	},
 	"PUT./projects/:projectId/clusters/:clusterId/log_collector/rules/:id": func(
 		b []byte, ctx *Context) (audit.Resource, audit.Action) {
 		res := getResourceID(b, ctx)
@@ -298,8 +314,14 @@ func addAudit(ctx *Context, b []byte, startTime, endTime time.Time, code int, me
 	if code != 0 {
 		result.Status = audit.ActivityStatusFailed
 	}
-	_ = component.GetAuditClient().R().
-		SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do()
+
+	// add audit
+	auditAction := component.GetAuditClient().R()
+	// 查看类型不用记录activity
+	if act.ActivityType == audit.ActivityTypeView {
+		auditAction.DisableActivity()
+	}
+	_ = auditAction.SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do()
 }
 
 // 获取请求体

diff --git a/bcs-services/bcs-project-manager/go.mod b/bcs-services/bcs-project-manager/go.mod
@@ -145,7 +145,7 @@ require (
 
 require (
 	github.com/Tencent/bk-bcs/bcs-common v0.0.0-20230913100253-5f6cd1c89f29
-	github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20230913100253-5f6cd1c89f29
+	github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20231030071618-1e6240162176
 	github.com/Tencent/bk-bcs/bcs-common/pkg/auth v0.0.0-20230913100253-5f6cd1c89f29
 	github.com/Tencent/bk-bcs/bcs-common/pkg/i18n v0.0.0-20230817073110-e2040bc0a4cf
 	github.com/Tencent/bk-bcs/bcs-services/pkg v0.0.0-20230607093333-1f5cd2719e19