diff --git a/bcs-services/bcs-helm-manager/go.mod b/bcs-services/bcs-helm-manager/go.mod index f3db7bef9f..58a2b8b5e3 100644 --- a/bcs-services/bcs-helm-manager/go.mod +++ b/bcs-services/bcs-helm-manager/go.mod @@ -43,7 +43,7 @@ require ( require ( github.com/Tencent/bk-bcs/bcs-common v0.0.0-20230607093333-1f5cd2719e19 github.com/Tencent/bk-bcs/bcs-common/common/encryptv2 v0.0.0-20230911112816-85f490b1c029 - github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20230908014411-0783f4d68dd5 + github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20231030071618-1e6240162176 github.com/Tencent/bk-bcs/bcs-services/pkg v0.0.0-20230908014411-0783f4d68dd5 github.com/chartmuseum/helm-push v0.10.4 github.com/goccy/go-yaml v1.9.6 diff --git a/bcs-services/bcs-helm-manager/internal/wrapper/response.go b/bcs-services/bcs-helm-manager/internal/wrapper/response.go index ee6d6b18a2..3ca59c36d8 100644 --- a/bcs-services/bcs-helm-manager/internal/wrapper/response.go +++ b/bcs-services/bcs-helm-manager/internal/wrapper/response.go @@ -155,64 +155,134 @@ func getResourceID(req server.Request) resource { return resourceID } -var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.Resource, audit.Action){ - "HelmManager.DeleteChart": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint +var auditFuncMap = map[string]func(req server.Request) (audit.Resource, audit.Action){ + "HelmManager.GetChartDetailV1": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_chart_detail", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.GetVersionDetailV1": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_version_detail", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.DeleteChart": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "delete_chart", ActivityType: audit.ActivityTypeDelete} }, - "HelmManager.DeleteChartVersion": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.DeleteChartVersion": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "delete_chart_version", ActivityType: audit.ActivityTypeDelete} }, - "HelmManager.InstallReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.GetChartRelease": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeChart, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_chart_release", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.GetReleaseDetailV1": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_release_detail", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.InstallReleaseV1": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "install_release", ActivityType: audit.ActivityTypeCreate} }, - "HelmManager.UninstallReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.UninstallReleaseV1": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "uninstall_release", ActivityType: audit.ActivityTypeDelete} }, - "HelmManager.UpgradeReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.UpgradeReleaseV1": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "upgrade_release", ActivityType: audit.ActivityTypeUpdate} }, - "HelmManager.RollbackReleaseV1": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.RollbackReleaseV1": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "rollback_release", ActivityType: audit.ActivityTypeUpdate} }, - "HelmManager.InstallAddons": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.ReleasePreview": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "release_preview", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.GetReleaseHistory": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_release_history", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.GetReleaseManifest": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_release_manifest", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.GetReleaseStatus": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_release_status", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.GetReleasePods": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeHelm, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_release_pods", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.GetAddonsDetail": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_addons_detail", ActivityType: audit.ActivityTypeView} + }, + "HelmManager.InstallAddons": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "install_addons", ActivityType: audit.ActivityTypeCreate} }, - "HelmManager.UpgradeAddons": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.UpgradeAddons": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "upgrade_addons", ActivityType: audit.ActivityTypeUpdate} }, - "HelmManager.UninstallAddons": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { // nolint + "HelmManager.UninstallAddons": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ResourceType: audit.ResourceTypeAddons, ResourceID: res.Name, ResourceName: res.Name, @@ -228,7 +298,7 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim return } - res, act := fn(req, rsp) + res, act := fn(req) auditCtx := audit.RecorderContext{ Username: auth.GetUserFromCtx(ctx), @@ -269,6 +339,12 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim if result.ResultCode != int(common.ErrHelmManagerSuccess) { result.Status = audit.ActivityStatusFailed } - _ = component.GetAuditClient().R(). - SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() + + // add audit + auditAction := component.GetAuditClient().R() + // 查看类型不用记录 activity + if act.ActivityType == audit.ActivityTypeView { + auditAction.DisableActivity() + } + _ = auditAction.SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() } diff --git a/bcs-services/bcs-monitor/go.mod b/bcs-services/bcs-monitor/go.mod index 23cabac67b..b24464871d 100644 --- a/bcs-services/bcs-monitor/go.mod +++ b/bcs-services/bcs-monitor/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/Tencent/bk-bcs/bcs-common v0.0.0-20230920065036-5ec367ec2378 - github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20230921024236-fc3b5f7e6d87 + github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20231027074658-46b201bef8d8 github.com/Tencent/bk-bcs/bcs-common/pkg/auth v0.0.0-20230918042150-6020611e4f01 github.com/Tencent/bk-bcs/bcs-common/pkg/otel v0.0.0-20230901032130-5c3e207129c5 github.com/Tencent/bk-bcs/bcs-runtime/bcs-k8s/kubebkbcs v0.0.0-20230506100250-1d5620f4abf4 diff --git a/bcs-services/bcs-monitor/pkg/rest/rest.go b/bcs-services/bcs-monitor/pkg/rest/rest.go index 491aeb14bc..81e565424c 100644 --- a/bcs-services/bcs-monitor/pkg/rest/rest.go +++ b/bcs-services/bcs-monitor/pkg/rest/rest.go @@ -209,6 +209,14 @@ func getResourceID(b []byte, ctx *Context) resource { } var auditFuncMap = map[string]func(b []byte, ctx *Context) (audit.Resource, audit.Action){ + "POST./projects/:projectId/clusters/:clusterId/log_collector/entrypoints": func( + b []byte, ctx *Context) (audit.Resource, audit.Action) { + res := getResourceID(b, ctx) + return audit.Resource{ + ResourceType: audit.ResourceTypeLogRule, ResourceID: res.ClusterID, ResourceName: res.ClusterID, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_log_rule", ActivityType: audit.ActivityTypeView} + }, "POST./projects/:projectId/clusters/:clusterId/log_collector/rules": func( b []byte, ctx *Context) (audit.Resource, audit.Action) { // resourceData解析 @@ -218,6 +226,14 @@ var auditFuncMap = map[string]func(b []byte, ctx *Context) (audit.Resource, audi ResourceData: res.toMap(), }, audit.Action{ActionID: "create_log_rule", ActivityType: audit.ActivityTypeCreate} }, + "GET./projects/:projectId/clusters/:clusterId/log_collector/rules/:id": func( + b []byte, ctx *Context) (audit.Resource, audit.Action) { + res := getResourceID(b, ctx) + return audit.Resource{ + ResourceType: audit.ResourceTypeLogRule, ResourceID: res.RuleID, ResourceName: res.RuleID, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "get_log_rule", ActivityType: audit.ActivityTypeView} + }, "PUT./projects/:projectId/clusters/:clusterId/log_collector/rules/:id": func( b []byte, ctx *Context) (audit.Resource, audit.Action) { res := getResourceID(b, ctx) @@ -298,8 +314,14 @@ func addAudit(ctx *Context, b []byte, startTime, endTime time.Time, code int, me if code != 0 { result.Status = audit.ActivityStatusFailed } - _ = component.GetAuditClient().R(). - SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() + + // add audit + auditAction := component.GetAuditClient().R() + // 查看类型不用记录activity + if act.ActivityType == audit.ActivityTypeView { + auditAction.DisableActivity() + } + _ = auditAction.SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() } // 获取请求体 diff --git a/bcs-services/bcs-project-manager/go.mod b/bcs-services/bcs-project-manager/go.mod index de2dfe2c00..af43983f31 100644 --- a/bcs-services/bcs-project-manager/go.mod +++ b/bcs-services/bcs-project-manager/go.mod @@ -145,7 +145,7 @@ require ( require ( github.com/Tencent/bk-bcs/bcs-common v0.0.0-20230913100253-5f6cd1c89f29 - github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20230913100253-5f6cd1c89f29 + github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20231030071618-1e6240162176 github.com/Tencent/bk-bcs/bcs-common/pkg/auth v0.0.0-20230913100253-5f6cd1c89f29 github.com/Tencent/bk-bcs/bcs-common/pkg/i18n v0.0.0-20230817073110-e2040bc0a4cf github.com/Tencent/bk-bcs/bcs-services/pkg v0.0.0-20230607093333-1f5cd2719e19 diff --git a/bcs-services/bcs-project-manager/internal/wrapper/audit.go b/bcs-services/bcs-project-manager/internal/wrapper/audit.go index cb7e0140a9..94aeccf949 100644 --- a/bcs-services/bcs-project-manager/internal/wrapper/audit.go +++ b/bcs-services/bcs-project-manager/internal/wrapper/audit.go @@ -40,14 +40,15 @@ func NewAuditWrapper(fn server.HandlerFunc) server.HandlerFunc { // resource ResourceData struct type resource struct { - ClusterID string `json:"clusterID" yaml:"clusterID"` - Namespace string `json:"namespace" yaml:"namespace"` - Name string `json:"name" yaml:"name"` - Key string `json:"key" yaml:"key"` - IDs string `json:"idList" yaml:"idList"` - VariableID string `json:"variableID" yaml:"variableID"` - ProjectID string `json:"projectID" yaml:"projectID"` - ProjectCode string `json:"projectCode" yaml:"projectCode"` + ClusterID string `json:"clusterID" yaml:"clusterID"` + Namespace string `json:"namespace" yaml:"namespace"` + Name string `json:"name" yaml:"name"` + Key string `json:"key" yaml:"key"` + IDs string `json:"idList" yaml:"idList"` + VariableID string `json:"variableID" yaml:"variableID"` + ProjectID string `json:"projectID" yaml:"projectID"` + ProjectCode string `json:"projectCode" yaml:"projectCode"` + ProjectIDOrCode string `json:"projectIDOrCode" yaml:"projectIDOrCode"` } // resource to map @@ -84,13 +85,22 @@ func getResourceID(req server.Request) resource { resourceID := resource{} _ = json.Unmarshal(b, &resourceID) + // ProjectCode为空的情况下使用ProjectID或者ProjectIDOrCode代替 + if resourceID.ProjectCode == "" { + if resourceID.ProjectID != "" { + resourceID.ProjectCode = resourceID.ProjectID + } else { + resourceID.ProjectCode = resourceID.ProjectIDOrCode + } + } + return resourceID } // NOCC: golint/unparam(设计如此:) // nolint -var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.Resource, audit.Action){ - "BCSProject.CreateProject": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { +var auditFuncMap = map[string]func(req server.Request) (audit.Resource, audit.Action){ + "BCSProject.CreateProject": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -98,19 +108,23 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "project_create", ActivityType: audit.ActivityTypeCreate} }, - "BCSProject.UpdateProject": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "BCSProject.GetProject": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ProjectCode: res.ProjectCode, + ResourceType: audit.ResourceTypeProject, ResourceID: res.ProjectCode, ResourceName: res.ProjectCode, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "project_get", ActivityType: audit.ActivityTypeView} + }, + "BCSProject.UpdateProject": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) - // ProjectID 代替 ProjectCode - if res.ProjectCode == "" { - res.ProjectCode = res.ProjectID - } return audit.Resource{ ProjectCode: res.ProjectCode, ResourceType: audit.ResourceTypeProject, ResourceID: res.ProjectID, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: "project_edit", ActivityType: audit.ActivityTypeUpdate} }, - "Namespace.CreateNamespace": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Namespace.CreateNamespace": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -118,7 +132,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "namespace_create", ActivityType: audit.ActivityTypeCreate} }, - "Namespace.UpdateNamespace": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Namespace.UpdateNamespace": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -126,7 +140,15 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "namespace_update", ActivityType: audit.ActivityTypeUpdate} }, - "Namespace.DeleteNamespace": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Namespace.GetNamespace": func(req server.Request) (audit.Resource, audit.Action) { + res := getResourceID(req) + return audit.Resource{ + ProjectCode: res.ProjectCode, + ResourceType: audit.ResourceTypeNamespace, ResourceID: res.Namespace, ResourceName: res.Namespace, + ResourceData: res.toMap(), + }, audit.Action{ActionID: "namespace_get", ActivityType: audit.ActivityTypeView} + }, + "Namespace.DeleteNamespace": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -134,7 +156,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "namespace_delete", ActivityType: audit.ActivityTypeDelete} }, - "Variable.CreateVariable": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Variable.CreateVariable": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -142,7 +164,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "create_variable", ActivityType: audit.ActivityTypeCreate} }, - "Variable.UpdateVariable": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Variable.UpdateVariable": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -150,7 +172,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "update_variable", ActivityType: audit.ActivityTypeUpdate} }, - "Variable.DeleteVariableDefinitions": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Variable.DeleteVariableDefinitions": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -158,7 +180,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "deleteVariable_definitions", ActivityType: audit.ActivityTypeDelete} }, - "Variable.UpdateClustersVariables": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Variable.UpdateClustersVariables": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -166,7 +188,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "update_clusters_variables", ActivityType: audit.ActivityTypeUpdate} }, - "Variable.UpdateNamespacesVariables": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Variable.UpdateNamespacesVariables": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -174,7 +196,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "update_namespaces_variables", ActivityType: audit.ActivityTypeUpdate} }, - "Variable.UpdateClusterVariables": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Variable.UpdateClusterVariables": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -182,7 +204,7 @@ var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.R ResourceData: res.toMap(), }, audit.Action{ActionID: "update_cluster_variables", ActivityType: audit.ActivityTypeUpdate} }, - "Variable.UpdateNamespaceVariables": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Variable.UpdateNamespaceVariables": func(req server.Request) (audit.Resource, audit.Action) { res := getResourceID(req) return audit.Resource{ ProjectCode: res.ProjectCode, @@ -200,7 +222,7 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim return } - res, act := fn(req, rsp) + res, act := fn(req) // get audit context auditCtx := audit.RecorderContext{ @@ -246,6 +268,10 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim } // add audit - _ = component.GetAuditClient().R(). - SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() + auditAction := component.GetAuditClient().R() + if act.ActivityType == audit.ActivityTypeView { + // 查看类型不用记录 activity + auditAction.DisableActivity() + } + _ = auditAction.SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() } diff --git a/bcs-services/cluster-resources/go.mod b/bcs-services/cluster-resources/go.mod index 0c365302b2..81abd2431f 100644 --- a/bcs-services/cluster-resources/go.mod +++ b/bcs-services/cluster-resources/go.mod @@ -230,7 +230,7 @@ require ( ) require ( - github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20230921024236-fc3b5f7e6d87 + github.com/Tencent/bk-bcs/bcs-common/pkg/audit v0.0.0-20231031062827-2cd36075dfea github.com/Tencent/bk-bcs/bcs-common/pkg/auth v0.0.0-20230921024236-fc3b5f7e6d87 github.com/Tencent/bk-bcs/bcs-scenarios/kourse v0.0.0-20231011121510-d30829b961ad github.com/go-redis/redis/extra/redisotel/v8 v8.11.5 diff --git a/bcs-services/cluster-resources/pkg/wrapper/response.go b/bcs-services/cluster-resources/pkg/wrapper/response.go index 13418fae08..1df60b8bd5 100644 --- a/bcs-services/cluster-resources/pkg/wrapper/response.go +++ b/bcs-services/cluster-resources/pkg/wrapper/response.go @@ -172,61 +172,72 @@ func getReqResource(req server.Request) reqResource { resourceID.Version = resourceID.RawData.Version } } + // name没有的情况下使用ProjectCode代替 + if resourceID.Name == "" { + resourceID.Name = resourceID.ProjectCode + } return resourceID } // nolint -var auditFuncMap = map[string]func(req server.Request, rsp interface{}) (audit.Resource, audit.Action){ - "Create": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { +var auditFuncMap = map[string]func(req server.Request) (audit.Resource, audit.Action){ + "Get": func(req server.Request) (audit.Resource, audit.Action) { + res := getReqResource(req) + return audit.Resource{ + ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, + ResourceData: res.toMap(), + }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeView} + }, + "Create": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeCreate} }, - "Update": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Update": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeUpdate} }, - "Delete": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Delete": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeDelete} }, - "Restart": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Restart": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeUpdate} }, - "PauseOrResume": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "PauseOrResume": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeUpdate} }, - "Scale": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Scale": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeUpdate} }, - "Rollout": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Rollout": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, ResourceData: res.toMap(), }, audit.Action{ActionID: req.Method(), ActivityType: audit.ActivityTypeUpdate} }, - "Reschedule": func(req server.Request, rsp interface{}) (audit.Resource, audit.Action) { + "Reschedule": func(req server.Request) (audit.Resource, audit.Action) { res := getReqResource(req) return audit.Resource{ ResourceType: audit.ResourceTypeK8SResource, ResourceID: res.Name, ResourceName: res.Name, @@ -240,6 +251,9 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim if req.Method() != "" { arr := strings.Split(req.Method(), ".") if len(arr) >= 2 { + if strings.Contains(arr[1], "Get") { + method = "Get" + } if strings.Contains(arr[1], "Create") { method = "Create" } @@ -273,7 +287,7 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim return } - res, act := fn(req, rsp) + res, act := fn(req) auditCtx := audit.RecorderContext{ Username: GetUserFromCtx(ctx), @@ -314,8 +328,12 @@ func addAudit(ctx context.Context, req server.Request, rsp interface{}, startTim if result.ResultCode != errcode.NoErr { result.Status = audit.ActivityStatusFailed } - _ = audit2.GetAuditClient().R(). - SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() -} -// 驼峰转蛇形 + // add audit + auditAction := audit2.GetAuditClient().R() + // 查看类型不用记录 activity + if act.ActivityType == audit.ActivityTypeView { + auditAction.DisableActivity() + } + _ = auditAction.SetContext(auditCtx).SetResource(resource).SetAction(action).SetResult(result).Do() +}