pref：审计相关优化 TencentBlueKing#11396

fcfang123 · Jan 9, 2025 · 3f70be7 · 3f70be7
1 parent b71500e
commit 3f70be7
Show file tree

Hide file tree

Showing 5 changed files with 102 additions and 60 deletions.
diff --git a/...common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/...common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt
@@ -76,37 +76,6 @@ object ActionAuditContent {
     const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
     const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
 
-    // 云桌面
-    const val CGS_CREATE_CONTENT = "create workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_LIST_CONTENT = "list workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_VIEW_CONTENT = "get workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_STOP_CONTENT = "stop workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_START_CONTENT = "start workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_RESTART_CONTENT = "restart workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_ASSIGN_USER_CONTENT = "assign workspace $CONTENT_TEMPLATE " +
-        "to [{{$ASSIGNS_TEMPLATE}}] from $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_ASSIGN_PROJECT_CONTENT = "assign workspace $CONTENT_TEMPLATE to project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_EDIT_TYPE_CONTENT = "modify workspace type $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_REBUILD_SYSTEM_DISK_CONTENT = "rebuild workspace system disk $CONTENT_TEMPLATE " +
-        "in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_MAKE_IMAGE_CONTENT = "make workspace image  $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_EXPAND_DISK_CONTENT = "expand workspace disk $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_DELETE_CONTENT = "delete workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_SHARE_CONTENT = "share workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_EDIT_CONTENT = "edit workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val CGS_TOKEN_GENERATE_CONTENT = "generate workspace 1password $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-
-    // 云桌面镜像
-    const val IMAGE_LIST_CONTENT = "list workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val IMAGE_DELETE_CONTENT = "delete workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val IMAGE_EDIT_CONTENT = "modify workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-
-    // 代理仓库
-    const val TGIT_LINK_CREATE_CONTENT = "create tgit link $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val TGIT_LINK_CALLBACK_CREATE_CONTENT = "create tgit link callback $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val TGIT_LINK_DELETE_CONTENT = "delete tgit link $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-    const val TGIT_LINK_CREATE_PROJECT_CONTENT = "create tgit project $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
-
     // 环境
     const val ENVIRONMENT_CREATE_CONTENT = "create environment $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"
     const val ENVIRONMENT_EDIT_CONTENT = "modify environment $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE"

diff --git a/...ommon-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt b/...ommon-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt
@@ -48,33 +48,6 @@ object ActionId {
     const val CERT_LIST = "cert_list"
     const val CERT_USE = "cert_use"
 
-    // 云桌面
-    const val CGS_CREATE = "cgs_create"
-    const val CGS_LIST = "cgs_list"
-    const val CGS_VIEW = "cgs_view"
-    const val CGS_STOP = "cgs_stop"
-    const val CGS_START = "cgs_start"
-    const val CGS_RESTART = "cgs_restart"
-    const val CGS_ASSIGN = "cgs_assign"
-    const val CGS_EDIT_TYPE = "cgs_edit-type"
-    const val CGS_REBUILD_SYSTEM_DISK = "cgs_rebuild-system-disk"
-    const val CGS_MAKE_IMAGE = "cgs_make-image"
-    const val CGS_EXPAND_DISK = "cgs_expand-disk"
-    const val CGS_DELETE = "cgs_delete"
-    const val CGS_SHARE = "cgs_share"
-    const val CGS_EDIT = "cgs_edit"
-    const val CGS_TOKEN_GENERATE = "cgs_token_generate"
-
-    // 镜像
-    const val IMAGE_LIST = "image_list"
-    const val IMAGE_DELETE = "image_delete"
-    const val IMAGE_EDIT = "image_edit"
-
-    // 代理仓库
-    const val TGIT_LINK_CREATE = "tgit_link_create"
-    const val TGIT_LINK_LIST = "tgit_link_list"
-    const val TGIT_LINK_DELETE = "tgit_link_delete"
-
     // 环境
     const val ENVIRONMENT_CREATE = "environment_create"
     const val ENVIRONMENT_EDIT = "environment_edit"

diff --git a/...auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt b/...auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt
@@ -7,8 +7,6 @@ object ResourceTypeId {
     const val PIPELINE_TEMPLATE = "pipeline_template"
     const val CREDENTIAL = "credential"
     const val CERT = "cert"
-    const val CGS = "cgs"
-    const val IMAGE = "image"
     const val ENVIRONMENT = "environment"
     const val ENV_NODE = "env_node"
     const val RULE = "rule"

diff --git a/...ocess/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt b/...ocess/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt
@@ -276,6 +276,7 @@ class UserBuildResourceImpl @Autowired constructor(
     }
 
     @Timed
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun getBuildDetail(
         userId: String,
         projectId: String,
@@ -297,6 +298,7 @@ class UserBuildResourceImpl @Autowired constructor(
         return Result(buildDetail)
     }
 
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun getBuildRecordByExecuteCount(
         userId: String,
         projectId: String,
@@ -322,6 +324,7 @@ class UserBuildResourceImpl @Autowired constructor(
         )
     }
 
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun getBuildRecordInfo(
         userId: String,
         projectId: String,
@@ -343,6 +346,7 @@ class UserBuildResourceImpl @Autowired constructor(
         )
     }
 
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun getBuildDetailByBuildNo(
         userId: String,
         projectId: String,
@@ -366,6 +370,7 @@ class UserBuildResourceImpl @Autowired constructor(
         )
     }
 
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun getBuildRecordByBuildNum(
         userId: String,
         projectId: String,
@@ -389,6 +394,7 @@ class UserBuildResourceImpl @Autowired constructor(
         )
     }
 
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun goToLatestFinishedBuild(userId: String, projectId: String, pipelineId: String): Response {
         checkParam(userId = userId, projectId = projectId, pipelineId = pipelineId)
         return pipelineBuildFacadeService.goToLatestFinishedBuild(
@@ -400,6 +406,7 @@ class UserBuildResourceImpl @Autowired constructor(
         )
     }
 
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun getHistoryBuild(
         userId: String,
         projectId: String,
@@ -425,6 +432,7 @@ class UserBuildResourceImpl @Autowired constructor(
     }
 
     @Timed
+    @AuditEntry(actionId = ActionId.PIPELINE_VIEW)
     override fun getHistoryBuildNew(
         userId: String,
         projectId: String,

diff --git a/...s/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt b/...s/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt
@@ -27,6 +27,9 @@
 
 package com.tencent.devops.process.service.builds
 
+import com.tencent.bk.audit.annotations.ActionAuditRecord
+import com.tencent.bk.audit.annotations.AuditAttribute
+import com.tencent.bk.audit.annotations.AuditInstanceRecord
 import com.tencent.devops.common.api.constant.CommonMessageCode
 import com.tencent.devops.common.api.exception.ErrorCodeException
 import com.tencent.devops.common.api.exception.ParamBlankException
@@ -39,7 +42,10 @@ import com.tencent.devops.common.api.pojo.SimpleResult
 import com.tencent.devops.common.api.util.JsonUtil
 import com.tencent.devops.common.api.util.MessageUtil
 import com.tencent.devops.common.api.util.PageUtil
+import com.tencent.devops.common.audit.ActionAuditContent
+import com.tencent.devops.common.auth.api.ActionId
 import com.tencent.devops.common.auth.api.AuthPermission
+import com.tencent.devops.common.auth.api.ResourceTypeId
 import com.tencent.devops.common.db.pojo.ARCHIVE_SHARDING_DSL_CONTEXT
 import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher
 import com.tencent.devops.common.event.enums.ActionType
@@ -1411,6 +1417,17 @@ class PipelineBuildFacadeService(
         }
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun getBuildDetail(
         userId: String,
         projectId: String,
@@ -1465,6 +1482,17 @@ class PipelineBuildFacadeService(
         return newModel
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun getBuildDetailByBuildNo(
         userId: String,
         projectId: String,
@@ -1502,6 +1530,17 @@ class PipelineBuildFacadeService(
         )
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun getBuildRecordByBuildNum(
         userId: String,
         projectId: String,
@@ -1579,6 +1618,17 @@ class PipelineBuildFacadeService(
         )
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun getBuildRecord(
         userId: String,
         projectId: String,
@@ -1611,6 +1661,17 @@ class PipelineBuildFacadeService(
         )
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun getBuildRecordInfo(
         userId: String,
         projectId: String,
@@ -1637,6 +1698,17 @@ class PipelineBuildFacadeService(
         )
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun goToLatestFinishedBuild(
         userId: String,
         projectId: String,
@@ -1866,6 +1938,17 @@ class PipelineBuildFacadeService(
         )
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun getHistoryBuild(
         userId: String?,
         projectId: String,
@@ -1948,6 +2031,17 @@ class PipelineBuildFacadeService(
         }
     }
 
+    @ActionAuditRecord(
+        actionId = ActionId.PIPELINE_VIEW,
+        instance = AuditInstanceRecord(
+            resourceType = ResourceTypeId.PIPELINE,
+            instanceNames = "#pipelineId",
+            instanceIds = "#pipelineId"
+        ),
+        attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")],
+        scopeId = "#projectId",
+        content = ActionAuditContent.PIPELINE_VIEW_CONTENT
+    )
     fun getHistoryBuild(
         userId: String?,
         projectId: String,