From 3f70be791842448d4b85b8a28c603d6ae679edb4 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 9 Jan 2025 17:58:38 +0800 Subject: [PATCH] =?UTF-8?q?pref=EF=BC=9A=E5=AE=A1=E8=AE=A1=E7=9B=B8?= =?UTF-8?q?=E5=85=B3=E4=BC=98=E5=8C=96=20#11396?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/common/audit/ActionAuditContent.kt | 31 ------ .../devops/common/auth/api/ActionId.kt | 27 ------ .../devops/common/auth/api/ResourceTypeId.kt | 2 - .../process/api/UserBuildResourceImpl.kt | 8 ++ .../builds/PipelineBuildFacadeService.kt | 94 +++++++++++++++++++ 5 files changed, 102 insertions(+), 60 deletions(-) diff --git a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt index f4fcc4752901..8bcb1b89e960 100644 --- a/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt +++ b/src/backend/ci/core/common/common-audit/src/main/kotlin/com/tencent/devops/common/audit/ActionAuditContent.kt @@ -76,37 +76,6 @@ object ActionAuditContent { const val CREDENTIAL_LIST_CONTENT = "list credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val CREDENTIAL_USE_CONTENT = "use credential $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - // 云桌面 - const val CGS_CREATE_CONTENT = "create workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_LIST_CONTENT = "list workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_VIEW_CONTENT = "get workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_STOP_CONTENT = "stop workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_START_CONTENT = "start workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_RESTART_CONTENT = "restart workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_ASSIGN_USER_CONTENT = "assign workspace $CONTENT_TEMPLATE " + - "to [{{$ASSIGNS_TEMPLATE}}] from $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_ASSIGN_PROJECT_CONTENT = "assign workspace $CONTENT_TEMPLATE to project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_EDIT_TYPE_CONTENT = "modify workspace type $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_REBUILD_SYSTEM_DISK_CONTENT = "rebuild workspace system disk $CONTENT_TEMPLATE " + - "in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_MAKE_IMAGE_CONTENT = "make workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_EXPAND_DISK_CONTENT = "expand workspace disk $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_DELETE_CONTENT = "delete workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_SHARE_CONTENT = "share workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_EDIT_CONTENT = "edit workspace $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val CGS_TOKEN_GENERATE_CONTENT = "generate workspace 1password $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - - // 云桌面镜像 - const val IMAGE_LIST_CONTENT = "list workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val IMAGE_DELETE_CONTENT = "delete workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val IMAGE_EDIT_CONTENT = "modify workspace image $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - - // 代理仓库 - const val TGIT_LINK_CREATE_CONTENT = "create tgit link $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val TGIT_LINK_CALLBACK_CREATE_CONTENT = "create tgit link callback $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val TGIT_LINK_DELETE_CONTENT = "delete tgit link $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - const val TGIT_LINK_CREATE_PROJECT_CONTENT = "create tgit project $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" - // 环境 const val ENVIRONMENT_CREATE_CONTENT = "create environment $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" const val ENVIRONMENT_EDIT_CONTENT = "modify environment $CONTENT_TEMPLATE in project $PROJECT_CODE_CONTENT_TEMPLATE" diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt index b331faa1d4b6..7e5837097e4b 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ActionId.kt @@ -48,33 +48,6 @@ object ActionId { const val CERT_LIST = "cert_list" const val CERT_USE = "cert_use" - // 云桌面 - const val CGS_CREATE = "cgs_create" - const val CGS_LIST = "cgs_list" - const val CGS_VIEW = "cgs_view" - const val CGS_STOP = "cgs_stop" - const val CGS_START = "cgs_start" - const val CGS_RESTART = "cgs_restart" - const val CGS_ASSIGN = "cgs_assign" - const val CGS_EDIT_TYPE = "cgs_edit-type" - const val CGS_REBUILD_SYSTEM_DISK = "cgs_rebuild-system-disk" - const val CGS_MAKE_IMAGE = "cgs_make-image" - const val CGS_EXPAND_DISK = "cgs_expand-disk" - const val CGS_DELETE = "cgs_delete" - const val CGS_SHARE = "cgs_share" - const val CGS_EDIT = "cgs_edit" - const val CGS_TOKEN_GENERATE = "cgs_token_generate" - - // 镜像 - const val IMAGE_LIST = "image_list" - const val IMAGE_DELETE = "image_delete" - const val IMAGE_EDIT = "image_edit" - - // 代理仓库 - const val TGIT_LINK_CREATE = "tgit_link_create" - const val TGIT_LINK_LIST = "tgit_link_list" - const val TGIT_LINK_DELETE = "tgit_link_delete" - // 环境 const val ENVIRONMENT_CREATE = "environment_create" const val ENVIRONMENT_EDIT = "environment_edit" diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt index 854e9f19caa7..302489ee58b3 100644 --- a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/ResourceTypeId.kt @@ -7,8 +7,6 @@ object ResourceTypeId { const val PIPELINE_TEMPLATE = "pipeline_template" const val CREDENTIAL = "credential" const val CERT = "cert" - const val CGS = "cgs" - const val IMAGE = "image" const val ENVIRONMENT = "environment" const val ENV_NODE = "env_node" const val RULE = "rule" diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt index a269d560e491..952ca310a18f 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/api/UserBuildResourceImpl.kt @@ -276,6 +276,7 @@ class UserBuildResourceImpl @Autowired constructor( } @Timed + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBuildDetail( userId: String, projectId: String, @@ -297,6 +298,7 @@ class UserBuildResourceImpl @Autowired constructor( return Result(buildDetail) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBuildRecordByExecuteCount( userId: String, projectId: String, @@ -322,6 +324,7 @@ class UserBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBuildRecordInfo( userId: String, projectId: String, @@ -343,6 +346,7 @@ class UserBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBuildDetailByBuildNo( userId: String, projectId: String, @@ -366,6 +370,7 @@ class UserBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getBuildRecordByBuildNum( userId: String, projectId: String, @@ -389,6 +394,7 @@ class UserBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun goToLatestFinishedBuild(userId: String, projectId: String, pipelineId: String): Response { checkParam(userId = userId, projectId = projectId, pipelineId = pipelineId) return pipelineBuildFacadeService.goToLatestFinishedBuild( @@ -400,6 +406,7 @@ class UserBuildResourceImpl @Autowired constructor( ) } + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getHistoryBuild( userId: String, projectId: String, @@ -425,6 +432,7 @@ class UserBuildResourceImpl @Autowired constructor( } @Timed + @AuditEntry(actionId = ActionId.PIPELINE_VIEW) override fun getHistoryBuildNew( userId: String, projectId: String, diff --git a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt index 189a71059ea1..0da420814fef 100644 --- a/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt +++ b/src/backend/ci/core/process/biz-process/src/main/kotlin/com/tencent/devops/process/service/builds/PipelineBuildFacadeService.kt @@ -27,6 +27,9 @@ package com.tencent.devops.process.service.builds +import com.tencent.bk.audit.annotations.ActionAuditRecord +import com.tencent.bk.audit.annotations.AuditAttribute +import com.tencent.bk.audit.annotations.AuditInstanceRecord import com.tencent.devops.common.api.constant.CommonMessageCode import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.ParamBlankException @@ -39,7 +42,10 @@ import com.tencent.devops.common.api.pojo.SimpleResult import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.MessageUtil import com.tencent.devops.common.api.util.PageUtil +import com.tencent.devops.common.audit.ActionAuditContent +import com.tencent.devops.common.auth.api.ActionId import com.tencent.devops.common.auth.api.AuthPermission +import com.tencent.devops.common.auth.api.ResourceTypeId import com.tencent.devops.common.db.pojo.ARCHIVE_SHARDING_DSL_CONTEXT import com.tencent.devops.common.event.dispatcher.pipeline.PipelineEventDispatcher import com.tencent.devops.common.event.enums.ActionType @@ -1411,6 +1417,17 @@ class PipelineBuildFacadeService( } } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getBuildDetail( userId: String, projectId: String, @@ -1465,6 +1482,17 @@ class PipelineBuildFacadeService( return newModel } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getBuildDetailByBuildNo( userId: String, projectId: String, @@ -1502,6 +1530,17 @@ class PipelineBuildFacadeService( ) } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getBuildRecordByBuildNum( userId: String, projectId: String, @@ -1579,6 +1618,17 @@ class PipelineBuildFacadeService( ) } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getBuildRecord( userId: String, projectId: String, @@ -1611,6 +1661,17 @@ class PipelineBuildFacadeService( ) } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getBuildRecordInfo( userId: String, projectId: String, @@ -1637,6 +1698,17 @@ class PipelineBuildFacadeService( ) } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun goToLatestFinishedBuild( userId: String, projectId: String, @@ -1866,6 +1938,17 @@ class PipelineBuildFacadeService( ) } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getHistoryBuild( userId: String?, projectId: String, @@ -1948,6 +2031,17 @@ class PipelineBuildFacadeService( } } + @ActionAuditRecord( + actionId = ActionId.PIPELINE_VIEW, + instance = AuditInstanceRecord( + resourceType = ResourceTypeId.PIPELINE, + instanceNames = "#pipelineId", + instanceIds = "#pipelineId" + ), + attributes = [AuditAttribute(name = ActionAuditContent.PROJECT_CODE_TEMPLATE, value = "#projectId")], + scopeId = "#projectId", + content = ActionAuditContent.PIPELINE_VIEW_CONTENT + ) fun getHistoryBuild( userId: String?, projectId: String,