Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: 支持DevX允许被授权项目机器跨项目访问 #2842 #2869

Merged
merged 2 commits into from
Dec 24, 2024
Merged

feat: 支持DevX允许被授权项目机器跨项目访问 #2842 #2869

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2975f9e
feat: 支持DevX允许被授权项目机器跨项目访问 #2842
zzdjx Dec 20, 2024
5e3a42a
feat: 加上listCvmIpFromProject #2842
zzdjx Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion .../main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXAccessInterceptor.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,10 @@ open class DevXAccessInterceptor(private val devXProperties: DevXProperties) : H
.refreshAfterWrite(devXProperties.cacheExpireTime)
.build(object : CacheLoader<String, Set<String>>() {
override fun load(key: String): Set<String> {
return listIpFromProject(key) + listCvmIpFromProject(key) + listIpFromProps(key)
return listIpFromProject(key) +
listCvmIpFromProject(key) +
listIpFromProps(key) +
listIpFromProjects(key)
}

override fun reload(key: String, oldValue: Set<String>): ListenableFuture<Set<String>> {
Expand Down Expand Up @@ -150,6 +153,16 @@ open class DevXAccessInterceptor(private val devXProperties: DevXProperties) : H
return ips
}

private fun listIpFromProjects(projectId: String): Set<String>{
val projectIdList = devXProperties.projectWhiteList[projectId] ?: emptySet()
val ips = HashSet<String>()
projectIdList.forEach {
val projectIps = listIpFromProject(it)
zzdjx marked this conversation as resolved.
Show resolved Hide resolved
ips.addAll(projectIps)
}
return ips
}

private fun listIpFromProps(projectId: String) = devXProperties.projectCvmWhiteList[projectId] ?: emptySet()

private fun listCvmIpFromProject(projectId: String): Set<String> {
Expand Down
5 changes: 5 additions & 0 deletions ...ity/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@ data class DevXProperties(
* key 为项目ip, value为CVM配置
*/
var projectCvmWhiteList: Map<String, Set<String>> = emptyMap(),
/**
* 配置可以被访问的项目
* key 为项目ip, value为可被访问的项目ip
zzdjx marked this conversation as resolved.
Show resolved Hide resolved
*/
var projectWhiteList: Map<String, Set<String>> = emptyMap(),
/**
* 可以从任意来源访问的用户
*/
Expand Down
18 changes: 16 additions & 2 deletions ...s/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ import org.springframework.http.client.reactive.ReactorClientHttpConnector
import org.springframework.web.reactive.function.client.ClientResponse
import org.springframework.web.reactive.function.client.WebClient
import org.springframework.web.reactive.function.client.awaitBody
import reactor.core.publisher.Flux
import reactor.core.publisher.Mono
import reactor.core.publisher.toMono
import reactor.netty.http.client.HttpClient
Expand All @@ -62,6 +63,7 @@ import reactor.util.retry.RetryBackoffSpec
import java.net.URLDecoder
import java.time.Duration
import java.util.concurrent.Executors
import java.util.stream.Collectors

class DevxWorkspaceUtils(
devXProperties: DevXProperties
Expand Down Expand Up @@ -136,8 +138,12 @@ class DevxWorkspaceUtils(
}

private fun listIp(projectId: String): Mono<Set<String>> {
return Mono.zip(listIpFromProject(projectId), listIpFromProps(projectId), listCvmIpFromProject(projectId))
.map { it.t1 + it.t2 + it.t3 }
return Mono.zip(
listIpFromProject(projectId),
listIpFromProps(projectId),
listCvmIpFromProject(projectId),
listIpFromProjects(projectId))
.map { it.t1 + it.t2 + it.t3 + it.t4}
}

private fun listIpFromProject(projectId: String): Mono<Set<String>> {
Expand Down Expand Up @@ -177,6 +183,14 @@ class DevxWorkspaceUtils(
}
}

private fun listIpFromProjects(projectId: String): Mono<Set<String>> {
val projectIdList = devXProperties.projectWhiteList[projectId] ?: emptySet()
return Flux.fromIterable(projectIdList)
.flatMap { pid -> listIpFromProject(pid) }
.flatMapIterable { it }
.collect(Collectors.toSet())
}

suspend fun validateToken(devxToken: String): Mono<DevxTokenInfo> {
val token = withContext(Dispatchers.IO) {
URLDecoder.decode(devxToken, Charsets.UTF_8.name())
Expand Down
Loading