feat: 支持DevX允许被授权项目机器跨项目访问 #2842

* feat: 支持DevX允许被授权项目机器跨项目访问 #2842 * feat: 加上listCvmIpFromProject #2842
TencentBlueKing · Dec 24, 2024 · c16a9df · c16a9df
1 parent bc862dc
commit c16a9df
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/.../main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXAccessInterceptor.kt b/.../main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXAccessInterceptor.kt
@@ -74,7 +74,10 @@ open class DevXAccessInterceptor(private val devXProperties: DevXProperties) : H
         .refreshAfterWrite(devXProperties.cacheExpireTime)
         .build(object : CacheLoader<String, Set<String>>() {
             override fun load(key: String): Set<String> {
-                return listIpFromProject(key) + listCvmIpFromProject(key) + listIpFromProps(key)
+                return listIpFromProject(key) +
+                        listCvmIpFromProject(key) +
+                        listIpFromProps(key) +
+                        listIpFromProjects(key)
             }
 
             override fun reload(key: String, oldValue: Set<String>): ListenableFuture<Set<String>> {
@@ -150,6 +153,16 @@ open class DevXAccessInterceptor(private val devXProperties: DevXProperties) : H
         return ips
     }
 
+    private fun listIpFromProjects(projectId: String): Set<String>{
+        val projectIdList = devXProperties.projectWhiteList[projectId] ?: emptySet()
+        val ips = HashSet<String>()
+        projectIdList.forEach {
+            ips.addAll(listIpFromProject(it))
+            ips.addAll(listCvmIpFromProject(it))
+        }
+        return ips
+    }
+
     private fun listIpFromProps(projectId: String) = devXProperties.projectCvmWhiteList[projectId] ?: emptySet()
 
     private fun listCvmIpFromProject(projectId: String): Set<String> {

diff --git a/...ity/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt b/...ity/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt
@@ -77,6 +77,11 @@ data class DevXProperties(
      * key 为项目ip， value为CVM配置
      */
     var projectCvmWhiteList: Map<String, Set<String>> = emptyMap(),
+    /**
+     * 配置可以被访问的项目
+     * key 为项目id， value为可被访问的项目id
+     */
+    var projectWhiteList: Map<String, Set<String>> = emptyMap(),
     /**
      * 可以从任意来源访问的用户
      */

diff --git a/...s/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt b/...s/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt
@@ -53,6 +53,7 @@ import org.springframework.http.client.reactive.ReactorClientHttpConnector
 import org.springframework.web.reactive.function.client.ClientResponse
 import org.springframework.web.reactive.function.client.WebClient
 import org.springframework.web.reactive.function.client.awaitBody
+import reactor.core.publisher.Flux
 import reactor.core.publisher.Mono
 import reactor.core.publisher.toMono
 import reactor.netty.http.client.HttpClient
@@ -62,6 +63,7 @@ import reactor.util.retry.RetryBackoffSpec
 import java.net.URLDecoder
 import java.time.Duration
 import java.util.concurrent.Executors
+import java.util.stream.Collectors
 
 class DevxWorkspaceUtils(
     devXProperties: DevXProperties
@@ -136,8 +138,12 @@ class DevxWorkspaceUtils(
         }
 
         private fun listIp(projectId: String): Mono<Set<String>> {
-            return Mono.zip(listIpFromProject(projectId), listIpFromProps(projectId), listCvmIpFromProject(projectId))
-                .map { it.t1 + it.t2 + it.t3 }
+            return Mono.zip(
+                listIpFromProject(projectId),
+                listIpFromProps(projectId),
+                listCvmIpFromProject(projectId),
+                listIpFromProjects(projectId))
+                .map { it.t1 + it.t2 + it.t3 + it.t4}
         }
 
         private fun listIpFromProject(projectId: String): Mono<Set<String>> {
@@ -177,6 +183,19 @@ class DevxWorkspaceUtils(
                 }
         }
 
+        private fun listIpFromProjects(projectId: String): Mono<Set<String>> {
+            val projectIdList = devXProperties.projectWhiteList[projectId] ?: emptySet()
+            return Flux.fromIterable(projectIdList)
+                .flatMap { id ->
+                    Flux.merge(
+                        listIpFromProject(id),
+                        listCvmIpFromProject(id)
+                    )
+                }
+                .flatMapIterable { it }
+                .collect(Collectors.toSet())
+        }
+
         suspend fun validateToken(devxToken: String): Mono<DevxTokenInfo> {
             val token = withContext(Dispatchers.IO) {
                 URLDecoder.decode(devxToken, Charsets.UTF_8.name())