From c16a9df5b9384b3a2502ef656d5b5f2a8d5d0139 Mon Sep 17 00:00:00 2001 From: zzdjx <116262724+zzdjx@users.noreply.github.com> Date: Tue, 24 Dec 2024 10:51:20 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81DevX=E5=85=81?= =?UTF-8?q?=E8=AE=B8=E8=A2=AB=E6=8E=88=E6=9D=83=E9=A1=B9=E7=9B=AE=E6=9C=BA?= =?UTF-8?q?=E5=99=A8=E8=B7=A8=E9=A1=B9=E7=9B=AE=E8=AE=BF=E9=97=AE=20#2842?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: 支持DevX允许被授权项目机器跨项目访问 #2842 * feat: 加上listCvmIpFromProject #2842 --- .../interceptor/devx/DevXAccessInterceptor.kt | 15 +++++++++++- .../interceptor/devx/DevXProperties.kt | 5 ++++ .../fs/server/utils/DevxWorkspaceUtils.kt | 23 +++++++++++++++++-- 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXAccessInterceptor.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXAccessInterceptor.kt index 67d1ff362c..6dbec80e4b 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXAccessInterceptor.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXAccessInterceptor.kt @@ -74,7 +74,10 @@ open class DevXAccessInterceptor(private val devXProperties: DevXProperties) : H .refreshAfterWrite(devXProperties.cacheExpireTime) .build(object : CacheLoader>() { override fun load(key: String): Set { - return listIpFromProject(key) + listCvmIpFromProject(key) + listIpFromProps(key) + return listIpFromProject(key) + + listCvmIpFromProject(key) + + listIpFromProps(key) + + listIpFromProjects(key) } override fun reload(key: String, oldValue: Set): ListenableFuture> { @@ -150,6 +153,16 @@ open class DevXAccessInterceptor(private val devXProperties: DevXProperties) : H return ips } + private fun listIpFromProjects(projectId: String): Set{ + val projectIdList = devXProperties.projectWhiteList[projectId] ?: emptySet() + val ips = HashSet() + projectIdList.forEach { + ips.addAll(listIpFromProject(it)) + ips.addAll(listCvmIpFromProject(it)) + } + return ips + } + private fun listIpFromProps(projectId: String) = devXProperties.projectCvmWhiteList[projectId] ?: emptySet() private fun listCvmIpFromProject(projectId: String): Set { diff --git a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt index d54195a26f..133e091628 100644 --- a/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt +++ b/src/backend/common/common-security/src/main/kotlin/com/tencent/bkrepo/common/security/interceptor/devx/DevXProperties.kt @@ -77,6 +77,11 @@ data class DevXProperties( * key 为项目ip, value为CVM配置 */ var projectCvmWhiteList: Map> = emptyMap(), + /** + * 配置可以被访问的项目 + * key 为项目id, value为可被访问的项目id + */ + var projectWhiteList: Map> = emptyMap(), /** * 可以从任意来源访问的用户 */ diff --git a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt index f8ea63ae4b..f5ca416555 100644 --- a/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt +++ b/src/backend/fs/boot-fs-server/src/main/kotlin/com/tencent/bkrepo/fs/server/utils/DevxWorkspaceUtils.kt @@ -53,6 +53,7 @@ import org.springframework.http.client.reactive.ReactorClientHttpConnector import org.springframework.web.reactive.function.client.ClientResponse import org.springframework.web.reactive.function.client.WebClient import org.springframework.web.reactive.function.client.awaitBody +import reactor.core.publisher.Flux import reactor.core.publisher.Mono import reactor.core.publisher.toMono import reactor.netty.http.client.HttpClient @@ -62,6 +63,7 @@ import reactor.util.retry.RetryBackoffSpec import java.net.URLDecoder import java.time.Duration import java.util.concurrent.Executors +import java.util.stream.Collectors class DevxWorkspaceUtils( devXProperties: DevXProperties @@ -136,8 +138,12 @@ class DevxWorkspaceUtils( } private fun listIp(projectId: String): Mono> { - return Mono.zip(listIpFromProject(projectId), listIpFromProps(projectId), listCvmIpFromProject(projectId)) - .map { it.t1 + it.t2 + it.t3 } + return Mono.zip( + listIpFromProject(projectId), + listIpFromProps(projectId), + listCvmIpFromProject(projectId), + listIpFromProjects(projectId)) + .map { it.t1 + it.t2 + it.t3 + it.t4} } private fun listIpFromProject(projectId: String): Mono> { @@ -177,6 +183,19 @@ class DevxWorkspaceUtils( } } + private fun listIpFromProjects(projectId: String): Mono> { + val projectIdList = devXProperties.projectWhiteList[projectId] ?: emptySet() + return Flux.fromIterable(projectIdList) + .flatMap { id -> + Flux.merge( + listIpFromProject(id), + listCvmIpFromProject(id) + ) + } + .flatMapIterable { it } + .collect(Collectors.toSet()) + } + suspend fun validateToken(devxToken: String): Mono { val token = withContext(Dispatchers.IO) { URLDecoder.decode(devxToken, Charsets.UTF_8.name())