Skip to content

Commit

Permalink
fix: admin密码接口同时返回mysql和tendbcluster_redis平台密码初始化 #5363
Browse files Browse the repository at this point in the history
  • Loading branch information
@fanfanyangyang @iSecloud
fanfanyangyang authored and iSecloud committed Jul 9, 2024
1 parent 7960eb8 commit 23e3a1c
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 13 deletions.
6 changes: 6 additions & 0 deletions dbm-services/mysql/db-priv/assests/migrate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ func DoMigratePlatformPassword() error {
"dba_bak_all_sel", "MONITOR", "MONITOR_ALL", "mysql", "repl", "yw", "partition_yw"}})
users = append(users, ComponentPlatformUser{Component: "proxy", Usernames: []string{"proxy"}})
users = append(users, ComponentPlatformUser{Component: "tbinlogdumper", Usernames: []string{"ADMIN"}})
users = append(users, ComponentPlatformUser{Component: "redis", Usernames: []string{"mysql"}})

for _, component := range users {
for _, user := range component.Usernames {
Expand All @@ -134,6 +135,11 @@ func DoMigratePlatformPassword() error {
insertPara := &service.ModifyPasswordPara{UserName: user, Component: component.Component, Operator: "admin",
Instances: []service.Address{{"0.0.0.0", &defaultInt, &defaultInt}},
InitPlatform: true, SecurityRuleName: "password"}
if component.Component == "redis" {
insertPara = &service.ModifyPasswordPara{UserName: user, Component: component.Component, Operator: "admin",
Instances: []service.Address{{"0.0.0.0", &defaultInt, &defaultInt}},
InitPlatform: true, SecurityRuleName: "redis_password"}
}
b, _ = json.Marshal(*insertPara)
err = insertPara.ModifyPassword(string(b), "modify_password")
if err != nil {
Expand Down
13 changes: 13 additions & 0 deletions dbm-services/mysql/db-priv/service/add_priv.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,13 @@ func (m *PrivTaskPara) AddPrivDryRun() (PrivTaskPara, error) {
var errMsg []string
var errMsgTemp []string

if m.BkBizId == 0 {
return taskPara, errno.BkBizIdIsEmpty
}
if m.ClusterType == "" {
return taskPara, errno.ClusterTypeIsEmpty
}

taskPara.SourceIPs, errMsgTemp = DeduplicationIP(m.SourceIPs)
if len(errMsgTemp) > 0 {
errMsg = append(errMsg, errMsgTemp...)
Expand Down Expand Up @@ -66,6 +73,12 @@ func (m *PrivTaskPara) AddPriv(jsonPara string, ticket string) error {
if _, outerErr := m.AddPrivDryRun(); outerErr != nil {
return outerErr
}
if m.BkBizId == 0 {
return errno.BkBizIdIsEmpty
}
if m.ClusterType == "" {
return errno.ClusterTypeIsEmpty
}
AddPrivLog(PrivLog{BkBizId: m.BkBizId, Ticket: ticket, Operator: m.Operator, Para: jsonPara, Time: time.Now()})
client := util.NewClientByHosts(viper.GetString("dbmeta"))
limit := rate.Every(time.Millisecond * 200) // QPS:5
Expand Down
25 changes: 15 additions & 10 deletions dbm-services/mysql/db-priv/service/admin_password.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package service

import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
Expand All @@ -9,6 +10,8 @@ import (
"sync"
"time"

"golang.org/x/time/rate"

"dbm-services/common/go-pubpkg/errno"
)

Expand Down Expand Up @@ -218,12 +221,9 @@ func (m *GetAdminUserPasswordPara) GetMysqlAdminPassword() ([]*TbPasswords, int,
if m.UserName != "ADMIN" && m.UserName != "dbm_admin" {
return passwords, 0, errno.NameNull
}
if m.Component == "" {
return passwords, 0, errno.ComponentNull
}
// mysql实例中ADMIN用户的密码,仅能查看人为修改密码且在有效期的密码,不可以查看随机化生成的密码
where := fmt.Sprintf(" username='%s' and component='%s' and lock_until is not null and "+
"lock_until > now()", m.UserName, m.Component)
where := fmt.Sprintf(" username='%s' and component in ('%s','%s') and lock_until is not null and "+
"lock_until > now()", m.UserName, mysql, tendbcluster)
var filter []string
for _, item := range m.Instances {
if item.Port != nil {
Expand Down Expand Up @@ -278,7 +278,11 @@ func (m *ModifyAdminUserPasswordPara) ModifyAdminPassword() (BatchResult, error)
var security SecurityRule
var passwordInput string
var errCheck error
tokenBucket := make(chan int, 10)

limit := rate.Every(time.Millisecond * 200) // QPS:5
burst := 10 // 桶容量 10
limiter := rate.NewLimiter(limit, burst)

if m.UserName == "" {
return batch, errno.NameNull
}
Expand Down Expand Up @@ -366,18 +370,20 @@ func (m *ModifyAdminUserPasswordPara) ModifyAdminPassword() (BatchResult, error)
return batch, errOuter
}
wg.Add(1)
tokenBucket <- 0
go func(psw, encrypt string, cluster OneCluster) {
defer func() {
<-tokenBucket
wg.Done()
}()
err := limiter.Wait(context.Background())
if err != nil {
AddError(&errMsg, "get parallel resource", err)
return
}
// 如果是sqlserver授权,走sqlserver授权通道
if m.Component == "sqlserver" {
m.ModifyAdminPasswordForSqlserver(
psw, encrypt, cluster, &errMsg, &success, &fail,
)

} else {
// 默认走mysql授权通道
m.ModifyAdminPasswordForMysql(
Expand All @@ -387,7 +393,6 @@ func (m *ModifyAdminUserPasswordPara) ModifyAdminPassword() (BatchResult, error)
}(psw, encrypt, cluster)
}
wg.Wait()
close(tokenBucket)
// 随机化成功的实例以及随机化失败的实例,返回格式与入参Clusters相同,便于失败重试
batch = BatchResult{Success: success.resources, Fail: fail.resources}
if len(errMsg.errs) > 0 {
Expand Down
1 change: 0 additions & 1 deletion dbm-services/mysql/db-priv/service/admin_password_object.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ type GetAdminUserPasswordPara struct {
Instances []IpPortFilter `json:"instances"`
BkBizId *int64 `json:"bk_biz_id"`
UserName string `json:"username"`
Component string `json:"component"`
Limit *int `json:"limit"`
Offset *int `json:"offset"`
BeginTime string `json:"begin_time"`
Expand Down
3 changes: 1 addition & 2 deletions dbm-ui/backend/configuration/handlers/password.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
DBM_PASSWORD_SECURITY_NAME,
MYSQL_ADMIN_USER,
AdminPasswordRole,
DBType,
)
from backend.configuration.exceptions import PasswordPolicyBaseException
from backend.core.encrypt.constants import AsymmetricCipherConfigType
Expand Down Expand Up @@ -109,7 +108,7 @@ def query_mysql_admin_password(
else:
raise PasswordPolicyBaseException(_("请保证查询的实例输入格式合法,格式为[CLOUD_ID:]IP:PORT"))

filters = {"limit": limit, "offset": offset, "component": DBType.MySQL.value, "username": MYSQL_ADMIN_USER}
filters = {"limit": limit, "offset": offset, "username": MYSQL_ADMIN_USER}
if instance_list:
filters.update(instances=instance_list)
if begin_time:
Expand Down

0 comments on commit 23e3a1c

Please sign in to comment.