Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(backend): db_cloud_token增加缓存 #2157 #2158

Merged
merged 1 commit into from
Nov 27, 2023
Merged

fix(backend): db_cloud_token增加缓存 #2157 #2158

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions dbm-ui/backend/db_proxy/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,10 @@

NGINX_PUSH_TARGET_PATH = "/usr/local/bkdb/nginx-portable/conf/cluster_service/"

# 缓存inst_id和nginx id,用于回调job,默认缓存时间5min
JOB_INSTANCE_EXPIRE_TIME = 5 * 60
# 定义token过期时间1天,防止废弃的token复用
DB_CLOUD_TOKEN_EXPIRE_TIME = 1 * 24 * 60 * 60


class ExtensionType(str, StructuredEnum):
Expand Down
38 changes: 24 additions & 14 deletions dbm-ui/backend/db_proxy/views/serialiers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
from backend.core.encrypt.constants import AsymmetricCipherConfigType
from backend.core.encrypt.exceptions import RSADecryptException
from backend.core.encrypt.handlers import AsymmetricHandler
from backend.db_proxy.constants import DB_CLOUD_TOKEN_EXPIRE_TIME
from backend.utils.redis import RedisConn

logger = logging.getLogger("root")

Expand All @@ -29,6 +31,21 @@ class BaseProxyPassSerialier(serializers.Serializer):
db_cloud_token = serializers.CharField(help_text=_("调用的校验token"), required=False)
bk_cloud_id = serializers.IntegerField(help_text=_("请求服务所属的云区域ID"), required=False)

@classmethod
def verify_token(cls, db_cloud_token, bk_cloud_id):
try:
token = AsymmetricHandler.decrypt(name=AsymmetricCipherConfigType.PROXYPASS.value, content=db_cloud_token)
except RSADecryptException:
raise serializers.ValidationError(_("token:{}解密失败,请检查token是否合法").format(db_cloud_token))
except KeyError:
raise serializers.ValidationError(_("token:{}不存在,请传入校验token").format(db_cloud_token))

token_cloud_id = int(token.split("_")[0])
if token_cloud_id != int(bk_cloud_id):
raise serializers.ValidationError(
_("解析的云区域ID{}与请求参数的云区域ID{}不相同,请检查token是否合法").format(token_cloud_id, bk_cloud_id)
)

def validate(self, attrs):
request = self.context["request"]

Expand All @@ -40,20 +57,13 @@ def validate(self, attrs):
if getattr(request, "internal_call", None):
return attrs

try:
token = AsymmetricHandler.decrypt(
name=AsymmetricCipherConfigType.PROXYPASS.value, content=attrs["db_cloud_token"]
)
except RSADecryptException:
raise serializers.ValidationError(_("token:{}解密失败,请检查token是否合法").format(attrs["db_cloud_token"]))
except KeyError:
raise serializers.ValidationError(_("token:{}不存在,请传入校验token").format(attrs["db_cloud_token"]))

token_cloud_id = int(token.split("_")[0])
if token_cloud_id != int(attrs["bk_cloud_id"]):
raise serializers.ValidationError(
_("解析的云区域ID{}与请求参数的云区域ID{}不相同,请检查token是否合法").format(token_cloud_id, attrs["bk_cloud_id"])
)
# 解密/或拿到缓存ID
db_cloud_token, bk_cloud_id = attrs["db_cloud_token"], attrs["bk_cloud_id"]
cache_key = f"cache_db_cloud_token_{bk_cloud_id}"
cache_db_cloud_token = RedisConn.get(cache_key)
if db_cloud_token != cache_db_cloud_token:
self.verify_token(db_cloud_token, bk_cloud_id)
RedisConn.set(cache_key, db_cloud_token, DB_CLOUD_TOKEN_EXPIRE_TIME)

attrs.pop("db_cloud_token")
return attrs
Expand Down
2 changes: 1 addition & 1 deletion dbm-ui/backend/db_services/dbresource/handlers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ def spec_resource_count(cls, bk_biz_id: int, bk_cloud_id: int, spec_ids: List[in
for spec in specs
]
spec_count_params = {
"bk_biz_id": bk_biz_id,
"for_biz_id": bk_biz_id,
"resource_type": resource_type,
"bk_cloud_id": bk_cloud_id,
"details": spec_count_details,
Expand Down
11 changes: 10 additions & 1 deletion dbm-ui/backend/db_services/mysql/cluster/handlers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
"""
import copy
import itertools
import operator
from collections import defaultdict
Expand All @@ -28,7 +29,7 @@
TenDBClusterSpiderRole,
)
from backend.db_meta.exceptions import InstanceNotExistException
from backend.db_meta.models import Cluster, DBModule, ProxyInstance, StorageInstance
from backend.db_meta.models import Cluster, DBModule, ProxyInstance, StorageInstance, TenDBClusterSpiderExt
from backend.db_meta.models.machine import Machine
from backend.db_services.mysql.dataclass import ClusterFilter, DBInstance

Expand Down Expand Up @@ -165,6 +166,11 @@ def _fill_spider_instance_info(_cluster: Cluster, _cluster_info: Dict):
for role in TenDBClusterSpiderRole.get_values()
}
)
# 增加spider_ctl角色信息
_cluster_info["spider_ctl"] = copy.deepcopy(_cluster_info["spider_master"])
for instance in _cluster_info["spider_ctl"]:
instance["port"] = instance["admin_port"]
instance["instance_address"] = f"{instance['ip']}:{instance['port']}"

filter_conditions = Q()
for cluster_filter in cluster_filters:
Expand All @@ -189,6 +195,9 @@ def _fill_spider_instance_info(_cluster: Cluster, _cluster_info: Dict):
cluster.storageinstance_set.all().count() + cluster.proxyinstance_set.all().count()
)
if cluster.cluster_type == ClusterType.TenDBCluster:
cluster_info["instance_count"] += cluster.proxyinstance_set.filter(
tendbclusterspiderext__spider_role=TenDBClusterSpiderRole.SPIDER_MASTER
).count()
_fill_spider_instance_info(cluster, cluster_info)
else:
_fill_mysql_instance_info(cluster, cluster_info)
Expand Down
4 changes: 2 additions & 2 deletions helm-charts/bk-dbm/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,5 +79,5 @@ dependencies:
description: A Helm chart for bkdbm
name: bk-dbm
type: application
version: 1.3.0-alpha.5
appVersion: 1.3.0-alpha.5
version: 1.3.0-alpha.6
appVersion: 1.3.0-alpha.6
2 changes: 1 addition & 1 deletion helm-charts/bk-dbm/charts/dbpriv/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ name: dbpriv
description: A Helm chart for dbpriv
type: application
version: 0.1.31
appVersion: 0.0.1-alpha.167
appVersion: 0.0.1-alpha.170
Loading