From 310497242b52f3e20843349c20e6e354ce88e0a4 Mon Sep 17 00:00:00 2001 From: liugq Date: Thu, 26 May 2022 12:11:20 +0800 Subject: [PATCH] auth api --- plugin/api/alerting/api.go | 2 +- plugin/api/alerting/channel.go | 37 +++++++++++++++--------- plugin/api/index_management/indices.go | 15 ++++++++-- plugin/api/init.go | 2 +- service/alerting/elasticsearch/engine.go | 1 + 5 files changed, 40 insertions(+), 17 deletions(-) diff --git a/plugin/api/alerting/api.go b/plugin/api/alerting/api.go index 5ab8f2d5..e9fc7ba3 100644 --- a/plugin/api/alerting/api.go +++ b/plugin/api/alerting/api.go @@ -31,7 +31,7 @@ func (alert *AlertAPI) Init() { api.HandleAPIMethod(api.GET, "/alerting/channel/:channel_id", alert.RequirePermission(alert.getChannel, enum.PermissionAlertChannelRead)) api.HandleAPIMethod(api.POST, "/alerting/channel", alert.RequirePermission(alert.createChannel, enum.PermissionAlertChannelWrite)) - api.HandleAPIMethod(api.DELETE, "/alerting/channel/:channel_id", alert.RequirePermission(alert.deleteChannel, enum.PermissionAlertChannelWrite)) + api.HandleAPIMethod(api.DELETE, "/alerting/channel", alert.RequirePermission(alert.deleteChannel, enum.PermissionAlertChannelWrite)) api.HandleAPIMethod(api.PUT, "/alerting/channel/:channel_id", alert.RequirePermission(alert.updateChannel, enum.PermissionAlertChannelWrite)) api.HandleAPIMethod(api.GET, "/alerting/channel/_search", alert.RequirePermission(alert.searchChannel, enum.PermissionAlertChannelRead)) diff --git a/plugin/api/alerting/channel.go b/plugin/api/alerting/channel.go index c372954d..f38a5fa0 100644 --- a/plugin/api/alerting/channel.go +++ b/plugin/api/alerting/channel.go @@ -107,21 +107,32 @@ func (h *AlertAPI) updateChannel(w http.ResponseWriter, req *http.Request, ps ht } func (h *AlertAPI) deleteChannel(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { - id := ps.MustGetParameter("channel_id") - - obj := alerting.Channel{} - obj.ID = id - - exists, err := orm.Get(&obj) - if !exists || err != nil { - h.WriteJSON(w, util.MapStr{ - "_id": id, - "result": "not_found", - }, http.StatusNotFound) + reqBody := struct { + ChannelIDs []string `json:"ids"` + }{} + err := h.DecodeJSON(req, &reqBody) + if err != nil { + h.WriteError(w, err.Error(), http.StatusInternalServerError) + log.Error(err) return } + if len(reqBody.ChannelIDs) == 0 { + if err != nil { + h.WriteError(w, "channel ids required", http.StatusInternalServerError) + log.Error(err) + return + } + } - err = orm.Delete(&obj) + queryDsl := util.MapStr{ + "query": util.MapStr{ + "terms": util.MapStr{ + "id": reqBody.ChannelIDs, + }, + }, + } + + err = orm.DeleteBy(alerting.Channel{}, util.MustToJSONBytes(queryDsl)) if err != nil { h.WriteError(w, err.Error(), http.StatusInternalServerError) log.Error(err) @@ -129,7 +140,7 @@ func (h *AlertAPI) deleteChannel(w http.ResponseWriter, req *http.Request, ps ht } h.WriteJSON(w, util.MapStr{ - "_id": obj.ID, + "ids": reqBody.ChannelIDs , "result": "deleted", }, 200) } diff --git a/plugin/api/index_management/indices.go b/plugin/api/index_management/indices.go index 6ae775d6..227668e3 100644 --- a/plugin/api/index_management/indices.go +++ b/plugin/api/index_management/indices.go @@ -1,11 +1,12 @@ package index_management import ( + log "github.com/cihub/seelog" httprouter "infini.sh/framework/core/api/router" "infini.sh/framework/core/elastic" "infini.sh/framework/core/util" "net/http" - log "github.com/cihub/seelog" + "strings" ) func (handler APIHandler) HandleGetMappingsAction(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { @@ -39,7 +40,17 @@ func (handler APIHandler) HandleGetMappingsAction(w http.ResponseWriter, req *ht func (handler APIHandler) HandleGetIndicesAction(w http.ResponseWriter, req *http.Request, ps httprouter.Params) { targetClusterID := ps.ByName("id") client := elastic.GetClient(targetClusterID) - catIndices, err := client.GetIndices("") + //filter indices + allowedIndices, hasAllPrivilege := handler.GetAllowedIndices(req, targetClusterID) + if !hasAllPrivilege && len(allowedIndices) == 0 { + handler.WriteJSON(w, []interface{}{} , http.StatusOK) + return + } + strIndices := "" + if !hasAllPrivilege { + strIndices = strings.Join(allowedIndices, ",") + } + catIndices, err := client.GetIndices(strIndices) resBody := util.MapStr{} if err != nil { log.Error(err) diff --git a/plugin/api/init.go b/plugin/api/init.go index c69abd01..5670da83 100644 --- a/plugin/api/init.go +++ b/plugin/api/init.go @@ -35,7 +35,7 @@ func Init(cfg *config.AppConfig) { api.HandleAPIMethod(api.GET, path.Join(pathPrefix, "rebuild/_search"), handler.HandleGetRebuildListAction) api.HandleAPIMethod(api.DELETE, path.Join(pathPrefix, "rebuild/:id"), handler.HandleDeleteRebuildAction) - api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.HandleGetIndicesAction) + api.HandleAPIMethod(api.GET, path.Join(esPrefix, "_cat/indices"), handler.RequireLogin(handler.HandleGetIndicesAction)) api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_mappings"), handler.HandleGetMappingsAction) api.HandleAPIMethod(api.GET, path.Join(esPrefix, "index/:index/_settings"), handler.HandleGetSettingsAction) api.HandleAPIMethod(api.PUT, path.Join(esPrefix, "index/:index/_settings"),handler.HandleUpdateSettingsAction) diff --git a/service/alerting/elasticsearch/engine.go b/service/alerting/elasticsearch/engine.go index af2807ad..d1d22250 100644 --- a/service/alerting/elasticsearch/engine.go +++ b/service/alerting/elasticsearch/engine.go @@ -45,6 +45,7 @@ func (engine *Engine) GenerateQuery(rule *alerting.Rule, filterParam *alerting.F return nil, fmt.Errorf("metric items should not be empty") } basicAggs := util.MapStr{} + //todo bucket sort (es 6.1) bucket script (es 2.0) for _, metricItem := range rule.Metrics.Items { metricAggs := engine.generateAgg(&metricItem) if err = util.MergeFields(basicAggs, metricAggs, true); err != nil {