From e11207dbc08a5fcfa31e260d2111fc233df2b0f4 Mon Sep 17 00:00:00 2001 From: liugq Date: Fri, 10 Feb 2023 09:51:42 +0800 Subject: [PATCH 1/6] init credential secret --- config/system_config.tpl | 2 +- plugin/setup/setup.go | 53 +++++++++++++++++++++++++++++++++++++--- 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/config/system_config.tpl b/config/system_config.tpl index 770d27c0..377d466a 100644 --- a/config/system_config.tpl +++ b/config/system_config.tpl @@ -11,7 +11,7 @@ elasticsearch: enabled: false basic_auth: username: $[[CLUSTER_USER]] - password: $[[CLUSTER_PASS]] + password: $[[keystore.SYSTEM_CLUSTER_PASS]] elastic.elasticsearch: $[[CLUSTER_ID]] diff --git a/plugin/setup/setup.go b/plugin/setup/setup.go index 5efcb58f..803fd535 100644 --- a/plugin/setup/setup.go +++ b/plugin/setup/setup.go @@ -2,15 +2,19 @@ package task import ( "bytes" + "crypto/md5" + "encoding/hex" "fmt" "golang.org/x/crypto/bcrypt" "infini.sh/framework/core/api" "infini.sh/framework/core/api/rbac" httprouter "infini.sh/framework/core/api/router" + "infini.sh/framework/core/credential" "infini.sh/framework/core/elastic" "infini.sh/framework/core/env" "infini.sh/framework/core/errors" "infini.sh/framework/core/global" + "infini.sh/framework/core/keystore" "infini.sh/framework/core/module" "infini.sh/framework/core/orm" "infini.sh/framework/core/pipeline" @@ -84,6 +88,7 @@ type SetupRequest struct { Skip bool `json:"skip"` BootstrapUsername string `json:"bootstrap_username"` BootstrapPassword string `json:"bootstrap_password"` + CredentialSecret string `json:"credential_secret"` } var tempID="infini_default_system_cluster" @@ -324,6 +329,9 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http if err!=nil{ panic(err) } + if request.CredentialSecret == "" { + panic("invalid credential secret") + } if cfg1.IndexPrefix==""{ cfg1.IndexPrefix=".infini_" @@ -346,6 +354,16 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http //处理ORM handler := elastic2.ElasticORM{Client: client, Config:cfg1 } orm.Register("elastic_setup_"+util.GetUUID(), handler) + //生成凭据并保存 + h := md5.New() + rawSecret := []byte(request.CredentialSecret) + h.Write(rawSecret) + secret := make([]byte, 32) + hex.Encode(secret, h.Sum(nil)) + err = credential.InitSecret(nil, secret) + if err != nil { + panic(err) + } if !request.Skip{ //处理模版 @@ -410,8 +428,36 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http //init security security.InitSecurity() + + toSaveCfg := cfg + if request.Cluster.Username != "" || request.Cluster.Password != "" { + cred := credential.Credential{ + Name: "INFINI_SYSTEM", + Type: credential.BasicAuth, + Tags: []string{"infini", "system"}, + Payload: map[string]interface{}{ + "basic_auth": map[string]interface{}{ + "username": request.Cluster.Username, + "password": request.Cluster.Password, + }, + }, + } + cred.ID = util.GetUUID() + err = cred.Encode() + if err != nil { + panic(err) + } + toSaveCfg.CredentialID = cred.ID + cfg.CredentialID = cred.ID + err = orm.Save(nil, &cred) + if err!=nil{ + panic(err) + } + toSaveCfg.BasicAuth = nil + } + //保存默认集群 - err=orm.Save(nil, &cfg) + err=orm.Save(nil, &toSaveCfg) if err!=nil{ panic(err) } @@ -449,14 +495,15 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http } } + keystore.SetValue("SYSTEM_CLUSTER_PASS", []byte(cfg.BasicAuth.Password)) //save to local file file:=path.Join(global.Env().GetConfigDir(),"system_config.yml") _,err=util.FilePutContent(file,fmt.Sprintf("configs.template:\n - name: \"system\"\n path: ./config/system_config.tpl\n variable:\n " + "CLUSTER_ID: %v\n CLUSTER_ENDPINT: \"%v\"\n " + - "CLUSTER_USER: \"%v\"\n CLUSTER_PASS: \"%v\"\n CLUSTER_VER: \"%v\"\n INDEX_PREFIX: \"%v\"", - tempID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.BasicAuth.Password,cfg.Version,cfg1.IndexPrefix )) + "CLUSTER_USER: \"%v\"\n CLUSTER_VER: \"%v\"\n INDEX_PREFIX: \"%v\"", + tempID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.Version,cfg1.IndexPrefix )) if err!=nil{ panic(err) } From a820e0d52fa552a324c5264d755dc7ad48760d9e Mon Sep 17 00:00:00 2001 From: liugq Date: Wed, 15 Feb 2023 11:55:49 +0800 Subject: [PATCH 2/6] handle err --- main.go | 8 ++++++++ plugin/setup/setup.go | 5 ++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index 88be737e..e27fd461 100644 --- a/main.go +++ b/main.go @@ -11,10 +11,12 @@ import ( _ "infini.sh/console/plugin" alerting2 "infini.sh/console/service/alerting" "infini.sh/framework" + config2 "infini.sh/framework/core/config" "infini.sh/framework/core/elastic" "infini.sh/framework/core/env" "infini.sh/framework/core/global" "infini.sh/framework/core/insight" + "infini.sh/framework/core/keystore" _ "infini.sh/framework/core/log" "infini.sh/framework/core/module" "infini.sh/framework/core/orm" @@ -55,6 +57,12 @@ func main() { app := framework.NewApp("console", "The easiest way to operate your own search platform.", config.Version, config.BuildNumber, config.LastCommitLog, config.BuildDate, config.EOLDate, terminalHeader, terminalFooter) + ksResolver, err := keystore.GetVariableResolver() + if err != nil { + panic(err) + } + config2.RegisterOption("keystore", ksResolver) + app.Init(nil) defer app.Shutdown() diff --git a/plugin/setup/setup.go b/plugin/setup/setup.go index 495a4446..365bc26c 100644 --- a/plugin/setup/setup.go +++ b/plugin/setup/setup.go @@ -503,7 +503,10 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http } } - keystore.SetValue("SYSTEM_CLUSTER_PASS", []byte(cfg.BasicAuth.Password)) + err = keystore.SetValue("SYSTEM_CLUSTER_PASS", []byte(cfg.BasicAuth.Password)) + if err!=nil{ + panic(err) + } //save to local file From cc4f824ff5a1256677e67700a5c7b24acb5746d6 Mon Sep 17 00:00:00 2001 From: liugq Date: Mon, 20 Feb 2023 09:47:07 +0800 Subject: [PATCH 3/6] remove register keystore resolver --- main.go | 8 -------- 1 file changed, 8 deletions(-) diff --git a/main.go b/main.go index e27fd461..88be737e 100644 --- a/main.go +++ b/main.go @@ -11,12 +11,10 @@ import ( _ "infini.sh/console/plugin" alerting2 "infini.sh/console/service/alerting" "infini.sh/framework" - config2 "infini.sh/framework/core/config" "infini.sh/framework/core/elastic" "infini.sh/framework/core/env" "infini.sh/framework/core/global" "infini.sh/framework/core/insight" - "infini.sh/framework/core/keystore" _ "infini.sh/framework/core/log" "infini.sh/framework/core/module" "infini.sh/framework/core/orm" @@ -57,12 +55,6 @@ func main() { app := framework.NewApp("console", "The easiest way to operate your own search platform.", config.Version, config.BuildNumber, config.LastCommitLog, config.BuildDate, config.EOLDate, terminalHeader, terminalFooter) - ksResolver, err := keystore.GetVariableResolver() - if err != nil { - panic(err) - } - config2.RegisterOption("keystore", ksResolver) - app.Init(nil) defer app.Shutdown() From 5d002145b9071292588151928c9af934f3d19c6a Mon Sep 17 00:00:00 2001 From: liugq Date: Tue, 21 Feb 2023 15:39:26 +0800 Subject: [PATCH 4/6] add credential change callback for updating password of system cluster --- plugin/setup/setup.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/plugin/setup/setup.go b/plugin/setup/setup.go index 365bc26c..fa6f15a0 100644 --- a/plugin/setup/setup.go +++ b/plugin/setup/setup.go @@ -70,6 +70,27 @@ func InvokeSetupCallback() { } func (module *Module) Start() error { + credential.RegisterChangeEvent(func(cred *credential.Credential) { + if cred == nil { + return + } + sysClusterID := global.MustLookupString(elastic.GlobalSystemElasticsearchID) + conf := elastic.GetConfig(sysClusterID) + if conf.CredentialID != cred.ID { + return + } + bv, err := cred.Decode() + if err != nil { + log.Error(err) + return + } + if basicAuth, ok := bv.(elastic.BasicAuth); ok { + err = keystore.SetValue("SYSTEM_CLUSTER_PASS", []byte(basicAuth.Password)) + if err != nil { + log.Error(err) + } + } + }) return nil } func (module *Module) Stop() error { From 67382361a149d652afd1212f5ba1b5362dd5e198 Mon Sep 17 00:00:00 2001 From: liugq Date: Thu, 23 Feb 2023 09:15:05 +0800 Subject: [PATCH 5/6] use orm.Create replace orm.Save method --- plugin/setup/setup.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin/setup/setup.go b/plugin/setup/setup.go index fa6f15a0..afea8e70 100644 --- a/plugin/setup/setup.go +++ b/plugin/setup/setup.go @@ -486,7 +486,7 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http } //保存默认集群 - err=orm.Save(nil, &toSaveCfg) + err=orm.Create(nil, &toSaveCfg) if err!=nil{ panic(err) } @@ -510,7 +510,7 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http Name: rbac.RoleAdminName, }) user.Roles=role - err=orm.Save(nil, &user) + err=orm.Create(nil, &user) if err!=nil{ panic(err) } From 0cd198b8055042e21abea2166a1ce896bd71273c Mon Sep 17 00:00:00 2001 From: liugq Date: Thu, 23 Feb 2023 11:10:38 +0800 Subject: [PATCH 6/6] rename tempID to GlobalSystemElasticsearchID --- plugin/setup/setup.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/plugin/setup/setup.go b/plugin/setup/setup.go index afea8e70..3d8077eb 100644 --- a/plugin/setup/setup.go +++ b/plugin/setup/setup.go @@ -112,7 +112,7 @@ type SetupRequest struct { CredentialSecret string `json:"credential_secret"` } -var tempID="infini_default_system_cluster" +var GlobalSystemElasticsearchID="infini_default_system_cluster" const VersionTooOld ="elasticsearch_version_too_old" const IndicesExists ="elasticsearch_indices_exists" @@ -276,7 +276,7 @@ func (module *Module) initTempClient(r *http.Request) (error, elastic.API,SetupR } - cfg.ID = tempID + cfg.ID = GlobalSystemElasticsearchID cfg.Name = "INFINI_SYSTEM ("+util.PickRandomName()+")" elastic.InitMetadata(&cfg, true) client, err := elastic1.InitClientWithConfig(cfg) @@ -284,7 +284,7 @@ func (module *Module) initTempClient(r *http.Request) (error, elastic.API,SetupR return err,nil,request } - global.Register(elastic.GlobalSystemElasticsearchID,tempID) + global.Register(elastic.GlobalSystemElasticsearchID,GlobalSystemElasticsearchID) elastic.UpdateConfig(cfg) elastic.UpdateClient(cfg, client) @@ -535,7 +535,7 @@ func (module *Module) initialize(w http.ResponseWriter, r *http.Request, ps http _,err=util.FilePutContent(file,fmt.Sprintf("configs.template:\n - name: \"system\"\n path: ./config/system_config.tpl\n variable:\n " + "CLUSTER_ID: %v\n CLUSTER_ENDPINT: \"%v\"\n " + "CLUSTER_USER: \"%v\"\n CLUSTER_VER: \"%v\"\n INDEX_PREFIX: \"%v\"", - tempID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.Version,cfg1.IndexPrefix )) + GlobalSystemElasticsearchID,cfg.Endpoint,cfg.BasicAuth.Username,cfg.Version,cfg1.IndexPrefix )) if err!=nil{ panic(err) }