Skip to content

Check db privileges #457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 23, 2025
Merged

Check db privileges #457

merged 4 commits into from
May 23, 2025

Conversation

LordofAvernus
Copy link
Collaborator

@LordofAvernus LordofAvernus commented May 23, 2025
edited by github-actions bot
Loading

User description

link: https://github.com/actiontech/dms-ee/issues/570

倒入数据源之前,实现批量校验数据源联通性和权限校验的功能

Description

  • 新增DB服务权限检查请求/响应结构

  • 实现并发DB服务权限校验逻辑

  • 添加新的API接口和处理函数

  • 更新Swagger文档与路由配置

Changes walkthrough 📝

Relevant files
Enhancement
5 files
project.go
新增Swagger权限检查数据结构定义                                                                           
+15/-0   
dms_controller.go
增加权限检查API处理函数                                                                                       
+38/-0   
router.go
更新路由,添加权限检查接口                                                                                       
+2/-2     
db_service.go
加入并发权限校验业务逻辑实现                                                                                     
+55/-1   
project.go
实现服务层权限检查接口调用                                                                                       
+27/-0   
Documentation
2 files
swagger.json
更新Swagger定义新权限检查接口                                                                             
+84/-2   
swagger.yaml
补充Swagger文档新权限检查入口                                                                             
+58/-2   
Need help?
  • Type /help how to ... in the comments thread for any questions about PR-Agent usage.
  • Check out the documentation for more information.
    •

    @LordofAvernus
    feat: Adds check DB service privilege structures
    eba970d 
    Adds the structures required for checking database service privileges.

These structures define the request and reply formats for checking if a service has the necessary privileges to connect to a database.
    @LordofAvernus
    Adds DB service privilege check endpoint
    6887ecd 
    Adds an endpoint to check if the provided DB services have enough privileges.

This allows users to verify the permissions of their database services before performing operations.
    @LordofAvernus
    gen swag
    7061fd3
    @LordofAvernus
    feat: Add DB Service Privileges Check Mechanism
    44932d6 
    Implements concurrent connectivity checks for database services to verify sufficient privileges, preventing operations on services with insufficient user permissions. Enhances security and operational reliability by validating access rights upfront.
    @actiontech-bot actiontech-bot requested a review from iwanghc May 23, 2025 05:23
    @github-actions GitHub Actions
    Copy link

    PR Reviewer Guide 🔍

    ⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Recommended focus areas for review

    并发错误处理

    在CheckDBServiceHasEnoughPrivileges函数中并发检查数据库服务权限时,错误处理机制建议进一步完善,考虑是否需要累计所有任务中的错误信息或进行更细致的日志记录,以便在并发操作中更全面地捕获和报告错误。

     
    func (d *DBServiceUsecase) GetBusiness(ctx context.Context, projectUid string) ([]string, error) {
	business, err := d.repo.GetBusinessByProjectUID(ctx, projectUid)
	if err != nil {
		return nil, fmt.Errorf("get business failed: %v", err)
	}

	return business, nil
}

type CheckDBServicePrivileges struct {
	ComponentPrivilegesResult []*IsConnectableReply
}

func (d *DBServiceUsecase) CheckDBServiceHasEnoughPrivileges(ctx context.Context, params []dmsCommonV1.CheckDbConnectable) ([]*CheckDBServicePrivileges, error) {
	type resultItem struct {
		index  int
		result *CheckDBServicePrivileges
		err    error
	}

	ret := make([]*CheckDBServicePrivileges, len(params))
	resultCh := make(chan resultItem, len(params))
	var wg sync.WaitGroup

	maxConcurrency := 8
	semaphore := make(chan struct{}, maxConcurrency)

	for i, v := range params {
		wg.Add(1)
		go func(i int, param dmsCommonV1.CheckDbConnectable) {
			defer wg.Done()

			semaphore <- struct{}{}        // acquire slot
			defer func() { <-semaphore }() // release slot

			r, err := d.IsConnectable(ctx, param)
			if err != nil {
				resultCh <- resultItem{index: i, err: fmt.Errorf("check db service privileges failed: %v", err)}
				return
			}

			resultCh <- resultItem{
				index: i,
				result: &CheckDBServicePrivileges{
					ComponentPrivilegesResult: r,
				},
			}
		}(i, v)
	}

	wg.Wait()
	close(resultCh)

	for item := range resultCh {
		if item.err != nil {
			return nil, item.err
		}
		ret[item.index] = item.result
	}

	return ret, nil
}
    Swagger接口一致性

    新增的CheckDBServicesPrivileges接口及其Swagger注释需要确保文档中描述的参数和返回结构与后端实现保持一致,建议仔细核对接口详情以确保接口行为符合预期的业务逻辑。

     
    func (ctl *DMSController) CheckDBServicesPrivileges(c echo.Context) error {
	var req aV1.CheckDBServicesPrivilegesReq
	err := bindAndValidateReq(c, &req)
	if nil != err {
		return NewErrResp(c, err, apiError.BadRequestErr)
	}

	reply, err := ctl.DMS.CheckDBServiceHasEnoughPrivileges(c.Request().Context(), req)
	if nil != err {
		return NewErrResp(c, err, apiError.DMSServiceErr)
	}
	return NewOkRespWithReply(c, reply)
}

    @github-actions GitHub Actions
    Copy link

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Impact
    General
    修正注释拼写错误

    建议将注释中的 "hava" 修正为 "have",以确保文档和接口描述正确无误。这种描述错误可能会导致开发者对接口功能产生误解。

    internal/apiserver/service/dms_controller.go [2388]

    -// check if the db_services hava enough privileges.
+// check if the db_services have enough privileges.
    Suggestion importance[1-10]: 3

    __

    Why: The suggestion corrects a minor typographical error in the comment from hava to have, improving clarity in the API documentation.

    		Low

    @iwanghc iwanghc merged commit cfc523b into main May 23, 2025
    1 check passed
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @iwanghc iwanghc iwanghc approved these changes

    Assignees
    No one assigned
    Labels
    None yet
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    2 participants
    @LordofAvernus @iwanghc