Merge pull request #744 from hhyo/feature/mutil-ak

支持配置多个阿里云认证信息
hhyo · May 23, 2020 · bb07c98 · bb07c98
2 parents 32493ce + 3dd9d61
commit bb07c98
Show file tree

Hide file tree

Showing 7 changed files with 80 additions and 57 deletions.
diff --git a/common/templates/base.html b/common/templates/base.html
@@ -62,7 +62,7 @@
                 <ul class="dropdown-menu dropdown-user">
                     {% if user.is_superuser %}
                         <li>
-                            <a target="_blank" href="/api/debug?full=true"><i class="fa fa-info fa-fw"></i> 系统信息</a>
+                            <a target="_blank" href="/api/debug"><i class="fa fa-info fa-fw"></i> 系统信息</a>
                         </li>
                         <li>
                             <a target="_blank" href="/admin"><i class="fa fa-sitemap fa-fw"></i> 管理后台</a>

diff --git a/common/templates/config.html b/common/templates/config.html
@@ -686,35 +686,6 @@ <h6 style="color:red">注2：企业微信开启后，若未配置企业微信Use
                         <br>
                         <h4 style="color: darkgrey"><b>其他配置</b></h4>
                         <hr/>
-                        <h5 style="color: darkgrey"><b>阿里云认证信息</b></h5>
-                        <h6 style="color:red">注：实例关联RDS实例ID后，会调用RDS接口获取慢日志、进程、表空间，其中进程和表空间需要管理权限的key</h6>
-                        <hr/>
-                        <div class="form-horizontal">
-                            <div class="form-group">
-                                <label for="aliyun_ak"
-                                       class="col-sm-4 control-label">AccessKeyID</label>
-                                <div class="col-sm-5">
-                                    <input type="password" class="form-control"
-                                           id="aliyun_ak"
-                                           key="aliyun_ak"
-                                           value="{{ config.aliyun_ak }}"
-                                           placeholder="AccessKeyID">
-                                </div>
-                            </div>
-                            <div class="form-group">
-                                <label for="aliyun_secret"
-                                       class="col-sm-4 control-label">AccessKeySecret</label>
-                                <div class="col-sm-5">
-                                    <input type="password" class="form-control"
-                                           id="aliyun_secret"
-                                           key="aliyun_secret"
-                                           value="{{ config.aliyun_secret }}"
-                                           placeholder="AccessKeySecret">
-                                </div>
-                            </div>
-                        </div>
-                        <h5 style="color: darkgrey"><b>其他</b></h5>
-                        <hr/>
                         <div class="form-horizontal">
                             <div class="form-group">
                                 <label for="index_path_url"

diff --git a/common/utils/aliyun_sdk.py b/common/utils/aliyun_sdk.py
@@ -6,18 +6,17 @@
 from aliyunsdkrds.request.v20140815 import DescribeSlowLogsRequest, DescribeSlowLogRecordsRequest, \
     RequestServiceOfCloudDBARequest
 import simplejson as json
-from common.config import SysConfig
 import logging
 
 logger = logging.getLogger('default')
 
 
 class Aliyun(object):
-    def __init__(self):
+    def __init__(self, rds):
         try:
-            sys_config = SysConfig()
-            ak = sys_config.get('aliyun_ak')
-            secret = sys_config.get('aliyun_secret')
+            self.DBInstanceId = rds.rds_dbinstanceid
+            ak = rds.ak.raw_key_id
+            secret = rds.ak.raw_key_secret
             self.clt = AcsClient(ak=ak, secret=secret)
         except Exception as m:
             raise Exception(f'阿里云认证失败：{m}{traceback.format_exc()}')
@@ -40,25 +39,26 @@ def utc2local(utc, utc_format):
         localtime = utc_time + (local_tm - utc_tm)
         return localtime
 
-    def DescribeSlowLogs(self, DBInstanceId, StartTime, EndTime, **kwargs):
+    def DescribeSlowLogs(self, StartTime, EndTime, **kwargs):
         """获取实例慢日志列表DBName,SortKey、PageSize、PageNumber"""
         request = DescribeSlowLogsRequest.DescribeSlowLogsRequest()
-        values = {"action_name": "DescribeSlowLogs", "DBInstanceId": DBInstanceId,
+        values = {"action_name": "DescribeSlowLogs", "DBInstanceId": self.DBInstanceId,
                   "StartTime": StartTime, "EndTime": EndTime, "SortKey": "TotalExecutionCounts"}
         values = dict(values, **kwargs)
         result = self.request_api(request, values)
         return result
 
-    def DescribeSlowLogRecords(self, DBInstanceId, StartTime, EndTime, **kwargs):
+    def DescribeSlowLogRecords(self, StartTime, EndTime, **kwargs):
         """查看慢日志明细SQLId,DBName、PageSize、PageNumber"""
         request = DescribeSlowLogRecordsRequest.DescribeSlowLogRecordsRequest()
-        values = {"action_name": "DescribeSlowLogRecords", "DBInstanceId": DBInstanceId,
+        values = {"action_name": "DescribeSlowLogRecords", "DBInstanceId": self.DBInstanceId,
                   "StartTime": StartTime, "EndTime": EndTime}
         values = dict(values, **kwargs)
         result = self.request_api(request, values)
         return result
 
-    def RequestServiceOfCloudDBA(self, DBInstanceId, ServiceRequestType, ServiceRequestParam, **kwargs):
+    def RequestServiceOfCloudDBA(self, ServiceRequestType, ServiceRequestParam,
+                                 **kwargs):
         """
         获取统计信息：'GetTimedMonData',{"Language":"zh","KeyGroup":"mem_cpu_usage","KeyName":"","StartTime":"2018-01-15T04:03:26Z","EndTime":"2018-01-15T05:03:26Z"}
             mem_cpu_usage、iops_usage、detailed_disk_space
@@ -68,7 +68,7 @@ def RequestServiceOfCloudDBA(self, DBInstanceId, ServiceRequestType, ServiceRequ
         获取资源利用信息：'GetResourceUsage',{"Language":"zh"}
         """
         request = RequestServiceOfCloudDBARequest.RequestServiceOfCloudDBARequest()
-        values = {"action_name": "RequestServiceOfCloudDBA", "DBInstanceId": DBInstanceId,
+        values = {"action_name": "RequestServiceOfCloudDBA", "DBInstanceId": self.DBInstanceId,
                   "ServiceRequestType": ServiceRequestType, "ServiceRequestParam": ServiceRequestParam}
         values = dict(values, **kwargs)
         result = self.request_api(request, values)

diff --git a/sql/admin.py b/sql/admin.py
@@ -4,7 +4,7 @@
 
 # Register your models here.
 from .models import Users, Instance, SqlWorkflow, SqlWorkflowContent, QueryLog, DataMaskingColumns, DataMaskingRules, \
-    AliyunRdsConfig, ResourceGroup, QueryPrivilegesApply, \
+    AliyunRdsConfig, CloudAccessKey, ResourceGroup, QueryPrivilegesApply, \
     QueryPrivileges, InstanceAccount, InstanceDatabase, ArchiveConfig, \
     WorkflowAudit, WorkflowLog, ParamTemplate, ParamHistory, InstanceTag
 
@@ -206,8 +206,7 @@ class ArchiveConfigAdmin(admin.ModelAdmin):
               'mode', 'condition', 'sleep', 'no_delete', 'state', 'user_name', 'user_display')
 
 
-# 阿里云实例配置信息
-@admin.register(AliyunRdsConfig)
-class AliRdsConfigAdmin(admin.ModelAdmin):
-    list_display = ('instance', 'rds_dbinstanceid', 'is_enable')
-    search_fields = ['instance__instance_name', 'rds_dbinstanceid']
+# 云服务认证信息配置
+@admin.register(CloudAccessKey)
+class CloudAccessKeyAdmin(admin.ModelAdmin):
+    list_display = ('type', 'key_id', 'key_secret', 'remark')
diff --git a/sql/aliyun_rds.py b/sql/aliyun_rds.py
@@ -30,7 +30,7 @@ def slowquery_review(request):
     # 通过实例名称获取关联的rds实例id
     instance_info = AliyunRdsConfig.objects.get(instance__instance_name=instance_name)
     # 调用aliyun接口获取SQL慢日志统计
-    slowsql = Aliyun().DescribeSlowLogs(instance_info.rds_dbinstanceid, start_time, end_time, **values)
+    slowsql = Aliyun(rds=instance_info).DescribeSlowLogs(start_time, end_time, **values)
 
     # 解决table数据丢失精度、格式化时间
     sql_slow_log = json.loads(slowsql)['Items']['SQLSlowLog']
@@ -71,7 +71,7 @@ def slowquery_review_history(request):
     # 通过实例名称获取关联的rds实例id
     instance_info = AliyunRdsConfig.objects.get(instance__instance_name=instance_name)
     # 调用aliyun接口获取SQL慢日志统计
-    slowsql = Aliyun().DescribeSlowLogRecords(instance_info.rds_dbinstanceid, start_time, end_time, **values)
+    slowsql = Aliyun(rds=instance_info).DescribeSlowLogRecords(start_time, end_time, **values)
 
     # 格式化时间\过滤HostAddress
     sql_slow_record = json.loads(slowsql)['Items']['SQLSlowRecord']
@@ -98,8 +98,8 @@ def process_status(request):
     # 通过实例名称获取关联的rds实例id
     instance_info = AliyunRdsConfig.objects.get(instance__instance_name=instance_name)
     # 调用aliyun接口获取进程数据
-    process_info = Aliyun().RequestServiceOfCloudDBA(instance_info.rds_dbinstanceid, 'ShowProcessList',
-                                                     {"Language": "zh", "Command": command_type})
+    process_info = Aliyun(rds=instance_info).RequestServiceOfCloudDBA(
+        'ShowProcessList', {"Language": "zh", "Command": command_type})
 
     # 提取进程列表
     process_list = json.loads(process_info)['AttrData']
@@ -120,8 +120,8 @@ def create_kill_session(request):
     # 通过实例名称获取关联的rds实例id
     instance_info = AliyunRdsConfig.objects.get(instance__instance_name=instance_name)
     # 调用aliyun接口获取进程数据
-    request_info = Aliyun().RequestServiceOfCloudDBA(instance_info.rds_dbinstanceid, 'CreateKillSessionRequest',
-                                                     {"Language": "zh", "ThreadIDs": json.loads(thread_ids)})
+    request_info = Aliyun(rds=instance_info).RequestServiceOfCloudDBA(
+        'CreateKillSessionRequest', {"Language": "zh", "ThreadIDs": json.loads(thread_ids)})
 
     # 提取进程列表
     request_list = json.loads(request_info)['AttrData']
@@ -143,8 +143,7 @@ def kill_session(request):
     # 调用aliyun接口获取终止进程
     request_params = json.loads(request_params)
     service_request_param = dict({"Language": "zh"}, **request_params)
-    kill_result = Aliyun().RequestServiceOfCloudDBA(instance_info.rds_dbinstanceid, 'ConfirmKillSessionRequest',
-                                                    service_request_param)
+    kill_result = Aliyun(rds=instance_info).RequestServiceOfCloudDBA('ConfirmKillSessionRequest', service_request_param)
 
     # 获取处理结果
     kill_result = json.loads(kill_result)['AttrData']
@@ -162,8 +161,8 @@ def sapce_status(request):
     # 通过实例名称获取关联的rds实例id
     instance_info = AliyunRdsConfig.objects.get(instance__instance_name=instance_name)
     # 调用aliyun接口获取进程数据
-    space_info = Aliyun().RequestServiceOfCloudDBA(instance_info.rds_dbinstanceid, 'GetSpaceStatForTables',
-                                                   {"Language": "zh", "OrderType": "Data"})
+    space_info = Aliyun(rds=instance_info).RequestServiceOfCloudDBA(
+        'GetSpaceStatForTables', {"Language": "zh", "OrderType": "Data"})
 
     # 提取进程列表
     space_list = json.loads(space_info)['ListData']

diff --git a/sql/models.py b/sql/models.py
@@ -4,6 +4,7 @@
 from mirage import fields
 
 from django.utils.translation import gettext as _
+from mirage.crypto import Crypto
 
 
 class ResourceGroup(models.Model):
@@ -581,12 +582,51 @@ class Meta:
         verbose_name_plural = u'系统配置'
 
 
+# 云服务认证信息配置
+class CloudAccessKey(models.Model):
+    cloud_type_choices = (('aliyun', 'aliyun'),)
+
+    type = models.CharField(max_length=20, default='', choices=cloud_type_choices)
+    key_id = models.CharField(max_length=200)
+    key_secret = models.CharField(max_length=200)
+    remark = models.CharField(max_length=50, default='', blank=True)
+
+    def __init__(self, *args, **kwargs):
+        self.c = Crypto()
+        super().__init__(*args, **kwargs)
+
+    @property
+    def raw_key_id(self):
+        """ 返回明文信息"""
+        return self.c.decrypt(self.key_id)
+
+    @property
+    def raw_key_secret(self):
+        """ 返回明文信息"""
+        return self.c.decrypt(self.key_secret)
+
+    def save(self, *args, **kwargs):
+        self.key_id = self.c.encrypt(self.key_id)
+        self.key_secret = self.c.encrypt(self.key_secret)
+        super(CloudAccessKey, self).save(*args, **kwargs)
+
+    def __str__(self):
+        return f'{self.type}({self.remark})'
+
+    class Meta:
+        managed = True
+        db_table = 'cloud_access_key'
+        verbose_name = u'云服务认证信息配置'
+        verbose_name_plural = u'云服务认证信息配置'
+
+
 class AliyunRdsConfig(models.Model):
     """
     阿里云rds配置信息
     """
     instance = models.OneToOneField(Instance, on_delete=models.CASCADE)
     rds_dbinstanceid = models.CharField('对应阿里云RDS实例ID', max_length=100)
+    ak = models.ForeignKey(CloudAccessKey, on_delete=models.CASCADE)
     is_enable = models.BooleanField('是否启用', default=False)
 
     def __int__(self):

diff --git a/src/init_sql/v1.7.10_v1.7.11.sql b/src/init_sql/v1.7.10_v1.7.11.sql
@@ -0,0 +1,14 @@
+-- 云服务认证信息配置
+create table cloud_access_key(
+  id int not null auto_increment primary key comment 'id',
+  type varchar(20) not null default '' comment 'type',
+  key_id varchar(200) not null default '' comment 'key_id',
+  key_secret varchar(200) not null default '' comment 'key_secret',
+  remark varchar(50) not null default '' comment 'remark'
+) comment '云服务认证信息配置';
+
+-- 阿里云RDS配置关联认证信息
+set foreign_key_checks=0;
+alter table aliyun_rds_config add ak_id int not null default 0 comment 'ak_id',
+  add  CONSTRAINT `fk_aliyun_rds_ak_id` FOREIGN KEY (`ak_id`) REFERENCES `cloud_access_key` (`id`);
+set foreign_key_checks=1;