From e13486b08037703a18c3b727018e5489c50fdd8d Mon Sep 17 00:00:00 2001 From: ljl <17743125563@163.com> Date: Sat, 3 Aug 2024 14:35:16 +0800 Subject: [PATCH] iam:fix third-kind cert. --- .../iam/src/basic/dto/iam_cert_dto.rs | 16 ++++ .../iam/src/basic/serv/iam_cert_serv.rs | 89 ++++++++++++++++++- .../console_interface/api/iam_ci_cert_api.rs | 46 ++++++++-- backend/supports/iam/tests/test_cc_cert.rs | 2 +- 4 files changed, 140 insertions(+), 13 deletions(-) diff --git a/backend/supports/iam/src/basic/dto/iam_cert_dto.rs b/backend/supports/iam/src/basic/dto/iam_cert_dto.rs index d629ee7b8..02198558f 100644 --- a/backend/supports/iam/src/basic/dto/iam_cert_dto.rs +++ b/backend/supports/iam/src/basic/dto/iam_cert_dto.rs @@ -116,6 +116,8 @@ pub struct IamCertPhoneVCodeBindReq { #[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] pub struct IamThirdPartyCertExtAddReq { + #[oai(validator(min_length = "2", max_length = "255"))] + pub rel_rbum_id: String, #[oai(validator(min_length = "2", max_length = "255"))] pub ak: String, #[oai(validator(min_length = "1", max_length = "255"))] @@ -124,6 +126,20 @@ pub struct IamThirdPartyCertExtAddReq { pub sk: Option, pub ext: Option, } + +#[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] +pub struct IamThirdPartyCertExtModifyReq { + #[oai(validator(min_length = "2", max_length = "255"))] + pub rel_rbum_id: String, + #[oai(validator(min_length = "2", max_length = "255"))] + pub ak: String, + #[oai(validator(min_length = "1", max_length = "255"))] + pub supplier: String, + #[oai(validator(min_length = "2", max_length = "10000"))] + pub sk: Option, + pub ext: Option, +} + #[derive(poem_openapi::Object, Serialize, Deserialize, Debug)] pub struct IamThirdIntegrationSyncAddReq { pub account_sync_from: IamCertExtKind, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_serv.rs index 6e61e6508..dd4a1f26a 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_serv.rs @@ -2,9 +2,11 @@ use bios_basic::helper::request_helper::{add_ip, get_real_ip_from_ctx}; use bios_basic::process::task_processor::TaskProcessor; use bios_basic::rbum::dto::rbum_rel_agg_dto::RbumRelAggAddReq; use bios_basic::rbum::serv::rbum_rel_serv::RbumRelServ; +use itertools::Itertools; use std::collections::{HashMap, HashSet}; use std::sync::Arc; use std::time::Duration; +use std::vec; use tardis::basic::dto::TardisContext; use tardis::basic::field::TrimString; use tardis::basic::result::TardisResult; @@ -35,7 +37,7 @@ use crate::basic::dto::iam_cert_conf_dto::{ }; use crate::basic::dto::iam_cert_dto::{ IamCertManageAddReq, IamCertManageModifyReq, IamCertModifyVisibilityRequest, IamThirdIntegrationConfigDto, IamThirdIntegrationSyncAddReq, IamThirdIntegrationSyncStatusDto, - IamThirdPartyCertExtAddReq, + IamThirdPartyCertExtAddReq, IamThirdPartyCertExtModifyReq, }; use crate::basic::dto::iam_filer_dto::{IamAccountFilterReq, IamResFilterReq, IamRoleFilterReq}; use crate::basic::serv::iam_account_serv::IamAccountServ; @@ -554,7 +556,7 @@ impl IamCertServ { Ok(()) } - pub async fn add_3th_kind_cert(add_req: &mut IamThirdPartyCertExtAddReq, account_id: &str, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { + pub async fn add_3th_kind_cert(add_req: &mut IamThirdPartyCertExtAddReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult { let id = RbumCertServ::add_rbum( &mut RbumCertAddReq { ak: TrimString(add_req.ak.trim().to_string()), @@ -570,7 +572,7 @@ impl IamCertServ { status: RbumCertStatusKind::Enabled, rel_rbum_cert_conf_id: None, rel_rbum_kind: RbumCertRelKind::Item, - rel_rbum_id: account_id.to_string(), + rel_rbum_id: add_req.rel_rbum_id.clone(), is_outside: true, ignore_check_sk: false, }, @@ -581,6 +583,27 @@ impl IamCertServ { Ok(id) } + pub async fn modify_3th_kind_cert(modify_req: &mut IamThirdPartyCertExtModifyReq, funs: &TardisFunsInst, ctx: &TardisContext) -> TardisResult<()> { + let cert_3th = Self::get_3th_kind_cert_by_rel_rbum_id(&modify_req.rel_rbum_id, vec![modify_req.supplier.clone()], false, funs, ctx).await?; + RbumCertServ::modify_rbum( + &cert_3th.id, + &mut RbumCertModifyReq { + ak: Some(TrimString(modify_req.ak.trim().to_string())), + sk: modify_req.sk.as_ref().map(|sk| TrimString(sk.trim().to_string())), + sk_invisible: None, + conn_uri: None, + ignore_check_sk: false, + ext: modify_req.ext.clone(), + start_time: None, + end_time: None, + status: None, + }, + funs, + ctx, + ) + .await + } + /// Get general cert method \ /// if cert_conf_id is Some then use cert_conf_id as query param \ /// otherwise use kind、cert_supplier as query param @@ -859,6 +882,66 @@ impl IamCertServ { } } + /// 通过关联id获取所有相关三方凭证 + pub async fn find_3th_kind_cert_by_rel_rbum_id( + rel_rbum_id: &str, + supplier: Option>, + show_sk: bool, + funs: &TardisFunsInst, + ctx: &TardisContext, + ) -> TardisResult> { + let mut find_cert = vec![]; + let query_cert = RbumCertServ::find_detail_rbums( + &RbumCertFilterReq { + basic: RbumBasicFilterReq { + own_paths: Some("".to_string()), + with_sub_own_paths: true, + ..Default::default() + }, + status: Some(RbumCertStatusKind::Enabled), + kind: Some(IamCertExtKind::ThirdParty.to_string()), + suppliers: supplier, + rel_rbum_id: Some(rel_rbum_id.to_string()), + ..Default::default() + }, + None, + None, + funs, + ctx, + ) + .await?; + for ext_cert in query_cert { + let encoded_sk = if show_sk { + let now_sk = RbumCertServ::show_sk(ext_cert.id.as_str(), &RbumCertFilterReq::default(), funs, ctx).await?; + encode_cert(&ext_cert.id, now_sk, ext_cert.sk_invisible)? + } else { + "".to_string() + }; + find_cert.push(RbumCertSummaryWithSkResp { + id: ext_cert.id, + ak: ext_cert.ak, + sk: encoded_sk, + sk_invisible: ext_cert.sk_invisible, + ext: ext_cert.ext, + conn_uri: ext_cert.conn_uri, + start_time: ext_cert.start_time, + end_time: ext_cert.end_time, + status: ext_cert.status, + kind: ext_cert.kind, + supplier: ext_cert.supplier, + rel_rbum_cert_conf_id: ext_cert.rel_rbum_cert_conf_id, + rel_rbum_cert_conf_name: ext_cert.rel_rbum_cert_conf_name, + rel_rbum_kind: ext_cert.rel_rbum_kind, + rel_rbum_id: ext_cert.rel_rbum_id, + own_paths: ext_cert.own_paths, + owner: ext_cert.owner, + create_time: ext_cert.create_time, + update_time: ext_cert.update_time, + }); + } + Ok(find_cert) + } + pub async fn paginate_certs( filter: &RbumCertFilterReq, page_number: u32, diff --git a/backend/supports/iam/src/console_interface/api/iam_ci_cert_api.rs b/backend/supports/iam/src/console_interface/api/iam_ci_cert_api.rs index 24ff7b77d..041903855 100644 --- a/backend/supports/iam/src/console_interface/api/iam_ci_cert_api.rs +++ b/backend/supports/iam/src/console_interface/api/iam_ci_cert_api.rs @@ -2,7 +2,7 @@ use std::collections::HashMap; use crate::basic::dto::iam_account_dto::IamAccountExtSysResp; use crate::basic::dto::iam_cert_conf_dto::IamCertConfLdapResp; -use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp, IamCertDecodeRequest, IamOauth2AkSkResp, IamThirdPartyCertExtAddReq}; +use crate::basic::dto::iam_cert_dto::{IamCertAkSkAddReq, IamCertAkSkResp, IamCertDecodeRequest, IamOauth2AkSkResp, IamThirdPartyCertExtAddReq, IamThirdPartyCertExtModifyReq}; use crate::basic::serv::iam_account_serv::IamAccountServ; use crate::basic::serv::iam_cert_ldap_serv::IamCertLdapServ; use crate::basic::serv::iam_cert_serv::IamCertServ; @@ -164,24 +164,52 @@ impl IamCiCertApi { /// Add Third-kind Cert /// /// 添加第三方证书 + #[oai(path = "/third-kind", method = "post")] + async fn add_third_cert(&self, mut add_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { + let mut funs = iam_constants::get_tardis_inst(); + check_without_owner_and_unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + try_set_real_ip_from_req_to_ctx(request, &ctx.0).await?; + funs.begin().await?; + IamCertServ::add_3th_kind_cert(&mut add_req.0, &funs, &ctx.0).await?; + funs.commit().await?; + ctx.0.execute_task().await?; + TardisResp::ok(Void {}) + } + + /// modify Third-kind Cert + /// + /// 修改第三方证书 #[oai(path = "/third-kind", method = "put")] - async fn add_third_cert( - &self, - account_id: Query, - mut add_req: Json, - mut ctx: TardisContextExtractor, - request: &Request, - ) -> TardisApiResult { + async fn modify_third_cert(&self, mut modify_req: Json, mut ctx: TardisContextExtractor, request: &Request) -> TardisApiResult { let mut funs = iam_constants::get_tardis_inst(); check_without_owner_and_unsafe_fill_ctx(request, &funs, &mut ctx.0)?; try_set_real_ip_from_req_to_ctx(request, &ctx.0).await?; funs.begin().await?; - IamCertServ::add_3th_kind_cert(&mut add_req.0, &account_id.0, &funs, &ctx.0).await?; + IamCertServ::modify_3th_kind_cert(&mut modify_req.0, &funs, &ctx.0).await?; funs.commit().await?; ctx.0.execute_task().await?; TardisResp::ok(Void {}) } + /// find Third-kind Certs By Account Id + /// + /// 根据账号id获取第三方证书 + #[oai(path = "/find/third-kind", method = "get")] + async fn find_third_cert( + &self, + account_id: Query, + supplier: Query, + mut ctx: TardisContextExtractor, + request: &Request, + ) -> TardisApiResult> { + let funs = iam_constants::get_tardis_inst(); + check_without_owner_and_unsafe_fill_ctx(request, &funs, &mut ctx.0)?; + try_set_real_ip_from_req_to_ctx(request, &ctx.0).await?; + let rbum_cert = IamCertServ::find_3th_kind_cert_by_rel_rbum_id(&account_id.0, Some(vec![supplier.0]), true, &funs, &ctx.0).await?; + ctx.0.execute_task().await?; + TardisResp::ok(rbum_cert) + } + /// Get Third-kind Certs By Account Id /// /// 根据账号id获取第三方证书 diff --git a/backend/supports/iam/tests/test_cc_cert.rs b/backend/supports/iam/tests/test_cc_cert.rs index 07ca81ca2..bee918b3a 100644 --- a/backend/supports/iam/tests/test_cc_cert.rs +++ b/backend/supports/iam/tests/test_cc_cert.rs @@ -174,8 +174,8 @@ async fn test_single_level(context: &TardisContext, ak: &str, another_context: & supplier: Some("gitlab".to_string()), sk: Some("ssssssssss".to_string()), ext: None, + rel_rbum_id: account_info.account_id.clone(), }, - &account_info.account_id, &funs, context, )