fix: kubernetes部署configmap调整 & 修复 boltdb 存储在的 clients 查询问题 (#368)

* fix: kubernetes部署configmap调整

* fix: 修复api_mock编辑脚本

* refactor: 修复store中的api_mock问题

* fix: 修复boltdb存储clients无法查询问题

* fix: 修复github-action

* fix: 修复鉴权问题

* fix: 移除错误的权限判断逻辑

* refactor: 调整方法名称

* refactor: 调整prometheus的默认端口

* fix: 修复cache中遗漏client配置

* fix: 单机版本client查询修复

.github/workflows/release.yml

@@ -27,13 +27,18 @@ jobs:
         with:
           go-version: 1.16.5
 
+      - name: Get version
+        id: get_version
+        run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
+
       - name: Build
         id: build
         env:
           GOOS: ${{ matrix.goos }}
           GOARCH: ${{ matrix.goarch }}
+          VERSION: ${{ steps.get_version.outputs.VERSION }}
         run: |
-          bash build.sh
+          bash build.sh ${VERSION}
           PACKAGE_NAME=$(ls | grep polaris-server-release*.zip | sed -n '1p')
           echo ::set-output name=name::${PACKAGE_NAME}
 

build.sh

@@ -16,6 +16,10 @@ workdir=$(dirname $(realpath $0))
 version=$(cat version 2>/dev/null)
 bin_name="polaris-server"
 
+if [ $# == 1 ]; then
+  version=$1
+fi
+
 if [ "${GOOS}" == "windows" ]; then
   bin_name="polaris-server.exe"
 fi

cache/strategy.go

@@ -487,15 +487,26 @@ func (sc *strategyCache) getStrategyDetails(uid string, gid string) []*model.Str
 func (sc *strategyCache) IsResourceLinkStrategy(resType api.ResourceType, resId string) bool {
 	switch resType {
 	case api.ResourceType_Namespaces:
-		_, ok := sc.namespace2Strategy.Load(resId)
-		return ok
+		val, ok := sc.namespace2Strategy.Load(resId)
+		return ok && hasLinkRule(val.(*sync.Map))
 	case api.ResourceType_Services:
-		_, ok := sc.service2Strategy.Load(resId)
-		return ok
+		val, ok := sc.service2Strategy.Load(resId)
+		return ok && hasLinkRule(val.(*sync.Map))
 	case api.ResourceType_ConfigGroups:
-		_, ok := sc.configGroup2Strategy.Load(resId)
-		return ok
+		val, ok := sc.configGroup2Strategy.Load(resId)
+		return ok && hasLinkRule(val.(*sync.Map))
 	default:
 		return true
 	}
 }
+
+func hasLinkRule(val *sync.Map) bool {
+	count := 0
+
+	val.Range(func(key, value interface{}) bool {
+		count++
+		return true
+	})
+
+	return count != 0
+}

common/model/client.go

@@ -45,6 +45,10 @@ func (c *Client) Proto() *api.Client {
 	return c.proto
 }
 
+func (c *Client) SetValid(v bool) {
+	c.valid = v
+}
+
 func (c *Client) Valid() bool {
 	return c.valid
 }

deploy/helm/README-zh.md

@@ -94,6 +94,8 @@ $ helm uninstall `${release_name}`
 |polaris.storage.service.httpPort      | polaris service 暴露，polaris-server 监听的 http 端口|
 |polaris.storage.service.grpcPort      | polaris service 暴露，polaris-server 监听的 grpc 端口|
 |polaris.storage.service.webPort       | polaris service 暴露，polaris-server 监听的 web 端口|
+|polaris.auth.consoleOpen              | polaris 打开控制台接口鉴权，默认开启|
+|polaris.auth.clientOpen               | polaris 打开客户端接口鉴权，默认关闭|
 |monitor.port                          | 客户端上报监控信息的端口|
 |installation.namespace                | 部署polaris组件所在的namespace|
 

deploy/helm/README.md

@@ -95,5 +95,7 @@ The currently supported configurations are as follows:
 |polaris.storage.service.httpPort      | polaris service expose, polaris-server listening http port number|
 |polaris.storage.service.grpcPort      | polaris service expose, polaris-server listening grpc port number|
 |polaris.storage.service.webPort       | polaris service expose, polaris-server listening web  port number|
+|polaris.auth.consoleOpen              | polaris open the console interface auth, open the default|
+|polaris.auth.clientOpen               | polaris open the client interface auth, close the default|
 |monitor.port                          | The port through which the client reports monitoring information|
 |installation.namespace                | namespace for polaris installation|

deploy/helm/templates/polaris-server-config.yaml

@@ -152,6 +152,14 @@ data:
             openConnLimit: false
             maxConnPerHost: 128
             maxConnLimit: 10240
+      - name: prometheusserver
+        option:
+          listenIP: "0.0.0.0"
+          listenPort: {{ .Values.service.prometheusPort }}
+          connLimit:
+            openConnLimit: false
+            maxConnPerHost: 128
+            maxConnLimit: 10240
     #  - name: l5pbserver
     #    option:
     #      listenIP: 0.0.0.0
@@ -162,8 +170,10 @@ data:
       name: defaultAuth
       option:
         salt: polarismesh@2021
-        consoleOpen: true
-        clientOpen: false
+        consoleOpen: {{ .Values.polaris.auth.consoleOpen }}
+        clientOpen: {{ .Values.polaris.auth.clientOpen }}
+    namespace:
+      autoCreate: true
     naming:
       auth:
         open: false
@@ -234,6 +244,7 @@ data:
         - name: users
         - name: strategyRule
         - name: namespace
+        - name: client
     #    - name: l5 # 加载l5数据
     # 存储配置
     store:

deploy/helm/values.yaml

@@ -23,6 +23,9 @@ polaris:
       cpu: "500m"
       memory: "1000Mi"
   replicaCount: 1
+  auth:
+    consoleOpen: true
+    clientOpen: false
   storage:
     db:
       address: localhost:3306
@@ -41,6 +44,7 @@ service:
   webPort: 8080
   xdsv3Port: 15010
   configGrpcPort: 8093
+  prometheusPort: 9000
 
 monitor:
   port: 9091

deploy/standalone/k8s/01-polaris-server-config.yaml

@@ -157,6 +157,14 @@ data:
             openConnLimit: false
             maxConnPerHost: 128
             maxConnLimit: 10240
+      - name: prometheusserver
+        option:
+          listenIP: "0.0.0.0"
+          listenPort: 9000
+          connLimit:
+            openConnLimit: false
+            maxConnPerHost: 128
+            maxConnLimit: 10240
     #  - name: l5pbserver
     #    option:
     #      listenIP: 0.0.0.0
@@ -169,6 +177,8 @@ data:
         salt: polarismesh@2021
         consoleOpen: true
         clientOpen: false
+    namespace:
+      autoCreate: true
     naming:
       auth:
         open: false
@@ -236,6 +246,7 @@ data:
         - name: users
         - name: strategyRule
         - name: namespace
+        - name: client
     #    - name: l5 # 加载l5数据
     # 存储配置
     store:

namespace/namespace_authability.go

@@ -164,10 +164,6 @@ func (svr *serverAuthAbility) GetNamespaces(ctx context.Context, query map[strin
 					api.ResourceType_Namespaces, ns.Id.GetValue())
 			}
 			ns.Editable = utils.NewBoolValue(editable)
-			// 如果当前登录账户为该资源的主账户，则允许直接进行操作
-			if ns.Owners.GetValue() == utils.ParseUserID(ctx) {
-				ns.Editable = utils.NewBoolValue(true)
-			}
 		}
 	}
 

polaris-server.yaml

@@ -160,7 +160,7 @@ apiservers:
   - name: prometheusserver
     option:
       listenIP: "0.0.0.0"
-      listenPort: 19090
+      listenPort: 9000
       connLimit:
         openConnLimit: false
         maxConnPerHost: 128

service/service.go

@@ -129,7 +129,9 @@ func (s *Server) CreateService(ctx context.Context, req *api.Service) *api.Respo
 		Token:     utils.NewStringValue(data.Token),
 	}
 
-	s.afterServiceResource(ctx, req, data, false)
+	if err := s.afterServiceResource(ctx, req, data, false); err != nil {
+		return api.NewResponseWithMsg(api.ExecuteException, err.Error())
+	}
 
 	return api.NewServiceResponse(api.ExecuteSuccess, out)
 }

service/service_alias_authability.go

@@ -105,10 +105,6 @@ func (svr *serverAuthAbility) GetServiceAliases(ctx context.Context,
 					api.ResourceType_Services, svc.ID)
 			}
 			alias.Editable = utils.NewBoolValue(editable)
-			// 如果当前登录账户为该资源的主账户，则允许直接进行操作
-			if alias.Owners.GetValue() == utils.ParseUserID(ctx) {
-				alias.Editable = utils.NewBoolValue(true)
-			}
 		}
 	}
 	return resp

service/service_authability.go

@@ -135,10 +135,6 @@ func (svr *serverAuthAbility) GetServices(ctx context.Context, query map[string]
 					api.ResourceType_Services, svc.Id.GetValue())
 			}
 			svc.Editable = utils.NewBoolValue(editable)
-			// 如果当前登录账户为该资源的主账户，则允许直接进行操作
-			if svc.Owners.GetValue() == utils.ParseUserID(ctx) {
-				svc.Editable = utils.NewBoolValue(true)
-			}
 		}
 	}
 	return resp

store/boltdb/client.go

@@ -24,20 +24,23 @@ import (
 	"github.com/boltdb/bolt"
 	api "github.com/polarismesh/polaris-server/common/api/v1"
 	"github.com/polarismesh/polaris-server/common/model"
+	commontime "github.com/polarismesh/polaris-server/common/time"
 	"github.com/polarismesh/polaris-server/common/utils"
+	"go.uber.org/zap"
 )
 
 const (
 	tblClient string = "client"
 
-	ClientFieldHost     string = "Host"
-	ClientFieldType     string = "Type"
-	ClientFieldVersion  string = "Version"
-	ClientFieldLocation string = "Location"
-	ClientFieldId       string = "Id"
-	ClientFieldStat     string = "Stat"
-	ClientFieldCtime    string = "Ctime"
-	ClientFieldMtime    string = "Mtime"
+	ClientFieldHost       string = "Host"
+	ClientFieldType       string = "Type"
+	ClientFieldVersion    string = "Version"
+	ClientFieldLocation   string = "Location"
+	ClientFieldId         string = "Id"
+	ClientFieldStatArrStr string = "StatArrStr"
+	ClientFieldCtime      string = "Ctime"
+	ClientFieldMtime      string = "Mtime"
+	ClientFieldValid      string = "Valid"
 )
 
 type clientObject struct {
@@ -58,7 +61,7 @@ type clientStore struct {
 
 // BatchAddClients insert the client info
 func (cs *clientStore) BatchAddClients(clients []*model.Client) error {
-	err := cs.handler.Execute(true, func(tx *bolt.Tx) error {
+	if err := cs.handler.Execute(true, func(tx *bolt.Tx) error {
 		for i := range clients {
 			client := clients[i]
 			saveVal, err := convertToClientObject(client)
@@ -71,9 +74,8 @@ func (cs *clientStore) BatchAddClients(clients []*model.Client) error {
 			}
 		}
 		return nil
-	})
-
-	if err != nil {
+	}); err != nil {
+		log.Error("[Client] batch add clients", zap.Error(err))
 		return err
 	}
 
@@ -82,7 +84,12 @@ func (cs *clientStore) BatchAddClients(clients []*model.Client) error {
 
 // BatchDeleteClients delete the client info
 func (cs *clientStore) BatchDeleteClients(ids []string) error {
-	return cs.handler.DeleteValues(tblClient, ids, true)
+	if err := cs.handler.DeleteValues(tblClient, ids, true); err != nil {
+		log.Error("[Client] batch delete clients", zap.Error(err))
+		return err
+	}
+
+	return nil
 }
 
 // GetMoreClients 根据mtime获取增量clients，返回所有store的变更信息
@@ -99,22 +106,23 @@ func (cs *clientStore) GetMoreClients(mtime time.Time, firstUpdate bool) (map[st
 	})
 
 	if err != nil {
+		log.Error("[Client] get more clients for cache", zap.Error(err))
 		return nil, err
 	}
 
-	clients := make([]*model.Client, 0, len(ret))
+	clients := make(map[string]*model.Client, len(ret))
 
-	for _, v := range ret {
+	for k, v := range ret {
 		client, err := convertToModelClient(v.(*clientObject))
-
 		if err != nil {
+			log.Error("[Client] convert clientObject to model.Client", zap.Error(err))
 			return nil, err
 		}
 
-		clients = append(clients, client)
+		clients[k] = client
 	}
 
-	return nil, nil
+	return clients, nil
 }
 
 func convertToClientObject(client *model.Client) (*clientObject, error) {
@@ -155,8 +163,8 @@ func convertToModelClient(client *clientObject) (*model.Client, error) {
 		Host:    utils.NewStringValue(client.Host),
 		Type:    api.Client_ClientType(api.Client_ClientType_value[client.Type]),
 		Version: utils.NewStringValue(client.Version),
-		Ctime:   utils.NewStringValue(client.Ctime.Format("2006-01-02 15:04:05")),
-		Mtime:   utils.NewStringValue(client.Mtime.Format("2006-01-02 15:04:05")),
+		Ctime:   utils.NewStringValue(commontime.Time2String(client.Ctime)),
+		Mtime:   utils.NewStringValue(commontime.Time2String(client.Mtime)),
 		Location: &api.Location{
 			Region: utils.NewStringValue(client.Location["region"]),
 			Zone:   utils.NewStringValue(client.Location["zone"]),
@@ -165,5 +173,7 @@ func convertToModelClient(client *clientObject) (*model.Client, error) {
 		Stat: stat,
 	}
 
-	return model.NewClient(c), nil
+	mc := model.NewClient(c)
+	mc.SetValid(client.Valid)
+	return mc, nil
 }