diff --git a/src/backend/build.gradle b/src/backend/build.gradle index fdde5944d2..fbf6b70cab 100644 --- a/src/backend/build.gradle +++ b/src/backend/build.gradle @@ -130,7 +130,7 @@ ext { set('jcommanderVersion', "1.71") set('kubernetesJavaClientVersion', "11.0.4") set('springCloudKubernetesVersion', "2.0.6") - set('cryptoJavaSDKVersion', "0.0.7-SNAPSHOT") + set('cryptoJavaSDKVersion', "1.0.0") if (System.getProperty("bkjobVersion")) { set('bkjobVersion', System.getProperty("bkjobVersion")) println "bkjobVersion:" + bkjobVersion diff --git a/src/backend/commons/common-utils/src/main/java/com/tencent/bk/job/common/util/crypto/AESUtils.java b/src/backend/commons/common-utils/src/main/java/com/tencent/bk/job/common/util/crypto/AESUtils.java index d8ec577ccc..f9f6e13b9d 100644 --- a/src/backend/commons/common-utils/src/main/java/com/tencent/bk/job/common/util/crypto/AESUtils.java +++ b/src/backend/commons/common-utils/src/main/java/com/tencent/bk/job/common/util/crypto/AESUtils.java @@ -25,6 +25,7 @@ package com.tencent.bk.job.common.util.crypto; import com.tencent.bk.job.common.util.Base64Util; +import lombok.extern.slf4j.Slf4j; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; @@ -33,11 +34,15 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStream; import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SecureRandom; +import java.util.Arrays; +@Slf4j public class AESUtils { /** * 加密/解密算法/工作模式/填充方式 @@ -187,33 +192,43 @@ private static SecretKeySpec getKeySpec(Cipher cipher, byte[] key) } public static void encrypt(File inFile, File outFile, String password) throws Exception { + try (FileInputStream in = new FileInputStream(inFile); FileOutputStream out = new FileOutputStream(outFile)) { + encrypt(in, out, password); + } + } + + public static void encrypt(InputStream in, OutputStream out, String password) throws Exception { byte[] key = password.getBytes(StandardCharsets.UTF_8); Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, getKeySpec(cipher, key)); - try (FileInputStream in = new FileInputStream(inFile); FileOutputStream out = new FileOutputStream(outFile)) { - byte[] arr = cipher.getIV(); - if (arr == null) { - throw new RuntimeException(String.format("CIPHER_ALGORITHM %s is invalid", CIPHER_ALGORITHM)); - } - out.write(arr); - write(in, out, cipher); + byte[] arr = cipher.getIV(); + if (arr == null) { + throw new RuntimeException(String.format("CIPHER_ALGORITHM %s is invalid", CIPHER_ALGORITHM)); } + out.write(arr); + write(in, out, cipher); } public static void decrypt(File inFile, File outFile, String password) throws Exception { + try (FileInputStream in = new FileInputStream(inFile); FileOutputStream out = new FileOutputStream(outFile)) { + decrypt(in, out, password); + } + } + + public static void decrypt(InputStream in, OutputStream out, String password) throws Exception { + log.debug("decrypt: in.available={}", in.available()); byte[] key = password.getBytes(StandardCharsets.UTF_8); Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); - try (FileInputStream in = new FileInputStream(inFile); FileOutputStream out = new FileOutputStream(outFile)) { - byte[] iv = new byte[cipher.getBlockSize()]; - if (in.read(iv) < iv.length) { - throw new RuntimeException(); - } - cipher.init(Cipher.DECRYPT_MODE, getKeySpec(cipher, key), new IvParameterSpec(iv)); - write(in, out, cipher); + byte[] iv = new byte[cipher.getBlockSize()]; + if (in.read(iv) < iv.length) { + throw new RuntimeException(); } + log.debug("decrypt: iv={}", Arrays.toString(iv)); + cipher.init(Cipher.DECRYPT_MODE, getKeySpec(cipher, key), new IvParameterSpec(iv)); + write(in, out, cipher); } - private static void write(FileInputStream in, FileOutputStream out, Cipher cipher) throws Exception { + private static void write(InputStream in, OutputStream out, Cipher cipher) throws Exception { byte[] iBuffer = new byte[1024]; int len; while ((len = in.read(iBuffer)) != -1) { diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/AESCryptor.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/AESCryptor.java index 8eecc109ee..e97956453f 100644 --- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/AESCryptor.java +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/AESCryptor.java @@ -32,6 +32,9 @@ import org.slf4j.helpers.FormattingTuple; import org.slf4j.helpers.MessageFormatter; +import java.io.InputStream; +import java.io.OutputStream; + /** * 使用AES/CBC/PKCS5Padding的加密实现 */ @@ -48,10 +51,13 @@ public byte[] encryptIndeed(byte[] key, byte[] message) { try { return AESUtils.encrypt(message, key); } catch (Exception e) { - FormattingTuple msg = MessageFormatter.format( - "Fail to encrypt using AES_CBC, key.len={}, message.len={}", - key.length, - message.length + FormattingTuple msg = MessageFormatter.arrayFormat( + "Fail to encrypt using {}, key.len={}, message.len={}", + new Object[]{ + getName(), + key.length, + message.length + } ); throw new CryptoException(msg.getMessage(), e); } @@ -62,12 +68,47 @@ public byte[] decryptIndeed(byte[] key, byte[] encryptedMessage) { try { return AESUtils.decrypt(encryptedMessage, key); } catch (Exception e) { - FormattingTuple msg = MessageFormatter.format( - "Fail to decrypt using AES_CBC, key.len={}, encryptedMessage.len={}", - key.length, - encryptedMessage.length + FormattingTuple msg = MessageFormatter.arrayFormat( + "Fail to decrypt using {}, key.len={}, encryptedMessage.len={}", + new Object[]{ + getName(), + key.length, + encryptedMessage.length + } ); throw new CryptoException(msg.getMessage(), e); } } + + @Override + public void encryptIndeed(String key, InputStream in, OutputStream out) { + try { + AESUtils.encrypt(in, out, key); + } catch (Exception e) { + FormattingTuple msg = MessageFormatter.arrayFormat( + "Fail to encrypt using {}, key.len={}", + new Object[]{ + getName(), + key.length() + } + ); + throw new com.tencent.bk.sdk.crypto.exception.CryptoException(msg.getMessage(), e); + } + } + + @Override + public void decryptIndeed(String key, InputStream in, OutputStream out) { + try { + AESUtils.decrypt(in, out, key); + } catch (Exception e) { + FormattingTuple msg = MessageFormatter.arrayFormat( + "Fail to decrypt using {}, key.len={}", + new Object[]{ + getName(), + key.length() + } + ); + throw new com.tencent.bk.sdk.crypto.exception.CryptoException(msg.getMessage(), e); + } + } } diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/CryptoScenarioEnum.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/CryptoScenarioEnum.java index 91e468a227..9494f18acc 100644 --- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/CryptoScenarioEnum.java +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/CryptoScenarioEnum.java @@ -35,7 +35,11 @@ public enum CryptoScenarioEnum { // DB账号的密码 DATABASE_PASSWORD((byte) 0, "databasePassword"), // 凭证信息 - CREDENTIAL((byte) 0, "credential"); + CREDENTIAL((byte) 0, "credential"), + // 导出作业的密码 + EXPORT_JOB_PASSWORD((byte) 0, "exportJobPassword"), + // 导出作业的备份文件 + BACKUP_FILE((byte) 0, "backupFile"); // 加密类型:0为对称加密,1为非对称加密 private final byte type; diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/SymmetricCryptoService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/SymmetricCryptoService.java index 68590198fb..1138804a46 100644 --- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/SymmetricCryptoService.java +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/SymmetricCryptoService.java @@ -24,6 +24,7 @@ package com.tencent.bk.job.common.encrypt; +import com.tencent.bk.sdk.crypto.cryptor.CryptorMetaDefinition; import com.tencent.bk.sdk.crypto.cryptor.SymmetricCryptor; import com.tencent.bk.sdk.crypto.cryptor.SymmetricCryptorFactory; import lombok.extern.slf4j.Slf4j; @@ -31,6 +32,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import java.io.BufferedInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -51,13 +57,90 @@ public SymmetricCryptoService(CryptoConfigService cryptoConfigService) { } /** - * 根据场景获取加密算法 + * 从密文的前缀元数据中解析出使用的加密算法名称 * + * @param cipher 密文 + * @return 加密算法名称,如果密文不包含指定前缀的元数据则返回null + */ + public String getAlgorithmFromCipher(String cipher) { + String prefix = CryptorMetaDefinition.getCipherMetaPrefix(); + if (cipher.startsWith(prefix)) { + int indexOfPrefixLastChar = cipher.indexOf(CryptorMetaDefinition.getCipherMetaSuffix()); + if (indexOfPrefixLastChar < 0) { + return null; + } + return cipher.substring(prefix.length(), indexOfPrefixLastChar); + } + return null; + } + + /** + * 从密文的前缀元数据中解析出使用的加密算法名称 + * + * @param cipherIns 密文输入流 + * @return 加密算法名称,如果密文不包含指定前缀的元数据则返回null + */ + public String getAlgorithmFromCipherStream(BufferedInputStream cipherIns) { + String prefix = CryptorMetaDefinition.getCipherMetaPrefix(); + String suffix = CryptorMetaDefinition.getCipherMetaSuffix(); + int algorithmMaxLength = 100; + int cipherMetaMaxLength = prefix.length() + suffix.length() + algorithmMaxLength; + cipherIns.mark(cipherMetaMaxLength); + byte[] realPrefixBytes = new byte[prefix.length()]; + try { + int n = cipherIns.read(realPrefixBytes); + if (n < prefix.length()) { + log.info("Cannot find enough cipherMetaPrefix bytes: expected={}, actually={}", prefix.length(), n); + return null; + } + if (!Arrays.equals(realPrefixBytes, prefix.getBytes())) { + log.info( + "Cannot find cipherMetaPrefix: expected={}, actually={}", + Arrays.toString(prefix.getBytes()), + Arrays.toString(realPrefixBytes) + ); + return null; + } + byte[] algorithmWithSuffixBytes = new byte[algorithmMaxLength + suffix.length()]; + n = cipherIns.read(algorithmWithSuffixBytes); + String algorithmWithSuffix = new String(algorithmWithSuffixBytes); + int indexOfSuffix = algorithmWithSuffix.indexOf(suffix); + if (indexOfSuffix == -1) { + log.info( + "Cannot find cipherMetaSuffix: algorithmWithSuffixBytes={}, suffixBytes={}", + Arrays.toString(algorithmWithSuffixBytes), + suffix.getBytes() + ); + return null; + } + return algorithmWithSuffix.substring(0, indexOfSuffix); + } catch (Exception e) { + log.warn("Fail to read cipherMetaPrefix from cipherIns", e); + return null; + } finally { + try { + cipherIns.reset(); + } catch (IOException e) { + log.error("Fail to reset cipherIns", e); + } + } + } + + /** + * 对流数据加密,加密后的数据写入输出流中 + * + * @param key 密钥 + * @param in 输入流 + * @param out 输出流 * @param cryptoScenarioEnum 加密场景 - * @return 使用的加密算法标识 */ - public String getAlgorithmByScenario(CryptoScenarioEnum cryptoScenarioEnum) { - return cryptoConfigService.getSymmetricAlgorithmByScenario(cryptoScenarioEnum); + public void encrypt(String key, + InputStream in, + OutputStream out, + CryptoScenarioEnum cryptoScenarioEnum) { + String algorithm = cryptoConfigService.getSymmetricAlgorithmByScenario(cryptoScenarioEnum); + SymmetricCryptor cryptor = cryptorMap.computeIfAbsent(algorithm, SymmetricCryptorFactory::getCryptor); + cryptor.encrypt(key, in, out); } /** @@ -88,14 +171,19 @@ public String encryptToBase64Str(String message, String algorithm) { } /** - * 对Base64编码的加密后的密文信息解密,返回解密后的明文 + * 对流数据解密,解密后的数据写入输出流中 * - * @param base64EncryptedMessage Base64编码的加密后的密文信息,不可为空 - * @param cryptoScenarioEnum 加密场景 - * @return 解密后的明文信息 + * @param key 密钥 + * @param in 输入流 + * @param out 输出流 + * @param algorithm 解密算法 */ - public String decrypt(String base64EncryptedMessage, CryptoScenarioEnum cryptoScenarioEnum) { - return decrypt(base64EncryptedMessage, cryptoConfigService.getSymmetricAlgorithmByScenario(cryptoScenarioEnum)); + public void decrypt(String key, + BufferedInputStream in, + OutputStream out, + String algorithm) { + SymmetricCryptor cryptor = cryptorMap.computeIfAbsent(algorithm, SymmetricCryptorFactory::getCryptor); + cryptor.decrypt(key, in, out); } /** diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/BackupFileCryptoService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/BackupFileCryptoService.java new file mode 100644 index 0000000000..f5e39e0f4c --- /dev/null +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/BackupFileCryptoService.java @@ -0,0 +1,80 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.common.encrypt.scenario; + +import com.tencent.bk.job.common.encrypt.CryptoScenarioEnum; +import com.tencent.bk.job.common.encrypt.JobCryptorNames; +import com.tencent.bk.job.common.encrypt.SymmetricCryptoService; +import com.tencent.bk.job.common.exception.CryptoException; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; + +/** + * 导入导出文件相关加解密服务 + */ +@Slf4j +@Service +public class BackupFileCryptoService { + + private final SymmetricCryptoService symmetricCryptoService; + + @Autowired + public BackupFileCryptoService(SymmetricCryptoService symmetricCryptoService) { + this.symmetricCryptoService = symmetricCryptoService; + } + + public void encryptBackupFile(String password, File inFile, File outFile) { + try (FileInputStream in = new FileInputStream(inFile); FileOutputStream out = new FileOutputStream(outFile)) { + symmetricCryptoService.encrypt(password, in, out, CryptoScenarioEnum.BACKUP_FILE); + } catch (Exception e) { + throw new CryptoException("Fail to encrypt backupFile", e); + } + } + + public void decryptBackupFile(String password, File inFile, File outFile) { + try { + FileInputStream in = new FileInputStream(inFile); + BufferedInputStream bis = new BufferedInputStream(in); + String algorithm = symmetricCryptoService.getAlgorithmFromCipherStream(bis); + if (StringUtils.isBlank(algorithm)) { + algorithm = JobCryptorNames.AES_CBC; + } + try (FileOutputStream out = new FileOutputStream(outFile)) { + log.debug("Use {} to decryptBackupFile", algorithm); + symmetricCryptoService.decrypt(password, bis, out, algorithm); + } + } catch (Exception e) { + throw new CryptoException("Fail to decrypt backupFile", e); + } + } + +} diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CipherVariableService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CipherVariableCryptoService.java similarity index 80% rename from src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CipherVariableService.java rename to src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CipherVariableCryptoService.java index d9afb94164..e7d3c8c6ab 100644 --- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CipherVariableService.java +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CipherVariableCryptoService.java @@ -38,22 +38,27 @@ */ @Slf4j @Service -public class CipherVariableService { +public class CipherVariableCryptoService { private final SymmetricCryptoService symmetricCryptoService; @Autowired - public CipherVariableService(SymmetricCryptoService symmetricCryptoService) { + public CipherVariableCryptoService(SymmetricCryptoService symmetricCryptoService) { this.symmetricCryptoService = symmetricCryptoService; } - public String getCipherVariableEncryptAlgorithm(TaskVariableTypeEnum taskVariableTypeEnum) { - if (!isCipherVariable(taskVariableTypeEnum)) { + public String getCipherVariableEncryptAlgorithmByCipher(TaskVariableTypeEnum taskVariableTypeEnum, String cipher) { + if (!isCipherVariable(taskVariableTypeEnum) || StringUtils.isEmpty(cipher)) { return CryptorNames.NONE; } - return symmetricCryptoService.getAlgorithmByScenario(CryptoScenarioEnum.CIPHER_VARIABLE); + String algorithm = symmetricCryptoService.getAlgorithmFromCipher(cipher); + if (algorithm != null) { + return algorithm; + } + return CryptorNames.NONE; } + @SuppressWarnings("BooleanMethodIsAlwaysInverted") private boolean isCipherVariable(TaskVariableTypeEnum taskVariableTypeEnum) { return TaskVariableTypeEnum.CIPHER == taskVariableTypeEnum; } @@ -66,9 +71,12 @@ public String encryptTaskVariableIfNeeded(TaskVariableTypeEnum taskVariableTypeE } public String decryptTaskVariableIfNeeded(TaskVariableTypeEnum taskVariableTypeEnum, - String encryptedTaskVariable, - String algorithm) { - if (!isCipherVariable(taskVariableTypeEnum) || StringUtils.isBlank(algorithm)) { + String encryptedTaskVariable) { + if (!isCipherVariable(taskVariableTypeEnum)) { + return encryptedTaskVariable; + } + String algorithm = getCipherVariableEncryptAlgorithmByCipher(taskVariableTypeEnum, encryptedTaskVariable); + if (StringUtils.isBlank(algorithm)) { return encryptedTaskVariable; } return symmetricCryptoService.decrypt(encryptedTaskVariable, algorithm); diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CredentialCryptoService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CredentialCryptoService.java new file mode 100644 index 0000000000..1e7c473d23 --- /dev/null +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/CredentialCryptoService.java @@ -0,0 +1,73 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.common.encrypt.scenario; + +import com.tencent.bk.job.common.encrypt.CryptoScenarioEnum; +import com.tencent.bk.job.common.encrypt.JobCryptorNames; +import com.tencent.bk.job.common.encrypt.SymmetricCryptoService; +import com.tencent.bk.sdk.crypto.cryptor.consts.CryptorNames; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +/** + * DB账号密码相关加解密服务 + */ +@Slf4j +@Service +public class CredentialCryptoService { + + private final SymmetricCryptoService symmetricCryptoService; + + @Autowired + public CredentialCryptoService(SymmetricCryptoService symmetricCryptoService) { + this.symmetricCryptoService = symmetricCryptoService; + } + + public String getCredentialEncryptAlgorithmByCipher(String cipher) { + if (StringUtils.isEmpty(cipher)) { + return CryptorNames.NONE; + } + String algorithm = symmetricCryptoService.getAlgorithmFromCipher(cipher); + if (algorithm != null) { + return algorithm; + } + return JobCryptorNames.AES_CBC; + } + + public String encryptCredential(String credentialValue) { + return symmetricCryptoService.encryptToBase64Str(credentialValue, CryptoScenarioEnum.CREDENTIAL); + } + + public String decryptCredential(String encryptedCredential) { + String algorithm = getCredentialEncryptAlgorithmByCipher(encryptedCredential); + if (StringUtils.isBlank(algorithm)) { + return encryptedCredential; + } + return symmetricCryptoService.decrypt(encryptedCredential, algorithm); + } + +} diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/DbPasswordService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/DbPasswordCryptoService.java similarity index 78% rename from src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/DbPasswordService.java rename to src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/DbPasswordCryptoService.java index ffdc4ccedb..f7d1e05ced 100644 --- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/DbPasswordService.java +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/DbPasswordCryptoService.java @@ -26,6 +26,7 @@ import com.tencent.bk.job.common.constant.AccountCategoryEnum; import com.tencent.bk.job.common.encrypt.CryptoScenarioEnum; +import com.tencent.bk.job.common.encrypt.JobCryptorNames; import com.tencent.bk.job.common.encrypt.SymmetricCryptoService; import com.tencent.bk.sdk.crypto.cryptor.consts.CryptorNames; import lombok.extern.slf4j.Slf4j; @@ -38,22 +39,27 @@ */ @Slf4j @Service -public class DbPasswordService { +public class DbPasswordCryptoService { private final SymmetricCryptoService symmetricCryptoService; @Autowired - public DbPasswordService(SymmetricCryptoService symmetricCryptoService) { + public DbPasswordCryptoService(SymmetricCryptoService symmetricCryptoService) { this.symmetricCryptoService = symmetricCryptoService; } - public String getDbPasswordEncryptAlgorithm(AccountCategoryEnum accountCategoryEnum) { - if (!isDbAccount(accountCategoryEnum)) { + public String getDbPasswordEncryptAlgorithmByCipher(AccountCategoryEnum accountCategoryEnum, String cipher) { + if (!isDbAccount(accountCategoryEnum) || StringUtils.isEmpty(cipher)) { return CryptorNames.NONE; } - return symmetricCryptoService.getAlgorithmByScenario(CryptoScenarioEnum.DATABASE_PASSWORD); + String algorithm = symmetricCryptoService.getAlgorithmFromCipher(cipher); + if (algorithm != null) { + return algorithm; + } + return JobCryptorNames.AES_CBC; } + @SuppressWarnings("BooleanMethodIsAlwaysInverted") private boolean isDbAccount(AccountCategoryEnum accountCategoryEnum) { return AccountCategoryEnum.DB == accountCategoryEnum; } @@ -66,9 +72,12 @@ public String encryptDbPasswordIfNeeded(AccountCategoryEnum accountCategoryEnum, } public String decryptDbPasswordIfNeeded(AccountCategoryEnum accountCategoryEnum, - String encryptedDbPassword, - String algorithm) { - if (!isDbAccount(accountCategoryEnum) || StringUtils.isBlank(algorithm)) { + String encryptedDbPassword) { + if (!isDbAccount(accountCategoryEnum)) { + return encryptedDbPassword; + } + String algorithm = getDbPasswordEncryptAlgorithmByCipher(accountCategoryEnum, encryptedDbPassword); + if (StringUtils.isBlank(algorithm)) { return encryptedDbPassword; } return symmetricCryptoService.decrypt(encryptedDbPassword, algorithm); diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/ExportJobPasswordCryptoService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/ExportJobPasswordCryptoService.java new file mode 100644 index 0000000000..bb77127628 --- /dev/null +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/ExportJobPasswordCryptoService.java @@ -0,0 +1,78 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.common.encrypt.scenario; + +import com.tencent.bk.job.common.encrypt.CryptoScenarioEnum; +import com.tencent.bk.job.common.encrypt.SymmetricCryptoService; +import com.tencent.bk.sdk.crypto.cryptor.consts.CryptorNames; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +/** + * 作业导出任务密码相关加解密服务 + */ +@Slf4j +@Service +public class ExportJobPasswordCryptoService { + + private final SymmetricCryptoService symmetricCryptoService; + + @Autowired + public ExportJobPasswordCryptoService(SymmetricCryptoService symmetricCryptoService) { + this.symmetricCryptoService = symmetricCryptoService; + } + + public String getExportJobPasswordEncryptAlgorithmByCipher(String cipher) { + if (StringUtils.isEmpty(cipher)) { + return CryptorNames.NONE; + } + String algorithm = symmetricCryptoService.getAlgorithmFromCipher(cipher); + if (algorithm != null) { + return algorithm; + } + return CryptorNames.NONE; + } + + public String encryptExportJobPassword(String exportJobPassword) { + if (StringUtils.isEmpty(exportJobPassword)) { + return exportJobPassword; + } + return symmetricCryptoService.encryptToBase64Str(exportJobPassword, CryptoScenarioEnum.EXPORT_JOB_PASSWORD); + } + + public String decryptExportJobPassword(String encryptedExportJobPassword) { + if (StringUtils.isEmpty(encryptedExportJobPassword)) { + return encryptedExportJobPassword; + } + String algorithm = getExportJobPasswordEncryptAlgorithmByCipher(encryptedExportJobPassword); + if (StringUtils.isBlank(algorithm)) { + return encryptedExportJobPassword; + } + return symmetricCryptoService.decrypt(encryptedExportJobPassword, algorithm); + } + +} diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/SensitiveParamService.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/SensitiveParamCryptoService.java similarity index 80% rename from src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/SensitiveParamService.java rename to src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/SensitiveParamCryptoService.java index efca961b31..48dca2218b 100644 --- a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/SensitiveParamService.java +++ b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/encrypt/scenario/SensitiveParamCryptoService.java @@ -24,6 +24,7 @@ package com.tencent.bk.job.common.encrypt.scenario; +import com.cronutils.utils.StringUtils; import com.tencent.bk.job.common.encrypt.CryptoScenarioEnum; import com.tencent.bk.job.common.encrypt.SymmetricCryptoService; import com.tencent.bk.sdk.crypto.cryptor.consts.CryptorNames; @@ -36,20 +37,24 @@ */ @Slf4j @Service -public class SensitiveParamService { +public class SensitiveParamCryptoService { private final SymmetricCryptoService symmetricCryptoService; @Autowired - public SensitiveParamService(SymmetricCryptoService symmetricCryptoService) { + public SensitiveParamCryptoService(SymmetricCryptoService symmetricCryptoService) { this.symmetricCryptoService = symmetricCryptoService; } - public String getSecureParamEncryptAlgorithm(Boolean secureParam) { - if (secureParam == null || !secureParam) { + public String getSecureParamEncryptAlgorithmByCipher(boolean secureParam, String cipher) { + if (!secureParam || StringUtils.isEmpty(cipher)) { return CryptorNames.NONE; } - return symmetricCryptoService.getAlgorithmByScenario(CryptoScenarioEnum.SCRIPT_SENSITIVE_PARAM); + String algorithm = symmetricCryptoService.getAlgorithmFromCipher(cipher); + if (algorithm != null) { + return algorithm; + } + return CryptorNames.NONE; } public String encryptParamIfNeeded(boolean secureParam, String param) { @@ -59,17 +64,11 @@ public String encryptParamIfNeeded(boolean secureParam, String param) { return symmetricCryptoService.encryptToBase64Str(param, CryptoScenarioEnum.SCRIPT_SENSITIVE_PARAM); } - public String encryptParamIfNeeded(boolean secureParam, String param, String encryptAlgorithm) { - if (!secureParam) { - return param; - } - return symmetricCryptoService.encryptToBase64Str(param, encryptAlgorithm); - } - - public String decryptParamIfNeeded(boolean secureParam, String encryptedParam, String algorithm) { + public String decryptParamIfNeeded(boolean secureParam, String encryptedParam) { if (!secureParam) { return encryptedParam; } + String algorithm = getSecureParamEncryptAlgorithmByCipher(secureParam, encryptedParam); return symmetricCryptoService.decrypt(encryptedParam, algorithm); } diff --git a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/dao/impl/ExportJobDAOImpl.java b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/dao/impl/ExportJobDAOImpl.java index 92ab47c6b7..e3e62fec04 100644 --- a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/dao/impl/ExportJobDAOImpl.java +++ b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/dao/impl/ExportJobDAOImpl.java @@ -24,15 +24,23 @@ package com.tencent.bk.job.backup.dao.impl; +import com.fasterxml.jackson.core.type.TypeReference; import com.tencent.bk.job.backup.constant.BackupJobStatusEnum; +import com.tencent.bk.job.backup.constant.SecretHandlerEnum; import com.tencent.bk.job.backup.dao.ExportJobDAO; +import com.tencent.bk.job.backup.model.dto.BackupTemplateInfoDTO; import com.tencent.bk.job.backup.model.dto.ExportJobInfoDTO; import com.tencent.bk.job.backup.model.tables.ExportJob; import com.tencent.bk.job.backup.model.tables.records.ExportJobRecord; -import com.tencent.bk.job.backup.util.DbRecordMapper; +import com.tencent.bk.job.common.encrypt.scenario.ExportJobPasswordCryptoService; import com.tencent.bk.job.common.util.json.JsonMapper; +import com.tencent.bk.job.common.util.json.JsonUtils; import lombok.extern.slf4j.Slf4j; -import org.jooq.*; +import org.jooq.Condition; +import org.jooq.DSLContext; +import org.jooq.Record13; +import org.jooq.Result; +import org.jooq.UpdateSetMoreStep; import org.jooq.types.UByte; import org.jooq.types.ULong; import org.springframework.beans.factory.annotation.Autowired; @@ -42,6 +50,7 @@ import java.util.ArrayList; import java.util.List; +import java.util.Locale; /** * @since 28/7/2020 12:26 @@ -52,26 +61,48 @@ public class ExportJobDAOImpl implements ExportJobDAO { private static final ExportJob TABLE = ExportJob.EXPORT_JOB; private final DSLContext context; + private final ExportJobPasswordCryptoService exportJobPasswordCryptoService; @Autowired - public ExportJobDAOImpl(@Qualifier("job-backup-dsl-context") DSLContext context) { + public ExportJobDAOImpl(@Qualifier("job-backup-dsl-context") DSLContext context, + ExportJobPasswordCryptoService exportJobPasswordCryptoService) { this.context = context; + this.exportJobPasswordCryptoService = exportJobPasswordCryptoService; } @Override public String insertExportJob(ExportJobInfoDTO exportJobInfo) { - if (1 == context.insertInto(TABLE) - .columns(TABLE.ID, TABLE.APP_ID, TABLE.CREATOR, TABLE.CREATE_TIME, TABLE.UPDATE_TIME, TABLE.STATUS, - TABLE.PASSWORD, TABLE.PACKAGE_NAME, TABLE.SECRET_HANDLER, TABLE.EXPIRE_TIME, TABLE.TEMPLATE_PLAN_INFO, - TABLE.FILE_NAME, TABLE.LOCALE) - .values(exportJobInfo.getId(), ULong.valueOf(exportJobInfo.getAppId()), exportJobInfo.getCreator(), - ULong.valueOf(exportJobInfo.getCreateTime()), ULong.valueOf(exportJobInfo.getUpdateTime()), - UByte.valueOf(exportJobInfo.getStatus().getStatus()), exportJobInfo.getPassword(), - exportJobInfo.getPackageName(), UByte.valueOf(exportJobInfo.getSecretHandler().getType()), + int affectedNum = context.insertInto(TABLE) + .columns( + TABLE.ID, + TABLE.APP_ID, + TABLE.CREATOR, + TABLE.CREATE_TIME, + TABLE.UPDATE_TIME, + TABLE.STATUS, + TABLE.PASSWORD, + TABLE.PACKAGE_NAME, + TABLE.SECRET_HANDLER, + TABLE.EXPIRE_TIME, + TABLE.TEMPLATE_PLAN_INFO, + TABLE.FILE_NAME, + TABLE.LOCALE + ).values( + exportJobInfo.getId(), + ULong.valueOf(exportJobInfo.getAppId()), + exportJobInfo.getCreator(), + ULong.valueOf(exportJobInfo.getCreateTime()), + ULong.valueOf(exportJobInfo.getUpdateTime()), + UByte.valueOf(exportJobInfo.getStatus().getStatus()), + exportJobPasswordCryptoService.encryptExportJobPassword(exportJobInfo.getPassword()), + exportJobInfo.getPackageName(), + UByte.valueOf(exportJobInfo.getSecretHandler().getType()), ULong.valueOf(exportJobInfo.getExpireTime()), JsonMapper.nonEmptyMapper().toJson(exportJobInfo.getTemplateInfo()), - exportJobInfo.getFileName(), LocaleContextHolder.getLocale().toLanguageTag()) - .execute()) { + exportJobInfo.getFileName(), + LocaleContextHolder.getLocale().toLanguageTag() + ).execute(); + if (1 == affectedNum) { return exportJobInfo.getId(); } else { return null; @@ -85,13 +116,24 @@ public ExportJobInfoDTO getExportJobById(Long appId, String jobId) { if (appId > 0) { conditions.add(TABLE.APP_ID.equal(ULong.valueOf(appId))); } - Record13 record = context.select(TABLE.ID, TABLE.APP_ID, TABLE.CREATOR, TABLE.CREATE_TIME, - TABLE.UPDATE_TIME, TABLE.STATUS, TABLE.PASSWORD, TABLE.PACKAGE_NAME, TABLE.SECRET_HANDLER, - TABLE.EXPIRE_TIME, TABLE.TEMPLATE_PLAN_INFO, TABLE.FILE_NAME, TABLE.LOCALE) - .from(TABLE).where(conditions).fetchOne(); - return DbRecordMapper.convertRecordToExportJobInfo(record); + String, String> record = + context.select( + TABLE.ID, + TABLE.APP_ID, + TABLE.CREATOR, + TABLE.CREATE_TIME, + TABLE.UPDATE_TIME, + TABLE.STATUS, + TABLE.PASSWORD, + TABLE.PACKAGE_NAME, + TABLE.SECRET_HANDLER, + TABLE.EXPIRE_TIME, + TABLE.TEMPLATE_PLAN_INFO, + TABLE.FILE_NAME, + TABLE.LOCALE + ).from(TABLE).where(conditions).fetchOne(); + return convertRecordToExportJobInfo(record); } @Override @@ -99,18 +141,32 @@ public List getExportJobByUser(Long appId, String username) { List conditions = new ArrayList<>(); conditions.add(TABLE.CREATOR.equal(username)); conditions.add(TABLE.APP_ID.equal(ULong.valueOf(appId))); - conditions.add(TABLE.STATUS.in(UByte.valueOf(BackupJobStatusEnum.SUBMIT.getStatus()), + conditions.add(TABLE.STATUS.in( + UByte.valueOf(BackupJobStatusEnum.SUBMIT.getStatus()), UByte.valueOf(BackupJobStatusEnum.PROCESSING.getStatus()), - UByte.valueOf(BackupJobStatusEnum.ALL_SUCCESS.getStatus()))); + UByte.valueOf(BackupJobStatusEnum.ALL_SUCCESS.getStatus()) + )); Result< Record13> result = context.select(TABLE.ID, TABLE.APP_ID, TABLE.CREATOR, TABLE.CREATE_TIME, - TABLE.UPDATE_TIME, TABLE.STATUS, TABLE.PASSWORD, TABLE.PACKAGE_NAME, TABLE.SECRET_HANDLER, - TABLE.EXPIRE_TIME, TABLE.TEMPLATE_PLAN_INFO, TABLE.FILE_NAME, TABLE.LOCALE) - .from(TABLE).where(conditions).fetch(); + String>> result = + context.select( + TABLE.ID, + TABLE.APP_ID, + TABLE.CREATOR, + TABLE.CREATE_TIME, + TABLE.UPDATE_TIME, + TABLE.STATUS, + TABLE.PASSWORD, + TABLE.PACKAGE_NAME, + TABLE.SECRET_HANDLER, + TABLE.EXPIRE_TIME, + TABLE.TEMPLATE_PLAN_INFO, + TABLE.FILE_NAME, + TABLE.LOCALE + ).from(TABLE).where(conditions).fetch(); List exportJobInfoList = new ArrayList<>(); - result.forEach(record -> exportJobInfoList.add(DbRecordMapper.convertRecordToExportJobInfo(record))); + result.forEach(record -> exportJobInfoList.add(convertRecordToExportJobInfo(record))); return exportJobInfoList; } @@ -124,7 +180,10 @@ public boolean updateExportJob(ExportJobInfoDTO exportInfo) { UpdateSetMoreStep updateStep = context.update(TABLE).set(TABLE.UPDATE_TIME, ULong.valueOf(System.currentTimeMillis())); - updateStep = updateStep.set(TABLE.PASSWORD, exportInfo.getPassword()); + updateStep = updateStep.set( + TABLE.PASSWORD, + exportJobPasswordCryptoService.encryptExportJobPassword(exportInfo.getPassword()) + ); if (exportInfo.getStatus() != null) { updateStep = updateStep.set(TABLE.STATUS, UByte.valueOf(exportInfo.getStatus().getStatus())); @@ -145,11 +204,23 @@ public List listOldExportJob() { Result< Record13> result = - context.select(TABLE.ID, TABLE.APP_ID, TABLE.CREATOR, TABLE.CREATE_TIME, TABLE.UPDATE_TIME, - TABLE.STATUS, TABLE.PASSWORD, TABLE.PACKAGE_NAME, TABLE.SECRET_HANDLER, TABLE.EXPIRE_TIME, - TABLE.TEMPLATE_PLAN_INFO, TABLE.FILE_NAME, TABLE.LOCALE).from(TABLE).where(conditions).fetch(); + context.select( + TABLE.ID, + TABLE.APP_ID, + TABLE.CREATOR, + TABLE.CREATE_TIME, + TABLE.UPDATE_TIME, + TABLE.STATUS, + TABLE.PASSWORD, + TABLE.PACKAGE_NAME, + TABLE.SECRET_HANDLER, + TABLE.EXPIRE_TIME, + TABLE.TEMPLATE_PLAN_INFO, + TABLE.FILE_NAME, + TABLE.LOCALE + ).from(TABLE).where(conditions).fetch(); List exportJobInfoList = new ArrayList<>(); - result.forEach(record -> exportJobInfoList.add(DbRecordMapper.convertRecordToExportJobInfo(record))); + result.forEach(record -> exportJobInfoList.add(convertRecordToExportJobInfo(record))); return exportJobInfoList; } @@ -161,4 +232,33 @@ public boolean setCleanMark(Long appId, String jobId) { return 1 == context.update(TABLE).set(TABLE.IS_CLEANED, UByte.valueOf(1)).where(conditions).execute(); } + public ExportJobInfoDTO convertRecordToExportJobInfo( + Record13 record) { + if (record == null) { + return null; + } + ExportJob table = ExportJob.EXPORT_JOB; + ExportJobInfoDTO exportJobInfo = new ExportJobInfoDTO(); + exportJobInfo.setId(record.get(table.ID)); + exportJobInfo.setAppId(record.get(table.APP_ID).longValue()); + exportJobInfo.setCreator(record.get(table.CREATOR)); + exportJobInfo.setCreateTime(record.get(table.CREATE_TIME).longValue()); + exportJobInfo.setUpdateTime(record.get(table.UPDATE_TIME).longValue()); + exportJobInfo.setStatus(BackupJobStatusEnum.valueOf(record.get(table.STATUS).intValue())); + + // 导出密码解密 + String encryptedPassword = record.get(table.PASSWORD); + exportJobInfo.setPassword(exportJobPasswordCryptoService.decryptExportJobPassword(encryptedPassword)); + + exportJobInfo.setPackageName(record.get(table.PACKAGE_NAME)); + exportJobInfo.setSecretHandler(SecretHandlerEnum.valueOf(record.get(table.SECRET_HANDLER).intValue())); + exportJobInfo.setExpireTime(record.get(table.EXPIRE_TIME).longValue()); + exportJobInfo.setTemplateInfo(JsonUtils.fromJson(record.get(table.TEMPLATE_PLAN_INFO), + new TypeReference>() { + })); + exportJobInfo.setFileName(record.get(table.FILE_NAME)); + exportJobInfo.setLocale(Locale.forLanguageTag(record.get(table.LOCALE))); + return exportJobInfo; + } } diff --git a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/executor/ExportJobExecutor.java b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/executor/ExportJobExecutor.java index c5e109a1e9..b0e1dfb78f 100644 --- a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/executor/ExportJobExecutor.java +++ b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/executor/ExportJobExecutor.java @@ -45,11 +45,11 @@ import com.tencent.bk.job.common.constant.ErrorCode; import com.tencent.bk.job.common.constant.JobConstants; import com.tencent.bk.job.common.constant.TaskVariableTypeEnum; +import com.tencent.bk.job.common.encrypt.scenario.BackupFileCryptoService; import com.tencent.bk.job.common.exception.InternalException; import com.tencent.bk.job.common.i18n.service.MessageI18nService; import com.tencent.bk.job.common.util.Base64Util; import com.tencent.bk.job.common.util.FileUtil; -import com.tencent.bk.job.common.util.crypto.AESUtils; import com.tencent.bk.job.common.util.file.ZipUtil; import com.tencent.bk.job.common.util.json.JsonMapper; import com.tencent.bk.job.manage.common.consts.task.TaskFileTypeEnum; @@ -111,16 +111,22 @@ public class ExportJobExecutor { private final ArtifactoryConfig artifactoryConfig; private final BackupStorageConfig backupStorageConfig; private final LocalFileConfigForBackup localFileConfig; + private final BackupFileCryptoService backupFileCryptoService; @Autowired - public ExportJobExecutor(ExportJobService exportJobService, TaskTemplateService taskTemplateService, - TaskPlanService taskPlanService, ScriptService scriptService, - AccountService accountService, LogService logService, - StorageService storageService, MessageI18nService i18nService, + public ExportJobExecutor(ExportJobService exportJobService, + TaskTemplateService taskTemplateService, + TaskPlanService taskPlanService, + ScriptService scriptService, + AccountService accountService, + LogService logService, + StorageService storageService, + MessageI18nService i18nService, ArtifactoryClient artifactoryClient, ArtifactoryConfig artifactoryConfig, BackupStorageConfig backupStorageConfig, - LocalFileConfigForBackup localFileConfig) { + LocalFileConfigForBackup localFileConfig, + BackupFileCryptoService backupFileCryptoService) { this.exportJobService = exportJobService; this.taskTemplateService = taskTemplateService; this.taskPlanService = taskPlanService; @@ -133,6 +139,7 @@ public ExportJobExecutor(ExportJobService exportJobService, TaskTemplateService this.artifactoryConfig = artifactoryConfig; this.backupStorageConfig = backupStorageConfig; this.localFileConfig = localFileConfig; + this.backupFileCryptoService = backupFileCryptoService; File storageDirectory = new File(storageService.getStoragePath().concat(JOB_EXPORT_FILE_PREFIX)); checkDirectory(storageDirectory); @@ -305,7 +312,7 @@ private String encryptFile(ExportJobInfoDTO exportInfo, File zipFile) { i18nService.getI18n(LogMessage.START_ENCRYPTING)); File finalFileTmp = new File(zipFile.getPath().concat(".enc.tmp")); try { - AESUtils.encrypt(zipFile, finalFileTmp, exportInfo.getPassword()); + backupFileCryptoService.encryptBackupFile(exportInfo.getPassword(), zipFile, finalFileTmp); FileUtils.deleteQuietly(zipFile); } catch (Exception e) { log.error("Error while processing export job! Encrypt failed!", e); diff --git a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/service/impl/ImportJobServiceImpl.java b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/service/impl/ImportJobServiceImpl.java index 8c46293d2e..c43c06cb75 100644 --- a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/service/impl/ImportJobServiceImpl.java +++ b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/service/impl/ImportJobServiceImpl.java @@ -37,10 +37,10 @@ import com.tencent.bk.job.backup.service.ImportJobService; import com.tencent.bk.job.backup.service.LogService; import com.tencent.bk.job.backup.service.StorageService; +import com.tencent.bk.job.common.encrypt.scenario.BackupFileCryptoService; import com.tencent.bk.job.common.i18n.service.MessageI18nService; import com.tencent.bk.job.common.redis.util.LockUtils; import com.tencent.bk.job.common.util.JobContextUtil; -import com.tencent.bk.job.common.util.crypto.AESUtils; import com.tencent.bk.job.common.util.file.ZipUtil; import com.tencent.bk.job.manage.model.web.vo.task.TaskPlanVO; import com.tencent.bk.job.manage.model.web.vo.task.TaskTemplateVO; @@ -77,14 +77,19 @@ public class ImportJobServiceImpl implements ImportJobService { private final StorageService storageService; private final LogService logService; private final MessageI18nService i18nService; + private final BackupFileCryptoService backupFileCryptoService; @Autowired - public ImportJobServiceImpl(ImportJobDAO importJobDAO, StorageService storageService, LogService logService, - MessageI18nService i18nService) { + public ImportJobServiceImpl(ImportJobDAO importJobDAO, + StorageService storageService, + LogService logService, + MessageI18nService i18nService, + BackupFileCryptoService backupFileCryptoService) { this.importJobDAO = importJobDAO; this.storageService = storageService; this.logService = logService; this.i18nService = i18nService; + this.backupFileCryptoService = backupFileCryptoService; } @Override @@ -284,7 +289,7 @@ public Boolean checkPassword(String username, Long appId, String jobId, String p new File(parentPath.concat(File.separatorChar + uploadFile.getName() + Constant.JOB_IMPORT_DECRYPT_SUFFIX)); try { - AESUtils.decrypt(uploadFile, decryptedFile, password); + backupFileCryptoService.decryptBackupFile(password, uploadFile, decryptedFile); logService.addImportLog(appId, jobId, i18nService.getI18n(LogMessage.CORRECT_PASSWORD)); FileUtils.deleteQuietly(uploadFile); importInfo.setFileName(importInfo.getFileName().concat(Constant.JOB_IMPORT_DECRYPT_SUFFIX)); @@ -292,6 +297,7 @@ public Boolean checkPassword(String username, Long appId, String jobId, String p parseFile(username, appId, jobId); return true; } catch (Exception e) { + log.warn("Fail to decrypt backupFile", e); logService.addImportLog(appId, jobId, i18nService.getI18n(LogMessage.WRONG_PASSWORD), LogEntityTypeEnum.RETRY_PASSWORD); importInfo.setStatus(BackupJobStatusEnum.WRONG_PASSWORD); diff --git a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/util/DbRecordMapper.java b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/util/DbRecordMapper.java index 848e11fc2d..1db15596f9 100644 --- a/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/util/DbRecordMapper.java +++ b/src/backend/job-backup/service-job-backup/src/main/java/com/tencent/bk/job/backup/util/DbRecordMapper.java @@ -28,9 +28,10 @@ import com.tencent.bk.job.backup.constant.BackupJobStatusEnum; import com.tencent.bk.job.backup.constant.DuplicateIdHandlerEnum; import com.tencent.bk.job.backup.constant.LogEntityTypeEnum; -import com.tencent.bk.job.backup.constant.SecretHandlerEnum; -import com.tencent.bk.job.backup.model.dto.*; -import com.tencent.bk.job.backup.model.tables.ExportJob; +import com.tencent.bk.job.backup.model.dto.BackupTemplateInfoDTO; +import com.tencent.bk.job.backup.model.dto.IdNameInfoDTO; +import com.tencent.bk.job.backup.model.dto.ImportJobInfoDTO; +import com.tencent.bk.job.backup.model.dto.LogEntityDTO; import com.tencent.bk.job.backup.model.tables.ImportJob; import com.tencent.bk.job.common.util.json.JsonUtils; import org.jooq.Record13; @@ -46,32 +47,6 @@ */ public class DbRecordMapper { - public static ExportJobInfoDTO convertRecordToExportJobInfo( - Record13 record) { - if (record == null) { - return null; - } - ExportJob table = ExportJob.EXPORT_JOB; - ExportJobInfoDTO exportJobInfo = new ExportJobInfoDTO(); - exportJobInfo.setId(record.get(table.ID)); - exportJobInfo.setAppId(record.get(table.APP_ID).longValue()); - exportJobInfo.setCreator(record.get(table.CREATOR)); - exportJobInfo.setCreateTime(record.get(table.CREATE_TIME).longValue()); - exportJobInfo.setUpdateTime(record.get(table.UPDATE_TIME).longValue()); - exportJobInfo.setStatus(BackupJobStatusEnum.valueOf(record.get(table.STATUS).intValue())); - exportJobInfo.setPassword(record.get(table.PASSWORD)); - exportJobInfo.setPackageName(record.get(table.PACKAGE_NAME)); - exportJobInfo.setSecretHandler(SecretHandlerEnum.valueOf(record.get(table.SECRET_HANDLER).intValue())); - exportJobInfo.setExpireTime(record.get(table.EXPIRE_TIME).longValue()); - exportJobInfo.setTemplateInfo(JsonUtils.fromJson(record.get(table.TEMPLATE_PLAN_INFO), - new TypeReference>() { - })); - exportJobInfo.setFileName(record.get(table.FILE_NAME)); - exportJobInfo.setLocale(Locale.forLanguageTag(record.get(table.LOCALE))); - return exportJobInfo; - } - public static ImportJobInfoDTO convertRecordToImportJobInfo( Record13 record) { diff --git a/src/backend/job-crontab/boot-job-crontab/src/test/java/com/tencent/bk/job/crontab/dao/impl/CronJobDAOImplIntegrationTest.java b/src/backend/job-crontab/boot-job-crontab/src/test/java/com/tencent/bk/job/crontab/dao/impl/CronJobDAOImplIntegrationTest.java index 864693a334..90fc4f9991 100644 --- a/src/backend/job-crontab/boot-job-crontab/src/test/java/com/tencent/bk/job/crontab/dao/impl/CronJobDAOImplIntegrationTest.java +++ b/src/backend/job-crontab/boot-job-crontab/src/test/java/com/tencent/bk/job/crontab/dao/impl/CronJobDAOImplIntegrationTest.java @@ -34,7 +34,6 @@ import com.tencent.bk.job.crontab.model.dto.CronJobInfoDTO; import com.tencent.bk.job.crontab.model.dto.CronJobVariableDTO; import com.tencent.bk.job.crontab.util.CronExpressionUtil; -import com.tencent.bk.sdk.crypto.cryptor.consts.CryptorNames; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -94,12 +93,10 @@ void initTest() { VARIABLE_1.setName("a"); VARIABLE_1.setValue("b"); VARIABLE_1.setType(TaskVariableTypeEnum.HOST_LIST); - VARIABLE_1.setCipherEncryptAlgorithm(CryptorNames.NONE); VARIABLE_2.setName("b"); VARIABLE_2.setValue("c"); VARIABLE_2.setType(TaskVariableTypeEnum.CIPHER); - VARIABLE_2.setCipherEncryptAlgorithm(CryptorNames.NONE); NOTIFY_USER_1.setUserList(Arrays.asList("userC", "userJ")); NOTIFY_USER_1.setRoleList(Arrays.asList("JOB_ROLE_1", "JOB_ROLE_2")); diff --git a/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/CronJobVariableDTO.java b/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/CronJobVariableDTO.java index d0a36e4fd0..57f0119747 100644 --- a/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/CronJobVariableDTO.java +++ b/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/CronJobVariableDTO.java @@ -64,11 +64,6 @@ public class CronJobVariableDTO implements Cloneable { */ private TaskVariableTypeEnum type; - /** - * 密文变量使用的加密算法 - */ - private String cipherEncryptAlgorithm; - /** * 普通变量值 */ @@ -168,7 +163,6 @@ public CronJobVariableDTO clone() { cronJobVariableDTO.setId(id); cronJobVariableDTO.setType(type); cronJobVariableDTO.setName(name); - cronJobVariableDTO.setCipherEncryptAlgorithm(cipherEncryptAlgorithm); cronJobVariableDTO.setValue(value); if (server != null) { cronJobVariableDTO.setServer(server.clone()); diff --git a/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/EncryptEnableVariables.java b/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/EncryptEnableVariables.java index eaac9a983b..42a1536025 100644 --- a/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/EncryptEnableVariables.java +++ b/src/backend/job-crontab/service-job-crontab/src/main/java/com/tencent/bk/job/crontab/model/dto/EncryptEnableVariables.java @@ -25,7 +25,7 @@ package com.tencent.bk.job.crontab.model.dto; import com.fasterxml.jackson.core.type.TypeReference; -import com.tencent.bk.job.common.encrypt.scenario.CipherVariableService; +import com.tencent.bk.job.common.encrypt.scenario.CipherVariableCryptoService; import com.tencent.bk.job.common.util.ApplicationContextRegister; import com.tencent.bk.job.common.util.json.JsonUtils; import lombok.AllArgsConstructor; @@ -53,16 +53,15 @@ public class EncryptEnableVariables { protected List variableValue; public String getEncryptedVariableValue() { - CipherVariableService cipherVariableService = ApplicationContextRegister.getBean(CipherVariableService.class); + CipherVariableCryptoService cipherVariableCryptoService = + ApplicationContextRegister.getBean(CipherVariableCryptoService.class); if (CollectionUtils.isEmpty(this.variableValue)) { return JsonUtils.toJson(this.variableValue); } List cloneVariableList = new ArrayList<>(this.variableValue.size()); for (CronJobVariableDTO cronJobVariableDTO : this.variableValue) { CronJobVariableDTO cloneCronJobVariable = cronJobVariableDTO.clone(); - String algorithm = cipherVariableService.getCipherVariableEncryptAlgorithm(cloneCronJobVariable.getType()); - cloneCronJobVariable.setCipherEncryptAlgorithm(algorithm); - String encryptedValue = cipherVariableService.encryptTaskVariableIfNeeded( + String encryptedValue = cipherVariableCryptoService.encryptTaskVariableIfNeeded( cloneCronJobVariable.getType(), cloneCronJobVariable.getValue() ); @@ -73,7 +72,8 @@ public String getEncryptedVariableValue() { } public void decryptAndSetVariableValue(String encryptedVariableValue) { - CipherVariableService cipherVariableService = ApplicationContextRegister.getBean(CipherVariableService.class); + CipherVariableCryptoService cipherVariableCryptoService = + ApplicationContextRegister.getBean(CipherVariableCryptoService.class); if (StringUtils.isBlank(encryptedVariableValue)) { this.variableValue = new ArrayList<>(); } @@ -86,10 +86,9 @@ public void decryptAndSetVariableValue(String encryptedVariableValue) { return; } for (CronJobVariableDTO cronJobVariableDTO : this.variableValue) { - String decryptedValue = cipherVariableService.decryptTaskVariableIfNeeded( + String decryptedValue = cipherVariableCryptoService.decryptTaskVariableIfNeeded( cronJobVariableDTO.getType(), - cronJobVariableDTO.getValue(), - cronJobVariableDTO.getCipherEncryptAlgorithm() + cronJobVariableDTO.getValue() ); cronJobVariableDTO.setValue(decryptedValue); } diff --git a/src/backend/job-execute/boot-job-execute/src/test/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImplIntegrationTest.java b/src/backend/job-execute/boot-job-execute/src/test/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImplIntegrationTest.java index 1fac6bb006..974635a6bd 100644 --- a/src/backend/job-execute/boot-job-execute/src/test/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImplIntegrationTest.java +++ b/src/backend/job-execute/boot-job-execute/src/test/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImplIntegrationTest.java @@ -273,7 +273,7 @@ public void testGetScriptStepInstance() { assertThat(returnStepInstance.getResolvedScriptParam()).isEqualTo("var1"); assertThat(returnStepInstance.getScriptType()).isEqualTo(1); assertThat(returnStepInstance.getTimeout()).isEqualTo(1000); - assertThat(returnStepInstance.isSecureParam()).isEqualTo(false); + assertThat(returnStepInstance.isSecureParam()).isEqualTo(true); } @Test diff --git a/src/backend/job-execute/boot-job-execute/src/test/resources/init_schema.sql b/src/backend/job-execute/boot-job-execute/src/test/resources/init_schema.sql index addd30dd5b..babd26a3f5 100644 --- a/src/backend/job-execute/boot-job-execute/src/test/resources/init_schema.sql +++ b/src/backend/job-execute/boot-job-execute/src/test/resources/init_schema.sql @@ -89,27 +89,25 @@ CREATE TABLE IF NOT EXISTS `step_instance` CREATE TABLE IF NOT EXISTS `step_instance_script` ( - `step_instance_id` bigint(20) NOT NULL, - `script_content` mediumtext, - `script_type` tinyint(4) DEFAULT NULL, - `script_param` text, - `resolved_script_param` text, - `execution_timeout` int(11) DEFAULT NULL, - `system_account_id` bigint(20) DEFAULT NULL, - `system_account` varchar(256) DEFAULT NULL, - `db_account_id` bigint(20) DEFAULT NULL, - `db_type` tinyint(4) DEFAULT NULL, - `db_account` varchar(256) DEFAULT NULL, - `db_password` varchar(512) DEFAULT NULL, - `db_password_encrypt_algorithm` VARCHAR(32) NOT NULL DEFAULT 'AES', - `db_port` int(5) DEFAULT NULL, - `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `script_source` tinyint(4) DEFAULT 1, - `script_id` varchar(32) DEFAULT NULL, - `script_version_id` bigint(20) DEFAULT NULL, - `is_secure_param` tinyint(1) DEFAULT 0, - `secure_param_encrypt_algorithm` VARCHAR(32) NOT NULL DEFAULT 'None', + `step_instance_id` bigint(20) NOT NULL, + `script_content` mediumtext, + `script_type` tinyint(4) DEFAULT NULL, + `script_param` text, + `resolved_script_param` text, + `execution_timeout` int(11) DEFAULT NULL, + `system_account_id` bigint(20) DEFAULT NULL, + `system_account` varchar(256) DEFAULT NULL, + `db_account_id` bigint(20) DEFAULT NULL, + `db_type` tinyint(4) DEFAULT NULL, + `db_account` varchar(256) DEFAULT NULL, + `db_password` varchar(512) DEFAULT NULL, + `db_port` int(5) DEFAULT NULL, + `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `script_source` tinyint(4) DEFAULT 1, + `script_id` varchar(32) DEFAULT NULL, + `script_version_id` bigint(20) DEFAULT NULL, + `is_secure_param` tinyint(1) DEFAULT 0, PRIMARY KEY (`step_instance_id`) ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4; @@ -273,15 +271,14 @@ CREATE TABLE IF NOT EXISTS `operation_log` CREATE TABLE IF NOT EXISTS `task_instance_variable` ( - `id` bigint(20) NOT NULL AUTO_INCREMENT, - `task_instance_id` bigint(20) NOT NULL, - `name` varchar(512) NOT NULL, - `type` tinyint(4) NOT NULL, - `value` longtext, - `is_changeable` tinyint(1) NOT NULL, - `cipher_encrypt_algorithm` VARCHAR(32) NOT NULL DEFAULT 'None', - `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `task_instance_id` bigint(20) NOT NULL, + `name` varchar(512) NOT NULL, + `type` tinyint(4) NOT NULL, + `value` longtext, + `is_changeable` tinyint(1) NOT NULL, + `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`id`), KEY (`task_instance_id`) ) ENGINE = InnoDB @@ -364,15 +361,15 @@ CREATE TABLE IF NOT EXISTS `step_instance_rolling_task` CREATE TABLE IF NOT EXISTS `task_instance_host` ( - `task_instance_id` bigint(20) NOT NULL DEFAULT '0', - `host_id` bigint(20) NOT NULL DEFAULT '0', - `ip` varchar(15) DEFAULT NULL, - `ipv6` varchar(46) DEFAULT NULL, - `row_create_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - PRIMARY KEY (`task_instance_id`, `host_id`), + `task_instance_id` bigint(20) NOT NULL DEFAULT '0', + `host_id` bigint(20) NOT NULL DEFAULT '0', + `ip` varchar(15) DEFAULT NULL, + `ipv6` varchar(46) DEFAULT NULL, + `row_create_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`task_instance_id`,`host_id`), KEY (`ip`), KEY (`ipv6`) -) ENGINE = InnoDB - DEFAULT CHARSET = utf8mb4; +) ENGINE=InnoDB + DEFAULT CHARSET=utf8mb4; diff --git a/src/backend/job-execute/boot-job-execute/src/test/resources/init_step_instance_data.sql b/src/backend/job-execute/boot-job-execute/src/test/resources/init_step_instance_data.sql index 4ec030b871..cb6d196b68 100644 --- a/src/backend/job-execute/boot-job-execute/src/test/resources/init_step_instance_data.sql +++ b/src/backend/job-execute/boot-job-execute/src/test/resources/init_step_instance_data.sql @@ -28,27 +28,27 @@ truncate table step_instance_file; truncate table step_instance_confirm; insert into job_execute.step_instance (id,app_id,task_instance_id,step_id,name,type,target_servers,operator,status,execute_count,start_time,end_time,total_time, -create_time,step_num,step_order) values (1,2,1,1,'task1-step1',1,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,1572868800000,1572868801000,1111,1572868800000,2,1); + create_time,step_num,step_order) values (1,2,1,1,'task1-step1',1,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,1572868800000,1572868801000,1111,1572868800000,2,1); insert into job_execute.step_instance (id,app_id,task_instance_id,step_id,name,type,target_servers,operator,status,execute_count,start_time,end_time,total_time, -create_time,step_num,step_order) values (2,2,1,2,'task1-step2',2,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,1572868801000,1572868802000,1112,1572868800000,2,2); + create_time,step_num,step_order) values (2,2,1,2,'task1-step2',2,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,1572868801000,1572868802000,1112,1572868800000,2,2); insert into job_execute.step_instance (id,app_id,task_instance_id,step_id,name,type,target_servers,operator,status,execute_count,start_time,end_time,total_time, -create_time,step_num,step_order) values (3,2,2,-1,'fast_execute_task_name',1,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,1572868800000,1572868801000,1111,1572868800000,1,1); + create_time,step_num,step_order) values (3,2,2,-1,'fast_execute_task_name',1,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,1572868800000,1572868801000,1111,1572868800000,1,1); insert into job_execute.step_instance (id,app_id,task_instance_id,step_id,name,type,target_servers,operator,status,execute_count,start_time,end_time,total_time, -create_time,step_num,step_order) values (4,2,3,-1,'fast_execute_task_name',1,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,null,1572868801000,0,null,1,1); + create_time,step_num,step_order) values (4,2,3,-1,'fast_execute_task_name',1,'{"ipList":[{"cloudAreaId":0,"ip":"127.0.0.1"}]}','admin',3,0,null,1572868801000,0,null,1,1); insert into job_execute.step_instance_script(step_instance_id,script_content,script_type,script_param,resolved_script_param,execution_timeout,system_account_id,system_account, -db_account_id,db_type,db_account,db_password,db_password_encrypt_algorithm,db_port,script_source,script_id,script_version_id,secure_param_encrypt_algorithm) values (1,'script_content',1,'${var1}','var1',1000,1,'root',11,1,'root','db_password','None',3306,1,NULL,NULL,'None'); + db_account_id,db_type,db_account,db_password,db_port,script_source,script_id,script_version_id,is_secure_param) values (1,'script_content',1,'${var1}','var1',1000,1,'root',11,1,'root','ESKsXn+pF9hACG3BSYG38ZnUjQQ8bUcOylREiEnDTPU=',3306,1,NULL,NULL,1); insert into job_execute.step_instance_file(step_instance_id,file_source,resolved_file_source,file_target_path,file_target_name,resolved_file_target_path,file_upload_speed_limit,file_download_speed_limit, -file_duplicate_handle,not_exist_path_handler,execution_timeout,system_account_id,system_account) values (2,'[{"files":[{ "filePath":"/${log_dir}/1.log" }],"localUpload":false}]', -'[{"files":[{ "resolvedFilePath":"/tmp/1.log", "filePath":"/${log_dir}/1.log" }],"localUpload":false}]','/${log_dir}/','2.log','/tmp/', -100,100,1,1,1000,1,'root'); + file_duplicate_handle,not_exist_path_handler,execution_timeout,system_account_id,system_account) values (2,'[{"files":[{ "filePath":"/${log_dir}/1.log" }],"localUpload":false}]', + '[{"files":[{ "resolvedFilePath":"/tmp/1.log", "filePath":"/${log_dir}/1.log" }],"localUpload":false}]','/${log_dir}/','2.log','/tmp/', + 100,100,1,1,1000,1,'root'); insert into job_execute.step_instance_confirm(step_instance_id,confirm_message,confirm_users,confirm_roles,notify_channels,confirm_reason) values ( -3,'confirm_message','admin,test','JOB_RESOURCE_TRIGGER_USER','weixin','confirm_reason'); + 3,'confirm_message','admin,test','JOB_RESOURCE_TRIGGER_USER','weixin','confirm_reason'); diff --git a/src/backend/job-execute/boot-job-execute/src/test/resources/init_task_instance_variable_data.sql b/src/backend/job-execute/boot-job-execute/src/test/resources/init_task_instance_variable_data.sql index d859a9d841..c43ebf9211 100644 --- a/src/backend/job-execute/boot-job-execute/src/test/resources/init_task_instance_variable_data.sql +++ b/src/backend/job-execute/boot-job-execute/src/test/resources/init_task_instance_variable_data.sql @@ -24,9 +24,9 @@ truncate table task_instance_variable; -INSERT INTO job_execute.task_instance_variable (task_instance_id,name,type,value,is_changeable,cipher_encrypt_algorithm) VALUES -(1,'param1',1,'param1_value',1,'None'); -INSERT INTO job_execute.task_instance_variable (task_instance_id,name,type,value,is_changeable,cipher_encrypt_algorithm) VALUES -(1,'param2',2,'param2_value',1,'None'); -INSERT INTO job_execute.task_instance_variable (task_instance_id,name,type,value,is_changeable,cipher_encrypt_algorithm) VALUES -(2,'param1',1,'param1_value',0,'None'); +INSERT INTO job_execute.task_instance_variable (task_instance_id,name,type,value,is_changeable) VALUES +(1,'param1',1,'param1_value',1); +INSERT INTO job_execute.task_instance_variable (task_instance_id,name,type,value,is_changeable) VALUES +(1,'param2',2,'param2_value',1); +INSERT INTO job_execute.task_instance_variable (task_instance_id,name,type,value,is_changeable) VALUES +(2,'param1',1,'param1_value',0); diff --git a/src/backend/job-execute/boot-job-execute/src/test/resources/test.properties b/src/backend/job-execute/boot-job-execute/src/test/resources/test.properties index 60e2c486d7..2533add134 100644 --- a/src/backend/job-execute/boot-job-execute/src/test/resources/test.properties +++ b/src/backend/job-execute/boot-job-execute/src/test/resources/test.properties @@ -30,3 +30,5 @@ app.secret=job iam.system-id=bk_job iam.base-url=http://bkiam.service.consul:9080/ job.encrypt.password=test +job.encrypt.scenarioAlgorithms.scriptSensitiveParam=None +job.encrypt.scenarioAlgorithms.cipherVariable=None diff --git a/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImpl.java b/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImpl.java index 99e4c0f377..706976c56b 100644 --- a/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImpl.java +++ b/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/StepInstanceDAOImpl.java @@ -28,8 +28,8 @@ import com.tencent.bk.job.common.constant.AccountCategoryEnum; import com.tencent.bk.job.common.constant.DuplicateHandlerEnum; import com.tencent.bk.job.common.constant.NotExistPathHandlerEnum; -import com.tencent.bk.job.common.encrypt.scenario.DbPasswordService; -import com.tencent.bk.job.common.encrypt.scenario.SensitiveParamService; +import com.tencent.bk.job.common.encrypt.scenario.DbPasswordCryptoService; +import com.tencent.bk.job.common.encrypt.scenario.SensitiveParamCryptoService; import com.tencent.bk.job.common.util.Utils; import com.tencent.bk.job.common.util.json.JsonUtils; import com.tencent.bk.job.execute.common.constants.RunStatusEnum; @@ -101,16 +101,16 @@ public class StepInstanceDAOImpl implements StepInstanceDAO { }; private final DSLContext CTX; - private final SensitiveParamService sensitiveParamService; - private final DbPasswordService dbPasswordService; + private final SensitiveParamCryptoService sensitiveParamCryptoService; + private final DbPasswordCryptoService dbPasswordCryptoService; @Autowired public StepInstanceDAOImpl(@Qualifier("job-execute-dsl-context") DSLContext CTX, - SensitiveParamService sensitiveParamService, - DbPasswordService dbPasswordService) { + SensitiveParamCryptoService sensitiveParamCryptoService, + DbPasswordCryptoService dbPasswordCryptoService) { this.CTX = CTX; - this.sensitiveParamService = sensitiveParamService; - this.dbPasswordService = dbPasswordService; + this.sensitiveParamCryptoService = sensitiveParamCryptoService; + this.dbPasswordCryptoService = dbPasswordCryptoService; } @Override @@ -178,20 +178,18 @@ public void addScriptStepInstance(StepInstanceDTO stepInstance) { t.DB_TYPE, t.DB_ACCOUNT, t.DB_PASSWORD, - t.DB_PASSWORD_ENCRYPT_ALGORITHM, t.DB_PORT, t.SCRIPT_SOURCE, t.SCRIPT_ID, t.SCRIPT_VERSION_ID, - t.IS_SECURE_PARAM, - t.SECURE_PARAM_ENCRYPT_ALGORITHM + t.IS_SECURE_PARAM ).values( stepInstance.getId(), stepInstance.getScriptContent(), JooqDataTypeUtil.toByte(stepInstance.getScriptType()), - sensitiveParamService.encryptParamIfNeeded( + sensitiveParamCryptoService.encryptParamIfNeeded( stepInstance.isSecureParam(), stepInstance.getScriptParam()), - sensitiveParamService.encryptParamIfNeeded( + sensitiveParamCryptoService.encryptParamIfNeeded( stepInstance.isSecureParam(), stepInstance.getResolvedScriptParam()), stepInstance.getTimeout(), stepInstance.getAccountId(), @@ -199,37 +197,44 @@ public void addScriptStepInstance(StepInstanceDTO stepInstance) { stepInstance.getDbAccountId(), JooqDataTypeUtil.toByte(stepInstance.getDbType()), stepInstance.getDbAccount(), - dbPasswordService.encryptDbPasswordIfNeeded(AccountCategoryEnum.DB, stepInstance.getDbPass()), - dbPasswordService.getDbPasswordEncryptAlgorithm(AccountCategoryEnum.DB), + dbPasswordCryptoService.encryptDbPasswordIfNeeded(AccountCategoryEnum.DB, stepInstance.getDbPass()), stepInstance.getDbPort(), scriptSourceByteValue, stepInstance.getScriptId(), stepInstance.getScriptVersionId(), stepInstance.isSecureParam() ? JooqDataTypeUtil.toByte(1) : - JooqDataTypeUtil.toByte(0), - sensitiveParamService.getSecureParamEncryptAlgorithm(stepInstance.isSecureParam()) + JooqDataTypeUtil.toByte(0) ).execute(); } @Override public void addFileStepInstance(StepInstanceDTO stepInstance) { StepInstanceFile t = StepInstanceFile.STEP_INSTANCE_FILE; - CTX.insertInto(t, t.STEP_INSTANCE_ID, t.FILE_SOURCE, t.FILE_TARGET_PATH, t.FILE_TARGET_NAME, - t.FILE_UPLOAD_SPEED_LIMIT, t.FILE_DOWNLOAD_SPEED_LIMIT, t.FILE_DUPLICATE_HANDLE, - t.NOT_EXIST_PATH_HANDLER, - t.EXECUTION_TIMEOUT, t.SYSTEM_ACCOUNT_ID, t.SYSTEM_ACCOUNT) - .values(stepInstance.getId(), - JsonUtils.toJson(stepInstance.getFileSourceList()), - stepInstance.getFileTargetPath(), - stepInstance.getFileTargetName(), - stepInstance.getFileUploadSpeedLimit(), - stepInstance.getFileDownloadSpeedLimit(), - JooqDataTypeUtil.toByte(stepInstance.getFileDuplicateHandle()), - JooqDataTypeUtil.toUByte(stepInstance.getNotExistPathHandler()), - stepInstance.getTimeout(), - stepInstance.getAccountId(), - stepInstance.getAccount() - ).execute(); + CTX.insertInto(t, + t.STEP_INSTANCE_ID, + t.FILE_SOURCE, + t.FILE_TARGET_PATH, + t.FILE_TARGET_NAME, + t.FILE_UPLOAD_SPEED_LIMIT, + t.FILE_DOWNLOAD_SPEED_LIMIT, + t.FILE_DUPLICATE_HANDLE, + t.NOT_EXIST_PATH_HANDLER, + t.EXECUTION_TIMEOUT, + t.SYSTEM_ACCOUNT_ID, + t.SYSTEM_ACCOUNT + ).values( + stepInstance.getId(), + JsonUtils.toJson(stepInstance.getFileSourceList()), + stepInstance.getFileTargetPath(), + stepInstance.getFileTargetName(), + stepInstance.getFileUploadSpeedLimit(), + stepInstance.getFileDownloadSpeedLimit(), + JooqDataTypeUtil.toByte(stepInstance.getFileDuplicateHandle()), + JooqDataTypeUtil.toUByte(stepInstance.getNotExistPathHandler()), + stepInstance.getTimeout(), + stepInstance.getAccountId(), + stepInstance.getAccount() + ).execute(); } @Override @@ -251,26 +256,24 @@ public void addConfirmStepInstance(StepInstanceDTO stepInstance) { public ScriptStepInstanceDTO getScriptStepInstance(long stepInstanceId) { StepInstanceScript t = StepInstanceScript.STEP_INSTANCE_SCRIPT; Record record = CTX.select( - t.STEP_INSTANCE_ID, - t.SCRIPT_CONTENT, - t.SCRIPT_TYPE, - t.SCRIPT_PARAM, - t.RESOLVED_SCRIPT_PARAM, - t.EXECUTION_TIMEOUT, - t.SYSTEM_ACCOUNT_ID, - t.SYSTEM_ACCOUNT, - t.DB_ACCOUNT_ID, - t.DB_ACCOUNT, - t.DB_TYPE, - t.DB_PASSWORD, - t.DB_PASSWORD_ENCRYPT_ALGORITHM, - t.DB_PORT, - t.SCRIPT_SOURCE, - t.SCRIPT_ID, - t.SCRIPT_VERSION_ID, - t.IS_SECURE_PARAM, - t.SECURE_PARAM_ENCRYPT_ALGORITHM - ).from(t) + t.STEP_INSTANCE_ID, + t.SCRIPT_CONTENT, + t.SCRIPT_TYPE, + t.SCRIPT_PARAM, + t.RESOLVED_SCRIPT_PARAM, + t.EXECUTION_TIMEOUT, + t.SYSTEM_ACCOUNT_ID, + t.SYSTEM_ACCOUNT, + t.DB_ACCOUNT_ID, + t.DB_ACCOUNT, + t.DB_TYPE, + t.DB_PASSWORD, + t.DB_PORT, + t.SCRIPT_SOURCE, + t.SCRIPT_ID, + t.SCRIPT_VERSION_ID, + t.IS_SECURE_PARAM + ).from(t) .where(t.STEP_INSTANCE_ID.eq(stepInstanceId)).fetchOne(); return extractScriptInfo(record); } @@ -285,34 +288,35 @@ private ScriptStepInstanceDTO extractScriptInfo(Record record) { stepInstance.setScriptContent(record.get(t.SCRIPT_CONTENT)); stepInstance.setScriptType(JooqDataTypeUtil.toInteger(record.get(t.SCRIPT_TYPE))); stepInstance.setSecureParam(record.get(t.IS_SECURE_PARAM).intValue() == 1); - String secureParamEncryptAlgorithm = record.get(t.SECURE_PARAM_ENCRYPT_ALGORITHM); String encryptedScriptParam = record.get(t.SCRIPT_PARAM); - String scriptParam = sensitiveParamService.decryptParamIfNeeded( + + // 敏感参数解密 + String scriptParam = sensitiveParamCryptoService.decryptParamIfNeeded( stepInstance.isSecureParam(), - encryptedScriptParam, - secureParamEncryptAlgorithm + encryptedScriptParam ); stepInstance.setScriptParam(scriptParam); String encryptedResolvedScriptParam = record.get(t.RESOLVED_SCRIPT_PARAM); - String resolvedScriptParam = sensitiveParamService.decryptParamIfNeeded( + String resolvedScriptParam = sensitiveParamCryptoService.decryptParamIfNeeded( stepInstance.isSecureParam(), - encryptedResolvedScriptParam, - secureParamEncryptAlgorithm + encryptedResolvedScriptParam ); stepInstance.setResolvedScriptParam(resolvedScriptParam); + stepInstance.setTimeout(record.get(t.EXECUTION_TIMEOUT)); stepInstance.setAccountId(record.get(t.SYSTEM_ACCOUNT_ID)); stepInstance.setAccount(record.get(t.SYSTEM_ACCOUNT)); stepInstance.setDbAccountId(record.get(t.DB_ACCOUNT_ID)); stepInstance.setDbType(JooqDataTypeUtil.toInteger(record.get(t.DB_TYPE))); stepInstance.setDbAccount(record.get(t.DB_ACCOUNT)); - String dbPasswordEncryptAlgorithm = record.get(t.DB_PASSWORD_ENCRYPT_ALGORITHM); + + // 账号密码解密 String encryptedDbPassword = record.get(t.DB_PASSWORD); - String dbPassword = dbPasswordService.decryptDbPasswordIfNeeded( + String dbPassword = dbPasswordCryptoService.decryptDbPasswordIfNeeded( AccountCategoryEnum.DB, - encryptedDbPassword, - dbPasswordEncryptAlgorithm + encryptedDbPassword ); + stepInstance.setDbPass(dbPassword); stepInstance.setDbPort(record.get(t.DB_PORT)); Byte scriptSource = record.get(t.SCRIPT_SOURCE); @@ -329,11 +333,20 @@ private ScriptStepInstanceDTO extractScriptInfo(Record record) { @Override public FileStepInstanceDTO getFileStepInstance(long stepInstanceId) { StepInstanceFile t = StepInstanceFile.STEP_INSTANCE_FILE; - Record record = CTX.select(t.STEP_INSTANCE_ID, t.FILE_SOURCE, t.FILE_TARGET_PATH, - t.FILE_TARGET_NAME, t.RESOLVED_FILE_TARGET_PATH, t.FILE_UPLOAD_SPEED_LIMIT, t.FILE_DOWNLOAD_SPEED_LIMIT, - t.FILE_DUPLICATE_HANDLE, - t.NOT_EXIST_PATH_HANDLER, t.EXECUTION_TIMEOUT, t.SYSTEM_ACCOUNT_ID, t.SYSTEM_ACCOUNT) - .from(t) + Record record = CTX.select( + t.STEP_INSTANCE_ID, + t.FILE_SOURCE, + t.FILE_TARGET_PATH, + t.FILE_TARGET_NAME, + t.RESOLVED_FILE_TARGET_PATH, + t.FILE_UPLOAD_SPEED_LIMIT, + t.FILE_DOWNLOAD_SPEED_LIMIT, + t.FILE_DUPLICATE_HANDLE, + t.NOT_EXIST_PATH_HANDLER, + t.EXECUTION_TIMEOUT, + t.SYSTEM_ACCOUNT_ID, + t.SYSTEM_ACCOUNT + ).from(t) .where(t.STEP_INSTANCE_ID.eq(stepInstanceId)).fetchOne(); return extractFileInfo(record); } @@ -371,8 +384,14 @@ private FileStepInstanceDTO extractFileInfo(Record record) { @Override public ConfirmStepInstanceDTO getConfirmStepInstance(long stepInstanceId) { StepInstanceConfirm t = StepInstanceConfirm.STEP_INSTANCE_CONFIRM; - Record record = CTX.select(t.STEP_INSTANCE_ID, t.CONFIRM_MESSAGE, t.CONFIRM_REASON, t.CONFIRM_USERS, - t.CONFIRM_ROLES, t.NOTIFY_CHANNELS).from(t) + Record record = CTX.select( + t.STEP_INSTANCE_ID, + t.CONFIRM_MESSAGE, + t.CONFIRM_REASON, + t.CONFIRM_USERS, + t.CONFIRM_ROLES, + t.NOTIFY_CHANNELS + ).from(t) .where(t.STEP_INSTANCE_ID.eq(stepInstanceId)).fetchOne(); return extractConfirmInfo(record); } @@ -590,17 +609,9 @@ private UpdateSetMoreStep buildBasicUpdateSetMoreStep(RunSta @Override public void updateResolvedScriptParam(long stepInstanceId, boolean isSecureParam, String resolvedScriptParam) { StepInstanceScript t = StepInstanceScript.STEP_INSTANCE_SCRIPT; - Result> records = CTX.select(t.SECURE_PARAM_ENCRYPT_ALGORITHM).from(t) - .where(t.STEP_INSTANCE_ID.eq(stepInstanceId)) - .fetch(); - if (records.isEmpty()) { - log.warn("Cannot find encryptAlgorithm by stepInstanceId={}", stepInstanceId); - return; - } - String encryptAlgorithm = records.get(0).get(t.SECURE_PARAM_ENCRYPT_ALGORITHM); CTX.update(t) - .set(t.RESOLVED_SCRIPT_PARAM, sensitiveParamService.encryptParamIfNeeded( - isSecureParam, resolvedScriptParam, encryptAlgorithm + .set(t.RESOLVED_SCRIPT_PARAM, sensitiveParamCryptoService.encryptParamIfNeeded( + isSecureParam, resolvedScriptParam )).where(t.STEP_INSTANCE_ID.eq(stepInstanceId)) .execute(); } diff --git a/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/TaskInstanceVariableDAOImpl.java b/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/TaskInstanceVariableDAOImpl.java index 8e16fee77f..be489c462e 100644 --- a/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/TaskInstanceVariableDAOImpl.java +++ b/src/backend/job-execute/service-job-execute/src/main/java/com/tencent/bk/job/execute/dao/impl/TaskInstanceVariableDAOImpl.java @@ -25,14 +25,14 @@ package com.tencent.bk.job.execute.dao.impl; import com.tencent.bk.job.common.constant.TaskVariableTypeEnum; -import com.tencent.bk.job.common.encrypt.scenario.CipherVariableService; +import com.tencent.bk.job.common.encrypt.scenario.CipherVariableCryptoService; import com.tencent.bk.job.execute.common.util.JooqDataTypeUtil; import com.tencent.bk.job.execute.dao.TaskInstanceVariableDAO; import com.tencent.bk.job.execute.engine.model.TaskVariableDTO; import org.jooq.DSLContext; -import org.jooq.InsertValuesStep6; +import org.jooq.InsertValuesStep5; import org.jooq.Record; -import org.jooq.Record7; +import org.jooq.Record6; import org.jooq.Result; import org.jooq.generated.tables.TaskInstanceVariable; import org.jooq.generated.tables.records.TaskInstanceVariableRecord; @@ -51,26 +51,25 @@ public class TaskInstanceVariableDAOImpl implements TaskInstanceVariableDAO { private static final TaskInstanceVariable TABLE = TaskInstanceVariable.TASK_INSTANCE_VARIABLE; private final DSLContext ctx; - private final CipherVariableService cipherVariableService; + private final CipherVariableCryptoService cipherVariableCryptoService; @Autowired public TaskInstanceVariableDAOImpl(@Qualifier("job-execute-dsl-context") DSLContext ctx, - CipherVariableService cipherVariableService) { + CipherVariableCryptoService cipherVariableCryptoService) { this.ctx = ctx; - this.cipherVariableService = cipherVariableService; + this.cipherVariableCryptoService = cipherVariableCryptoService; } @Override public List getByTaskInstanceId(long taskInstanceId) { - Result> result = ctx.select( - TABLE.ID, - TABLE.TASK_INSTANCE_ID, - TABLE.NAME, - TABLE.TYPE, - TABLE.IS_CHANGEABLE, - TABLE.VALUE, - TABLE.CIPHER_ENCRYPT_ALGORITHM - ).from(TABLE) + Result> result = ctx.select( + TABLE.ID, + TABLE.TASK_INSTANCE_ID, + TABLE.NAME, + TABLE.TYPE, + TABLE.IS_CHANGEABLE, + TABLE.VALUE + ).from(TABLE) .where(TABLE.TASK_INSTANCE_ID.eq(taskInstanceId)) .fetch(); List taskVariables = new ArrayList<>(); @@ -88,8 +87,7 @@ private TaskVariableDTO extract(Record record) { taskVariable.setType(JooqDataTypeUtil.toInteger(record.get(TABLE.TYPE))); TaskVariableTypeEnum taskVarType = TaskVariableTypeEnum.valOf(taskVariable.getType()); String encryptedValue = record.get(TABLE.VALUE); - String algorithm = record.get(TABLE.CIPHER_ENCRYPT_ALGORITHM); - String value = cipherVariableService.decryptTaskVariableIfNeeded(taskVarType, encryptedValue, algorithm); + String value = cipherVariableCryptoService.decryptTaskVariableIfNeeded(taskVarType, encryptedValue); taskVariable.setValue(value); taskVariable.setChangeable(JooqDataTypeUtil.toInteger(record.get(TABLE.IS_CHANGEABLE)).equals(1)); return taskVariable; @@ -107,15 +105,14 @@ public void deleteByTaskInstanceId(long taskInstanceId) { @Override public void saveTaskInstanceVariables(List taskVarList) { - InsertValuesStep6 insertStep = + InsertValuesStep5 insertStep = ctx.insertInto(TABLE) .columns( TABLE.TASK_INSTANCE_ID, TABLE.NAME, TABLE.TYPE, TABLE.VALUE, - TABLE.IS_CHANGEABLE, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_CHANGEABLE ); taskVarList.forEach(taskVar -> { @@ -124,9 +121,8 @@ public void saveTaskInstanceVariables(List taskVarList) { taskVar.getTaskInstanceId(), taskVar.getName(), JooqDataTypeUtil.toByte(taskVar.getType()), - cipherVariableService.encryptTaskVariableIfNeeded(taskVarType, taskVar.getValue()), - JooqDataTypeUtil.toByte(taskVar.isChangeable() ? 1 : 0), - cipherVariableService.getCipherVariableEncryptAlgorithm(taskVarType) + cipherVariableCryptoService.encryptTaskVariableIfNeeded(taskVarType, taskVar.getValue()), + JooqDataTypeUtil.toByte(taskVar.isChangeable() ? 1 : 0) ); }); diff --git a/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/AccountDAOImplIntegrationTest.java b/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/AccountDAOImplIntegrationTest.java index 71db02fe67..c06da4ea77 100644 --- a/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/AccountDAOImplIntegrationTest.java +++ b/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/AccountDAOImplIntegrationTest.java @@ -319,6 +319,7 @@ void testBatchUpdateDbAccountPassword() { AccountDTO account1 = new AccountDTO(); account1.setId(3L); account1.setDbPassword("ax798sdfs"); + account1.setCategory(AccountCategoryEnum.DB); updateAccounts.add(account1); accountDAO.batchUpdateDbAccountPassword(updateAccounts); diff --git a/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImplIntegrationTest.java b/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImplIntegrationTest.java index 36bd804d7f..b458113b2e 100644 --- a/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImplIntegrationTest.java +++ b/src/backend/job-manage/boot-job-manage/src/test/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImplIntegrationTest.java @@ -219,16 +219,13 @@ void givenWrongVariableIdOrTemplateIdReturnDeleteFailed() { void givenNewVariableInfoReturnUpdateSuccess() { assertThat(taskVariableDAO.updateVariableById(VARIABLE_1)).isTrue(); VARIABLE_1.setName(UUID.randomUUID().toString()); - VARIABLE_1.setType(TaskVariableTypeEnum.CIPHER); + VARIABLE_1.setType(TaskVariableTypeEnum.STRING); VARIABLE_1.setDescription(UUID.randomUUID().toString()); VARIABLE_1.setDefaultValue(UUID.randomUUID().toString()); VARIABLE_1.setChangeable(!VARIABLE_1.getChangeable()); VARIABLE_1.setRequired(!VARIABLE_1.getRequired()); assertThat(taskVariableDAO.updateVariableById(VARIABLE_1)).isTrue(); - assertThat(taskVariableDAO.getVariableById(VARIABLE_1.getTemplateId(), VARIABLE_1.getId())) - .isNotEqualTo(VARIABLE_1); - VARIABLE_1.setType(TaskVariableTypeEnum.STRING); assertThat(taskVariableDAO.getVariableById(VARIABLE_1.getTemplateId(), VARIABLE_1.getId())) .isEqualTo(VARIABLE_1); } diff --git a/src/backend/job-manage/boot-job-manage/src/test/resources/init_account_data.sql b/src/backend/job-manage/boot-job-manage/src/test/resources/init_account_data.sql index ad55291502..b7d4ad6a17 100644 --- a/src/backend/job-manage/boot-job-manage/src/test/resources/init_account_data.sql +++ b/src/backend/job-manage/boot-job-manage/src/test/resources/init_account_data.sql @@ -24,15 +24,15 @@ truncate table account; -insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_password_encrypt_algorithm,db_port,db_system_account_id, -creator,create_time,last_modify_user,last_modify_time) -values (1,'root','root',1,1,2,'user1,user2','root-linux','Linux',NULL,NULL,'None',NULL,NULL,'admin', 1569550210000, 'admin', 1569550210000); -insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_password_encrypt_algorithm,db_port,db_system_account_id, -creator,create_time,last_modify_user,last_modify_time) -values (2,'system','system',1,2,2,'user1,user2','system-window','Windows','mypassword',NULL,'None',NULL,NULL,'admin', 1569550210000, 'admin', 1569550210000); -insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_password_encrypt_algorithm,db_port,db_system_account_id, -creator,create_time,last_modify_user,last_modify_time) -values (3,'job','job',2,9,2,'user1,user2','db-mysql-job',NULL,NULL,'dbpassword','None',3600,1,'admin', 1569550210000, 'admin', 1569550210000); -insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_password_encrypt_algorithm,db_port,db_system_account_id, -creator,create_time,last_modify_user,last_modify_time) -values (4,'root','root-v2',1,1,2,'user1,user2','root-linux','Linux',NULL,NULL,'None',NULL,NULL,'admin', 1569550210000, 'admin', 1569636611000); +insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_port,db_system_account_id, + creator,create_time,last_modify_user,last_modify_time) +values (1,'root','root',1,1,2,'user1,user2','root-linux','Linux',NULL,NULL,NULL,NULL,'admin', 1569550210000, 'admin', 1569550210000); +insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_port,db_system_account_id, + creator,create_time,last_modify_user,last_modify_time) +values (2,'system','system',1,2,2,'user1,user2','system-window','Windows','mypassword',NULL,NULL,NULL,'admin', 1569550210000, 'admin', 1569550210000); +insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_port,db_system_account_id, + creator,create_time,last_modify_user,last_modify_time) +values (3,'job','job',2,9,2,'user1,user2','db-mysql-job',NULL,NULL,'YXZ/qDVUEdeMAs/8aTuhNAL+RaY95fl8zGlQXko7nMg=',3600,1,'admin', 1569550210000, 'admin', 1569550210000); +insert into job_manage.account (id,account,alias,category,type,app_id,grantee,remark,os,password,db_password,db_port,db_system_account_id, + creator,create_time,last_modify_user,last_modify_time) +values (4,'root','root-v2',1,1,2,'user1,user2','root-linux','Linux',NULL,NULL,NULL,NULL,'admin', 1569550210000, 'admin', 1569636611000); diff --git a/src/backend/job-manage/boot-job-manage/src/test/resources/init_schema.sql b/src/backend/job-manage/boot-job-manage/src/test/resources/init_schema.sql index e4d053cb9b..e6922c900c 100644 --- a/src/backend/job-manage/boot-job-manage/src/test/resources/init_schema.sql +++ b/src/backend/job-manage/boot-job-manage/src/test/resources/init_schema.sql @@ -80,12 +80,12 @@ CREATE TABLE `script_version` -- ---------------------------- CREATE TABLE `resource_tag` ( - `id` BIGINT(20) NOT NULL AUTO_INCREMENT, - `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `tag_id` BIGINT(20) NOT NULL, - `resource_id` VARCHAR(32) NOT NULL, - `resource_type` TINYINT(4) NOT NULL, + `id` BIGINT(20) NOT NULL AUTO_INCREMENT, + `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `tag_id` BIGINT(20) NOT NULL, + `resource_id` VARCHAR(32) NOT NULL, + `resource_type` TINYINT(4) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY (`resource_id`, `resource_type`, `tag_id`), KEY (`tag_id`, `resource_type`) @@ -294,18 +294,17 @@ CREATE TABLE `task_plan_step_script` -- ---------------------------- CREATE TABLE `task_plan_variable` ( - `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, - `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `plan_id` BIGINT(20) UNSIGNED NOT NULL, - `name` VARCHAR(255) NOT NULL, - `template_variable_id` BIGINT(20) UNSIGNED NOT NULL, - `type` TINYINT(2) UNSIGNED NOT NULL, - `default_value` LONGTEXT DEFAULT NULL, - `description` VARCHAR(512) NOT NULL, - `is_changeable` TINYINT(1) UNSIGNED NOT NULL, - `is_required` TINYINT(1) UNSIGNED NOT NULL, - `cipher_encrypt_algorithm` VARCHAR(32) NOT NULL DEFAULT 'None', + `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, + `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `plan_id` BIGINT(20) UNSIGNED NOT NULL, + `name` VARCHAR(255) NOT NULL, + `template_variable_id` BIGINT(20) UNSIGNED NOT NULL, + `type` TINYINT(2) UNSIGNED NOT NULL, + `default_value` LONGTEXT DEFAULT NULL, + `description` VARCHAR(512) NOT NULL, + `is_changeable` TINYINT(1) UNSIGNED NOT NULL, + `is_required` TINYINT(1) UNSIGNED NOT NULL, PRIMARY KEY (`id`), KEY (`plan_id`) USING BTREE ) ENGINE = INNODB @@ -429,24 +428,23 @@ CREATE TABLE `task_template_step_file_list` -- ---------------------------- CREATE TABLE `task_template_step_script` ( - `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, - `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `template_id` BIGINT(20) UNSIGNED NOT NULL, - `step_id` BIGINT(20) UNSIGNED NOT NULL, - `script_type` TINYINT(2) UNSIGNED NOT NULL DEFAULT '0', - `script_id` CHAR(32) NOT NULL, - `script_version_id` BIGINT(20) UNSIGNED NOT NULL, - `content` LONGTEXT NULL, - `language` TINYINT(5) UNSIGNED NOT NULL, - `script_param` VARCHAR(512) NULL, - `script_timeout` BIGINT(20) UNSIGNED NOT NULL, - `execute_account` BIGINT(20) NOT NULL, - `destination_host_list` LONGTEXT NULL, - `is_secure_param` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', - `is_latest_version` TINYINT(1) UNSIGNED NOT NULL DEFAULT '1', - `ignore_error` TINYINT(1) UNSIGNED NOT NULL, - `secure_param_encrypt_algorithm` VARCHAR(32) NOT NULL DEFAULT 'None', + `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, + `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `template_id` BIGINT(20) UNSIGNED NOT NULL, + `step_id` BIGINT(20) UNSIGNED NOT NULL, + `script_type` TINYINT(2) UNSIGNED NOT NULL DEFAULT '0', + `script_id` CHAR(32) NOT NULL, + `script_version_id` BIGINT(20) UNSIGNED NOT NULL, + `content` LONGTEXT NULL, + `language` TINYINT(5) UNSIGNED NOT NULL, + `script_param` VARCHAR(512) NULL, + `script_timeout` BIGINT(20) UNSIGNED NOT NULL, + `execute_account` BIGINT(20) NOT NULL, + `destination_host_list` LONGTEXT NULL, + `is_secure_param` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', + `is_latest_version` TINYINT(1) UNSIGNED NOT NULL DEFAULT '1', + `ignore_error` TINYINT(1) UNSIGNED NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY (`step_id`) USING BTREE, KEY (`script_id`) USING BTREE, @@ -459,17 +457,16 @@ CREATE TABLE `task_template_step_script` -- ---------------------------- CREATE TABLE `task_template_variable` ( - `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, - `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `template_id` BIGINT(20) UNSIGNED NOT NULL, - `name` VARCHAR(255) NOT NULL, - `type` TINYINT(2) UNSIGNED NOT NULL, - `default_value` LONGTEXT DEFAULT NULL, - `description` VARCHAR(512) NOT NULL, - `is_changeable` TINYINT(1) UNSIGNED NOT NULL, - `is_required` TINYINT(1) UNSIGNED NOT NULL, - `cipher_encrypt_algorithm` VARCHAR(32) NOT NULL DEFAULT 'None', + `id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, + `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `template_id` BIGINT(20) UNSIGNED NOT NULL, + `name` VARCHAR(255) NOT NULL, + `type` TINYINT(2) UNSIGNED NOT NULL, + `default_value` LONGTEXT DEFAULT NULL, + `description` VARCHAR(512) NOT NULL, + `is_changeable` TINYINT(1) UNSIGNED NOT NULL, + `is_required` TINYINT(1) UNSIGNED NOT NULL, PRIMARY KEY (`id`), KEY (`template_id`) USING BTREE ) ENGINE = INNODB @@ -512,7 +509,7 @@ CREATE TABLE `application` `language` VARCHAR(20) DEFAULT NULL, `bk_scope_type` VARCHAR(32) DEFAULT '', `bk_scope_id` VARCHAR(32) DEFAULT '', - `is_deleted` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', + `is_deleted` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', `attrs` TEXT DEFAULT NULL, PRIMARY KEY (`app_id`), KEY (`app_type`) @@ -521,27 +518,26 @@ CREATE TABLE `application` CREATE TABLE `account` ( - `id` BIGINT(20) NOT NULL AUTO_INCREMENT, - `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - `account` VARCHAR(255) NOT NULL, - `alias` VARCHAR(255) DEFAULT NULL, - `category` TINYINT(4) NOT NULL, - `type` TINYINT(4) NOT NULL, - `app_id` BIGINT(20) NOT NULL, - `grantee` LONGTEXT DEFAULT NULL, - `remark` VARCHAR(1024) DEFAULT NULL, - `os` VARCHAR(32) DEFAULT 'Linux', - `password` VARCHAR(255) DEFAULT NULL, - `db_password` VARCHAR(255) DEFAULT NULL, - `db_password_encrypt_algorithm` VARCHAR(32) NOT NULL DEFAULT 'AES', - `db_port` INT(5) DEFAULT NULL, - `db_system_account_id` BIGINT(20) DEFAULT NULL, - `creator` VARCHAR(128) NOT NULL, - `create_time` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', - `last_modify_user` VARCHAR(128) DEFAULT NULL, - `last_modify_time` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', - `is_deleted` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', + `id` BIGINT(20) NOT NULL AUTO_INCREMENT, + `row_create_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, + `row_update_time` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + `account` VARCHAR(255) NOT NULL, + `alias` VARCHAR(255) DEFAULT NULL, + `category` TINYINT(4) NOT NULL, + `type` TINYINT(4) NOT NULL, + `app_id` BIGINT(20) NOT NULL, + `grantee` LONGTEXT DEFAULT NULL, + `remark` VARCHAR(1024) DEFAULT NULL, + `os` VARCHAR(32) DEFAULT 'Linux', + `password` VARCHAR(255) DEFAULT NULL, + `db_password` VARCHAR(255) DEFAULT NULL, + `db_port` INT(5) DEFAULT NULL, + `db_system_account_id` BIGINT(20) DEFAULT NULL, + `creator` VARCHAR(128) NOT NULL, + `create_time` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', + `last_modify_user` VARCHAR(128) DEFAULT NULL, + `last_modify_time` BIGINT(20) UNSIGNED NOT NULL DEFAULT '0', + `is_deleted` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', PRIMARY KEY (`id`), UNIQUE KEY (`app_id`, `category`, `alias`), KEY (`app_id`, `account`) diff --git a/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_script_step_data.sql b/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_script_step_data.sql index 023bba6d03..1550a888bb 100644 --- a/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_script_step_data.sql +++ b/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_script_step_data.sql @@ -26,9 +26,8 @@ USE `job_manage`; TRUNCATE TABLE `task_template_step_script`; INSERT INTO `task_template_step_script` (id, template_id, step_id, script_type, script_id, script_version_id, content, language, script_param, script_timeout, execute_account, - destination_host_list, is_secure_param, status, ignore_error, - secure_param_encrypt_algorithm) -VALUES (1, 100000, 1000, 1, '1000', 1000, null, 1, 'a=a', 600, 1, null, 0, 1, 0, 'None'), - (2, 100000, 2000, 2, '2000', 2000, 'this is a sample content', 1, null, 600, 2, null, 1, 0, 1, 'None'), - (3, 100000, 3000, 1, '3000', 3000, null, 1, 'c=c', 600, 3, null, 1, 1, 0, 'None'), - (4, 200000, 4000, 1, '1000', 1000, null, 1, 'a=a', 600, 1, null, 0, 0, 0, 'None'); + destination_host_list, is_secure_param, status, ignore_error) +VALUES (1, 100000, 1000, 1, '1000', 1000, null, 1, 'a=a', 600, 1, null, 0, 1, 0), + (2, 100000, 2000, 2, '2000', 2000, 'this is a sample content', 1, null, 600, 2, null, 1, 0, 1), + (3, 100000, 3000, 1, '3000', 3000, null, 1, 'c=c', 600, 3, null, 1, 1, 0), + (4, 200000, 4000, 1, '1000', 1000, null, 1, 'a=a', 600, 1, null, 0, 0, 0); diff --git a/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_variable_data.sql b/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_variable_data.sql index a8302689ee..8b9915c1cb 100644 --- a/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_variable_data.sql +++ b/src/backend/job-manage/boot-job-manage/src/test/resources/template/init_template_variable_data.sql @@ -24,19 +24,19 @@ USE `job_manage`; TRUNCATE TABLE `task_template_variable`; -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (1, 10000, '测试1', 1, 'test1', '这是一个测试变量1', true, true, 'None'); -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (2, 10000, '测试2', 2, 'test2', '这是一个测试变量2', false, false, 'None'); -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (3, 10000, '测试3', 3, 'test3', '这是一个测试变量3', true, false, 'None'); -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (4, 10000, '测试4', 4, 'test4', '这是一个测试变量4', false, true, 'None'); -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (5, 20000, '测试5', 1, 'test5', '这是一个测试变量5', true, true, 'None'); -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (6, 20000, '测试6', 2, 'test6', '这是一个测试变量6', false, false, 'None'); -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (7, 20000, '测试7', 3, 'test7', '这是一个测试变量7', true, false, 'None'); -INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required, cipher_encrypt_algorithm) - VALUES (8, 20000, '测试8', 4, 'test8', '这是一个测试变量8', false, true, 'None'); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (1, 10000, '测试1', 1, 'test1', '这是一个测试变量1', true, true); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (2, 10000, '测试2', 2, 'test2', '这是一个测试变量2', false, false); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (3, 10000, '测试3', 3, 'test3', '这是一个测试变量3', true, false); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (4, 10000, '测试4', 4, 'test4', '这是一个测试变量4', false, true); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (5, 20000, '测试5', 1, 'test5', '这是一个测试变量5', true, true); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (6, 20000, '测试6', 2, 'test6', '这是一个测试变量6', false, false); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (7, 20000, '测试7', 3, 'test7', '这是一个测试变量7', true, false); +INSERT INTO `task_template_variable` (id, template_id, name, type, default_value, description, is_changeable, is_required) +VALUES (8, 20000, '测试8', 4, 'test8', '这是一个测试变量8', false, true); diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/AccountDAOImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/AccountDAOImpl.java index 8cc1c21e40..90d321fb73 100644 --- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/AccountDAOImpl.java +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/AccountDAOImpl.java @@ -25,7 +25,7 @@ package com.tencent.bk.job.manage.dao.impl; import com.tencent.bk.job.common.constant.AccountCategoryEnum; -import com.tencent.bk.job.common.encrypt.scenario.DbPasswordService; +import com.tencent.bk.job.common.encrypt.scenario.DbPasswordCryptoService; import com.tencent.bk.job.common.model.BaseSearchCondition; import com.tencent.bk.job.common.model.PageData; import com.tencent.bk.job.common.util.date.DateUtils; @@ -78,7 +78,6 @@ public class AccountDAOImpl implements AccountDAO { TB_ACCOUNT.OS, TB_ACCOUNT.PASSWORD, TB_ACCOUNT.DB_PASSWORD, - TB_ACCOUNT.DB_PASSWORD_ENCRYPT_ALGORITHM, TB_ACCOUNT.DB_PORT, TB_ACCOUNT.DB_SYSTEM_ACCOUNT_ID, TB_ACCOUNT.CREATOR, @@ -87,57 +86,55 @@ public class AccountDAOImpl implements AccountDAO { TB_ACCOUNT.LAST_MODIFY_TIME }; private final DSLContext ctx; - private final DbPasswordService dbPasswordService; + private final DbPasswordCryptoService dbPasswordCryptoService; @Autowired public AccountDAOImpl(@Qualifier("job-manage-dsl-context") DSLContext create, - DbPasswordService dbPasswordService) { + DbPasswordCryptoService dbPasswordCryptoService) { this.ctx = create; - this.dbPasswordService = dbPasswordService; + this.dbPasswordCryptoService = dbPasswordCryptoService; } @Override public long saveAccountWithId(AccountDTO account) { Record record = ctx.insertInto( - TB_ACCOUNT, - TB_ACCOUNT.ID, - TB_ACCOUNT.ACCOUNT_, - TB_ACCOUNT.ALIAS, - TB_ACCOUNT.CATEGORY, - TB_ACCOUNT.TYPE, - TB_ACCOUNT.APP_ID, - TB_ACCOUNT.GRANTEE, - TB_ACCOUNT.REMARK, - TB_ACCOUNT.OS, - TB_ACCOUNT.PASSWORD, - TB_ACCOUNT.DB_PASSWORD, - TB_ACCOUNT.DB_PASSWORD_ENCRYPT_ALGORITHM, - TB_ACCOUNT.DB_PORT, - TB_ACCOUNT.DB_SYSTEM_ACCOUNT_ID, - TB_ACCOUNT.CREATOR, - TB_ACCOUNT.CREATE_TIME, - TB_ACCOUNT.LAST_MODIFY_USER, - TB_ACCOUNT.LAST_MODIFY_TIME - ).values( - account.getId(), - account.getAccount(), - account.getAlias(), - JooqDataTypeUtil.getByteFromInteger(account.getCategory().getValue()), - JooqDataTypeUtil.getByteFromInteger(account.getType().getType()), - account.getAppId(), - account.getGrantees(), - account.getRemark(), - account.getOs(), - account.getPassword(), - dbPasswordService.encryptDbPasswordIfNeeded(account.getCategory(), account.getDbPassword()), - dbPasswordService.getDbPasswordEncryptAlgorithm(account.getCategory()), - account.getDbPort(), - account.getDbSystemAccountId(), - account.getCreator(), - ULong.valueOf(account.getCreateTime()), - account.getLastModifyUser(), - ULong.valueOf(account.getLastModifyTime()) - ).returning(TB_ACCOUNT.ID) + TB_ACCOUNT, + TB_ACCOUNT.ID, + TB_ACCOUNT.ACCOUNT_, + TB_ACCOUNT.ALIAS, + TB_ACCOUNT.CATEGORY, + TB_ACCOUNT.TYPE, + TB_ACCOUNT.APP_ID, + TB_ACCOUNT.GRANTEE, + TB_ACCOUNT.REMARK, + TB_ACCOUNT.OS, + TB_ACCOUNT.PASSWORD, + TB_ACCOUNT.DB_PASSWORD, + TB_ACCOUNT.DB_PORT, + TB_ACCOUNT.DB_SYSTEM_ACCOUNT_ID, + TB_ACCOUNT.CREATOR, + TB_ACCOUNT.CREATE_TIME, + TB_ACCOUNT.LAST_MODIFY_USER, + TB_ACCOUNT.LAST_MODIFY_TIME + ).values( + account.getId(), + account.getAccount(), + account.getAlias(), + JooqDataTypeUtil.getByteFromInteger(account.getCategory().getValue()), + JooqDataTypeUtil.getByteFromInteger(account.getType().getType()), + account.getAppId(), + account.getGrantees(), + account.getRemark(), + account.getOs(), + account.getPassword(), + dbPasswordCryptoService.encryptDbPasswordIfNeeded(account.getCategory(), account.getDbPassword()), + account.getDbPort(), + account.getDbSystemAccountId(), + account.getCreator(), + ULong.valueOf(account.getCreateTime()), + account.getLastModifyUser(), + ULong.valueOf(account.getLastModifyTime()) + ).returning(TB_ACCOUNT.ID) .fetchOne(); assert record != null; return record.get(TB_ACCOUNT.ID); @@ -146,41 +143,39 @@ assert record != null; @Override public long saveAccount(AccountDTO account) { Record record = ctx.insertInto(TB_ACCOUNT, - TB_ACCOUNT.ACCOUNT_, - TB_ACCOUNT.ALIAS, - TB_ACCOUNT.CATEGORY, - TB_ACCOUNT.TYPE, - TB_ACCOUNT.APP_ID, - TB_ACCOUNT.GRANTEE, - TB_ACCOUNT.REMARK, - TB_ACCOUNT.OS, - TB_ACCOUNT.PASSWORD, - TB_ACCOUNT.DB_PASSWORD, - TB_ACCOUNT.DB_PASSWORD_ENCRYPT_ALGORITHM, - TB_ACCOUNT.DB_PORT, - TB_ACCOUNT.DB_SYSTEM_ACCOUNT_ID, - TB_ACCOUNT.CREATOR, - TB_ACCOUNT.CREATE_TIME, - TB_ACCOUNT.LAST_MODIFY_USER, - TB_ACCOUNT.LAST_MODIFY_TIME - ).values(account.getAccount(), - account.getAlias(), - JooqDataTypeUtil.getByteFromInteger(account.getCategory().getValue()), - JooqDataTypeUtil.getByteFromInteger(account.getType().getType()), - account.getAppId(), - account.getGrantees(), - account.getRemark(), - account.getOs(), - account.getPassword(), - dbPasswordService.encryptDbPasswordIfNeeded(account.getCategory(), account.getDbPassword()), - dbPasswordService.getDbPasswordEncryptAlgorithm(account.getCategory()), - account.getDbPort(), - account.getDbSystemAccountId(), - account.getCreator(), - ULong.valueOf(account.getCreateTime()), - account.getLastModifyUser(), - ULong.valueOf(DateUtils.currentTimeMillis()) - ).returning(TB_ACCOUNT.ID) + TB_ACCOUNT.ACCOUNT_, + TB_ACCOUNT.ALIAS, + TB_ACCOUNT.CATEGORY, + TB_ACCOUNT.TYPE, + TB_ACCOUNT.APP_ID, + TB_ACCOUNT.GRANTEE, + TB_ACCOUNT.REMARK, + TB_ACCOUNT.OS, + TB_ACCOUNT.PASSWORD, + TB_ACCOUNT.DB_PASSWORD, + TB_ACCOUNT.DB_PORT, + TB_ACCOUNT.DB_SYSTEM_ACCOUNT_ID, + TB_ACCOUNT.CREATOR, + TB_ACCOUNT.CREATE_TIME, + TB_ACCOUNT.LAST_MODIFY_USER, + TB_ACCOUNT.LAST_MODIFY_TIME + ).values(account.getAccount(), + account.getAlias(), + JooqDataTypeUtil.getByteFromInteger(account.getCategory().getValue()), + JooqDataTypeUtil.getByteFromInteger(account.getType().getType()), + account.getAppId(), + account.getGrantees(), + account.getRemark(), + account.getOs(), + account.getPassword(), + dbPasswordCryptoService.encryptDbPasswordIfNeeded(account.getCategory(), account.getDbPassword()), + account.getDbPort(), + account.getDbSystemAccountId(), + account.getCreator(), + ULong.valueOf(account.getCreateTime()), + account.getLastModifyUser(), + ULong.valueOf(DateUtils.currentTimeMillis()) + ).returning(TB_ACCOUNT.ID) .fetchOne(); assert record != null; return record.get(TB_ACCOUNT.ID); @@ -198,13 +193,13 @@ public List listAccountDisplayInfoByIds(Collection acco List conditions = new ArrayList<>(); conditions.add(TB_ACCOUNT.ID.in(accountIds)); val records = ctx.select( - TB_ACCOUNT.ID, - TB_ACCOUNT.ACCOUNT_, - TB_ACCOUNT.ALIAS, - TB_ACCOUNT.CATEGORY, - TB_ACCOUNT.TYPE, - TB_ACCOUNT.APP_ID - ).from(TB_ACCOUNT) + TB_ACCOUNT.ID, + TB_ACCOUNT.ACCOUNT_, + TB_ACCOUNT.ALIAS, + TB_ACCOUNT.CATEGORY, + TB_ACCOUNT.TYPE, + TB_ACCOUNT.APP_ID + ).from(TB_ACCOUNT) .where(conditions) .and(TB_ACCOUNT.IS_DELETED.eq(UByte.valueOf(0))) .fetch(); @@ -279,13 +274,14 @@ private AccountDTO extract(Record record) { account.setRemark(record.get(TB_ACCOUNT.REMARK)); account.setOs(record.get(TB_ACCOUNT.OS)); account.setPassword(record.get(TB_ACCOUNT.PASSWORD)); - String dbPasswordEncryptAlgorithm = record.get(TB_ACCOUNT.DB_PASSWORD_ENCRYPT_ALGORITHM); + + // 解密DB账号密码 String encryptedDbPassword = record.get(TB_ACCOUNT.DB_PASSWORD); - String dbPassword = dbPasswordService.decryptDbPasswordIfNeeded( + String dbPassword = dbPasswordCryptoService.decryptDbPasswordIfNeeded( account.getCategory(), - encryptedDbPassword, - dbPasswordEncryptAlgorithm + encryptedDbPassword ); + account.setDbPassword(dbPassword); account.setDbPort(record.get(TB_ACCOUNT.DB_PORT)); account.setDbSystemAccountId(record.get(TB_ACCOUNT.DB_SYSTEM_ACCOUNT_ID)); @@ -312,9 +308,7 @@ public void updateAccount(AccountDTO account) { update.set(TB_ACCOUNT.PASSWORD, account.getPassword()); } if (StringUtils.isNotEmpty(account.getDbPassword())) { - update.set(TB_ACCOUNT.DB_PASSWORD_ENCRYPT_ALGORITHM, - dbPasswordService.getDbPasswordEncryptAlgorithm(account.getCategory())); - update.set(TB_ACCOUNT.DB_PASSWORD, dbPasswordService.encryptDbPasswordIfNeeded( + update.set(TB_ACCOUNT.DB_PASSWORD, dbPasswordCryptoService.encryptDbPasswordIfNeeded( account.getCategory(), account.getDbPassword() )); @@ -668,8 +662,12 @@ public void batchUpdateDbAccountPassword(List updatedAccounts) { } private void updateDbPasswordAccount(DSLContext dsl, AccountDTO account) { - dsl.update(TB_ACCOUNT).set(TB_ACCOUNT.DB_PASSWORD, account.getDbPassword()) - .where(TB_ACCOUNT.ID.eq(account.getId())) + dsl.update(TB_ACCOUNT).set( + TB_ACCOUNT.DB_PASSWORD, dbPasswordCryptoService.encryptDbPasswordIfNeeded( + account.getCategory(), + account.getDbPassword() + ) + ).where(TB_ACCOUNT.ID.eq(account.getId())) .and(TB_ACCOUNT.CATEGORY.eq(JooqDataTypeUtil.getByteFromInteger(AccountCategoryEnum.DB.getValue()))) .execute(); } diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/CredentialDAOImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/CredentialDAOImpl.java index 98d390650d..cc46f62108 100644 --- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/CredentialDAOImpl.java +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/impl/CredentialDAOImpl.java @@ -25,14 +25,12 @@ package com.tencent.bk.job.manage.dao.impl; import com.fasterxml.jackson.core.type.TypeReference; +import com.tencent.bk.job.common.encrypt.scenario.CredentialCryptoService; import com.tencent.bk.job.common.model.BaseSearchCondition; import com.tencent.bk.job.common.model.PageData; import com.tencent.bk.job.common.model.dto.CommonCredential; -import com.tencent.bk.job.common.util.Base64Util; import com.tencent.bk.job.common.util.JobUUID; -import com.tencent.bk.job.common.util.crypto.AESUtils; import com.tencent.bk.job.common.util.json.JsonUtils; -import com.tencent.bk.job.manage.config.JobTicketConfig; import com.tencent.bk.job.manage.dao.CredentialDAO; import com.tencent.bk.job.manage.model.dto.CredentialDTO; import com.tencent.bk.job.manage.model.inner.resp.ServiceCredentialDisplayDTO; @@ -59,13 +57,14 @@ public class CredentialDAOImpl implements CredentialDAO { private static final Credential defaultTable = Credential.CREDENTIAL; - private final JobTicketConfig jobTicketConfig; private final DSLContext defaultDSLContext; + private final CredentialCryptoService credentialCryptoService; @Autowired - public CredentialDAOImpl(JobTicketConfig jobTicketConfig, DSLContext dslContext) { - this.jobTicketConfig = jobTicketConfig; + public CredentialDAOImpl(DSLContext dslContext, + CredentialCryptoService credentialCryptoService) { this.defaultDSLContext = dslContext; + this.credentialCryptoService = credentialCryptoService; } @Override @@ -92,10 +91,7 @@ public String insertCredential(DSLContext dslContext, CredentialDTO credentialDT credentialDTO.getName(), credentialDTO.getType(), credentialDTO.getDescription(), - AESUtils.encryptToBase64EncodedCipherText( - credentialStr, - jobTicketConfig.getEncryptPassword() - ), + credentialCryptoService.encryptCredential(credentialStr), credentialDTO.getCreator(), credentialDTO.getCreateTime(), credentialDTO.getLastModifyUser(), @@ -123,9 +119,7 @@ public String updateCredentialById(DSLContext dslContext, CredentialDTO credenti .set(defaultTable.NAME, credentialDTO.getName()) .set(defaultTable.TYPE, credentialDTO.getType()) .set(defaultTable.DESCRIPTION, credentialDTO.getDescription()) - .set(defaultTable.VALUE, AESUtils.encryptToBase64EncodedCipherText( - credentialStr, - jobTicketConfig.getEncryptPassword())) + .set(defaultTable.VALUE, credentialCryptoService.encryptCredential(credentialStr)) .set(defaultTable.LAST_MODIFY_USER, credentialDTO.getLastModifyUser()) .set(defaultTable.LAST_MODIFY_TIME, System.currentTimeMillis()) .where(defaultTable.ID.eq(credentialDTO.getId())); @@ -305,9 +299,8 @@ public PageData listPageCredentialByConditions( private CredentialDTO convertRecordToDto(Record record) { try { - String credentialStr = AESUtils.decryptToPlainText( - Base64Util.decodeContentToByte(record.get(defaultTable.VALUE)), - jobTicketConfig.getEncryptPassword() + String credentialStr = credentialCryptoService.decryptCredential( + record.get(defaultTable.VALUE) ); log.debug("Get credential from DB:{}", credentialStr); return new CredentialDTO( diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanScriptStepDAOImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanScriptStepDAOImpl.java index 8428ee7388..63aea61575 100644 --- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanScriptStepDAOImpl.java +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanScriptStepDAOImpl.java @@ -25,7 +25,7 @@ package com.tencent.bk.job.manage.dao.plan.impl; import com.tencent.bk.job.common.constant.ErrorCode; -import com.tencent.bk.job.common.encrypt.scenario.SensitiveParamService; +import com.tencent.bk.job.common.encrypt.scenario.SensitiveParamCryptoService; import com.tencent.bk.job.common.exception.InternalException; import com.tencent.bk.job.manage.common.consts.script.ScriptTypeEnum; import com.tencent.bk.job.manage.common.consts.task.TaskScriptSourceEnum; @@ -38,7 +38,7 @@ import org.jooq.Condition; import org.jooq.DSLContext; import org.jooq.Record1; -import org.jooq.Record16; +import org.jooq.Record15; import org.jooq.Result; import org.jooq.generated.tables.TaskPlan; import org.jooq.generated.tables.TaskPlanStep; @@ -70,17 +70,17 @@ public class TaskPlanScriptStepDAOImpl implements TaskScriptStepDAO { private static final TaskPlanStepScript tableTTStepScript = TaskPlanStepScript.TASK_PLAN_STEP_SCRIPT; private final DSLContext context; - private final SensitiveParamService sensitiveParamService; + private final SensitiveParamCryptoService sensitiveParamCryptoService; @Autowired public TaskPlanScriptStepDAOImpl(@Qualifier("job-manage-dsl-context") DSLContext context, - SensitiveParamService sensitiveParamService) { + SensitiveParamCryptoService sensitiveParamCryptoService) { this.context = context; - this.sensitiveParamService = sensitiveParamService; + this.sensitiveParamCryptoService = sensitiveParamCryptoService; } - private TaskScriptStepDTO convertRecordToTaskScriptStep(Record16 record) { + private TaskScriptStepDTO convertRecordToTaskScriptStep(Record15 record) { if (record == null) { return null; } @@ -100,10 +100,12 @@ private TaskScriptStepDTO convertRecordToTaskScriptStep(Record16 listScriptStepByParentId(long parentId) { List conditions = new ArrayList<>(); conditions.add(TABLE.PLAN_ID.eq(ULong.valueOf(parentId))); Result< - Record16> result = + Record15> result = context .select( TABLE.ID, @@ -132,8 +134,7 @@ public List listScriptStepByParentId(long parentId) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).from(TABLE).where(conditions).fetch(); List taskScriptStepList = new ArrayList<>(); @@ -150,8 +151,8 @@ public Map listScriptStepByIds(List stepIdList) { List conditions = new ArrayList<>(); conditions.add(TABLE.STEP_ID.in(stepIdList.stream().map(ULong::valueOf).collect(Collectors.toList()))); Result< - Record16> result = + Record15> result = context .select( TABLE.ID, @@ -168,8 +169,7 @@ public Map listScriptStepByIds(List stepIdList) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).from(TABLE).where(conditions).fetch(); Map taskScriptStepMap = new HashMap<>(stepIdList.size()); @@ -187,8 +187,8 @@ public Map listScriptStepByIds(List stepIdList) { public TaskScriptStepDTO getScriptStepById(long stepId) { List conditions = new ArrayList<>(); conditions.add(TABLE.STEP_ID.eq(ULong.valueOf(stepId))); - Record16 record = context.select( + Record15 record = context.select( TABLE.ID, TABLE.PLAN_ID, TABLE.STEP_ID, @@ -203,8 +203,7 @@ public TaskScriptStepDTO getScriptStepById(long stepId) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).from(TABLE).where(conditions).fetchOne(); if (record != null) { return convertRecordToTaskScriptStep(record); @@ -239,8 +238,7 @@ public long insertScriptStep(TaskScriptStepDTO scriptStep) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).values( ULong.valueOf(scriptStep.getPlanId()), ULong.valueOf(scriptStep.getStepId()), @@ -249,14 +247,13 @@ public long insertScriptStep(TaskScriptStepDTO scriptStep) { scriptStep.getScriptVersionId() == null ? null : ULong.valueOf(scriptStep.getScriptVersionId()), scriptStep.getContent(), UByte.valueOf(scriptStep.getLanguage().getValue()), - sensitiveParamService.encryptParamIfNeeded(scriptStep.getSecureParam(), scriptStep.getScriptParam()), + sensitiveParamCryptoService.encryptParamIfNeeded(scriptStep.getSecureParam(), scriptStep.getScriptParam()), ULong.valueOf(scriptStep.getTimeout()), ULong.valueOf(scriptStep.getAccount()), scriptStep.getExecuteTarget().toJsonString(), isSecureParam, status, - ignoreError, - sensitiveParamService.getSecureParamEncryptAlgorithm(scriptStep.getSecureParam()) + ignoreError ).returning(TABLE.ID).fetchOne(); assert record != null; return record.getId().longValue(); diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanVariableDAOImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanVariableDAOImpl.java index d807267633..73de2deb7c 100644 --- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanVariableDAOImpl.java +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/plan/impl/TaskPlanVariableDAOImpl.java @@ -27,7 +27,7 @@ import com.tencent.bk.job.common.constant.Bool; import com.tencent.bk.job.common.constant.ErrorCode; import com.tencent.bk.job.common.constant.TaskVariableTypeEnum; -import com.tencent.bk.job.common.encrypt.scenario.CipherVariableService; +import com.tencent.bk.job.common.encrypt.scenario.CipherVariableCryptoService; import com.tencent.bk.job.common.exception.InternalException; import com.tencent.bk.job.manage.dao.TaskVariableDAO; import com.tencent.bk.job.manage.model.dto.task.TaskVariableDTO; @@ -36,7 +36,7 @@ import org.apache.commons.lang3.StringUtils; import org.jooq.Condition; import org.jooq.DSLContext; -import org.jooq.InsertValuesStep9; +import org.jooq.InsertValuesStep8; import org.jooq.Record; import org.jooq.Result; import org.jooq.TableField; @@ -63,17 +63,16 @@ public class TaskPlanVariableDAOImpl implements TaskVariableDAO { private static final TaskPlanVariable TABLE = TaskPlanVariable.TASK_PLAN_VARIABLE; private static final TableField[] ALL_FIELDS = {TABLE.TEMPLATE_VARIABLE_ID, TABLE.PLAN_ID, - TABLE.NAME, TABLE.TYPE, TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM}; + TABLE.NAME, TABLE.TYPE, TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, TABLE.IS_REQUIRED}; private final DSLContext context; - private final CipherVariableService cipherVariableService; + private final CipherVariableCryptoService cipherVariableCryptoService; @Autowired public TaskPlanVariableDAOImpl(@Qualifier("job-manage-dsl-context") DSLContext context, - CipherVariableService cipherVariableService) { + CipherVariableCryptoService cipherVariableCryptoService) { this.context = context; - this.cipherVariableService = cipherVariableService; + this.cipherVariableCryptoService = cipherVariableCryptoService; } @Override @@ -96,11 +95,10 @@ private TaskVariableDTO extract(Record record) { taskVariable.setName(record.get(TABLE.NAME)); taskVariable.setType(TaskVariableTypeEnum.valOf(record.get(TABLE.TYPE).intValue())); String encryptedDefaultValue = record.get(TABLE.DEFAULT_VALUE); - String cipherEncryptAlgorithm = record.get(TABLE.CIPHER_ENCRYPT_ALGORITHM); - String defaultValue = cipherVariableService.decryptTaskVariableIfNeeded( + // 密文变量解密 + String defaultValue = cipherVariableCryptoService.decryptTaskVariableIfNeeded( taskVariable.getType(), - encryptedDefaultValue, - cipherEncryptAlgorithm + encryptedDefaultValue ); taskVariable.setDefaultValue(defaultValue); taskVariable.setDescription(record.get(TABLE.DESCRIPTION)); @@ -139,18 +137,16 @@ public long insertVariable(TaskVariableDTO variable) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ).values( ULong.valueOf(variable.getId()), ULong.valueOf(variable.getPlanId()), variable.getName(), UByte.valueOf(variable.getType().getType()), - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), variable.getDescription(), getChangeable(variable.getChangeable()), - getRequired(variable.getRequired()), - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType()) + getRequired(variable.getRequired()) ).returning(TABLE.TEMPLATE_VARIABLE_ID).fetchOne(); assert record != null; return record.getTemplateVariableId().longValue(); @@ -161,8 +157,8 @@ public List batchInsertVariables(List variableList) { if (CollectionUtils.isEmpty(variableList)) { return Collections.emptyList(); } - InsertValuesStep9 insertStep = context.insertInto(TABLE) + InsertValuesStep8 insertStep = context.insertInto(TABLE) .columns( TABLE.TEMPLATE_VARIABLE_ID, TABLE.PLAN_ID, @@ -171,8 +167,7 @@ public List batchInsertVariables(List variableList) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ); variableList.forEach(variable -> @@ -181,11 +176,10 @@ public List batchInsertVariables(List variableList) { ULong.valueOf(variable.getPlanId()), variable.getName(), UByte.valueOf(variable.getType().getType()), - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), variable.getDescription(), getChangeable(variable.getChangeable()), - getRequired(variable.getRequired()), - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType()) + getRequired(variable.getRequired()) )); Result result = insertStep.returning(TABLE.TEMPLATE_VARIABLE_ID).fetch(); @@ -217,9 +211,7 @@ public boolean updateVariableById(TaskVariableDTO variable) { } else { updateStep = context.update(TABLE) .set(TABLE.DEFAULT_VALUE, - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue())) - .set(TABLE.CIPHER_ENCRYPT_ALGORITHM, - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType())); + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue())); } if (StringUtils.isNotBlank(variable.getName())) { updateStep.set(TABLE.NAME, variable.getName()); @@ -265,9 +257,7 @@ public boolean updateVariableByName(TaskVariableDTO variable) { return 1 == context.update(TABLE) .set(TABLE.DEFAULT_VALUE, - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue())) - .set(TABLE.CIPHER_ENCRYPT_ALGORITHM, - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType())) + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue())) .where(conditions).limit(1) .execute(); } diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateScriptStepDAOImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateScriptStepDAOImpl.java index d244281c60..a9c132f9d9 100644 --- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateScriptStepDAOImpl.java +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateScriptStepDAOImpl.java @@ -24,7 +24,7 @@ package com.tencent.bk.job.manage.dao.template.impl; -import com.tencent.bk.job.common.encrypt.scenario.SensitiveParamService; +import com.tencent.bk.job.common.encrypt.scenario.SensitiveParamCryptoService; import com.tencent.bk.job.manage.common.consts.script.ScriptTypeEnum; import com.tencent.bk.job.manage.common.consts.task.TaskScriptSourceEnum; import com.tencent.bk.job.manage.common.util.JooqDataTypeUtil; @@ -36,7 +36,7 @@ import org.jooq.Condition; import org.jooq.DSLContext; import org.jooq.Record1; -import org.jooq.Record16; +import org.jooq.Record15; import org.jooq.Record3; import org.jooq.Result; import org.jooq.generated.tables.TaskTemplate; @@ -70,17 +70,17 @@ public class TaskTemplateScriptStepDAOImpl implements TaskScriptStepDAO { private static final TaskTemplateStepScript tableTTStepScript = TaskTemplateStepScript.TASK_TEMPLATE_STEP_SCRIPT; private final DSLContext context; - private final SensitiveParamService sensitiveParamService; + private final SensitiveParamCryptoService sensitiveParamCryptoService; @Autowired public TaskTemplateScriptStepDAOImpl(@Qualifier("job-manage-dsl-context") DSLContext context, - SensitiveParamService sensitiveParamService) { + SensitiveParamCryptoService sensitiveParamCryptoService) { this.context = context; - this.sensitiveParamService = sensitiveParamService; + this.sensitiveParamCryptoService = sensitiveParamCryptoService; } - private TaskScriptStepDTO convertRecordToTaskScriptStep(Record16 record) { + private TaskScriptStepDTO convertRecordToTaskScriptStep(Record15 record) { if (record == null) { return null; } @@ -100,10 +100,12 @@ private TaskScriptStepDTO convertRecordToTaskScriptStep(Record16 listScriptStepByParentId(long parentId) { List conditions = new ArrayList<>(); conditions.add(TABLE.TEMPLATE_ID.eq(ULong.valueOf(parentId))); Result< - Record16> result = + Record15> result = context .select( TABLE.ID, @@ -132,8 +134,7 @@ public List listScriptStepByParentId(long parentId) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).from(TABLE).where(conditions).fetch(); List taskScriptStepList = new ArrayList<>(); @@ -151,8 +152,8 @@ public Map listScriptStepByIds(List stepIdList) { List conditions = new ArrayList<>(); conditions.add(TABLE.STEP_ID.in(stepIdList.stream().map(ULong::valueOf).collect(Collectors.toList()))); Result< - Record16> result = + Record15> result = context .select( TABLE.ID, @@ -169,8 +170,7 @@ public Map listScriptStepByIds(List stepIdList) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).from(TABLE).where(conditions).fetch(); Map taskScriptStepMap = new HashMap<>(stepIdList.size()); @@ -188,8 +188,8 @@ public Map listScriptStepByIds(List stepIdList) { public TaskScriptStepDTO getScriptStepById(long stepId) { List conditions = new ArrayList<>(); conditions.add(TABLE.STEP_ID.eq(ULong.valueOf(stepId))); - Record16 record = context.select( + Record15 record = context.select( TABLE.ID, TABLE.TEMPLATE_ID, TABLE.STEP_ID, @@ -204,8 +204,7 @@ public TaskScriptStepDTO getScriptStepById(long stepId) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).from(TABLE).where(conditions).fetchOne(); if (record != null) { return convertRecordToTaskScriptStep(record); @@ -239,8 +238,7 @@ public long insertScriptStep(TaskScriptStepDTO scriptStep) { TABLE.DESTINATION_HOST_LIST, TABLE.IS_SECURE_PARAM, TABLE.STATUS, - TABLE.IGNORE_ERROR, - TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM + TABLE.IGNORE_ERROR ).values( ULong.valueOf(scriptStep.getTemplateId()), ULong.valueOf(scriptStep.getStepId()), @@ -249,14 +247,13 @@ public long insertScriptStep(TaskScriptStepDTO scriptStep) { scriptStep.getScriptVersionId() == null ? null : ULong.valueOf(scriptStep.getScriptVersionId()), scriptStep.getContent(), UByte.valueOf(scriptStep.getLanguage().getValue()), - sensitiveParamService.encryptParamIfNeeded(scriptStep.getSecureParam(), scriptStep.getScriptParam()), + sensitiveParamCryptoService.encryptParamIfNeeded(scriptStep.getSecureParam(), scriptStep.getScriptParam()), ULong.valueOf(scriptStep.getTimeout()), ULong.valueOf(scriptStep.getAccount()), scriptStep.getExecuteTarget() == null ? null : scriptStep.getExecuteTarget().toJsonString(), isSecureParam, UByte.valueOf(scriptStep.getStatus()), - ignoreError, - sensitiveParamService.getSecureParamEncryptAlgorithm(scriptStep.getSecureParam()) + ignoreError ).returning(TABLE.ID).fetchOne(); assert record != null; return record.getId().longValue(); @@ -280,10 +277,8 @@ public boolean updateScriptStepById(TaskScriptStepDTO scriptStep) { scriptStep.getScriptVersionId() == null ? null : ULong.valueOf(scriptStep.getScriptVersionId())) .set(TABLE.CONTENT, scriptStep.getContent()) .set(TABLE.LANGUAGE, UByte.valueOf(scriptStep.getLanguage().getValue())) - .set(TABLE.SCRIPT_PARAM, sensitiveParamService.encryptParamIfNeeded( + .set(TABLE.SCRIPT_PARAM, sensitiveParamCryptoService.encryptParamIfNeeded( scriptStep.getSecureParam(), scriptStep.getScriptParam())) - .set(TABLE.SECURE_PARAM_ENCRYPT_ALGORITHM, - sensitiveParamService.getSecureParamEncryptAlgorithm(scriptStep.getSecureParam())) .set(TABLE.SCRIPT_TIMEOUT, ULong.valueOf(scriptStep.getTimeout())) .set(TABLE.EXECUTE_ACCOUNT, ULong.valueOf(scriptStep.getAccount())) .set(TABLE.DESTINATION_HOST_LIST, diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImpl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImpl.java index 7eb7deb46d..b8b2b76b3e 100644 --- a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImpl.java +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/dao/template/impl/TaskTemplateVariableDAOImpl.java @@ -26,7 +26,7 @@ import com.tencent.bk.job.common.constant.ErrorCode; import com.tencent.bk.job.common.constant.TaskVariableTypeEnum; -import com.tencent.bk.job.common.encrypt.scenario.CipherVariableService; +import com.tencent.bk.job.common.encrypt.scenario.CipherVariableCryptoService; import com.tencent.bk.job.common.exception.InternalException; import com.tencent.bk.job.manage.common.util.JooqDataTypeUtil; import com.tencent.bk.job.manage.dao.TaskVariableDAO; @@ -35,10 +35,10 @@ import org.apache.commons.collections4.CollectionUtils; import org.jooq.Condition; import org.jooq.DSLContext; +import org.jooq.InsertValuesStep7; import org.jooq.InsertValuesStep8; -import org.jooq.InsertValuesStep9; import org.jooq.Record; -import org.jooq.Record9; +import org.jooq.Record8; import org.jooq.Result; import org.jooq.generated.tables.TaskTemplateVariable; import org.jooq.generated.tables.records.TaskTemplateVariableRecord; @@ -64,13 +64,13 @@ public class TaskTemplateVariableDAOImpl implements TaskVariableDAO { private static final TaskTemplateVariable TABLE = TaskTemplateVariable.TASK_TEMPLATE_VARIABLE; private final DSLContext context; - private final CipherVariableService cipherVariableService; + private final CipherVariableCryptoService cipherVariableCryptoService; @Autowired public TaskTemplateVariableDAOImpl(@Qualifier("job-manage-dsl-context") DSLContext context, - CipherVariableService cipherVariableService) { + CipherVariableCryptoService cipherVariableCryptoService) { this.context = context; - this.cipherVariableService = cipherVariableService; + this.cipherVariableCryptoService = cipherVariableCryptoService; } @Override @@ -80,8 +80,8 @@ public List listVariablesByParentId(long parentId) { conditions.add(TABLE.TEMPLATE_ID.eq(ULong.valueOf(parentId))); Result< - Record9> records = + Record8> records = context .select( TABLE.ID, @@ -91,8 +91,7 @@ public List listVariablesByParentId(long parentId) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ).from(TABLE).where(conditions).fetch(); List taskVariableList = new ArrayList<>(); @@ -109,7 +108,7 @@ public TaskVariableDTO getVariableById(long parentId, long id) { List conditions = new ArrayList<>(2); conditions.add(TABLE.ID.eq(ULong.valueOf(id))); conditions.add(TABLE.TEMPLATE_ID.eq(ULong.valueOf(parentId))); - Record9 record = + Record8 record = context.select( TABLE.ID, TABLE.TEMPLATE_ID, @@ -118,8 +117,7 @@ public TaskVariableDTO getVariableById(long parentId, long id) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ).from(TABLE).where(conditions).fetchOne(); if (record != null) { return extract(record); @@ -138,11 +136,10 @@ private TaskVariableDTO extract(Record record) { taskVariable.setName(record.get(TABLE.NAME)); taskVariable.setType(TaskVariableTypeEnum.valOf(Objects.requireNonNull(record.get(TABLE.TYPE)).intValue())); String encryptedDefaultValue = record.get(TABLE.DEFAULT_VALUE); - String cipherEncryptAlgorithm = record.get(TABLE.CIPHER_ENCRYPT_ALGORITHM); - String defaultValue = cipherVariableService.decryptTaskVariableIfNeeded( + // 密文变量解密 + String defaultValue = cipherVariableCryptoService.decryptTaskVariableIfNeeded( taskVariable.getType(), - encryptedDefaultValue, - cipherEncryptAlgorithm + encryptedDefaultValue ); taskVariable.setDefaultValue(defaultValue); taskVariable.setDescription(record.get(TABLE.DESCRIPTION)); @@ -156,7 +153,7 @@ public TaskVariableDTO getVariableByName(long parentId, String name) { List conditions = new ArrayList<>(2); conditions.add(TABLE.NAME.eq(name)); conditions.add(TABLE.TEMPLATE_ID.eq(ULong.valueOf(parentId))); - Result> records = + Result> records = context.select( TABLE.ID, TABLE.TEMPLATE_ID, @@ -165,8 +162,7 @@ public TaskVariableDTO getVariableByName(long parentId, String name) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ).from(TABLE).where(conditions).fetch(); if (records.size() > 0) { return extract(records.get(0)); @@ -185,17 +181,15 @@ public long insertVariable(TaskVariableDTO variable) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ).values( ULong.valueOf(variable.getTemplateId()), variable.getName(), UByte.valueOf(variable.getType().getType()), - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), variable.getDescription(), getChangeable(variable.getChangeable()), - getRequired(variable.getRequired()), - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType()) + getRequired(variable.getRequired()) ).returning(TABLE.ID).fetchOne(); if (record != null) { return record.getId().longValue(); @@ -209,7 +203,7 @@ public List batchInsertVariables(List variableList) { if (CollectionUtils.isEmpty(variableList)) { return Collections.emptyList(); } - InsertValuesStep8 insertStep = + InsertValuesStep7 insertStep = context.insertInto(TABLE) .columns( TABLE.TEMPLATE_ID, @@ -218,8 +212,7 @@ public List batchInsertVariables(List variableList) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ); variableList.forEach(variable -> @@ -227,11 +220,10 @@ public List batchInsertVariables(List variableList) { ULong.valueOf(variable.getTemplateId()), variable.getName(), UByte.valueOf(variable.getType().getType()), - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), variable.getDescription(), getChangeable(variable.getChangeable()), - getRequired(variable.getRequired()), - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType()) + getRequired(variable.getRequired()) ) ); @@ -282,11 +274,9 @@ public boolean updateVariableById(TaskVariableDTO variable) { .set(TABLE.NAME, variable.getName()) .set(TABLE.DESCRIPTION, variable.getDescription()) .set(TABLE.DEFAULT_VALUE, - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue())) + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue())) .set(TABLE.IS_CHANGEABLE, isChangeable) .set(TABLE.IS_REQUIRED, isRequired) - .set(TABLE.CIPHER_ENCRYPT_ALGORITHM, - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType())) .where(conditions).limit(1) .execute(); } @@ -308,8 +298,8 @@ public int deleteVariableByParentId(long parentId) { @Override public boolean batchInsertVariableWithId(List variableList) { - InsertValuesStep9 insertStep = context.insertInto(TABLE). + InsertValuesStep8 insertStep = context.insertInto(TABLE). columns( TABLE.ID, TABLE.TEMPLATE_ID, @@ -318,8 +308,7 @@ public boolean batchInsertVariableWithId(List variableList) { TABLE.DEFAULT_VALUE, TABLE.DESCRIPTION, TABLE.IS_CHANGEABLE, - TABLE.IS_REQUIRED, - TABLE.CIPHER_ENCRYPT_ALGORITHM + TABLE.IS_REQUIRED ); for (TaskVariableDTO variable : variableList) { insertStep = insertStep.values( @@ -327,11 +316,10 @@ public boolean batchInsertVariableWithId(List variableList) { ULong.valueOf(variable.getTemplateId()), variable.getName(), UByte.valueOf(variable.getType().getType()), - cipherVariableService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), + cipherVariableCryptoService.encryptTaskVariableIfNeeded(variable.getType(), variable.getDefaultValue()), variable.getDescription(), getChangeable(variable.getChangeable()), - getRequired(variable.getRequired()), - cipherVariableService.getCipherVariableEncryptAlgorithm(variable.getType()) + getRequired(variable.getRequired()) ); } return insertStep.execute() > 0; diff --git a/support-files/sql/job-execute/0023_job_execute_20230519-1000_V3.8.0_mysql.sql b/support-files/sql/job-execute/0023_job_execute_20230519-1000_V3.8.0_mysql.sql deleted file mode 100644 index 8283b08a85..0000000000 --- a/support-files/sql/job-execute/0023_job_execute_20230519-1000_V3.8.0_mysql.sql +++ /dev/null @@ -1,47 +0,0 @@ -USE job_execute; - -SET NAMES utf8mb4; - -DROP PROCEDURE IF EXISTS job_schema_update; - -DELIMITER - -CREATE PROCEDURE job_schema_update() -BEGIN - - DECLARE db VARCHAR(100); - SET AUTOCOMMIT = 0; - SELECT DATABASE() INTO db; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.COLUMNS - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'step_instance_script' - AND COLUMN_NAME = 'secure_param_encrypt_algorithm') THEN - ALTER TABLE step_instance_script ADD COLUMN `secure_param_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "None" AFTER `is_secure_param`; - END IF; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.COLUMNS - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'task_instance_variable' - AND COLUMN_NAME = 'cipher_encrypt_algorithm') THEN - ALTER TABLE task_instance_variable ADD COLUMN `cipher_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "None" AFTER `value`; - END IF; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.COLUMNS - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'step_instance_script' - AND COLUMN_NAME = 'db_password_encrypt_algorithm') THEN - ALTER TABLE step_instance_script ADD COLUMN `db_password_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "AES" AFTER `db_password`; - END IF; - - COMMIT; -END -DELIMITER ; -COMMIT; - -CALL job_schema_update(); - -DROP PROCEDURE IF EXISTS job_schema_update; diff --git a/support-files/sql/job-manage/0031_job_manage_20230519-1000_V3.8.0_mysql.sql b/support-files/sql/job-manage/0031_job_manage_20230519-1000_V3.8.0_mysql.sql deleted file mode 100644 index bd91f33174..0000000000 --- a/support-files/sql/job-manage/0031_job_manage_20230519-1000_V3.8.0_mysql.sql +++ /dev/null @@ -1,62 +0,0 @@ -USE job_manage; - -SET NAMES utf8mb4; - -DROP PROCEDURE IF EXISTS job_schema_update; - -DELIMITER - -CREATE PROCEDURE job_schema_update() -BEGIN - - DECLARE db VARCHAR(100); - SET AUTOCOMMIT = 0; - SELECT DATABASE() INTO db; - - -- Update `task_template_step_script` schema - IF NOT EXISTS(SELECT 1 - FROM information_schema.columns - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'task_template_step_script' - AND COLUMN_NAME = 'secure_param_encrypt_algorithm') THEN - ALTER TABLE task_template_step_script ADD COLUMN `secure_param_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "None" AFTER `is_secure_param`; - END IF; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.columns - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'task_plan_step_script' - AND COLUMN_NAME = 'secure_param_encrypt_algorithm') THEN - ALTER TABLE task_plan_step_script ADD COLUMN `secure_param_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "None" AFTER `is_secure_param`; - END IF; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.columns - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'task_template_variable' - AND COLUMN_NAME = 'cipher_encrypt_algorithm') THEN - ALTER TABLE task_template_variable ADD COLUMN `cipher_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "None" AFTER `default_value`; - END IF; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.columns - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'task_plan_variable' - AND COLUMN_NAME = 'cipher_encrypt_algorithm') THEN - ALTER TABLE task_plan_variable ADD COLUMN `cipher_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "None" AFTER `default_value`; - END IF; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.columns - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'account' - AND COLUMN_NAME = 'db_password_encrypt_algorithm') THEN - ALTER TABLE `account` ADD COLUMN `db_password_encrypt_algorithm` varchar(32) NOT NULL DEFAULT "AES" AFTER `db_password`; - END IF; - -COMMIT; -END -DELIMITER ; -CALL job_schema_update(); - -DROP PROCEDURE IF EXISTS job_schema_update;