OMC/be.ems
1
0
Fork 0
Code Issues Releases 3 Activity

mm

Browse Source
This commit is contained in:
simonzhangsz
2023-08-18 17:10:08 +08:00
parent 19f973c115
commit 23967c1a79
8 changed files with 54 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
config/mml/system/amf_sys_mml_config.yaml
View File

@@ -127,4 +127,17 @@ amf:
optional: "false"
filter: ""
display: "CMD"
comment: ""
comment: ""
subsManagement:
display: "Subscriber Management"
mml:
- operation: "list"
object: "imsi"
display: "List Online IMSI"
params:
- name: "imsi"
type: "string"
optional: "false"
filter: "32"
display: "IMSI"
comment: ""

20
features/dbrest/dbrest.go
View File

@@ -260,14 +260,15 @@ func ExtDatabaseGetData(w http.ResponseWriter, r *http.Request) {
return
}
pack := "dbrest"
vars := mux.Vars(r)
module := vars["managementModule"]
dbname := vars["dataStorage"]
tbname := vars["dataObject"]
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname, pack)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
if err != nil {
log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w)
@@ -353,9 +354,10 @@ func ExtDatabaseInsertData(w http.ResponseWriter, r *http.Request) {
module := vars["managementModule"]
dbname := vars["dataStorage"]
tbname := vars["dataObject"]
pack := "dbrest"
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
if err != nil {
log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w)
@@ -408,9 +410,10 @@ func ExtDatabaseUpdateData(w http.ResponseWriter, r *http.Request) {
module := vars["managementModule"]
dbname := vars["dataStorage"]
tbname := vars["dataObject"]
pack := "dbrest"
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
if err != nil {
log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w)
@@ -470,9 +473,10 @@ func ExtDatabaseDeleteData(w http.ResponseWriter, r *http.Request) {
module := vars["managementModule"]
dbname := vars["dataStorage"]
tbname := vars["dataObject"]
pack := "dbreset"
log.Debugf("token:%s, method:%s, module:%, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
log.Debugf("token:%s, method:%s, module:%, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
if err != nil {
log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w)

22
features/lm/logbak.go
View File

@@ -3,6 +3,7 @@ package lm
import (
"fmt"
"net/http"
"os/exec"
"strings"
"time"
@@ -93,9 +94,9 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
module := vars["managementModule"]
dbname := vars["dataStorage"]
tbname := vars["dataObject"]
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s", token, r.Method, module, dbname, tbname)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname)
pack := "lm"
log.Debugf("token:%s, method:%s, dbname:%s, tbname:%s pack:%s", token, r.Method, module, dbname, tbname, pack)
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, dbname, tbname, pack)
if err != nil {
log.Error("Failed to get permission:", err)
services.ResponseForbidden403NotPermission(w)
@@ -108,15 +109,16 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
}
var sql string
var filePath string
switch tbname {
case "operation_log":
filePath := fmt.Sprintf("%s/%s-%s.csv", config.GetYamlConfig().Database.Backup, tbname, time.Now().Local().Format(global.DateData))
filePath = fmt.Sprintf("/tmp/%s-%s.csv", tbname, time.Now().Local().Format(global.DateData))
sql = fmt.Sprintf("select * into outfile '%s' fields terminated by ',' escaped by '' optionally enclosed by '' lines terminated by '\n' from (select 'op_id','account_name','op_ip','subsys_tag','op_type','op_content','op_result','begin_time','end_time','vnf_flag','log_time' union select op_id,account_name,op_ip,subsys_tag,op_type,op_content,op_result,begin_time,end_time,vnf_flag,log_time from operation_log) b", filePath)
case "security_log":
filePath := fmt.Sprintf("%s/%s-%s.csv", config.GetYamlConfig().Database.Backup, tbname, time.Now().Local().Format(global.DateData))
filePath = fmt.Sprintf("/tmp/%s-%s.csv", tbname, time.Now().Local().Format(global.DateData))
sql = fmt.Sprintf("select * into outfile '%s' fields terminated by ',' escaped by '' optionally enclosed by '' lines terminated by '\n' from (select 'id','account_name','account_type','op_ip','op_type','op_content','op_result','op_time' union select id,account_name,account_type,op_ip,op_type,op_content,op_result,op_time from security_log) b", filePath)
case "alarm_log":
filePath := fmt.Sprintf("%s/%s-%s.csv", config.GetYamlConfig().Database.Backup, tbname, time.Now().Local().Format(global.DateData))
filePath = fmt.Sprintf("/tmp/%s-%s.csv", tbname, time.Now().Local().Format(global.DateData))
sql = fmt.Sprintf("select * into outfile '%s' fields terminated by ',' escaped by '' optionally enclosed by '' lines terminated by '\n' from (select 'id','ne_type','ne_id','alarm_seq','alarm_id','alarm_code','alarm_status','event_time','log_time' union select id,ne_type,ne_id,alarm_seq,alarm_id,alarm_code,alarm_status,event_time,log_time from alarm_log) b", filePath)
default:
log.Error("error target table")
@@ -132,6 +134,14 @@ func ExtDatabaseBackupData(w http.ResponseWriter, r *http.Request) {
}
affected, _ := res.RowsAffected()
cmd := exec.Command("cp", "-rf", filePath, config.GetYamlConfig().Database.Backup)
out, err := cmd.CombinedOutput()
log.Tracef("Exec output: %v", string(out))
if err != nil {
log.Errorf("Faile to exec:", err)
services.ResponseInternalServerError500ProcessError(w, err)
return
}
mapRow := make(map[string]interface{})
row := map[string]interface{}{"affectedRows": affected}
mapRow[tbname] = row

7
features/mml/mml.go
View File

@@ -55,7 +55,7 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
log.Error("Request error:", err)
return
}
pack := "mml"
vars := mux.Vars(r)
module := vars["managementModule"]
neType := vars["elementTypeValue"]
@@ -68,13 +68,14 @@ func PostMMLToNF(w http.ResponseWriter, r *http.Request) {
}
log.Debug("neType:", neType, "neId", neId)
log.Debugf("token:%s, method:%s, managementModule:%s dbname:%s, tbname:%s", token, r.Method, module, neType, neId[0])
log.Debugf("token:%s, method:%s, managementModule:%s dbname:%s, tbname:%s pack:%s",
token, r.Method, module, neType, neId[0], pack)
var buf [8192]byte
var n int
var mmlResult []string
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, neType, neId[0])
exist, err := services.CheckUserPermission(token, strings.ToLower(r.Method), module, neType, neId[0], pack)
if err != nil {
log.Error("Failed to get permission:", err)
errMsg := fmt.Sprintf("RetCode = -1 operation failed: do not have the operation permissions")

4
lib/dborm/dborm.go
View File

@@ -1484,14 +1484,14 @@ type permission struct {
Object string `json:"object"`
}
func IsPermissionAllowed(token, method, module, dbname, tbname string) (bool, error) {
func IsPermissionAllowed(token, method, module, dbname, tbname, pack string) (bool, error) {
log.Info("IsPermissionAllowed processing... ")
exist, err := xEngine.Table("permission").
Join("INNER", "role_permission", "permission.permission_name = role_permission.p_name").
Join("INNER", "user_role", "role_permission.r_name = user_role.r_name").
Join("INNER", "session", "user_role.u_name = session.account_id and session.access_token=?", token).
Where("method in ('*',?) and management in ('*',?) and element in ('*',?) and object in ('*',?)", method, module, dbname, tbname).
Where("method in ('*',?) and module in ('*',?) and management in ('*',?) and element in ('*',?) and object in ('*',?)", method, pack, module, dbname, tbname).
Exist()
if err != nil {
return false, err

4
lib/services/services.go
View File

@@ -417,7 +417,7 @@ func CheckCommonValidRequest(w http.ResponseWriter, r *http.Request) (string, er
return token, nil
}
func CheckUserPermission(token, method, module, dbname, tbname string) (bool, error) {
func CheckUserPermission(token, method, module, dbname, tbname, pack string) (bool, error) {
if config.GetYamlConfig().OMC.RBACMode == true {
if module == "" {
module = "*"
@@ -428,7 +428,7 @@ func CheckUserPermission(token, method, module, dbname, tbname string) (bool, er
if tbname == "" {
tbname = "*"
}
exist, err := dborm.IsPermissionAllowed(token, method, module, dbname, tbname)
exist, err := dborm.IsPermissionAllowed(token, method, module, dbname, tbname, pack)
if err != nil {
return false, err
}

4
tools/loadmconf/loadmconf.yaml
View File

@@ -15,5 +15,5 @@ database:
name: omc_db
mml:
filedir: ../../config/mml/omc
table: mml_command
filedir: ../../config/mml/system
table: mml_system

3
tools/misc/tables_s.lst
View File

@@ -45,4 +45,5 @@ sys_extended
sys_backup
pm_template
monitor_warn
ne_check
ne_check
ne_pool