fix(mysql): 安装proxy增加dbha白名单 #7525

xfwduke · xfwduke · commit b0d0a0e7a7a2 · 2024-10-23T16:23:48.000+08:00
diff --git a/dbm-services/mysql/db-tools/dbactuator/pkg/components/mysql_proxy/install_mysql_proxy.go b/dbm-services/mysql/db-tools/dbactuator/pkg/components/mysql_proxy/install_mysql_proxy.go
@@ -44,9 +44,10 @@ type InstallMySQLProxyComp struct {
 // payload param
 type InstallMySQLProxyParam struct {
 	components.Medium
-	ProxyConfigs json.RawMessage `json:"proxy_configs"`
-	Host         string          `json:"host"  validate:"required,ip"`
-	Ports        []int           `json:"ports" validate:"required,gt=0,dive"`
+	ProxyConfigs    json.RawMessage `json:"proxy_configs"`
+	Host            string          `json:"host"  validate:"required,ip"`
+	Ports           []int           `json:"ports" validate:"required,gt=0,dive"`
+	DBHAAccountName string          `json:"dbha_account" validate:"required"`
 }
 
 // InitDirs 别名
@@ -373,6 +374,13 @@ func (i *InstallMySQLProxyComp) initOneProxyAdminAccount(port Port) (err error)
 		logger.Error("add ProxyAdminAccount failed %s", err.Error())
 		return err
 	}
+
+	_, err = pc.Exec(fmt.Sprintf(`refresh_user('%s@%%', '+')`, i.Params.DBHAAccountName))
+	if err != nil {
+		logger.Error("add dbha account failed %s", err.Error())
+		return err
+	}
+
 	return nil
 }
 
diff --git a/dbm-ui/backend/flow/utils/mysql/proxy_act_payload.py b/dbm-ui/backend/flow/utils/mysql/proxy_act_payload.py
@@ -11,7 +11,11 @@
 
 from backend.components import DBConfigApi
 from backend.components.dbconfig.constants import FormatType, LevelName
+from backend.core.encrypt.constants import AsymmetricCipherConfigType
+from backend.core.encrypt.handlers import AsymmetricHandler
 from backend.db_package.models import Package
+from backend.db_proxy.constants import ExtensionType
+from backend.db_proxy.models import DBExtension
 from backend.flow.consts import ConfigTypeEnum, DBActuatorActionEnum, DBActuatorTypeEnum, MediumEnum, NameSpaceEnum
 
 logger = logging.getLogger("flow")
@@ -22,6 +26,11 @@ class ProxyActPayload(object):
     定义proxy不同执行类型，拼接不同的payload参数，对应不同的dict结构体.
     """
 
+    def __proxy_get_dbha_account_name(self, bk_cloud_id: int):
+        bk_cloud_name = AsymmetricCipherConfigType.get_cipher_cloud_name(bk_cloud_id)
+        dbha = DBExtension.get_latest_extension(bk_cloud_id=bk_cloud_id, extension_type=ExtensionType.DBHA)
+        return AsymmetricHandler.decrypt(name=bk_cloud_name, content=dbha.details["user"])
+
     @staticmethod
     def __get_proxy_account():
         """
@@ -59,6 +68,7 @@ def get_install_proxy_payload(self, **kwargs) -> dict:
         """
         拼接安装proxy的payload参数
         """
+
         proxy_pkg = Package.get_latest_package(version="latest", pkg_type=MediumEnum.MySQLProxy)
         return {
             "db_type": DBActuatorTypeEnum.Proxy.value,
@@ -71,6 +81,7 @@ def get_install_proxy_payload(self, **kwargs) -> dict:
                     "pkg_md5": proxy_pkg.md5,
                     "ports": self.ticket_data.get("proxy_ports", []),
                     "proxy_configs": {"mysql-proxy": self.__get_proxy_config()},
+                    "dbha_account": self.__proxy_get_dbha_account_name(bk_cloud_id=kwargs["bk_cloud_id"]),
                 },
             },
         }
