feat: kv支持返回 sha256 签名 --task=74821337 (#2955)

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

* feat: kv支持返回 sha256 签名 --task=74821337

bcs-services/bcs-bscp/cmd/data-service/db-migration/migrations/20240125175500_kv_add_signature.go

@@ -0,0 +1,215 @@
+/*
+ * Tencent is pleased to support the open source community by making Blueking Container Service available.
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ * Licensed under the MIT License (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ * http://opensource.org/licenses/MIT
+ * Unless required by applicable law or agreed to in writing, software distributed under
+ * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package migrations
+
+import (
+	"time"
+
+	"gorm.io/gorm"
+
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/cmd/data-service/db-migration/migrator"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/cc"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/dal/table"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/dal/vault"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/kit"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/tools"
+	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/types"
+)
+
+func init() {
+	// add current migration to migrator
+	migrator.GetMigrator().AddMigration(&migrator.Migration{
+		Version: "20240125175500",
+		Name:    "20240125175500_kv_add_signature",
+		Mode:    migrator.GormMode,
+		Up:      mig20240125175500Up,
+		Down:    mig20240125175500Down,
+	})
+}
+
+// Kvs20240125175500 kv
+type Kvs20240125175500 struct {
+	ID uint `gorm:"type:bigint(1) unsigned not null;primaryKey;autoIncrement:false"`
+
+	// Spec is specifics of the resource defined with user
+	Key     string `gorm:"type:varchar(255) not null;uniqueIndex:idx_bizID_appID_key_kvState,priority:1"`
+	Version uint   `gorm:"type:bigint(1) unsigned not null;"`
+	KvType  string `gorm:"type:varchar(64) not null"`
+	KvState string `gorm:"type:varchar(64) not null;uniqueIndex:idx_bizID_appID_key_kvState,priority:2"`
+
+	// Attachment is attachment info of the resource
+	BizID uint `gorm:"type:bigint(1) unsigned not null;uniqueIndex:idx_bizID_appID_key_kvState,priority:3"`
+	APPID uint `gorm:"type:bigint(1) unsigned not null;uniqueIndex:idx_bizID_appID_key_kvState,priority:4"`
+
+	// Revision is revision info of the resource
+	Creator   string    `gorm:"type:varchar(64) not null"`
+	Reviser   string    `gorm:"type:varchar(64) not null"`
+	CreatedAt time.Time `gorm:"type:datetime(6) not null"`
+	UpdatedAt time.Time `gorm:"type:datetime(6) not null"`
+
+	Signature string `gorm:"type:varchar(64) not null"`
+	ByteSize  uint   `gorm:"type:bigint(1) unsigned not null"`
+}
+
+// TableName gorm table name
+func (Kvs20240125175500) TableName() string {
+	t := &table.Kv{}
+	return t.TableName()
+}
+
+// ReleasedKvs20240125175500 已生成版本的kv
+type ReleasedKvs20240125175500 struct {
+	ID uint `gorm:"type:bigint(1) unsigned not null;primaryKey;autoIncrement:false"`
+
+	// Spec is specifics of the resource defined with user
+	Key       string `gorm:"type:varchar(255) not null;uniqueIndex:relID_key,priority:1"`
+	Version   uint   `gorm:"type:bigint(1) unsigned not null;"`
+	ReleaseID uint   `gorm:"type:bigint(1) unsigned not null;index:idx_bizID_appID_ID,priority:3;uniqueIndex:relID_key,priority:2"` //nolint:lll
+	KvType    string `gorm:"type:varchar(64) not null"`
+
+	// Attachment is attachment info of the resource
+	BizID uint `gorm:"type:bigint(1) unsigned not null;index:idx_bizID_appID_ID,priority:1"`
+	AppID uint `gorm:"type:bigint(1) unsigned not null;index:idx_bizID_appID_ID,priority:2"`
+
+	// Revision is revision info of the resource
+	Creator   string    `gorm:"type:varchar(64) not null"`
+	Reviser   string    `gorm:"type:varchar(64) not null"`
+	CreatedAt time.Time `gorm:"type:datetime(6) not null"`
+	UpdatedAt time.Time `gorm:"type:datetime(6) not null"`
+
+	Signature string `gorm:"type:varchar(64) not null"`
+	ByteSize  uint   `gorm:"type:bigint(1) unsigned not null"`
+}
+
+// TableName gorm table name
+func (ReleasedKvs20240125175500) TableName() string {
+	t := &table.ReleasedKv{}
+	return t.TableName()
+}
+
+func syncSignature(tx *gorm.DB) error {
+	// set default value
+	var kvs []table.Kv
+
+	tx.Model(&table.Kv{}).Find(&kvs)
+	cli, err := vault.NewSet(cc.DataService().Vault)
+	if err != nil {
+		return err
+	}
+
+	for _, kv := range kvs {
+		if kv.ContentSpec.Signature != "" {
+			continue
+		}
+
+		opt := &types.GetLastKvOpt{BizID: kv.Attachment.BizID, AppID: kv.Attachment.AppID, Key: kv.Spec.Key}
+		_, value, err := cli.GetLastKv(kit.New(), opt)
+		if err != nil {
+			return err
+		}
+
+		kv.ContentSpec.Signature = tools.SHA256(value)
+		kv.ContentSpec.ByteSize = uint64(len(value))
+		tx.Save(&kv)
+	}
+
+	return nil
+}
+
+func syncReleaseSignature(tx *gorm.DB) error {
+	// set default value
+	var kvs []table.ReleasedKv
+
+	tx.Model(&table.ReleasedKv{}).Find(&kvs)
+	cli, err := vault.NewSet(cc.DataService().Vault)
+	if err != nil {
+		return err
+	}
+
+	for _, kv := range kvs {
+		if kv.ContentSpec.Signature != "" {
+			continue
+		}
+
+		// 获取 release 版本的值
+		opt := &types.GetRKvOption{
+			BizID:      kv.Attachment.BizID,
+			AppID:      kv.Attachment.AppID,
+			Key:        kv.Spec.Key,
+			ReleasedID: kv.ReleaseID,
+			Version:    int(kv.Spec.Version),
+		}
+		_, value, err := cli.GetRKv(kit.New(), opt)
+		if err != nil {
+			return err
+		}
+
+		kv.ContentSpec.Signature = tools.SHA256(value)
+		kv.ContentSpec.ByteSize = uint64(len(value))
+		tx.Save(&kv)
+	}
+
+	return nil
+}
+
+// mig20240125175500Up for up migration
+func mig20240125175500Up(tx *gorm.DB) error {
+	if err := tx.Set("gorm:table_options", "ENGINE=InnoDB CHARSET=utf8mb4").
+		AutoMigrate(&Kvs20240125175500{}); err != nil {
+		return err
+	}
+
+	if err := tx.Set("gorm:table_options", "ENGINE=InnoDB CHARSET=utf8mb4").
+		AutoMigrate(&ReleasedKvs20240125175500{}); err != nil {
+		return err
+	}
+
+	if err := syncSignature(tx); err != nil {
+		return err
+	}
+
+	if err := syncReleaseSignature(tx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// mig20240125175500Down for down migration
+func mig20240125175500Down(tx *gorm.DB) error {
+	// delete kvs old column
+	if tx.Migrator().HasColumn(&Kvs20240125175500{}, "Signature") {
+		if err := tx.Migrator().DropColumn(&Kvs20240125175500{}, "Signature"); err != nil {
+			return err
+		}
+	}
+	if tx.Migrator().HasColumn(&Kvs20240125175500{}, "ByteSize") {
+		if err := tx.Migrator().DropColumn(&Kvs20240125175500{}, "ByteSize"); err != nil {
+			return err
+		}
+	}
+
+	// delete release_kvs old column
+	if tx.Migrator().HasColumn(&ReleasedKvs20240125175500{}, "Signature") {
+		if err := tx.Migrator().DropColumn(&ReleasedKvs20240125175500{}, "Signature"); err != nil {
+			return err
+		}
+	}
+	if tx.Migrator().HasColumn(&ReleasedKvs20240125175500{}, "ByteSize") {
+		if err := tx.Migrator().DropColumn(&ReleasedKvs20240125175500{}, "ByteSize"); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

bcs-services/bcs-bscp/cmd/data-service/service/kv.go

@@ -76,6 +76,10 @@ func (s *Service) CreateKv(ctx context.Context, req *pbds.CreateKvReq) (*pbds.Cr
 			Creator: kt.User,
 			Reviser: kt.User,
 		},
+		ContentSpec: &table.ContentSpec{
+			Signature: tools.SHA256(req.Spec.Value),
+			ByteSize:  uint64(len(req.Spec.Value)),
+		},
 	}
 	kv.Spec.Version = uint32(version)
 	kv.KvState = table.KvStateAdd
@@ -136,6 +140,10 @@ func (s *Service) UpdateKv(ctx context.Context, req *pbds.UpdateKvReq) (*pbbase.
 	}
 
 	kv.Spec.Version = uint32(version)
+	kv.ContentSpec = &table.ContentSpec{
+		Signature: tools.SHA256(req.Spec.Value),
+		ByteSize:  uint64(len(req.Spec.Value)),
+	}
 	if e := s.dao.Kv().Update(kt, kv); e != nil {
 		logs.Errorf("update kv failed, err: %v, rid: %s", e, kt.Rid)
 		return nil, err
@@ -410,6 +418,10 @@ func (s *Service) checkKvs(kt *kit.Kit, req *pbds.BatchUpsertKvsReq, editingKvMa
 					AppID: req.AppId,
 				},
 				Revision: editing.Revision,
+				ContentSpec: &table.ContentSpec{
+					Signature: tools.SHA256(kv.KvSpec.Value),
+					ByteSize:  uint64(len(kv.KvSpec.Value)),
+				},
 			})
 
 		} else {
@@ -430,6 +442,10 @@ func (s *Service) checkKvs(kt *kit.Kit, req *pbds.BatchUpsertKvsReq, editingKvMa
 					CreatedAt: now,
 					UpdatedAt: now,
 				},
+				ContentSpec: &table.ContentSpec{
+					Signature: tools.SHA256(kv.KvSpec.Value),
+					ByteSize:  uint64(len(kv.KvSpec.Value)),
+				},
 			})
 
 		}

bcs-services/bcs-bscp/cmd/data-service/service/release.go

@@ -27,6 +27,7 @@ import (
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/logs"
 	pbbase "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/base"
 	pbci "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/config-item"
+	pbcontent "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/content"
 	pbkv "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/kv"
 	pbrelease "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/release"
 	pbrkv "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/released-kv"
@@ -854,9 +855,10 @@ func (s *Service) genCreateKv(kt *kit.Kit, bizID, appID uint32) ([]*pbkv.Kv, err
 			return nil, err
 		}
 		kvs = append(kvs, &pbkv.Kv{
-			Spec:       pbkv.PbKvSpec(detail.Spec, value),
-			Attachment: pbkv.PbKvAttachment(detail.Attachment),
-			Revision:   pbbase.PbRevision(detail.Revision),
+			Spec:        pbkv.PbKvSpec(detail.Spec, value),
+			Attachment:  pbkv.PbKvAttachment(detail.Attachment),
+			Revision:    pbbase.PbRevision(detail.Revision),
+			ContentSpec: pbcontent.PbContentSpec(detail.ContentSpec),
 		})
 	}
 

bcs-services/bcs-bscp/cmd/data-service/service/released_kv.go

@@ -19,6 +19,7 @@ import (
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/kit"
 	"github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/logs"
 	pbbase "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/base"
+	pbcontent "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/content"
 	pbkv "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/kv"
 	pbrkv "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/released-kv"
 	released_kv "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/released-kv"
@@ -55,7 +56,8 @@ func (s *Service) GetReleasedKv(ctx context.Context, req *pbds.GetReleasedKvReq)
 			BizId: req.BizId,
 			AppId: req.AppId,
 		},
-		Revision: pbbase.PbRevision(rkv.Revision),
+		Revision:    pbbase.PbRevision(rkv.Revision),
+		ContentSpec: pbcontent.PbContentSpec(rkv.ContentSpec),
 	}, nil
 
 }

bcs-services/bcs-bscp/cmd/feed-server/bll/eventc/scheduler.go

@@ -440,6 +440,7 @@ func (sch *Scheduler) buildEventForRkv(inst *sfs.InstanceSpec, kvList []*types.R
 				BizId: one.Attachment.BizID,
 				AppId: one.Attachment.AppID,
 			},
+			ContentSpec: pbct.PbContentSpec(one.ContentSpec),
 		}
 	}
 

bcs-services/bcs-bscp/cmd/feed-server/bll/release/release.go

@@ -177,6 +177,7 @@ func (rs *ReleasedService) ListAppLatestReleaseKvMeta(kt *kit.Kit, opts *types.A
 				BizId: one.Attachment.BizID,
 				AppId: one.Attachment.AppID,
 			},
+			ContentSpec: pbcontent.PbContentSpec(one.ContentSpec),
 		}
 	}
 	meta.Kvs = kvList

bcs-services/bcs-bscp/cmd/feed-server/bll/types/types.go

@@ -21,6 +21,7 @@ import (
 	pbbase "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/base"
 	pbcommit "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/commit"
 	pbci "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/config-item"
+	pbcontent "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/content"
 	pbhook "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/hook"
 	pbkv "github.com/TencentBlueKing/bk-bcs/bcs-services/bcs-bscp/pkg/protocol/core/kv"
 )
@@ -120,8 +121,9 @@ type AppLatestReleaseKvMeta struct {
 
 // ReleasedKvMeta defines a release's released kv metadata
 type ReleasedKvMeta struct {
-	Key          string             `json:"key,omitempty"`
-	KvType       string             `json:"kv_type,omitempty"`
-	Revision     *pbbase.Revision   `json:"revision,omitempty"`
-	KvAttachment *pbkv.KvAttachment `json:"kv_attachment,omitempty"`
+	Key          string                 `json:"key,omitempty"`
+	KvType       string                 `json:"kv_type,omitempty"`
+	Revision     *pbbase.Revision       `json:"revision,omitempty"`
+	KvAttachment *pbkv.KvAttachment     `json:"kv_attachment,omitempty"`
+	ContentSpec  *pbcontent.ContentSpec `json:"content_spec,omitempty"`
 }

bcs-services/bcs-bscp/cmd/feed-server/service/rpc_sidecar.go

@@ -398,6 +398,7 @@ func (s *Service) PullKvMeta(ctx context.Context, req *pbfs.PullKvMetaReq) (*pbf
 				BizId: kv.KvAttachment.BizId,
 				AppId: kv.KvAttachment.AppId,
 			},
+			ContentSpec: kv.ContentSpec,
 		})
 	}
 

bcs-services/bcs-bscp/pkg/dal/dao/kv.go

@@ -123,7 +123,7 @@ func (dao *kvDao) Update(kit *kit.Kit, kv *table.Kv) error {
 	updateTx := func(tx *gen.Query) error {
 		q = tx.Kv.WithContext(kit.Ctx)
 		if _, e := q.Where(m.BizID.Eq(kv.Attachment.BizID), m.ID.Eq(kv.ID)).Select(m.Version, m.UpdatedAt,
-			m.Reviser, m.KvState).Updates(kv); e != nil {
+			m.Reviser, m.KvState, m.Signature, m.ByteSize).Updates(kv); e != nil {
 			return e
 		}