feat: agent license func operate

server/controller/db/mysql/migration/rawsql/init.sql

@@ -2372,6 +2372,18 @@ CREATE TABLE IF NOT EXISTS consumer_bill (
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
 TRUNCATE TABLE consumer_bill;
 
+CREATE TABLE IF NOT EXISTS license_func_log (
+    id                      INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY,
+    team_id                 INTEGER DEFAULT 1,
+    agent_id                INTEGER NOT NULL,
+    agent_name              VARCHAR(256) NOT NULL,
+    user_id                 INTEGER NOT NULL,
+    license_function        INTEGER NOT NULL COMMENT '1.traffic distribution 2.network monitoring 3.call monitoring 4.function monitoring 5.application monitoring 6.indicator monitoring 7.database monitoring 8.log monitoring 9.max',
+    enabled                 INTEGER NOT NULL COMMENT '0.false 1.true',
+    created_at              DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+TRUNCATE TABLE license_func_log;
+
 CREATE TABLE IF NOT EXISTS kubernetes_cluster (
     id                      INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY,
     cluster_id              VARCHAR(256) NOT NULL ,

server/controller/db/mysql/migration/rawsql/issu/6.6.1.8.sql

@@ -0,0 +1,30 @@
+CREATE TABLE IF NOT EXISTS license_func_log (
+    id                      INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY,
+    team_id                 INTEGER DEFAULT 1,
+    agent_name              VARCHAR(256) NOT NULL,
+    agent_id                INTEGER NOT NULL,
+    user_id                 INTEGER NOT NULL,
+    license_function        INTEGER NOT NULL COMMENT '1.traffic distribution 2.network monitoring 3.call monitoring 4.function monitoring 5.application monitoring 6.indicator monitoring 7.database monitoring 8.log monitoring 9.max',
+    enabled                 INTEGER NOT NULL COMMENT '0.false 1.true',
+    created_at              DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+
+BEGIN
+    DECLARE current_db_name VARCHAR(255);
+
+    -- check whether current db is default, @defaultDatabaseName variable will be added by code when sql is executed
+    SELECT DATABASE() INTO current_db_name;
+    IF @defaultDatabaseName = current_db_name THEN
+        UPDATE vtap
+        SET license_functions = '1,2,3,4,5,6,7,8'
+        WHERE EXISTS (
+            SELECT 1
+            FROM consumer_bill
+        ) AND (license_functions IS NULL OR license_functions = '');
+
+    END IF;
+    -- do migration in default and non-default dbs
+END;
+
+-- whether default db or not, update db_version to latest, remember update DB_VERSION_EXPECT in migrate/init.go
+UPDATE db_version SET version='6.6.1.8';

server/controller/db/mysql/migration/version.go

@@ -18,5 +18,5 @@ package migration
 
 const (
 	DB_VERSION_TABLE    = "db_version"
-	DB_VERSION_EXPECTED = "6.6.1.7"
+	DB_VERSION_EXPECTED = "6.6.1.8"
 )

server/controller/db/mysql/model.go

@@ -228,6 +228,21 @@ func (VTapGroup) TableName() string {
 	return "vtap_group"
 }
 
+type LicenseFuncLog struct {
+	ID              int       `gorm:"primaryKey;column:id;type:int;not null" json:"ID"`
+	TeamID          int       `gorm:"column:team_id;type:int;default:1" json:"TEAM_ID"`
+	AgentID         int       `gorm:"column:agent_id;type:int" json:"AGENT_ID"`
+	AgentName       string    `gorm:"column:agent_name;type:varchar(256)" json:"AGENT_NAME"`
+	UserID          int       `gorm:"column:user_id;type:int" json:"USER_ID"`
+	LicenseFunction int       `gorm:"column:license_function;type:int;" json:"ENABLED_FEATURE"`
+	Enabled         int       `gorm:"column:enabled;type:int" json:"ENABLED"`
+	CreatedAt       time.Time `gorm:"column:created_at;type:datetime;default:CURRENT_TIMESTAMP" json:"CREATED_AT"`
+}
+
+func (LicenseFuncLog) TableName() string {
+	return "license_func_log"
+}
+
 type DataSource struct {
 	ID                        int       `gorm:"primaryKey;column:id;type:int;not null" json:"ID"`
 	DisplayName               string    `gorm:"column:display_name;type:char(64);default:''" json:"DISPLAY_NAME"`

server/controller/http/service/agentlicense/agent_license_func.go

@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2024 Yunshan Networks
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package agentlicense
+
+import (
+	"github.com/deepflowio/deepflow/server/controller/config"
+	"github.com/deepflowio/deepflow/server/controller/db/mysql"
+)
+
+func GetAgentLicenseFunctions(cfg *config.ControllerConfig, userID int, agent *mysql.VTap,
+	licenseFunctions []interface{}) (string, []mysql.LicenseFuncLog, error) {
+
+	return "", nil, nil
+}

server/controller/http/service/agentlicense/go.mod

@@ -0,0 +1,3 @@
+module github.com/deepflowio/deepflow/server/controller/http/service/agentlicense
+
+go 1.18

server/controller/http/service/data_source.go

@@ -45,7 +45,7 @@ type DataSource struct {
 func NewDataSource(userInfo *httpcommon.UserInfo, cfg *config.ControllerConfig) *DataSource {
 	dataSource := &DataSource{
 		cfg:            cfg,
-		resourceAccess: &ResourceAccess{fpermit: cfg.FPermit, userInfo: userInfo},
+		resourceAccess: &ResourceAccess{Fpermit: cfg.FPermit, UserInfo: userInfo},
 	}
 
 	dataSource.generateIPToController()
@@ -57,7 +57,7 @@ func NewDataSourceWithIngesterAPIConfig(userInfo *httpcommon.UserInfo, cfg commo
 		cfg: &config.ControllerConfig{
 			IngesterApi: cfg,
 		},
-		resourceAccess: &ResourceAccess{userInfo: userInfo},
+		resourceAccess: &ResourceAccess{UserInfo: userInfo},
 	}
 	if err := dataSource.generateIPToController(); err != nil {
 		log.Warning(err)
@@ -66,7 +66,7 @@ func NewDataSourceWithIngesterAPIConfig(userInfo *httpcommon.UserInfo, cfg commo
 }
 
 func (d *DataSource) generateIPToController() error {
-	db, err := mysql.GetDB(d.resourceAccess.userInfo.ORGID)
+	db, err := mysql.GetDB(d.resourceAccess.UserInfo.ORGID)
 	if err != nil {
 		return err
 	}

server/controller/http/service/permission_verification.go

@@ -40,54 +40,54 @@ var (
 )
 
 type ResourceAccess struct {
-	fpermit  common.FPermit
-	userInfo *httpcommon.UserInfo
+	Fpermit  common.FPermit
+	UserInfo *httpcommon.UserInfo
 }
 
 func NewResourceAccess(fpermit common.FPermit, userInfo *httpcommon.UserInfo) *ResourceAccess {
 	return &ResourceAccess{
-		fpermit:  fpermit,
-		userInfo: userInfo,
+		Fpermit:  fpermit,
+		UserInfo: userInfo,
 	}
 }
 
 func (ra *ResourceAccess) CanAddResource(teamID int, resourceType, resourceUUID string) error {
-	if !ra.fpermit.Enabled {
+	if !ra.Fpermit.Enabled {
 		return nil
 	}
-	url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessAdd)
+	url := fmt.Sprintf(urlPermitVerify, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, AccessAdd)
 	url += fmt.Sprintf("&team_id=%d", teamID)
-	if err := PermitVerify(url, ra.userInfo, teamID); err != nil {
+	if err := PermitVerify(url, ra.UserInfo, teamID); err != nil {
 		return err
 	}
 	if resourceType == common.SET_RESOURCE_TYPE_AGENT ||
 		resourceType == common.SET_RESOURCE_TYPE_DATA_SOURCE {
 		return nil
 	}
 
-	url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
+	url = fmt.Sprintf(urlResource, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
 	body := map[string]interface{}{
 		"team_id":       teamID,
-		"owner_user_id": ra.userInfo.ID,
+		"owner_user_id": ra.UserInfo.ID,
 		"resource_type": resourceType,
 		"resource_id":   resourceUUID,
 	}
-	return resourceVerify(url, http.MethodPost, ra.userInfo, teamID, body)
+	return resourceVerify(url, http.MethodPost, ra.UserInfo, teamID, body)
 }
 
 func (ra *ResourceAccess) CanUpdateResource(teamID int, resourceType, resourceUUID string, resourceUp map[string]interface{}) error {
-	if !ra.fpermit.Enabled {
+	if !ra.Fpermit.Enabled {
 		return nil
 	}
-	url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessUpdate)
+	url := fmt.Sprintf(urlPermitVerify, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, AccessUpdate)
 	if resourceType == common.SET_RESOURCE_TYPE_AGENT ||
 		resourceType == common.SET_RESOURCE_TYPE_DATA_SOURCE {
 		url += fmt.Sprintf("&team_id=%d&resource_type=%s", teamID, resourceType)
 	} else {
 		url += fmt.Sprintf("&resource_type=%s&resource_id=%s", resourceType, resourceUUID)
 	}
 
-	if err := PermitVerify(url, ra.userInfo, teamID); err != nil {
+	if err := PermitVerify(url, ra.UserInfo, teamID); err != nil {
 		return err
 	}
 	if resourceType == common.SET_RESOURCE_TYPE_AGENT ||
@@ -103,79 +103,79 @@ func (ra *ResourceAccess) CanUpdateResource(teamID int, resourceType, resourceUU
 			"resource_type": resourceType,
 			"resource_id":   resourceUUID,
 		}
-		url = fmt.Sprintf(urlUGCPermission, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
-		if err := ugcPermission(url, ra.userInfo, body); err != nil {
+		url = fmt.Sprintf(urlUGCPermission, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
+		if err := ugcPermission(url, ra.UserInfo, body); err != nil {
 			return err
 		}
 	}
 
-	url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
+	url = fmt.Sprintf(urlResource, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
 	body := map[string]interface{}{
 		"resource_where": map[string]interface{}{
 			"resource_type": resourceType,
 			"resource_id":   resourceUUID,
 		},
 		"resource_up": resourceUp,
 	}
-	return resourceVerify(url, http.MethodPatch, ra.userInfo, teamID, body)
+	return resourceVerify(url, http.MethodPatch, ra.UserInfo, teamID, body)
 }
 
 func (ra *ResourceAccess) CanDeleteResource(teamID int, resourceType, resourceUUID string) error {
-	if !ra.fpermit.Enabled {
+	if !ra.Fpermit.Enabled {
 		return nil
 	}
-	url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessDelete)
+	url := fmt.Sprintf(urlPermitVerify, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, AccessDelete)
 	if resourceType == common.SET_RESOURCE_TYPE_AGENT ||
 		resourceType == common.SET_RESOURCE_TYPE_DATA_SOURCE {
 		url += fmt.Sprintf("&team_id=%d&resource_type=%s", teamID, resourceType)
 	} else {
 		url += fmt.Sprintf("&resource_type=%s&resource_id=%s", resourceType, resourceUUID)
 	}
 
-	if err := PermitVerify(url, ra.userInfo, teamID); err != nil {
+	if err := PermitVerify(url, ra.UserInfo, teamID); err != nil {
 		return err
 	}
 	if resourceType == common.SET_RESOURCE_TYPE_AGENT ||
 		resourceType == common.SET_RESOURCE_TYPE_DATA_SOURCE {
 		return nil
 	}
 
-	url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
+	url = fmt.Sprintf(urlResource, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
 	body := map[string]interface{}{
 		"resource_type": resourceType,
 		"resource_ids":  resourceUUID,
 	}
-	return resourceVerify(url, http.MethodDelete, ra.userInfo, teamID, body)
+	return resourceVerify(url, http.MethodDelete, ra.UserInfo, teamID, body)
 }
 
 func (ra *ResourceAccess) CanAddSubDomainResource(domainTeamID, subDomainTeamID int, resourceUUID string) error {
-	if !ra.fpermit.Enabled {
+	if !ra.Fpermit.Enabled {
 		return nil
 	}
-	url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessAdd)
+	url := fmt.Sprintf(urlPermitVerify, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, AccessAdd)
 	url += fmt.Sprintf("&parent_team_id=%d&team_id=%d", domainTeamID, subDomainTeamID)
-	if err := PermitVerify(url, ra.userInfo, subDomainTeamID); err != nil {
+	if err := PermitVerify(url, ra.UserInfo, subDomainTeamID); err != nil {
 		return err
 	}
 
-	url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
+	url = fmt.Sprintf(urlResource, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
 	body := map[string]interface{}{
 		"team_id":       subDomainTeamID,
-		"owner_user_id": ra.userInfo.ID,
+		"owner_user_id": ra.UserInfo.ID,
 		"resource_type": common.SET_RESOURCE_TYPE_SUB_DOMAIN,
 		"resource_id":   resourceUUID,
 	}
-	return resourceVerify(url, http.MethodPost, ra.userInfo, subDomainTeamID, body)
+	return resourceVerify(url, http.MethodPost, ra.UserInfo, subDomainTeamID, body)
 }
 
 func (ra *ResourceAccess) CanUpdateSubDomainResource(domainTeamID, subDomainTeamID int, resourceUUID string, resourceUp map[string]interface{}) error {
-	if !ra.fpermit.Enabled {
+	if !ra.Fpermit.Enabled {
 		return nil
 	}
-	url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessUpdate)
+	url := fmt.Sprintf(urlPermitVerify, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, AccessUpdate)
 	url += fmt.Sprintf("&parent_team_id=%d&team_id=%d&resource_type=%s&resource_id=%s", domainTeamID, subDomainTeamID, common.SET_RESOURCE_TYPE_SUB_DOMAIN, resourceUUID)
 
-	if err := PermitVerify(url, ra.userInfo, subDomainTeamID); err != nil {
+	if err := PermitVerify(url, ra.UserInfo, subDomainTeamID); err != nil {
 		return err
 	}
 
@@ -187,16 +187,16 @@ func (ra *ResourceAccess) CanUpdateSubDomainResource(domainTeamID, subDomainTeam
 	teamID, tOK := resourceUp["team_id"]
 	if tOK {
 		newTeamID = int(teamID.(float64))
-		url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessAdd)
+		url := fmt.Sprintf(urlPermitVerify, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, AccessAdd)
 		url += fmt.Sprintf("&parent_team_id=%d&team_id=%d", domainTeamID, newTeamID)
-		if err := PermitVerify(url, ra.userInfo, newTeamID); err != nil {
+		if err := PermitVerify(url, ra.UserInfo, newTeamID); err != nil {
 			return err
 		}
 	}
 	return nil
 
 	// TODO: support update
-	// var newOwnerID int = ra.userInfo.ID
+	// var newOwnerID int = ra.UserInfo.ID
 	// userID, uOK := resourceUp["owner_user_id"]
 	// if uOK {
 	// 	newOwnerID = int(userID.(float64))
@@ -208,54 +208,54 @@ func (ra *ResourceAccess) CanUpdateSubDomainResource(domainTeamID, subDomainTeam
 	// 		"resource_type": common.SET_RESOURCE_TYPE_SUB_DOMAIN,
 	// 		"resource_id":   resourceUUID,
 	// 	}
-	// 	url = fmt.Sprintf(urlUGCPermission, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
-	// 	if err := ugcPermission(url, ra.userInfo, body); err != nil {
+	// 	url = fmt.Sprintf(urlUGCPermission, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
+	// 	if err := ugcPermission(url, ra.UserInfo, body); err != nil {
 	// 		return err
 	// 	}
 	// }
 
-	// url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
+	// url = fmt.Sprintf(urlResource, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
 	// body := map[string]interface{}{
 	// 	"resource_where": map[string]interface{}{
 	// 		"resource_type": common.SET_RESOURCE_TYPE_SUB_DOMAIN,
 	// 		"resource_id":   resourceUUID,
 	// 	},
 	// 	"resource_up": resourceUp,
 	// }
-	// return resourceVerify(url, http.MethodPatch, ra.userInfo, domainTeamID, body)
+	// return resourceVerify(url, http.MethodPatch, ra.UserInfo, domainTeamID, body)
 }
 
 func (ra *ResourceAccess) CanDeleteSubDomainResource(domainTeamID, subDomainTeamID int, resourceUUID string) error {
-	if !ra.fpermit.Enabled {
+	if !ra.Fpermit.Enabled {
 		return nil
 	}
-	url := fmt.Sprintf(urlPermitVerify, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, AccessDelete)
+	url := fmt.Sprintf(urlPermitVerify, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, AccessDelete)
 	url += fmt.Sprintf("&parent_team_id=%d&team_id=%d&resource_type=%s&resource_id=%s", domainTeamID, subDomainTeamID, common.SET_RESOURCE_TYPE_SUB_DOMAIN, resourceUUID)
 
-	if err := PermitVerify(url, ra.userInfo, subDomainTeamID); err != nil {
+	if err := PermitVerify(url, ra.UserInfo, subDomainTeamID); err != nil {
 		return err
 	}
 
-	url = fmt.Sprintf(urlResource, ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID)
+	url = fmt.Sprintf(urlResource, ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID)
 	body := map[string]interface{}{
 		"resource_type": common.SET_RESOURCE_TYPE_SUB_DOMAIN,
 		"resource_ids":  resourceUUID,
 	}
-	return resourceVerify(url, http.MethodDelete, ra.userInfo, subDomainTeamID, body)
+	return resourceVerify(url, http.MethodDelete, ra.UserInfo, subDomainTeamID, body)
 }
 
 func (ra *ResourceAccess) CanOperateDomainResource(teamID int, domainUUID string) error {
-	if !ra.fpermit.Enabled {
+	if !ra.Fpermit.Enabled {
 		return nil
 	}
 	if (domainUUID == "" || domainUUID == common.DEFAULT_DOMAIN) &&
-		ra.userInfo.Type != common.USER_TYPE_SUPER_ADMIN {
+		ra.UserInfo.Type != common.USER_TYPE_SUPER_ADMIN {
 		return fmt.Errorf("non-super administrators do not have permission to operate")
 	}
 
 	url := fmt.Sprintf("http://%s:%d/v1/org/%d/permit_verify?method=update&resource_type=domain&resource_id=%s",
-		ra.fpermit.Host, ra.fpermit.Port, ra.userInfo.ORGID, domainUUID)
-	return PermitVerify(url, ra.userInfo, teamID)
+		ra.Fpermit.Host, ra.Fpermit.Port, ra.UserInfo.ORGID, domainUUID)
+	return PermitVerify(url, ra.UserInfo, teamID)
 }
 
 func PermitVerify(url string, userInfo *httpcommon.UserInfo, teamID int) error {