feat: 凭证管理增强 --story=125449007#548
Open
dengyh wants to merge 10 commits intoTencentBlueKing:masterfrom
Open
Conversation
feature(credential): 编辑凭证作用域功能模块 feature(credential): 凭证管理模块联调后端接口 feature(credential): 自定义凭证内容增加key重复校验 feature(credential): 增加获取凭证作用域详情接口 feature(credential): 去掉列表空值筛选 feature(credential): 优化查看内容详情字段 feature(credential): 优化凭证指引图体积大小 feature(credential): 提交凭证获取指引代码 (cherry picked from commit 2512579ebcfa6e904da339666af4cb805a2f8018)
feature(credential): 去掉编辑作用域模块的i18n翻译 --story=125449007
* feat: 节点配置添加凭证选择 --story=125449007 # Reviewed, transaction id: 66075 * fix: 关闭label提示下划线 --story=125449007 # Reviewed, transaction id: 66078 * feat: 节点配置添加凭证选择 --story=125449007 # Reviewed, transaction id: 66104 * fix: 凭证选择校验优化 --story=125449007 # Reviewed, transaction id: 66163
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
代码审查总结
本次 PR 引入了凭证管理系统,整体设计良好,测试覆盖充分。发现以下关键问题需要修复:
🚨 严重问题
- 异常捕获过于宽泛 -
create_credential.py:56和多处使用裸except Exception,可能隐藏关键错误 - SQL 注入风险 -
test_secret_json_field.py:52使用字符串拼接 SQL,应使用参数化查询 - 代码逻辑不完整 -
create_credential.py:56有未完成的代码片段if scope_l
⚡ 性能问题
- N+1 查询 - 凭证作用域检查可能导致多次数据库查询
⚠️ 逻辑问题
- 作用域验证逻辑 -
CredentialScopeLevel.NONE处理不明确 - 事务完整性 - 部分更新操作缺少事务保护
✨ 建议改进
- 添加凭证轮换机制
- 考虑凭证使用审计日志
- 增强密钥管理的安全性
审查评级: 需要修复严重问题后再合并
| :param request: HTTP 请求对象 | ||
| :param space_id: 空间ID | ||
| :return: 创建的凭证信息 | ||
| """ |
There was a problem hiding this comment.
🚨 语法错误: 此行代码不完整 if scope_l,缺少完整的条件判断,会导致 Python 语法错误
| default=CredentialScopeLevel.NONE.value, | ||
| choices=Credential.CREDENTIAL_SCOPE_LEVEL_CHOICES, | ||
| ) | ||
| scopes = serializers.ListField( |
There was a problem hiding this comment.
except Exception 会捕获所有异常,包括系统错误。建议改为具体异常类型如 except ValidationError
|
|
||
|
|
||
| class UpdateCredentialSerializer(serializers.Serializer): | ||
| name = serializers.CharField(help_text=_("凭证名称"), max_length=32, required=False) |
There was a problem hiding this comment.
| :param space_id: 空间ID | ||
| :param credential_id: 凭证ID | ||
| :return: 更新后的凭证信息 | ||
| """ |
There was a problem hiding this comment.
with transaction.atomic() 包裹整个更新逻辑
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.