search

cookieY / Yearning

🐳 A most popular sql audit platform for mysql
http://next.yearning.io/
GNU Affero General Public License v3.0
8.45k stars 1.98k forks source link

[Feature] 基于实际环境需要的功能建议 #1012

Open CxistHans opened 6 months ago

CxistHans commented 6 months ago

描述需求

  1. 数据源联动 场景: 开发环境执行后,测试环境执行.... 不用提交多个工单,持续流转就行
  2. 根据数据源查询历史执行sql,结合上一个需求,方便后续进行 生产sql 的统一执行
  3. DDL 和 DML 的合并工单,不确定可行性。
  4. 自定义规则相关说明和文档补充。目前最新的版本好像还是不可用。
  5. 回滚工单 能关联之前的工单,并有明确的 回滚 标识(例如标题上)。(目前只是新开了一个工单)
  6. DCL的功能有办法支持?方便后续进行相关权限账号的申请
  7. 审核 工单 和 查询 页面,支持数据源 的查询条件 (基于上面的需求)
  8. 多个审核人的时候,支持或签选项
  9. 全局审核规则,可以指定某个数据源排除。 场景: MustHaveColumns 的时候,公司多个团队的字段名是不一致的,这样就无法多个团队使用了 暂时这么多...
Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Title: [Feature] Function suggestions based on actual environment needs

Describe requirements

  1. Data source linkage scenario: After the development environment is executed, the test environment is executed.... There is no need to submit multiple work orders, just continuous circulation.
  2. Execute sql based on the data source query history, combined with the previous requirement, to facilitate subsequent unified execution of production sql
  3. The feasibility of merging DDL and DML work orders is uncertain.
  4. Supplementary instructions and documentation related to custom rules. The latest version still seems to be unavailable.
  5. Rollback work orders can be associated with previous work orders, and have clear rollback identification (for example, on the title). (Currently only a new work order has been opened) So much for now...
cookieY commented 6 months ago
  1. 工单流转已在赞助版本实现
  2. 考虑实现
  3. 审核设计之初已按照分离原则,改造成本较大。暂时无计划
  4. 不知道自定义规则具体指的是什么,目前只能根据已有的预设规则进行设置
  5. 考虑实现
  6. 考虑实现
  7. 考虑实现
  8. 目前单一审核节点有多人时,只要一个人审核通过即可
  9. 目前已实现基于数据源的审核规则
Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

  1. Work order transfer has been implemented in the sponsored version
  2. Consider implementing
  3. The principle of separation has been followed at the beginning of the design review, and the transformation cost is relatively high. No plans yet
  4. I don’t know what the custom rules refer to specifically. Currently, I can only set them according to the existing preset rules.
  5. Consider implementing
  6. Consider implementing
  7. Consider implementation
  8. Currently, when there are multiple people on a single review node, only one person can pass the review.
  9. Audit rules based on data sources have been implemented.
CxistHans commented 6 months ago

@cookieY 您好,根据您的回答,进行补充提问题:

  1. 赞助版本是单独的版本?后续会在开源版本中实现?或者说赞助版本使用的需求是啥?有相关介绍?
  2. 关于第四点, 明白了,和第九点 我串起来了。
  3. 关于第八点,我实际情况是 我把 amdin 和 另一个 审核账号A 作为审核人员,提工单账号B,提交后,admin审核后,发现 账号A 还需要做审核,然后账号A 最后有个执行的步骤,再执行。 流程: 审核(admin、账号A),下一步 账号A执行。
  4. 关于数据源的审核规则 应该指的是 Audit Rule 吧? 数据源的审核规则 添加 自定义规则列表的时候,好多默认值和 全局规则不一致,可以的话,添加 自定义规则列表的时候能默认带入全局规则的配置,然后进行调整。
  5. 关于第三点如果有考虑的话会更好,哈哈。
Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

@cookieY Hello, here are some additional questions based on your answers:

  1. Is the sponsored version a separate version? Will it be implemented in the open source version in the future? Or what are the requirements for using the sponsored version? Any relevant introduction?
  2. Regarding the fourth point, I understand, and I connected it with the ninth point.
  3. Regarding the eighth point, my actual situation is that I use amdin and another audit account A as auditors, and submit the work order account B. After submission, after the admin review, it is found that account A still needs to be reviewed, and then account A finally has execute the steps before executing them. Process: Review (admin, account A), next step is execution of account A.
  4. Regarding the audit rules of the data source, should it refer to the Audit Rule? Data source audit rules When adding a custom rule list, many default values ​​are inconsistent with global rules. If possible, when adding a custom rule list, the configuration of the global rules can be brought in by default and then adjusted.
  5. Regarding the third point, it would be better if you consider it, haha.
cookieY commented 6 months ago
  1. 如果数据源没有填写规则,那就是用的全局规则
Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

  1. If the data source does not fill in the rules, then the global rules are used.
CxistHans commented 6 months ago
  1. 如果数据源没有填写规则,那就是用的全局规则

具体到里面的单项规则?我说的数据源是选了规则之后,如果全局规则中的一个选项是填了,自定义中未填? 优先级是?

Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

  1. If the data source does not fill in the rules, then the global rules are used

What specific individual rules are there? The data source I'm talking about is after selecting the rule, if an option in the global rule is filled in, but the customization option is not filled in? What is the priority?

cookieY commented 6 months ago

没有优先级的概念,这里并不是叠加的规则。而是你选择了自定义就按照自定义的来,没选择就是全局

Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

There is no concept of priority, and there are no rules of superposition here. But if you choose to customize, follow the customization. If you don’t choose, it will be global.

CxistHans commented 6 months ago

没有优先级的概念,这里并不是叠加的规则。而是你选择了自定义就按照自定义的来,没选择就是全局

那我的原始需要意思是,新增自定义url的话,能默认带上全局url的配置,然后进行调整,而不是从头开始? 而且现在的情况: 我印象中首次配置的时候,全局配置某些项是有默认值的,然后自定义中没有。 如果产品上考虑不带上全局url的配置进行调整的方式,能不能让初始默认值保持一致?

Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

There is no concept of priority, and there are no superposition rules here. But if you choose to customize, follow the customization. If you don’t choose, it will be global.

So my original need is that if you add a new custom URL, can you bring the global URL configuration by default and then adjust it instead of starting from scratch? And the current situation: In my impression, when I configured it for the first time, some items in the global configuration had default values, but they did not exist in customization. If the product considers adjusting the configuration without the global URL, can the initial default value be kept consistent?

CxistHans commented 6 months ago

还有个建议: 看nginx相关的issues: 8000是后端api接口 8080是前端网页访问接口 现阶段是只有 8000 的端口了? 文档中也只看到:

请注意: 由于Yearning中个别功能使用websocket进行通信。如采用反向代理的方式访问Yearning请在代理层对websocket协议进行代理支持。 例如: nginx 需要配置 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";

请问websocket 目前我怎么测试websocket?从哪个场景? 另外请问有审核通知嘛?回想这几次测试,账号都没有收到审核通知(暂时用的k8s部署,只给 8000 端口开了 nodePort) 考虑后续用 nginx 代理,请问官方文档能补充下具体的nginx配置模板?

Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

Another suggestion: See nginx related issues: 8000 is the back-end api interface 8080 is the front-end web access interface Is there only port 8000 at this stage? I only see this in the documentation:

Please note: Because some functions in Yearning use websocket for communication. If you use reverse proxy to access Yearning, please provide proxy support for the websocket protocol at the proxy layer. For example: nginx needs to be configured proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";

How do I test websocket currently? From which scene? Also, is there any review notice? Looking back on these tests, the account did not receive an audit notice (the k8s deployment was temporarily used, and only nodePort was opened for port 8000) Considering using nginx proxy in the future, can the official document supplement the specific nginx configuration template?

CxistHans commented 6 months ago

再提交几个?

  1. 权限组名称为啥不让改 2、审核的时候,能不能自己不能审核自己? 3、未审核之前的工单sql为什么不让调整 4、能不能权限组反向关联人?并且查看用户所在的组
Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

How many more to submit?

  1. Why is the permission group name not allowed to be changed?
  2. When auditing, can you audit yourself?
  3. Why is the work order SQL not allowed to be adjusted before it is reviewed?
  4. Can permission groups be reversely associated with people? And check the group the user belongs to
CxistHans commented 6 months ago

@cookieY 有空的话,能麻烦回应下?

Issues-translate-bot commented 6 months ago

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

@cookieY If you have time, could you please respond?