Skip to content

Commit

Permalink
Merge remote-tracking branch '腾讯github/master' into issue-11366
Browse files Browse the repository at this point in the history
# Conflicts:
#	src/backend/ci/core/store/biz-store/src/main/kotlin/com/tencent/devops/store/atom/dao/MarketAtomDao.kt
  • Loading branch information
Kzhou991 committed Jan 20, 2025
2 parents 52b0b5f + 34f1e7e commit 9ecbabd
Show file tree
Hide file tree
Showing 32 changed files with 867 additions and 382 deletions.
358 changes: 358 additions & 0 deletions CHANGELOG/en/CHANGELOG-3.1.md

Large diffs are not rendered by default.

15 changes: 13 additions & 2 deletions CHANGELOG/zh_CN/CHANGELOG-3.0.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
<!-- BEGIN MUNGE: GENERATED_TOC -->
- [v3.0.12](#v3012)
- [Changelog since v3.0.11](#changelog-since-v3011)

- [v3.0.11](#v3011)
- [Changelog since v3.0.0](#changelog-since-v300)
- [v3.0.1-v3.0.11]
- 因镜像版本与仓库版本没有统一,v3.0.1-v3.0.11已有镜像版本,但没有仓库版本,所以仓库这些版本直接跳过
- [v3.0.1-v3.0.10]
- 因镜像版本与仓库版本没有统一,v3.0.1-v3.0.10已有镜像版本,但没有仓库版本,所以仓库这些版本直接跳过
- [v3.0.0](#v300)
- [Changelog since v2.1.0](#changelog-since-v210)
- [v3.0.0-rc.1](#v300-rc1)
Expand All @@ -13,6 +16,14 @@


<!-- NEW RELEASE NOTES ENTRY -->
# v3.0.12
## 2025-01-08
### Changelog since v3.0.11
#### 修复

##### 未分类
- [修复] bug: 修复v3.0版本打helm chart包时报错 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11391)

# v3.0.11
## 2024-12-05
### Changelog since v3.0.0
Expand Down
266 changes: 266 additions & 0 deletions CHANGELOG/zh_CN/CHANGELOG-3.1.md

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ package com.tencent.devops.auth.provider.rbac.service

import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
import com.tencent.bk.sdk.iam.dto.V2PageInfoDTO
import com.tencent.bk.sdk.iam.dto.manager.GroupMemberVerifyInfo
import com.tencent.bk.sdk.iam.dto.manager.dto.SearchGroupDTO
import com.tencent.bk.sdk.iam.exception.IamException
import com.tencent.bk.sdk.iam.service.v2.V2ManagerService
Expand Down Expand Up @@ -161,10 +162,16 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor(
if (deptService.isUserDeparted(memberId)) {
return@forEach
}
val verifyResults = iamV2ManagerService.verifyGroupValidMember(
memberId,
groupInfos.joinToString(",") { it.iamGroupId.toString() }
)
// 获取用户加入组的有效期
val groupIds = groupInfos.map { it.iamGroupId }
val verifyResults = mutableMapOf<Int, GroupMemberVerifyInfo>()
groupIds.chunked(20).forEach { batchGroupIds ->
val batchVerifyGroupValidMember = iamV2ManagerService.verifyGroupValidMember(
memberId,
batchGroupIds.joinToString(",")
)
verifyResults.putAll(batchVerifyGroupValidMember)
}
verifyResults.forEach { (groupId, verifyResult) ->
if (verifyResult.belong == true && verifyResult.expiredAt > LocalDateTime.now().timestamp()) {
logger.info("The member of group needs to be renewed:$projectCode|$groupId|$memberId")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -589,7 +589,7 @@ class RbacPermissionResourceMemberService(
groupId: Int,
memberRenewalDTO: GroupMemberRenewalDTO
): Boolean {
logger.info("renewal group member|$userId|$projectCode|$resourceType|$groupId")
logger.info("renewal group member|$userId|$projectCode|$resourceType|$groupId|${memberRenewalDTO.expiredAt}")
val managerMemberGroupDTO = GroupMemberRenewApplicationDTO.builder()
.groupIds(listOf(groupId))
.expiredAt(memberRenewalDTO.expiredAt)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ import com.tencent.devops.common.auth.rbac.utils.RbacAuthUtils
import com.tencent.devops.common.client.Client
import com.tencent.devops.common.service.trace.TraceTag
import com.tencent.devops.common.service.utils.LogUtils
import com.tencent.devops.process.api.service.ServicePipelineViewResource
import com.tencent.devops.process.api.user.UserPipelineViewResource
import org.slf4j.LoggerFactory
import org.slf4j.MDC
Expand Down Expand Up @@ -360,6 +361,30 @@ class RbacPermissionService(
projectCode = projectCode,
resourceType = resourceType
)

resourceType == AuthResourceType.PIPELINE_DEFAULT.value -> {
val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds ->
client.get(ServicePipelineViewResource::class).listPipelineIdByViewIds(
projectId = projectCode,
viewIdsEncode = authViewIds
).data
} ?: emptyList()

val authPipelineIamIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList()
val pipelineIds = mutableSetOf<String>().apply {
addAll(authViewPipelineIds)
addAll(
getFinalResourceCodes(
projectCode = projectCode,
resourceType = resourceType,
iamResourceCodes = authPipelineIamIds,
createUser = userId
)
)
}
pipelineIds.toList()
}

// 返回具体资源列表
else -> {
val iamResourceCodes = instanceMap[resourceType] ?: emptyList()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ enum class ErrorType(
val typeName: String,
val num: Int
) {
// 非常注意:此关联前端展示的图标,前端枚举需要同步更新
SYSTEM("system", 0), // 0 系统运行报错
USER("user", 1), // 1 用户配置报错
THIRD_PARTY("thirdParty", 2), // 2 第三方系统接入错误
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ interface ServiceLogPrintResource {
executeCount: Int?,
@Parameter(description = "插件的存储模式", required = false)
@QueryParam("logStorageMode")
logStorageMode: LogStorageMode? = LogStorageMode.UPLOAD,
logStorageMode: LogStorageMode? = null,
@Parameter(description = "job id", required = false)
@QueryParam("userJobId")
jobId: String?,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,26 +46,27 @@ class LogStatusDao {
subTags: String?,
containerHashId: String?,
executeCount: Int,
logStorageMode: LogStorageMode,
logStorageMode: LogStorageMode?,
finish: Boolean,
jobId: String?,
stepId: String?
) {
with(TLogStatus.T_LOG_STATUS) {
dslContext.insertInto(this)
val update = dslContext.insertInto(this)
.set(BUILD_ID, buildId)
.set(TAG, tag)
.set(SUB_TAG, subTags)
.set(EXECUTE_COUNT, executeCount)
.set(JOB_ID, containerHashId)
.set(FINISHED, finish)
.set(MODE, logStorageMode.name)

.set(USER_JOB_ID, jobId)
.set(STEP_ID, stepId)
.onDuplicateKeyUpdate()
logStorageMode?.let { update.set(MODE, it.name) }
update.onDuplicateKeyUpdate()
.set(FINISHED, finish)
.set(MODE, logStorageMode.name)
.execute()
logStorageMode?.let { update.set(MODE, it.name) }
update.execute()
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ data class LogStatusEvent(
val userJobId: String?,
val stepId: String?,
val executeCount: Int?,
val logStorageMode: LogStorageMode? = LogStorageMode.UPLOAD,
val logStorageMode: LogStorageMode?,
override var retryTime: Int = 2,
override var delayMills: Int = 0
) : ILogEvent(buildId, retryTime, delayMills)
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ class ServiceLogPrintResourceImpl @Autowired constructor(
subTag = subTag,
jobId = containerHashId,
executeCount = executeCount,
logStorageMode = null,
userJobId = jobId,
stepId = stepId
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ class LogStatusService @Autowired constructor(
subTags = subTag ?: "",
containerHashId = containerHashId ?: "",
executeCount = executeCount ?: 1,
logStorageMode = logStorageMode ?: LogStorageMode.UPLOAD,
logStorageMode = logStorageMode,
finish = finish,
jobId = jobId,
stepId = stepId
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,9 @@ object ESIndexUtils {
.startObject("containerHashId").field("type", "keyword").endObject()
.startObject("stepId").field("type", "keyword").endObject()
.startObject("executeCount").field("type", "keyword").endObject()
.startObject("logType").field("type", "text").endObject()
.startObject("logType").field("type", "keyword").endObject()
.startObject("message").field("type", "text")
.field("analyzer", "standard")
.field("index", false)
.endObject()
.endObject()
.endObject()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -208,4 +208,14 @@ interface ServicePipelineViewResource {
@PathParam("pipelineId")
pipelineId: String
): Result<Set<Long>>

@Operation(summary = "根据视图ID获取流水线ID列表")
@POST
@Path("/pipelines/listPipelineIdByViewIds")
fun listPipelineIdByViewIds(
@PathParam("projectId")
projectId: String,
@Parameter(description = "按视图过滤", required = false)
viewIdsEncode: List<String>
): Result<List<String>>
}
Original file line number Diff line number Diff line change
Expand Up @@ -208,4 +208,13 @@ class ServicePipelineViewResourceImpl @Autowired constructor(
pipelineViewGroupService.listViewIdsByPipelineId(projectId, pipelineId)
)
}

override fun listPipelineIdByViewIds(
projectId: String,
viewIdsEncode: List<String>
): Result<List<String>> {
return Result(
pipelineViewGroupService.listPipelineIdsByViewIds(projectId, viewIdsEncode)
)
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,6 @@ abstract class AbstractPipelinePermissionService constructor(
}

override fun isControlPipelineListPermission(projectId: String): Boolean {
return true
return false
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -186,43 +186,19 @@ class RbacPipelinePermissionService(
}
}

override fun getResourceByPermission(userId: String, projectId: String, permission: AuthPermission): List<String> {
logger.info("[rbac] get resource by permission|$userId|$projectId|$permission")
val startEpoch = System.currentTimeMillis()
try {
// 获取有权限的流水线、流水线组、项目列表
val instanceMap = authPermissionApi.getUserResourceAndParentByPermission(
user = userId,
serviceCode = pipelineAuthServiceCode,
projectCode = projectId,
permission = permission,
resourceType = resourceType
)
return when {
// 如果有项目下所有该资源权限,返回项目下流水线列表
instanceMap[AuthResourceType.PROJECT.value]?.contains(projectId) == true ->
getAllAuthPipelineIds(projectId = projectId)

else -> {
// 获取有权限流水线组下的流水线
val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds ->
pipelineViewGroupCommonService.listPipelineIdsByViewIds(projectId, authViewIds)
} ?: emptyList()
// 获取有权限的流水线列表
val authPipelineIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList()

val pipelineIds = mutableSetOf<String>()
pipelineIds.addAll(authViewPipelineIds)
pipelineIds.addAll(authPipelineIds)
pipelineIds.toList()
}
}
} finally {
logger.info(
"It take(${System.currentTimeMillis() - startEpoch})ms to get resource by permission|" +
"$userId|$projectId|$permission"
)
}
override fun getResourceByPermission(
userId: String,
projectId: String,
permission: AuthPermission
): List<String> {
return authPermissionApi.getUserResourceByPermission(
user = userId,
serviceCode = pipelineAuthServiceCode,
resourceType = resourceType,
projectCode = projectId,
permission = permission,
supplier = null
)
}

override fun filterPipelines(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1084,6 +1084,18 @@ class PipelineInfoFacadeService @Autowired constructor(
)
modelCheckPlugin.beforeDeleteElementInExistsModel(existModel, model, param)
}
val templateId = model.templateId

if (templateId != null) {
// 如果是根据模板创建的流水线需为model设置srcTemplateId
model.srcTemplateId = templateDao.getSrcTemplateId(
dslContext = dslContext,
projectId = projectId,
templateId = templateId,
type = TemplateType.CONSTRAINT.name
)
}

val deployResult = pipelineRepositoryService.deployPipeline(
model = model,
projectId = projectId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ import com.tencent.devops.common.auth.api.pojo.ProjectConditionDTO
import com.tencent.devops.common.auth.api.pojo.ResourceRegisterInfo
import com.tencent.devops.common.auth.api.pojo.SubjectScopeInfo
import com.tencent.devops.common.auth.code.ProjectAuthServiceCode
import com.tencent.devops.common.auth.enums.SubjectScopeType
import com.tencent.devops.common.client.Client
import com.tencent.devops.common.client.ClientTokenService
import com.tencent.devops.common.event.dispatcher.SampleEventDispatcher
Expand Down Expand Up @@ -766,9 +767,27 @@ abstract class AbsProjectServiceImpl @Autowired constructor(
beforeSubjectScopes: List<SubjectScopeInfo>,
afterSubjectScopes: List<SubjectScopeInfo>
): Boolean {
val beforeIds = beforeSubjectScopes.map { it.id }.toSet()
val afterIds = afterSubjectScopes.map { it.id }.toSet()
return beforeIds != afterIds
val beforeUsernames = beforeSubjectScopes
.filter { it.type == SubjectScopeType.USER.value }
.map { it.username }
.toSet()

val afterUsernames = afterSubjectScopes
.filter { it.type == SubjectScopeType.USER.value }
.map { it.username }
.toSet()

val beforeDeptIds = beforeSubjectScopes
.filter { it.type != SubjectScopeType.USER.value }
.map { it.id }
.toSet()

val afterDeptIds = afterSubjectScopes
.filter { it.type != SubjectScopeType.USER.value }
.map { it.id }
.toSet()

return beforeUsernames != afterUsernames || beforeDeptIds != afterDeptIds
}

private fun updateApprovalInfo(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ import com.tencent.devops.store.pojo.atom.enums.AtomStatusEnum
import com.tencent.devops.store.pojo.atom.enums.AtomTypeEnum
import com.tencent.devops.store.pojo.atom.enums.MarketAtomSortTypeEnum
import com.tencent.devops.store.pojo.common.enums.StoreTypeEnum
import java.math.BigDecimal
import java.time.LocalDateTime
import org.jooq.Condition
import org.jooq.DSLContext
import org.jooq.Record
Expand All @@ -57,8 +59,6 @@ import org.jooq.UpdateSetFirstStep
import org.jooq.impl.DSL
import org.jooq.impl.DSL.min
import org.springframework.stereotype.Repository
import java.math.BigDecimal
import java.time.LocalDateTime

@Suppress("ALL")
@Repository
Expand Down Expand Up @@ -733,14 +733,28 @@ class MarketAtomDao : AtomBaseDao() {
}
}

fun setupAtomLatestTestFlag(dslContext: DSLContext, userId: String, atomCode: String, atomId: String) {
fun setupAtomLatestTestFlagById(
dslContext: DSLContext,
userId: String,
atomId: String,
latestFlag: Boolean
) {
with(TAtom.T_ATOM) {
dslContext.update(this)
.set(
LATEST_TEST_FLAG,
DSL.case_().`when`(ID.eq(atomId), true).otherwise(false)
)
.set(LATEST_TEST_FLAG, latestFlag)
.set(MODIFIER, userId)
.where(ID.eq(atomId))
.execute()
}
}

fun resetAtomLatestTestFlagByCode(
dslContext: DSLContext,
atomCode: String
) {
with(TAtom.T_ATOM) {
dslContext.update(this)
.set(LATEST_TEST_FLAG, false)
.where(ATOM_CODE.eq(atomCode))
.execute()
}
Expand Down
Loading

0 comments on commit 9ecbabd

Please sign in to comment.