Skip to content

Commit

Permalink
feat:Rbac权限中心对接codecc迁移接口 #9001
Browse files Browse the repository at this point in the history
  • Loading branch information
@fcfang123
fcfang123 committed Jun 29, 2023
1 parent 7efa4e2 commit 5244f16
Show file tree
Hide file tree
Showing 8 changed files with 76 additions and 68 deletions.
14 changes: 9 additions & 5 deletions ...uth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,6 @@ interface OpAuthMigrateResource {
@ApiOperation("权限全部升级到rbac权限")
fun allToRbacAuth(): Result<Boolean>

/**
* 按条件升级到rbac权限,该接口默认只用于迁移未升级的项目;
* 若需要使用该接口来重复迁移已升级的项目,可指定该接口的参数 migrateProjectCodes;
* 其他条件仅在迁移未升级的项目有效
*/
@POST
@Path("/toRbacAuthByCondition")
@ApiOperation("按条件升级到rbac权限")
Expand All @@ -87,4 +82,13 @@ interface OpAuthMigrateResource {
@PathParam("projectCode")
projectCode: String
): Result<Boolean>

@POST
@Path("/migrateResource/{projectCode}")
@ApiOperation("迁移特定资源类型资源")
fun migrateResource(
projectCode: String,
resourceType: String,
projectCreator: String
): Result<Boolean>
}
17 changes: 7 additions & 10 deletions ...th-rbac/src/main/kotlin/com/tencent/devops/auth/service/migrate/MigrateResourceService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,26 +79,23 @@ class MigrateResourceService @Autowired constructor(
@Suppress("SpreadOperator")
fun migrateResource(
projectCode: String,
projectCreator: String,
migrateResourceType: String?
projectCreator: String
) {
val startEpoch = System.currentTimeMillis()
logger.info("start to migrate resource:$projectCode")
try {
// 根据传递的资源类型是否为空,决定迁移什么资源
val resourceTypes =
migrateResourceType?.let { listOf(it) }
?: rbacCacheService.listResourceTypes()
.map { it.resourceType }
.filterNot { noNeedToMigrateResourceType.contains(it) }
val resourceTypes = rbacCacheService.listResourceTypes()
.map { it.resourceType }
.filterNot { noNeedToMigrateResourceType.contains(it) }

logger.info("MigrateResourceService|resourceTypes:$resourceTypes")
// 迁移各个资源类型下的资源
val traceId = MDC.get(TraceTag.BIZID)
val resourceTypeFuture = resourceTypes.map { resourceType ->
CompletableFuture.supplyAsync(
{
MDC.put(TraceTag.BIZID, traceId)
migrateResourceByResourceType(
migrateResource(
projectCode = projectCode,
resourceType = resourceType,
projectCreator = projectCreator
Expand All @@ -123,7 +120,7 @@ class MigrateResourceService @Autowired constructor(
}
}

private fun migrateResourceByResourceType(
fun migrateResource(
projectCode: String,
resourceType: String,
projectCreator: String
Expand Down
45 changes: 21 additions & 24 deletions ...c/src/main/kotlin/com/tencent/devops/auth/service/migrate/RbacPermissionMigrateService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,10 +85,7 @@ class RbacPermissionMigrateService constructor(
@Value("\${auth.migrateProjectTag:#{null}}")
private val migrateProjectTag: String = ""

override fun v3ToRbacAuth(
projectCodes: List<String>,
migrateResourceType: String?
): Boolean {
override fun v3ToRbacAuth(projectCodes: List<String>): Boolean {
logger.info("migrate $projectCodes auth from v3 to rbac")
if (projectCodes.isEmpty()) return true
val projectVos =
Expand All @@ -110,18 +107,14 @@ class RbacPermissionMigrateService constructor(
migrateToRbacAuth(
projectCode = projectCode,
migrateTaskId = 0,
authType = AuthSystemType.V3_AUTH_TYPE,
migrateResourceType = migrateResourceType
authType = AuthSystemType.V3_AUTH_TYPE
)
}
}
return true
}

override fun v0ToRbacAuth(
projectCodes: List<String>,
migrateResourceType: String?
): Boolean {
override fun v0ToRbacAuth(projectCodes: List<String>): Boolean {
logger.info("migrate $projectCodes auth from v0 to rbac")
if (projectCodes.isEmpty()) return true
// 1. 启动迁移任务
Expand All @@ -135,8 +128,7 @@ class RbacPermissionMigrateService constructor(
migrateToRbacAuth(
projectCode = projectCode,
migrateTaskId = migrateTaskId,
authType = AuthSystemType.V0_AUTH_TYPE,
migrateResourceType = migrateResourceType
authType = AuthSystemType.V0_AUTH_TYPE
)
}
}
Expand Down Expand Up @@ -175,14 +167,8 @@ class RbacPermissionMigrateService constructor(
.map { it.englishName }
logger.info("migrate project to rbac|v0MigrateProjects:$v0MigrateProjectCodes")
// 2.迁移项目
v3ToRbacAuth(
projectCodes = v3MigrateProjectCodes,
migrateResourceType = migrateProjectConditionDTO.migrateResourceType
)
v0ToRbacAuth(
projectCodes = v0MigrateProjectCodes,
migrateResourceType = migrateProjectConditionDTO.migrateResourceType
)
v3ToRbacAuth(projectCodes = v3MigrateProjectCodes)
v0ToRbacAuth(projectCodes = v0MigrateProjectCodes)
offset += limit
} while (migrateProjects.size == limit)
}
Expand All @@ -202,12 +188,24 @@ class RbacPermissionMigrateService constructor(
return true
}

override fun migrateResource(
projectCode: String,
resourceType: String,
projectCreator: String
): Boolean {
migrateResourceService.migrateResource(
projectCode = projectCode,
resourceType = resourceType,
projectCreator = projectCreator
)
return true
}

@Suppress("LongMethod", "ReturnCount", "ComplexMethod")
private fun migrateToRbacAuth(
projectCode: String,
migrateTaskId: Int,
authType: AuthSystemType,
migrateResourceType: String?
authType: AuthSystemType
): Boolean {
logger.info("Start migrate $projectCode from $authType to rbac")
val startEpoch = System.currentTimeMillis()
Expand Down Expand Up @@ -274,8 +272,7 @@ class RbacPermissionMigrateService constructor(
watcher.start("migrateResource")
migrateResourceService.migrateResource(
projectCode = projectCode,
projectCreator = projectCreator,
migrateResourceType = migrateResourceType
projectCreator = projectCreator
)

when (authType) {
Expand Down
14 changes: 14 additions & 0 deletions ...h/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,18 @@ class OpAuthMigrateResourceImpl @Autowired constructor(
override fun compareResult(projectCode: String): Result<Boolean> {
return Result(permissionMigrateService.compareResult(projectCode = projectCode))
}

override fun migrateResource(
projectCode: String,
resourceType: String,
projectCreator: String
): Result<Boolean> {
return Result(
permissionMigrateService.migrateResource(
projectCode = projectCode,
resourceType = resourceType,
projectCreator
)
)
}
}
19 changes: 11 additions & 8 deletions .../biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,18 +38,12 @@ interface PermissionMigrateService {
/**
* v3批量迁移到rbac
*/
fun v3ToRbacAuth(
projectCodes: List<String>,
migrateResourceType: String? = null
): Boolean
fun v3ToRbacAuth(projectCodes: List<String>): Boolean

/**
* v0批量迁移到rbac
*/
fun v0ToRbacAuth(
projectCodes: List<String>,
migrateResourceType: String? = null
): Boolean
fun v0ToRbacAuth(projectCodes: List<String>): Boolean

/**
* 全部迁移到rbac
Expand All @@ -65,4 +59,13 @@ interface PermissionMigrateService {
* 对比迁移鉴权结果
*/
fun compareResult(projectCode: String): Boolean

/**
* 迁移特定资源类型资源
*/
fun migrateResource(
projectCode: String,
resourceType: String,
projectCreator: String
): Boolean
}
18 changes: 10 additions & 8 deletions .../src/main/kotlin/com/tencent/devops/auth/service/sample/SamplePermissionMigrateService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,17 +32,11 @@ import com.tencent.devops.auth.service.iam.PermissionMigrateService
import com.tencent.devops.common.auth.api.pojo.MigrateProjectConditionDTO

class SamplePermissionMigrateService : PermissionMigrateService {
override fun v3ToRbacAuth(
migrateProjects: List<String>,
migrateResourceType: String?
): Boolean {
override fun v3ToRbacAuth(projectCodes: List<String>): Boolean {
return true
}

override fun v0ToRbacAuth(
migrateProjects: List<String>,
migrateResourceType: String?
): Boolean {
override fun v0ToRbacAuth(projectCodes: List<String>): Boolean {
return true
}

Expand All @@ -57,4 +51,12 @@ class SamplePermissionMigrateService : PermissionMigrateService {
override fun compareResult(projectCode: String): Boolean {
return true
}

override fun migrateResource(
projectCode: String,
resourceType: String,
projectCreator: String
): Boolean {
return true
}
}
4 changes: 0 additions & 4 deletions ...api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/MigrateProjectConditionDTO.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,6 @@ data class MigrateProjectConditionDTO(
val deptId: Long? = null,
@ApiModelProperty("项目创建人")
val projectCreator: String? = null,
@ApiModelProperty("迁移项目Code--可包含已迁移的项目")
val migrateProjectCodes: List<String>? = null,
@ApiModelProperty("迁移的资源类型")
val migrateResourceType: String? = null,
@ApiModelProperty("排除项目code")
val excludedProjectCodes: List<String>? = null
)
13 changes: 4 additions & 9 deletions .../ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/dao/ProjectDao.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,21 +129,16 @@ class ProjectDao {
): Result<TProjectRecord> {
val centerId = migrateProjectConditionDTO.centerId
val deptId = migrateProjectConditionDTO.deptId
val migrateProjectCodes = migrateProjectConditionDTO.migrateProjectCodes
val excludedProjectCodes = migrateProjectConditionDTO.excludedProjectCodes
val creator = migrateProjectConditionDTO.projectCreator
return with(TProject.T_PROJECT) {
dslContext.selectFrom(this)
.where(APPROVAL_STATUS.notIn(UNSUCCESSFUL_CREATE_STATUS))
.and(CHANNEL.eq(ProjectChannelCode.BS.name))
// 如果传递的是项目列表,可以查询出已迁移的项目
.let {
if (!migrateProjectCodes.isNullOrEmpty()) it else it.and(
ROUTER_TAG.notContains(AuthSystemType.RBAC_AUTH_TYPE.value)
.or(ROUTER_TAG.isNull)
)
}
.let { if (migrateProjectCodes.isNullOrEmpty()) it else it.and(ENGLISH_NAME.`in`(migrateProjectCodes)) }
.and(
ROUTER_TAG.notContains(AuthSystemType.RBAC_AUTH_TYPE.value)
.or(ROUTER_TAG.isNull)
)
.let { if (centerId == null) it else it.and(CENTER_ID.eq(centerId)) }
.let { if (deptId == null) it else it.and(DEPT_ID.eq(deptId)) }
.let { if (creator == null) it else it.and(CREATOR.eq(creator)) }
Expand Down

0 comments on commit 5244f16

Please sign in to comment.