Merge pull request #9076 from fcfang123/issue-9068

feat：蓝盾对接审计中心回调接口 #9068
TencentBlueKing · Jul 10, 2023 · bfd90c5 · bfd90c5
2 parents d77c716 + ec41a66
commit bfd90c5
Show file tree

Hide file tree

Showing 13 changed files with 320 additions and 8 deletions.
diff --git a/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt b/src/backend/ci/buildSrc/src/main/kotlin/constants/Versions.kt
@@ -46,5 +46,5 @@ object Versions {
     const val jjwt = "0.11.5"
     const val Okhttp = "4.9.0"
     const val jgit = "5.13.1.202206130422-r"
-    const val iam = "1.0.25-SNAPSHOT"
+    const val iam = "1.0.29-SNAPSHOT"
 }
diff --git a/...nd/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/AuthResourceInfo.kt b/...nd/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/AuthResourceInfo.kt
@@ -29,6 +29,7 @@
 package com.tencent.devops.auth.pojo
 
 import io.swagger.annotations.ApiModel
+import java.time.LocalDateTime
 
 @ApiModel("资源信息")
 data class AuthResourceInfo(
@@ -39,5 +40,9 @@ data class AuthResourceInfo(
     val resourceName: String,
     val iamResourceCode: String,
     val enable: Boolean,
-    val relationId: String
+    val relationId: String,
+    val createUser: String,
+    val updateUser: String,
+    val createTime: LocalDateTime,
+    val updateTime: LocalDateTime
 )
diff --git a/...auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/AuthResourceService.kt b/...auth/biz-auth-rbac/src/main/kotlin/com/tencent/devops/auth/service/AuthResourceService.kt
@@ -38,6 +38,9 @@ import org.jooq.DSLContext
 import org.jooq.impl.DSL
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
+import java.time.Instant
+import java.time.LocalDateTime
+import java.time.ZoneId
 
 class AuthResourceService @Autowired constructor(
     private val dslContext: DSLContext,
@@ -205,6 +208,27 @@ class AuthResourceService @Autowired constructor(
         ).map { authResourceDao.convert(it) }
     }
 
+    fun list(
+        resourceType: String,
+        startTime: Long?,
+        endTime: Long?,
+        limit: Int,
+        offset: Int
+    ): List<AuthResourceInfo> {
+        return authResourceDao.list(
+            dslContext = dslContext,
+            resourceType = resourceType,
+            startTime = formatTimestamp(startTime),
+            endTime = formatTimestamp(endTime),
+            offset = offset,
+            limit = limit
+        ).map { authResourceDao.convert(it) }
+    }
+
+    private fun formatTimestamp(timestamp: Long?): LocalDateTime? =
+        if (timestamp == null) null
+        else LocalDateTime.ofInstant(Instant.ofEpochMilli(timestamp), ZoneId.systemDefault())
+
     fun count(
         projectCode: String,
         resourceType: String,
@@ -249,6 +273,19 @@ class AuthResourceService @Autowired constructor(
         )
     }
 
+    fun countResourceByUpdateTime(
+        resourceType: String,
+        startTime: Long?,
+        endTime: Long?
+    ): Long {
+        return authResourceDao.countResourceByUpdateTime(
+            dslContext = dslContext,
+            resourceType = resourceType,
+            startTime = formatTimestamp(startTime),
+            endTime = formatTimestamp(endTime)
+        )
+    }
+
     fun listByIamCodes(
         resourceType: String,
         iamResourceCodes: List<String>

diff --git a/.../src/main/kotlin/com/tencent/devops/auth/service/RbacPermissionResourceCallbackService.kt b/.../src/main/kotlin/com/tencent/devops/auth/service/RbacPermissionResourceCallbackService.kt
@@ -27,22 +27,43 @@
 
 package com.tencent.devops.auth.service
 
+import com.github.benmanes.caffeine.cache.Caffeine
 import com.tencent.bk.sdk.iam.constants.CallbackMethodEnum
+import com.tencent.bk.sdk.iam.constants.DataTypeEnum
 import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.FetchInstanceInfoResponseDTO
+import com.tencent.bk.sdk.iam.dto.callback.response.FetchInstanceListDTO
+import com.tencent.bk.sdk.iam.dto.callback.response.FetchResourceTypeSchemaDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.InstanceInfoDTO
+import com.tencent.bk.sdk.iam.dto.callback.response.InstanceListDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.ListInstanceResponseDTO
+import com.tencent.bk.sdk.iam.dto.callback.response.SchemaData
+import com.tencent.bk.sdk.iam.dto.callback.response.SchemaProperties
+import com.tencent.devops.auth.pojo.AuthResourceInfo
 import com.tencent.devops.auth.service.iam.PermissionResourceCallbackService
+import com.tencent.devops.common.api.util.timestampmilli
+import com.tencent.devops.common.auth.api.AuthResourceType
 import com.tencent.devops.common.auth.callback.FetchInstanceInfo
+import com.tencent.devops.common.auth.callback.FetchInstanceListData
+import com.tencent.devops.common.auth.callback.FetchInstanceListInfo
+import com.tencent.devops.common.auth.callback.FetchResourceTypeSchemaInfo
+import com.tencent.devops.common.auth.callback.FetchResourceTypeSchemaProperties
 import com.tencent.devops.common.auth.callback.ListInstanceInfo
 import com.tencent.devops.common.auth.callback.SearchInstanceInfo
+import java.util.concurrent.TimeUnit
 
 class RbacPermissionResourceCallbackService constructor(
     private val authResourceService: AuthResourceService,
     private val resourceService: ResourceService
 ) : PermissionResourceCallbackService {
 
+    /*获取项目名称*/
+    private val projectNameCache = Caffeine.newBuilder()
+        .maximumSize(5000)
+        .expireAfterWrite(1, TimeUnit.DAYS)
+        .build<String/*projectCode*/, String/*projectName*/>()
+
     override fun getProject(callBackInfo: CallbackRequestDTO, token: String): CallbackBaseResponseDTO {
         return resourceService.getProject(callBackInfo, token)
     }
@@ -79,6 +100,18 @@ class RbacPermissionResourceCallbackService constructor(
                     limit = page.limit.toInt()
                 )
             }
+            CallbackMethodEnum.FETCH_INSTANCE_LIST -> {
+                fetchInstanceList(
+                    resourceType = callBackInfo.type ?: "",
+                    startTime = callBackInfo.filter.startTime ?: null,
+                    endTime = callBackInfo.filter.endTime ?: null,
+                    offset = page.offset.toInt(),
+                    limit = page.limit.toInt()
+                )
+            }
+            CallbackMethodEnum.FETCH_RESOURCE_TYPE_SCHEMA -> {
+                fetchResourceTypeSchema(resourceType = callBackInfo.type ?: "")
+            }
             else ->
                 null
         }
@@ -168,4 +201,107 @@ class RbacPermissionResourceCallbackService constructor(
             result.buildSearchInstanceResult(instanceInfoList, count)
         }
     }
+
+    private fun fetchResourceTypeSchema(
+        resourceType: String
+    ): FetchResourceTypeSchemaDTO<FetchResourceTypeSchemaProperties> {
+        val result = FetchResourceTypeSchemaInfo()
+        if (resourceType != AuthResourceType.PIPELINE_DEFAULT.value)
+            return result.buildFetchResourceTypeSchemaFailResult()
+        val schemaData = SchemaData<FetchResourceTypeSchemaProperties>()
+        val projectIdProperties = SchemaProperties().apply {
+            type = DataTypeEnum.STRING
+            description = PROJECT_ID_CHINESE_DESCRIPTION
+        }
+        val projectNameProperties = SchemaProperties().apply {
+            type = DataTypeEnum.STRING
+            description = PROJECT_NAME_CHINESE_DESCRIPTION
+        }
+        val pipelineIdProperties = SchemaProperties().apply {
+            type = DataTypeEnum.STRING
+            description = PIPELINE_ID_CHINESE_DESCRIPTION
+        }
+        val pipelineNameProperties = SchemaProperties().apply {
+            type = DataTypeEnum.STRING
+            description = PIPELINE_NAME_CHINESE_DESCRIPTION
+        }
+        schemaData.apply {
+            type = OBJECT_TYPE
+            schemaProperties = FetchResourceTypeSchemaProperties(
+                projectId = projectIdProperties,
+                projectName = projectNameProperties,
+                pipelineId = pipelineIdProperties,
+                pipelineName = pipelineNameProperties
+            )
+        }
+        return result.buildFetchResourceTypeSchemaResult(schemaData)
+    }
+
+    private fun fetchInstanceList(
+        resourceType: String,
+        startTime: Long?,
+        endTime: Long?,
+        offset: Int,
+        limit: Int
+    ): FetchInstanceListDTO<FetchInstanceListData> {
+        if (limit > MAX_LIMIT) {
+            return FetchInstanceListInfo().buildFetchInstanceListFailResult(
+                "a maximum of 1000 data items can be obtained"
+            )
+        }
+        if (resourceType != AuthResourceType.PIPELINE_DEFAULT.value) {
+            return FetchInstanceListInfo().buildFetchInstanceListFailResult("empty data")
+        }
+        val fetchInstanceListInfo = authResourceService.list(
+            resourceType = resourceType,
+            startTime = startTime,
+            endTime = endTime,
+            offset = offset,
+            limit = limit
+        ).map { it.toInstanceListDTO() }
+        val count = authResourceService.countResourceByUpdateTime(
+            resourceType = resourceType,
+            startTime = startTime,
+            endTime = endTime
+        )
+        return FetchInstanceListInfo().buildFetchInstanceListResult(fetchInstanceListInfo, count)
+    }
+
+    private fun AuthResourceInfo.toInstanceListDTO(): InstanceListDTO<FetchInstanceListData> {
+        val projectName = projectNameCache.getIfPresent(projectCode) ?: run {
+            val resourceName = authResourceService.get(
+                projectCode = projectCode,
+                resourceType = AuthResourceType.PROJECT.value,
+                resourceCode = projectCode
+            ).resourceName
+            projectNameCache.put(projectCode, resourceName)
+            resourceName
+        }
+        return InstanceListDTO<FetchInstanceListData>().apply {
+            id = iamResourceCode
+            displayName = resourceName
+            creator = createUser
+            updater = updateUser
+            createdAt = createTime.timestampmilli()
+            updatedAt = updateTime.timestampmilli()
+            bkIamPath = listOf("/${AuthResourceType.PROJECT.value},$projectCode/")
+            schemaProperties = FetchInstanceListData(
+                projectId = projectCode,
+                projectName = projectName,
+                pipelineId = resourceCode,
+                pipelineName = resourceName
+            )
+            operator = createUser
+            delete = false
+        }
+    }
+
+    companion object {
+        private const val PROJECT_ID_CHINESE_DESCRIPTION = "项目ID"
+        private const val PROJECT_NAME_CHINESE_DESCRIPTION = "项目名称"
+        private const val PIPELINE_ID_CHINESE_DESCRIPTION = "流水线ID"
+        private const val PIPELINE_NAME_CHINESE_DESCRIPTION = "流水线名称"
+        private const val OBJECT_TYPE = "object"
+        private const val MAX_LIMIT = 1000
+    }
 }
diff --git a/...kend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceDao.kt b/...kend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceDao.kt
@@ -203,6 +203,28 @@ class AuthResourceDao {
         }
     }
 
+    fun list(
+        dslContext: DSLContext,
+        resourceType: String,
+        startTime: LocalDateTime? = null,
+        endTime: LocalDateTime? = null,
+        offset: Int,
+        limit: Int
+    ): Result<TAuthResourceRecord> {
+        with(TAuthResource.T_AUTH_RESOURCE) {
+            return dslContext.selectFrom(this)
+                .where(RESOURCE_TYPE.eq(resourceType))
+                .let {
+                    if (startTime != null && endTime != null)
+                        it.and(UPDATE_TIME.between(startTime, endTime)) else it
+                }
+                .orderBy(UPDATE_TIME)
+                .limit(limit)
+                .offset(offset)
+                .fetch()
+        }
+    }
+
     fun count(
         dslContext: DSLContext,
         projectCode: String,
@@ -300,6 +322,24 @@ class AuthResourceDao {
         }
     }
 
+    fun countResourceByUpdateTime(
+        dslContext: DSLContext,
+        resourceType: String,
+        startTime: LocalDateTime? = null,
+        endTime: LocalDateTime? = null
+    ): Long {
+        with(TAuthResource.T_AUTH_RESOURCE) {
+            return dslContext.selectCount()
+                .from(this)
+                .where(RESOURCE_TYPE.eq(resourceType))
+                .let {
+                    if (startTime != null && endTime != null)
+                        it.and(UPDATE_TIME.between(startTime, endTime)) else it
+                }
+                .fetchOne(0, Long::class.java)!!
+        }
+    }
+
     fun convert(recode: TAuthResourceRecord): AuthResourceInfo {
         with(recode) {
             return AuthResourceInfo(
@@ -310,7 +350,11 @@ class AuthResourceDao {
                 resourceName = resourceName,
                 iamResourceCode = iamResourceCode,
                 enable = enable,
-                relationId = relationId
+                relationId = relationId,
+                createUser = createUser,
+                updateUser = updateUser,
+                createTime = createTime,
+                updateTime = updateTime
             )
         }
     }

diff --git a/...src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt b/...src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt
@@ -66,9 +66,9 @@ class OpenAuthResourceCallBackResourceImpl @Autowired constructor(
             throw TokenForbiddenException("auth token check fail")
         }
         return permissionResourceCallbackService.getInstanceByResource(
-                callBackInfo = callBackInfo,
-                token = token
-            )
+            callBackInfo = callBackInfo,
+            token = token
+        )
     }
 
     companion object {

diff --git a/...src/main/kotlin/com/tencent/devops/auth/service/sample/SamplePermissionResourceService.kt b/...src/main/kotlin/com/tencent/devops/auth/service/sample/SamplePermissionResourceService.kt
@@ -31,6 +31,7 @@ package com.tencent.devops.auth.service.sample
 import com.tencent.devops.auth.pojo.AuthResourceInfo
 import com.tencent.devops.auth.service.iam.PermissionResourceService
 import com.tencent.devops.common.api.pojo.Pagination
+import java.time.LocalDateTime
 
 class SamplePermissionResourceService : PermissionResourceService {
     override fun resourceCreateRelation(
@@ -112,6 +113,10 @@ class SamplePermissionResourceService : PermissionResourceService {
         resourceName = "",
         iamResourceCode = "",
         enable = true,
-        relationId = ""
+        relationId = "",
+        createUser = "",
+        updateUser = "",
+        createTime = LocalDateTime.now(),
+        updateTime = LocalDateTime.now()
     )
 }
diff --git a/...auth-api/src/main/kotlin/com/tencent/devops/common/auth/callback/FetchInstanceListData.kt b/...auth-api/src/main/kotlin/com/tencent/devops/common/auth/callback/FetchInstanceListData.kt
@@ -0,0 +1,11 @@
+package com.tencent.devops.common.auth.callback
+
+import io.swagger.annotations.ApiModel
+
+@ApiModel("过滤条件搜索实例")
+data class FetchInstanceListData(
+    val projectId: String,
+    val projectName: String,
+    val pipelineId: String,
+    val pipelineName: String
+)
diff --git a/...auth-api/src/main/kotlin/com/tencent/devops/common/auth/callback/FetchInstanceListInfo.kt b/...auth-api/src/main/kotlin/com/tencent/devops/common/auth/callback/FetchInstanceListInfo.kt
@@ -0,0 +1,30 @@
+package com.tencent.devops.common.auth.callback
+
+import com.tencent.bk.sdk.iam.dto.callback.response.BaseDataResponseDTO
+import com.tencent.bk.sdk.iam.dto.callback.response.FetchInstanceListDTO
+import com.tencent.bk.sdk.iam.dto.callback.response.InstanceListDTO
+
+class FetchInstanceListInfo : FetchInstanceListDTO<FetchInstanceListData>() {
+    fun buildFetchInstanceListFailResult(message: String): FetchInstanceListDTO<FetchInstanceListData> {
+        val data = BaseDataResponseDTO<InstanceListDTO<FetchInstanceListData>>()
+        val result = FetchInstanceListDTO<FetchInstanceListData>()
+        result.code = 0
+        result.message = message
+        result.data = data
+        return result
+    }
+
+    fun buildFetchInstanceListResult(
+        infos: List<InstanceListDTO<FetchInstanceListData>>,
+        count: Long
+    ): FetchInstanceListDTO<FetchInstanceListData> {
+        val data = BaseDataResponseDTO<InstanceListDTO<FetchInstanceListData>>()
+        data.count = count
+        data.result = infos
+        val result = FetchInstanceListDTO<FetchInstanceListData>()
+        result.code = 0L
+        result.message = ""
+        result.data = data
+        return result
+    }
+}