From 0a72fffcec3233bce6517f8d1072fbffa51472ec Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Fri, 3 Feb 2023 20:56:15 +0800 Subject: [PATCH 1/7] =?UTF-8?q?feat:=20=E9=80=9A=E8=BF=87=E7=BD=91?= =?UTF-8?q?=E5=85=B3=E8=BF=9B=E8=A1=8C=E7=9A=84=E8=B7=A8=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B0=83=E7=94=A8,=20=E5=BF=85=E9=A1=BB=E6=90=BA=E5=B8=A6token?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=A0=A1=E9=AA=8C=20#8317?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/buildless/client/DispatchClient.kt | 35 +++++++--- .../common/archive/client/BkRepoClient.kt | 70 ++++++++++++++----- .../apigw/v3/ApigwLogResourceV3Impl.kt | 19 +++-- .../apigw/v4/ApigwLogResourceV4Impl.kt | 20 ++++-- .../devops/stream/service/StreamLogService.kt | 9 ++- 5 files changed, 111 insertions(+), 42 deletions(-) diff --git a/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt b/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt index 8a32d8955b3..34af20baf49 100644 --- a/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt +++ b/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt @@ -47,6 +47,7 @@ import okhttp3.Request import okhttp3.RequestBody import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired +import org.springframework.beans.factory.annotation.Value import org.springframework.stereotype.Component @Component @@ -55,9 +56,12 @@ class DispatchClient @Autowired constructor( private val commonConfig: CommonConfig, private val bkTag: BkTag ) { + @Value("\${auth.gateway.devopsToken:#{null}}") + private val devopsToken: String? = null + fun updateContainerId(buildLessTask: BuildLessTask, containerId: String) { val path = "/ms/dispatch-docker/api/service/dockerhost/builds/${buildLessTask.buildId}/vmseqs" + - "/${buildLessTask.vmSeqId}?containerId=$containerId" + "/${buildLessTask.vmSeqId}?containerId=$containerId" try { val url = buildUrl(path) @@ -65,9 +69,11 @@ class DispatchClient @Autowired constructor( .Builder() .url(url) .headers(Headers.of(makeHeaders())) - .put(RequestBody.create( - MediaType.parse("application/json; charset=utf-8"), - "") + .put( + RequestBody.create( + MediaType.parse("application/json; charset=utf-8"), + "" + ) ) .build() @@ -78,7 +84,8 @@ class DispatchClient @Autowired constructor( throw TaskExecuteException( errorCode = ErrorCode.SYSTEM_WORKER_INITIALIZATION_ERROR, errorType = ErrorType.SYSTEM, - errorMsg = "Update containerId $path fail") + errorMsg = "Update containerId $path fail" + ) } } } catch (e: Exception) { @@ -121,9 +128,11 @@ class DispatchClient @Autowired constructor( .Builder() .url(url) .headers(Headers.of(makeHeaders())) - .post(RequestBody.create( - MediaType.parse("application/json; charset=utf-8"), - JsonUtil.toJson(dockerIpInfoVO)) + .post( + RequestBody.create( + MediaType.parse("application/json; charset=utf-8"), + JsonUtil.toJson(dockerIpInfoVO) + ) ) .build() @@ -135,7 +144,8 @@ class DispatchClient @Autowired constructor( throw TaskExecuteException( errorCode = ErrorCode.SYSTEM_WORKER_INITIALIZATION_ERROR, errorType = ErrorType.SYSTEM, - errorMsg = "Refresh buildLess status $url fail") + errorMsg = "Refresh buildLess status $url fail" + ) } logger.info("End refreshDockerIpStatus.") } @@ -170,7 +180,12 @@ class DispatchClient @Autowired constructor( } else { buildLessConfig.gatewayHeaderTag } - return mapOf(AUTH_HEADER_GATEWAY_TAG to gatewayHeaderTag) + val headers = mutableMapOf(AUTH_HEADER_GATEWAY_TAG to gatewayHeaderTag) + // 新增devopsToken给网关校验 + if (devopsToken != null) { + headers["X-DEVOPS-TOKEN"] = devopsToken + } + return headers } companion object { diff --git a/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt b/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt index 7056f4e6fa9..080cea5f769 100644 --- a/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt +++ b/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt @@ -80,6 +80,7 @@ import okhttp3.Request import okhttp3.RequestBody import okio.BufferedSink import org.slf4j.LoggerFactory +import org.springframework.beans.factory.annotation.Value import org.springframework.data.domain.Sort.Direction import org.springframework.stereotype.Component import org.springframework.util.FileCopyUtils @@ -98,6 +99,8 @@ class BkRepoClient constructor( private val commonConfig: CommonConfig, private val bkRepoClientConfig: BkRepoClientConfig ) { + @Value("\${auth.gateway.devopsToken:#{null}}") + private val devopsToken: String? = null private fun getGatewayUrl(): String { return HomeHostUtil.getHost(commonConfig.devopsIdcGateway!!) @@ -132,6 +135,7 @@ class BkRepoClient constructor( val request = Request.Builder() .url("${getGatewayUrl()}/bkrepo/api/service/repository/api/project") .header(BK_REPO_UID, userId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -161,6 +165,7 @@ class BkRepoClient constructor( val request = Request.Builder() .url("${getGatewayUrl()}/bkrepo/api/service/repository/api/repo") .header(BK_REPO_UID, userId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -178,6 +183,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .get() .build() return doRequest(request).resolveResponse>()!!.data!! @@ -186,7 +192,7 @@ class BkRepoClient constructor( fun setMetadata(userId: String, projectId: String, repoName: String, path: String, metadata: Map) { logger.info( "setMetadata, userId: $userId, projectId: $projectId, repoName: $repoName, path: $path," + - " metadata: $metadata" + " metadata: $metadata" ) val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/metadata/$projectId/$repoName/$path" val requestData = UserMetadataSaveRequest( @@ -196,6 +202,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -212,6 +219,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .get() .build() return doRequest(request).resolveResponse>>()!!.data!! @@ -236,6 +244,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .get() .build() return doRequest(request).resolveResponse>>()!!.data!! @@ -254,16 +263,17 @@ class BkRepoClient constructor( ): Page { logger.info( "listFilePage, userId: $userId, projectId: $projectId, repoName: $repoName, path: $path," + - " includeFolders: $includeFolders, deep: $deep, page: $page, pageSize: $pageSize" + " includeFolders: $includeFolders, deep: $deep, page: $page, pageSize: $pageSize" ) val direction = if (modifiedTimeDesc) Direction.DESC.name else Direction.ASC.name val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/page/$projectId/$repoName/$path" + - "?deep=$deep&includeFolder=$includeFolders&includeMetadata=true&pageNumber=$page&pageSize=$pageSize" + - "&sortProperty=lastModifiedDate&direction=$direction" + "?deep=$deep&includeFolder=$includeFolders&includeMetadata=true&pageNumber=$page&pageSize=$pageSize" + + "&sortProperty=lastModifiedDate&direction=$direction" val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .get() .build() return doRequest(request).resolveResponse>>()!!.data!! @@ -323,6 +333,9 @@ class BkRepoClient constructor( header[BK_REPO_UID] = userId header[AUTH_HEADER_DEVOPS_PROJECT_ID] = projectId header[BK_REPO_OVERRIDE] = "true" + if (devopsToken != null) { + header["X-DEVOPS-TOKEN"] = devopsToken + } properties?.forEach { header["$METADATA_PREFIX${it.key}"] = it.value } @@ -378,6 +391,9 @@ class BkRepoClient constructor( header[BK_REPO_UID] = userId header[AUTH_HEADER_DEVOPS_PROJECT_ID] = projectId header[BK_REPO_OVERRIDE] = "true" + if (devopsToken != null) { + header["X-DEVOPS-TOKEN"] = devopsToken + } properties?.forEach { header["$METADATA_PREFIX${it.key}"] = tryEncode(it.value) } @@ -402,6 +418,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .delete() .build() doRequest(request).resolveResponse>() @@ -415,6 +432,7 @@ class BkRepoClient constructor( .header("Authorization", authorization) .header(BK_REPO_UID, userName) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .delete() .build() doRequest(request).resolveResponse>() @@ -423,7 +441,7 @@ class BkRepoClient constructor( fun move(userId: String, projectId: String, repoName: String, fromPath: String, toPath: String) { logger.info( "move, userId: $userId, projectId: $projectId, repoName: $repoName, fromPath: $fromPath," + - " toPath: $toPath" + " toPath: $toPath" ) val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/move" val requestData = UserNodeMoveCopyRequest( @@ -439,6 +457,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -459,7 +478,7 @@ class BkRepoClient constructor( ) { logger.info( "copy, userId: $userId, fromProject: $fromProject, fromRepo: $fromRepo, fromPath: $fromPath," + - " toProject: $toProject, toRepo: $toRepo, toPath: $toPath" + " toProject: $toProject, toRepo: $toRepo, toPath: $toPath" ) val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/copy" val requestData = UserNodeMoveCopyRequest( @@ -475,6 +494,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, fromProject) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -495,6 +515,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -511,6 +532,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post(RequestBody.create(null, "")) .build() doRequest(request).resolveResponse>() @@ -528,6 +550,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .get() .build() return doRequest(request).resolveResponse>()!!.data @@ -597,13 +620,17 @@ class BkRepoClient constructor( fun downloadFile(userId: String, projectId: String, repoName: String, fullPath: String, destFile: File) { val url = "${getGatewayUrl()}/bkrepo/api/service/generic/$projectId/$repoName/${fullPath.removePrefix("/")}" + val headers = mutableMapOf( + BK_REPO_UID to userId, + AUTH_HEADER_DEVOPS_PROJECT_ID to projectId + ) + if (devopsToken != null) { + headers["X-DEVOPS-TOKEN"] = devopsToken + } OkhttpUtils.downloadFile( url, destFile, - mapOf( - BK_REPO_UID to userId, - AUTH_HEADER_DEVOPS_PROJECT_ID to projectId - ) + headers ) } @@ -618,6 +645,7 @@ class BkRepoClient constructor( val request = Request.Builder().url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .get() .build() OkhttpUtils.doHttp(request).use { response -> @@ -687,7 +715,7 @@ class BkRepoClient constructor( ): List { logger.info( "downloadFileByPattern, userId: $userId, projectId: $projectId, pipelineId: $pipelineId," + - " buildId: $buildId, repoName: $repoName, pathPattern: $pathPattern, destPath: $destPath" + " buildId: $buildId, repoName: $repoName, pathPattern: $pathPattern, destPath: $destPath" ) val fileList = listFileByPattern( userId, @@ -720,8 +748,8 @@ class BkRepoClient constructor( ): String { logger.info( "createShareUri, creatorId: $creatorId, projectId: $projectId, repoName: $repoName, " + - "fullPath: $fullPath, downloadUsers: $downloadUsers, downloadIps: $downloadIps, " + - "timeoutInSeconds: $timeoutInSeconds" + "fullPath: $fullPath, downloadUsers: $downloadUsers, downloadIps: $downloadIps, " + + "timeoutInSeconds: $timeoutInSeconds" ) val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/share/$projectId/$repoName/${ fullPath.removePrefix("/").replace( @@ -739,6 +767,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, creatorId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -768,6 +797,7 @@ class BkRepoClient constructor( val request = Request.Builder().url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -808,6 +838,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -829,7 +860,7 @@ class BkRepoClient constructor( ): QueryData { logger.info( "queryByRepoAndMetadata, userId: $userId, projectId: $projectId, repoNames: $repoNames," + - " fileNames: $fileNames, metadata: $metadata, page: $page, pageSize: $pageSize" + " fileNames: $fileNames, metadata: $metadata, page: $page, pageSize: $pageSize" ) val projectRule = Rule.QueryRule("projectId", projectId, OperationType.EQ) val ruleList = mutableListOf(projectRule, Rule.QueryRule("folder", false, OperationType.EQ)) @@ -912,8 +943,8 @@ class BkRepoClient constructor( ): QueryData { logger.info( "queryByPathNamePairOrMetadataEqAnd, userId: $userId, projectId: $projectId," + - " repoNames: $repoNames, pathNamePairs: $pathNamePairs, metadata: $metadata," + - " page: $page, pageSize: $pageSize" + " repoNames: $repoNames, pathNamePairs: $pathNamePairs, metadata: $metadata," + + " page: $page, pageSize: $pageSize" ) val projectRule = Rule.QueryRule("projectId", projectId, OperationType.EQ) val repoRule = Rule.QueryRule("repoName", repoNames, OperationType.IN) @@ -1014,6 +1045,7 @@ class BkRepoClient constructor( val request = Request.Builder() .url("${getGatewayUrl()}/bkrepo/api/service/repository/api/node/update/$projectId/$repoName/$path") .header(BK_REPO_UID, userId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), @@ -1033,8 +1065,9 @@ class BkRepoClient constructor( metadata: Map? = null ): PackageVersionInfo { val url = "${getGatewayUrl()}/bkrepo/api/service/docker/ext/version/detail/$projectId/$repoName" + - "?packageKey=$packageKey&version=$version" - val request = Request.Builder().url(url).header(BK_REPO_UID, userId).get().build() + "?packageKey=$packageKey&version=$version" + val request = Request.Builder().url(url).header(BK_REPO_UID, userId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) }.get().build() return doRequest(request).resolveResponse>()!!.data!! } @@ -1058,6 +1091,7 @@ class BkRepoClient constructor( .url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) + .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) } .post( RequestBody.create( MediaType.parse("application/json; charset=utf-8"), diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt index ff75b6ba41e..f5c06337460 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt @@ -38,11 +38,11 @@ import com.tencent.devops.common.log.pojo.QueryLogs import com.tencent.devops.common.web.RestResource import com.tencent.devops.log.api.ServiceLogResource import com.tencent.devops.openapi.api.apigw.v3.ApigwLogResourceV3 -import javax.ws.rs.core.MediaType -import javax.ws.rs.core.Response import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Value +import javax.ws.rs.core.MediaType +import javax.ws.rs.core.Response @RestResource class ApigwLogResourceV3Impl @Autowired constructor( @@ -52,6 +52,9 @@ class ApigwLogResourceV3Impl @Autowired constructor( @Value("\${devopsGateway.api:#{null}}") private val gatewayUrl: String? = "" + @Value("\${auth.gateway.devopsToken:#{null}}") + private val devopsToken: String? = null + override fun getInitLogs( appCode: String?, apigwType: String?, @@ -66,7 +69,7 @@ class ApigwLogResourceV3Impl @Autowired constructor( ): Result { logger.info( "OPENAPI_LOG_V3|$userId|get init logs|$projectId|$pipelineId|$buildId|$debug|$elementId|$jobId" + - "|$executeCount" + "|$executeCount" ) return client.get(ServiceLogResource::class).getInitLogs( userId = userId, @@ -98,7 +101,7 @@ class ApigwLogResourceV3Impl @Autowired constructor( ): Result { logger.info( "OPENAPI_LOG_V3|$userId|get more logs|$projectId|$pipelineId|$buildId|$debug|$num|$fromStart" + - "|$start|$end|$tag|$jobId|$executeCount" + "|$start|$end|$tag|$jobId|$executeCount" ) return client.get(ServiceLogResource::class).getMoreLogs( userId = userId, @@ -131,7 +134,7 @@ class ApigwLogResourceV3Impl @Autowired constructor( ): Result { logger.info( "OPENAPI_LOG_V3|$userId|get after logs|$projectId|$pipelineId|$buildId|$start|$debug|$tag" + - "|$jobId|$executeCount" + "|$jobId|$executeCount" ) return client.get(ServiceLogResource::class).getAfterLogs( userId = userId, @@ -165,9 +168,13 @@ class ApigwLogResourceV3Impl @Autowired constructor( if (!tag.isNullOrBlank()) path.append("&tag=$tag") if (!jobId.isNullOrBlank()) path.append("&jobId=$jobId") + val headers = mutableMapOf(AUTH_HEADER_USER_ID to userId, AUTH_HEADER_PROJECT_ID to projectId) + if (devopsToken != null) { + headers["X-DEVOPS-TOKEN"] = devopsToken + } val response = OkhttpUtils.doLongGet( url = path.toString(), - headers = mapOf(AUTH_HEADER_USER_ID to userId, AUTH_HEADER_PROJECT_ID to projectId) + headers = headers ) return Response .ok(response.body()!!.byteStream(), MediaType.APPLICATION_OCTET_STREAM_TYPE) diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt index 7719d91571e..b7f452c57b3 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt @@ -41,11 +41,11 @@ import com.tencent.devops.log.api.ServiceLogResource import com.tencent.devops.openapi.api.apigw.v4.ApigwLogResourceV4 import com.tencent.devops.openapi.service.IndexService import com.tencent.devops.process.api.service.ServiceBuildResource -import javax.ws.rs.core.MediaType -import javax.ws.rs.core.Response import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Value +import javax.ws.rs.core.MediaType +import javax.ws.rs.core.Response @RestResource class ApigwLogResourceV4Impl @Autowired constructor( @@ -56,6 +56,9 @@ class ApigwLogResourceV4Impl @Autowired constructor( @Value("\${devopsGateway.api:#{null}}") private val gatewayUrl: String? = "" + @Value("\${auth.gateway.devopsToken:#{null}}") + private val devopsToken: String? = null + override fun getInitLogs( appCode: String?, apigwType: String?, @@ -70,7 +73,7 @@ class ApigwLogResourceV4Impl @Autowired constructor( ): Result { logger.info( "OPENAPI_LOG_V4|$userId|get init logs|$projectId|$pipelineId|$buildId|$debug|$elementId|$jobId" + - "|$executeCount" + "|$executeCount" ) return client.get(ServiceLogResource::class).getInitLogs( userId = userId, @@ -102,7 +105,7 @@ class ApigwLogResourceV4Impl @Autowired constructor( ): Result { logger.info( "OPENAPI_LOG_V4|$userId|get more logs|$projectId|$pipelineId|$buildId|$debug|$num|$fromStart" + - "|$start|$end|$tag|$jobId|$executeCount" + "|$start|$end|$tag|$jobId|$executeCount" ) return client.get(ServiceLogResource::class).getMoreLogs( userId = userId, @@ -135,7 +138,7 @@ class ApigwLogResourceV4Impl @Autowired constructor( ): Result { logger.info( "OPENAPI_LOG_V4|$userId|get after logs|$projectId|$pipelineId|$buildId|$start|$debug|$tag" + - "|$jobId|$executeCount" + "|$jobId|$executeCount" ) return client.get(ServiceLogResource::class).getAfterLogs( userId = userId, @@ -169,10 +172,13 @@ class ApigwLogResourceV4Impl @Autowired constructor( if (!tag.isNullOrBlank()) path.append("&tag=$tag") if (!jobId.isNullOrBlank()) path.append("&jobId=$jobId") - + val headers = mutableMapOf(AUTH_HEADER_USER_ID to userId, AUTH_HEADER_PROJECT_ID to projectId) + if (devopsToken != null) { + headers["X-DEVOPS-TOKEN"] = devopsToken + } val response = OkhttpUtils.doLongGet( url = path.toString(), - headers = mapOf(AUTH_HEADER_USER_ID to userId, AUTH_HEADER_PROJECT_ID to projectId) + headers = headers ) return Response .ok(response.body()!!.byteStream(), MediaType.APPLICATION_OCTET_STREAM_TYPE) diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt index 3a92418fd2d..4726fdbc9f3 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt @@ -58,6 +58,9 @@ class StreamLogService @Autowired constructor( @Value("\${gateway.url}") private lateinit var gatewayUrl: String + @Value("\${auth.gateway.devopsToken:#{null}}") + private val devopsToken: String? = null + fun getInitLogs( userId: String, gitProjectId: Long, @@ -126,7 +129,11 @@ class StreamLogService @Autowired constructor( if (!tag.isNullOrBlank()) path.append("&tag=$tag") if (!jobId.isNullOrBlank()) path.append("&jobId=$jobId") - val response = OkhttpUtils.doLongGet(path.toString(), mapOf(AUTH_HEADER_USER_ID to userId)) + val headers = mutableMapOf(AUTH_HEADER_USER_ID to userId) + if (devopsToken != null) { + headers["X-DEVOPS-TOKEN"] = devopsToken + } + val response = OkhttpUtils.doLongGet(path.toString(), headers) return Response .ok(response.body()!!.byteStream(), MediaType.APPLICATION_OCTET_STREAM_TYPE) .header("content-disposition", "attachment; filename = ${pipeline.pipelineId}-$buildId-log.txt") From 174fc7bc5edece45e2df6177923a102f79c2afa3 Mon Sep 17 00:00:00 2001 From: mingshewhe Date: Mon, 6 Feb 2023 14:36:02 +0800 Subject: [PATCH 2/7] =?UTF-8?q?feat:=20=E9=80=9A=E8=BF=87=E7=BD=91?= =?UTF-8?q?=E5=85=B3=E8=BF=9B=E8=A1=8C=E7=9A=84=E8=B7=A8=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B0=83=E7=94=A8,=20=E5=BF=85=E9=A1=BB=E6=90=BA=E5=B8=A6token?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=A0=A1=E9=AA=8C=20#8317?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../OpenAuthResourceCallBackResource.kt | 69 +++++++++++++++++ ...=> ServiceAuthResourceCallBackResource.kt} | 2 +- .../OpenAuthResourceCallBackResourceImpl.kt | 76 +++++++++++++++++++ ...erviceAuthResourceCallBackResourceImpl.kt} | 8 +- 4 files changed, 150 insertions(+), 5 deletions(-) create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpenAuthResourceCallBackResource.kt rename src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/{AuthResourceCallBackResource.kt => ServiceAuthResourceCallBackResource.kt} (98%) create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt rename src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/{AuthResourceCallBackResourceImpl.kt => ServiceAuthResourceCallBackResourceImpl.kt} (89%) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpenAuthResourceCallBackResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpenAuthResourceCallBackResource.kt new file mode 100644 index 00000000000..f11ff59bd9b --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpenAuthResourceCallBackResource.kt @@ -0,0 +1,69 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +package com.tencent.devops.auth.api.callback + +import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO +import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO +import io.swagger.annotations.Api +import io.swagger.annotations.ApiOperation +import io.swagger.annotations.ApiParam +import javax.ws.rs.Consumes +import javax.ws.rs.POST +import javax.ws.rs.Path +import javax.ws.rs.Produces +import javax.ws.rs.HeaderParam +import javax.ws.rs.core.MediaType + +@Api(tags = ["AUTH_RESOURCE_CALLBACK"], description = "权限-资源-回调接口") +@Path("/open/auth/resource") +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +interface OpenAuthResourceCallBackResource { + + @POST + @Path("/projects") + @ApiOperation("项目列表") + fun projectInfo( + @ApiParam(value = "回调信息") + callBackInfo: CallbackRequestDTO, + @HeaderParam("Authorization") + @ApiParam("token") + token: String + ): CallbackBaseResponseDTO? + + @POST + @Path("/instances/list") + @ApiOperation("特定资源列表") + fun resourceList( + @ApiParam(value = "回调信息") + callBackInfo: CallbackRequestDTO, + @HeaderParam("Authorization") + @ApiParam("token") + token: String + ): CallbackBaseResponseDTO? +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/AuthResourceCallBackResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/ServiceAuthResourceCallBackResource.kt similarity index 98% rename from src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/AuthResourceCallBackResource.kt rename to src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/ServiceAuthResourceCallBackResource.kt index 00ad532ab10..60d23f7d882 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/AuthResourceCallBackResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/ServiceAuthResourceCallBackResource.kt @@ -43,7 +43,7 @@ import javax.ws.rs.core.MediaType @Path("/service/auth/resource") @Produces(MediaType.APPLICATION_JSON) @Consumes(MediaType.APPLICATION_JSON) -interface AuthResourceCallBackResource { +interface ServiceAuthResourceCallBackResource { @POST @Path("/projects") diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt new file mode 100644 index 00000000000..be723a964b3 --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt @@ -0,0 +1,76 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + */ + +package com.tencent.devops.auth.resources + +import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO +import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO +import com.tencent.devops.auth.api.callback.OpenAuthResourceCallBackResource +import com.tencent.devops.auth.service.ResourceService +import com.tencent.devops.common.api.exception.TokenForbiddenException +import com.tencent.devops.common.auth.api.AuthTokenApi +import com.tencent.devops.common.web.RestResource +import org.slf4j.LoggerFactory +import org.springframework.beans.factory.annotation.Autowired + +@RestResource +class OpenAuthResourceCallBackResourceImpl @Autowired constructor( + val resourceService: ResourceService, + val authTokenApi: AuthTokenApi +) : OpenAuthResourceCallBackResource { + + override fun projectInfo( + callBackInfo: CallbackRequestDTO, + token: String + ): CallbackBaseResponseDTO { + if (!authTokenApi.checkToken(token)) { + logger.warn("auth token check fail: $token") + throw TokenForbiddenException("auth token check fail") + } + return resourceService.getProject(callBackInfo, token) + } + + override fun resourceList( + callBackInfo: CallbackRequestDTO, + token: String + ): CallbackBaseResponseDTO? { + if (!authTokenApi.checkToken(token)) { + logger.warn("auth token check fail: $token") + throw TokenForbiddenException("auth token check fail") + } + logger.info("resourceList: $callBackInfo, token: $token") + return resourceService.getInstanceByResource( + callBackInfo = callBackInfo, + token = token + ) + } + + companion object { + private val logger = LoggerFactory.getLogger(OpenAuthResourceCallBackResourceImpl::class.java) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/AuthResourceCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt similarity index 89% rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/AuthResourceCallBackResourceImpl.kt rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt index 74014fdb68d..a3865434745 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/AuthResourceCallBackResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt @@ -30,16 +30,16 @@ package com.tencent.devops.auth.resources import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO -import com.tencent.devops.auth.api.callback.AuthResourceCallBackResource +import com.tencent.devops.auth.api.callback.ServiceAuthResourceCallBackResource import com.tencent.devops.auth.service.ResourceService import com.tencent.devops.common.web.RestResource import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired @RestResource -class AuthResourceCallBackResourceImpl @Autowired constructor( +class ServiceAuthResourceCallBackResourceImpl @Autowired constructor( val resourceService: ResourceService -) : AuthResourceCallBackResource { +) : ServiceAuthResourceCallBackResource { override fun projectInfo( callBackInfo: CallbackRequestDTO, token: String @@ -59,6 +59,6 @@ class AuthResourceCallBackResourceImpl @Autowired constructor( } companion object { - val logger = LoggerFactory.getLogger(AuthResourceCallBackResourceImpl::class.java) + val logger = LoggerFactory.getLogger(ServiceAuthResourceCallBackResourceImpl::class.java) } } From 1fe698ec65e92b60e694b92ba8c37a9889c28b1b Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 6 Feb 2023 14:45:34 +0800 Subject: [PATCH 3/7] =?UTF-8?q?feat:=20=E9=80=9A=E8=BF=87=E7=BD=91?= =?UTF-8?q?=E5=85=B3=E8=BF=9B=E8=A1=8C=E7=9A=84=E8=B7=A8=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B0=83=E7=94=A8,=20=E5=BF=85=E9=A1=BB=E6=90=BA=E5=B8=A6token?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=A0=A1=E9=AA=8C=20#8317?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/gateway/core/lua/auth/auth_op.lua | 4 ++-- src/gateway/core/lua/util/consul_util.lua | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/gateway/core/lua/auth/auth_op.lua b/src/gateway/core/lua/auth/auth_op.lua index b0d578c9d03..e83af90a9ab 100644 --- a/src/gateway/core/lua/auth/auth_op.lua +++ b/src/gateway/core/lua/auth/auth_op.lua @@ -18,7 +18,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI ]] -- 判断是否是白名单 -local service_ip_whitelist = config.service_ip_whitelist +local service_ip_whitelist = consulUtil.getAllWhitelistIp() local isInServiceWhitelist = false -- 白名单为空的时候 if next(service_ip_whitelist) ~= nil then @@ -43,4 +43,4 @@ local ticket = oauthUtil:get_ticket(bk_token) ngx.header["x-devops-uid"] = ticket.identity.username ngx.header["x-devops-bk-token"] = bk_token ngx.header["x-devops-access-token"] = ticket.access_token -ngx.exit(200) \ No newline at end of file +ngx.exit(200) diff --git a/src/gateway/core/lua/util/consul_util.lua b/src/gateway/core/lua/util/consul_util.lua index 6826dd48345..9aa815ee45e 100644 --- a/src/gateway/core/lua/util/consul_util.lua +++ b/src/gateway/core/lua/util/consul_util.lua @@ -24,7 +24,9 @@ function _M:getAllWhitelistIp() ip_whitelist = {config.service_ip_whitelist} else for k, v in ipairs(config.service_ip_whitelist) do - table.insert(ip_whitelist, v) + if v ~= "" then + table.insert(ip_whitelist, v) + end end end From b1dde66da09bcd00644d965ee702eea56165b4d1 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 6 Feb 2023 14:59:30 +0800 Subject: [PATCH 4/7] =?UTF-8?q?feat:=20=E9=80=9A=E8=BF=87=E7=BD=91?= =?UTF-8?q?=E5=85=B3=E8=BF=9B=E8=A1=8C=E7=9A=84=E8=B7=A8=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B0=83=E7=94=A8,=20=E5=BF=85=E9=A1=BB=E6=90=BA=E5=B8=A6token?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=A0=A1=E9=AA=8C=20#8317?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/gateway/core/lua/util/consul_util.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gateway/core/lua/util/consul_util.lua b/src/gateway/core/lua/util/consul_util.lua index 9aa815ee45e..feee2e62110 100644 --- a/src/gateway/core/lua/util/consul_util.lua +++ b/src/gateway/core/lua/util/consul_util.lua @@ -30,7 +30,7 @@ function _M:getAllWhitelistIp() end end - if #ip_whitelist ~= 1 then + if #ip_whitelist > 1 then -- 获取灰度设置 local ns_config = nil if ngx.var.devops_region ~= "DEVNET" then From 69e66eda9b19d84df441516f21127bd74d96827d Mon Sep 17 00:00:00 2001 From: mingshewhe Date: Mon, 6 Feb 2023 15:40:07 +0800 Subject: [PATCH 5/7] =?UTF-8?q?feat:=20=E9=80=9A=E8=BF=87=E7=BD=91?= =?UTF-8?q?=E5=85=B3=E8=BF=9B=E8=A1=8C=E7=9A=84=E8=B7=A8=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B0=83=E7=94=A8,=20=E5=BF=85=E9=A1=BB=E6=90=BA=E5=B8=A6token?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=A0=A1=E9=AA=8C=20#8317?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../bkiam/0003_resouce_20211221_iam-v1.7.json | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/support-files/bkiam/0003_resouce_20211221_iam-v1.7.json b/support-files/bkiam/0003_resouce_20211221_iam-v1.7.json index a26b03685c3..32c45a3f09b 100644 --- a/support-files/bkiam/0003_resouce_20211221_iam-v1.7.json +++ b/support-files/bkiam/0003_resouce_20211221_iam-v1.7.json @@ -23,7 +23,7 @@ "name_en": "Project", "parents": [], "provider_config": { - "path": "/api/service/auth/resource/projects" + "path": "/api/open/auth/resource/projects" }, "version": 1 } @@ -36,7 +36,7 @@ "name_en": "Pipeline", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -49,7 +49,7 @@ "name_en": "Repository", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -62,7 +62,7 @@ "name_en": "Credential", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -75,7 +75,7 @@ "name_en": "Cert", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -88,7 +88,7 @@ "name_en": "Environment", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -101,7 +101,7 @@ "name_en": "Node", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -114,7 +114,7 @@ "name_en": "Custom_dir", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -127,7 +127,7 @@ "name_en": "Rule", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } @@ -140,7 +140,7 @@ "name_en": "Quality Group", "parents": [{"system_id": "bk_ci", "id": "project"}], "provider_config": { - "path": "/api/service/auth/resource/instances/list" + "path": "/api/open/auth/resource/instances/list" }, "version": 1 } From 73606babbe6241a1c7ac947e31b3257f80dd549a Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 6 Feb 2023 20:04:32 +0800 Subject: [PATCH 6/7] =?UTF-8?q?feat:=20=E9=80=9A=E8=BF=87=E7=BD=91?= =?UTF-8?q?=E5=85=B3=E8=BF=9B=E8=A1=8C=E7=9A=84=E8=B7=A8=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B0=83=E7=94=A8,=20=E5=BF=85=E9=A1=BB=E6=90=BA=E5=B8=A6token?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=A0=A1=E9=AA=8C=20#8317?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../buildless/biz-buildless/build.gradle.kts | 2 +- .../devops/buildless/client/DispatchClient.kt | 5 ++-- .../common/common-archive/build.gradle.kts | 1 + .../common/archive/client/BkRepoClient.kt | 29 ++++++++++++++++--- .../common/security/util/EnvironmentUtil.kt | 7 +++++ .../devops/common/web/FeignConfiguration.kt | 6 ++-- .../apigw/v3/ApigwLogResourceV3Impl.kt | 7 +++-- .../apigw/v4/ApigwLogResourceV4Impl.kt | 5 ++-- .../devops/stream/service/StreamLogService.kt | 7 +++-- 9 files changed, 48 insertions(+), 21 deletions(-) diff --git a/src/backend/ci/core/buildless/biz-buildless/build.gradle.kts b/src/backend/ci/core/buildless/biz-buildless/build.gradle.kts index 4cacc67a73d..a52579653f9 100644 --- a/src/backend/ci/core/buildless/biz-buildless/build.gradle.kts +++ b/src/backend/ci/core/buildless/biz-buildless/build.gradle.kts @@ -32,7 +32,7 @@ dependencies { api(project(":core:common:common-web")) api(project(":core:common:common-redis")) api(project(":core:log:api-log")) - + api(project(":core:common:common-security")) api("com.github.docker-java:docker-java") api("com.github.docker-java:docker-java-transport-okhttp") implementation("com.github.oshi:oshi-core") diff --git a/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt b/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt index 34af20baf49..fbb1fb98c00 100644 --- a/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt +++ b/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt @@ -37,6 +37,7 @@ import com.tencent.devops.common.api.pojo.ErrorCode import com.tencent.devops.common.api.pojo.ErrorType import com.tencent.devops.common.api.util.JsonUtil import com.tencent.devops.common.api.util.OkhttpUtils +import com.tencent.devops.common.security.util.EnvironmentUtil import com.tencent.devops.common.service.BkTag import com.tencent.devops.common.service.config.CommonConfig import com.tencent.devops.dispatch.docker.pojo.DockerIpInfoVO @@ -56,9 +57,6 @@ class DispatchClient @Autowired constructor( private val commonConfig: CommonConfig, private val bkTag: BkTag ) { - @Value("\${auth.gateway.devopsToken:#{null}}") - private val devopsToken: String? = null - fun updateContainerId(buildLessTask: BuildLessTask, containerId: String) { val path = "/ms/dispatch-docker/api/service/dockerhost/builds/${buildLessTask.buildId}/vmseqs" + "/${buildLessTask.vmSeqId}?containerId=$containerId" @@ -182,6 +180,7 @@ class DispatchClient @Autowired constructor( } val headers = mutableMapOf(AUTH_HEADER_GATEWAY_TAG to gatewayHeaderTag) // 新增devopsToken给网关校验 + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { headers["X-DEVOPS-TOKEN"] = devopsToken } diff --git a/src/backend/ci/core/common/common-archive/build.gradle.kts b/src/backend/ci/core/common/common-archive/build.gradle.kts index 8caf8772088..7f639d8694b 100644 --- a/src/backend/ci/core/common/common-archive/build.gradle.kts +++ b/src/backend/ci/core/common/common-archive/build.gradle.kts @@ -36,4 +36,5 @@ dependencies { api(project(":core:common:common-pipeline")) api("com.tencent.bk.repo:api-generic") api("com.tencent.bk.repo:api-repository") + api(project(":core:common:common-security")) } diff --git a/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt b/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt index 080cea5f769..fd6c252909f 100644 --- a/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt +++ b/src/backend/ci/core/common/common-archive/src/main/kotlin/com/tencent/devops/common/archive/client/BkRepoClient.kt @@ -71,6 +71,7 @@ import com.tencent.devops.common.archive.pojo.QueryData import com.tencent.devops.common.archive.util.PathUtil import com.tencent.devops.common.archive.util.STREAM_BUFFER_SIZE import com.tencent.devops.common.archive.util.closeQuietly +import com.tencent.devops.common.security.util.EnvironmentUtil import com.tencent.devops.common.service.config.CommonConfig import com.tencent.devops.common.service.utils.HomeHostUtil import okhttp3.Credentials @@ -80,7 +81,6 @@ import okhttp3.Request import okhttp3.RequestBody import okio.BufferedSink import org.slf4j.LoggerFactory -import org.springframework.beans.factory.annotation.Value import org.springframework.data.domain.Sort.Direction import org.springframework.stereotype.Component import org.springframework.util.FileCopyUtils @@ -99,9 +99,6 @@ class BkRepoClient constructor( private val commonConfig: CommonConfig, private val bkRepoClientConfig: BkRepoClientConfig ) { - @Value("\${auth.gateway.devopsToken:#{null}}") - private val devopsToken: String? = null - private fun getGatewayUrl(): String { return HomeHostUtil.getHost(commonConfig.devopsIdcGateway!!) } @@ -132,6 +129,7 @@ class BkRepoClient constructor( displayName = projectId, description = projectId ) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url("${getGatewayUrl()}/bkrepo/api/service/repository/api/project") .header(BK_REPO_UID, userId) @@ -162,6 +160,7 @@ class BkRepoClient constructor( description = "storage for devops ci $repoName", storageCredentialsKey = storageCredentialsKey ) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url("${getGatewayUrl()}/bkrepo/api/service/repository/api/repo") .header(BK_REPO_UID, userId) @@ -179,6 +178,7 @@ class BkRepoClient constructor( fun getFileSize(userId: String, projectId: String, repoName: String, path: String): NodeSizeInfo { logger.info("getFileSize, userId: $userId, projectId: $projectId, repoName: $repoName, path: $path") val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/size/$projectId/$repoName/$path" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -198,6 +198,7 @@ class BkRepoClient constructor( val requestData = UserMetadataSaveRequest( metadata = metadata ) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -215,6 +216,7 @@ class BkRepoClient constructor( fun listMetadata(userId: String, projectId: String, repoName: String, path: String): Map { logger.info("listMetadata, userId: $userId, projectId: $projectId, repoName: $repoName, path: $path") val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/metadata/$projectId/$repoName/$path" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -240,6 +242,7 @@ class BkRepoClient constructor( ) val url = "${getGatewayUrl()}/bkrepo/api/service/generic/list/$projectId/$repoName/$path" + "?deep=$deep&includeFolder=$includeFolders" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -269,6 +272,7 @@ class BkRepoClient constructor( val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/page/$projectId/$repoName/$path" + "?deep=$deep&includeFolder=$includeFolders&includeMetadata=true&pageNumber=$page&pageSize=$pageSize" + "&sortProperty=lastModifiedDate&direction=$direction" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -333,6 +337,7 @@ class BkRepoClient constructor( header[BK_REPO_UID] = userId header[AUTH_HEADER_DEVOPS_PROJECT_ID] = projectId header[BK_REPO_OVERRIDE] = "true" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { header["X-DEVOPS-TOKEN"] = devopsToken } @@ -391,6 +396,7 @@ class BkRepoClient constructor( header[BK_REPO_UID] = userId header[AUTH_HEADER_DEVOPS_PROJECT_ID] = projectId header[BK_REPO_OVERRIDE] = "true" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { header["X-DEVOPS-TOKEN"] = devopsToken } @@ -414,6 +420,7 @@ class BkRepoClient constructor( fun delete(userId: String, projectId: String, repoName: String, path: String) { logger.info("delete, userId: $userId, projectId: $projectId, repoName: $repoName, path: $path") val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/$projectId/$repoName/$path" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -427,6 +434,7 @@ class BkRepoClient constructor( fun deleteNode(userName: String, projectId: String, repoName: String, path: String, authorization: String) { logger.info("delete, projectId: $projectId, repoName: $repoName, path: $path") val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/delete/$projectId/$repoName/$path" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header("Authorization", authorization) @@ -453,6 +461,7 @@ class BkRepoClient constructor( destFullPath = toPath, overwrite = true ) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -490,6 +499,7 @@ class BkRepoClient constructor( destFullPath = toPath, overwrite = true ) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -511,6 +521,7 @@ class BkRepoClient constructor( ) val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/rename" val requestData = UserNodeRenameRequest(projectId, repoName, fromPath, toPath) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -528,6 +539,7 @@ class BkRepoClient constructor( fun mkdir(userId: String, projectId: String, repoName: String, path: String) { logger.info("mkdir, path: $path") val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/$projectId/$repoName/$path" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -546,6 +558,7 @@ class BkRepoClient constructor( "%23" ) }" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -624,6 +637,7 @@ class BkRepoClient constructor( BK_REPO_UID to userId, AUTH_HEADER_DEVOPS_PROJECT_ID to projectId ) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { headers["X-DEVOPS-TOKEN"] = devopsToken } @@ -642,6 +656,7 @@ class BkRepoClient constructor( outputStream: OutputStream ) { val url = "${getGatewayUrl()}/bkrepo/api/service/generic/$projectId/$repoName/${fullPath.removePrefix("/")}" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder().url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) @@ -763,6 +778,7 @@ class BkRepoClient constructor( expireSeconds = timeoutInSeconds ) val requestBody = objectMapper.writeValueAsString(requestData) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, creatorId) @@ -794,6 +810,7 @@ class BkRepoClient constructor( type = type ) val requestBody = objectMapper.writeValueAsString(requestData) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder().url(url) .header(BK_REPO_UID, userId) .header(AUTH_HEADER_DEVOPS_PROJECT_ID, projectId) @@ -834,6 +851,7 @@ class BkRepoClient constructor( type = TokenType.DOWNLOAD ) val requestBody = objectMapper.writeValueAsString(requestData) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) @@ -1042,6 +1060,7 @@ class BkRepoClient constructor( expires: Int ) { logger.info("update , userId:$userId, projectId:$projectId , repo:$repoName , path:$path , expires:$expires") + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url("${getGatewayUrl()}/bkrepo/api/service/repository/api/node/update/$projectId/$repoName/$path") .header(BK_REPO_UID, userId) @@ -1066,6 +1085,7 @@ class BkRepoClient constructor( ): PackageVersionInfo { val url = "${getGatewayUrl()}/bkrepo/api/service/docker/ext/version/detail/$projectId/$repoName" + "?packageKey=$packageKey&version=$version" + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder().url(url).header(BK_REPO_UID, userId) .let { if (null == devopsToken) it else it.header("X-DEVOPS-TOKEN", devopsToken) }.get().build() return doRequest(request).resolveResponse>()!!.data!! @@ -1087,6 +1107,7 @@ class BkRepoClient constructor( val url = "${getGatewayUrl()}/bkrepo/api/service/repository/api/node/search" val requestBody = objectMapper.writeValueAsString(queryModel) logger.info("requestBody: $requestBody") + val devopsToken = EnvironmentUtil.gatewayDevopsToken() val request = Request.Builder() .url(url) .header(BK_REPO_UID, userId) diff --git a/src/backend/ci/core/common/common-security/src/main/kotlin/com/tencent/devops/common/security/util/EnvironmentUtil.kt b/src/backend/ci/core/common/common-security/src/main/kotlin/com/tencent/devops/common/security/util/EnvironmentUtil.kt index be7c35f2a87..5297e3416d7 100644 --- a/src/backend/ci/core/common/common-security/src/main/kotlin/com/tencent/devops/common/security/util/EnvironmentUtil.kt +++ b/src/backend/ci/core/common/common-security/src/main/kotlin/com/tencent/devops/common/security/util/EnvironmentUtil.kt @@ -104,5 +104,12 @@ class EnvironmentUtil : ApplicationContextAware { } return false } + + /** + * 获取gateway定义的devopsToken + */ + fun gatewayDevopsToken(): String? { + return applicationContext?.environment?.getProperty("auth.gateway.devopsToken") + } } } diff --git a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt index 2ad1b658eb0..c6ce76c5afc 100644 --- a/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt +++ b/src/backend/ci/core/common/common-web/src/main/kotlin/com/tencent/devops/common/web/FeignConfiguration.kt @@ -30,13 +30,13 @@ package com.tencent.devops.common.web import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_JWT_TOKEN import com.tencent.devops.common.api.auth.AUTH_HEADER_GATEWAY_TAG import com.tencent.devops.common.security.jwt.JwtManager +import com.tencent.devops.common.security.util.EnvironmentUtil import com.tencent.devops.common.service.BkTag import com.tencent.devops.common.service.trace.TraceTag import feign.RequestInterceptor import org.slf4j.LoggerFactory import org.slf4j.MDC import org.springframework.beans.factory.annotation.Autowired -import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Primary @@ -49,9 +49,6 @@ class FeignConfiguration @Autowired constructor( ) { private val logger = LoggerFactory.getLogger(FeignConfiguration::class.java) - @Value("\${auth.gateway.devopsToken:#{null}}") - private val devopsToken: String? = null - /** * feign调用拦截器 */ @@ -81,6 +78,7 @@ class FeignConfiguration @Autowired constructor( } // 新增devopsToken给网关校验 + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { requestTemplate.header("X-DEVOPS-TOKEN", devopsToken) } diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt index f5c06337460..6f2c2cd5151 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v3/ApigwLogResourceV3Impl.kt @@ -35,6 +35,7 @@ import com.tencent.devops.common.client.Client import com.tencent.devops.common.log.pojo.QueryLogLineNum import com.tencent.devops.common.log.pojo.QueryLogStatus import com.tencent.devops.common.log.pojo.QueryLogs +import com.tencent.devops.common.security.util.EnvironmentUtil import com.tencent.devops.common.web.RestResource import com.tencent.devops.log.api.ServiceLogResource import com.tencent.devops.openapi.api.apigw.v3.ApigwLogResourceV3 @@ -52,9 +53,6 @@ class ApigwLogResourceV3Impl @Autowired constructor( @Value("\${devopsGateway.api:#{null}}") private val gatewayUrl: String? = "" - @Value("\${auth.gateway.devopsToken:#{null}}") - private val devopsToken: String? = null - override fun getInitLogs( appCode: String?, apigwType: String?, @@ -169,9 +167,12 @@ class ApigwLogResourceV3Impl @Autowired constructor( if (!jobId.isNullOrBlank()) path.append("&jobId=$jobId") val headers = mutableMapOf(AUTH_HEADER_USER_ID to userId, AUTH_HEADER_PROJECT_ID to projectId) + + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { headers["X-DEVOPS-TOKEN"] = devopsToken } + val response = OkhttpUtils.doLongGet( url = path.toString(), headers = headers diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt index b7f452c57b3..4f5370ff0d2 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwLogResourceV4Impl.kt @@ -36,6 +36,7 @@ import com.tencent.devops.common.client.Client import com.tencent.devops.common.log.pojo.QueryLogLineNum import com.tencent.devops.common.log.pojo.QueryLogStatus import com.tencent.devops.common.log.pojo.QueryLogs +import com.tencent.devops.common.security.util.EnvironmentUtil import com.tencent.devops.common.web.RestResource import com.tencent.devops.log.api.ServiceLogResource import com.tencent.devops.openapi.api.apigw.v4.ApigwLogResourceV4 @@ -56,9 +57,6 @@ class ApigwLogResourceV4Impl @Autowired constructor( @Value("\${devopsGateway.api:#{null}}") private val gatewayUrl: String? = "" - @Value("\${auth.gateway.devopsToken:#{null}}") - private val devopsToken: String? = null - override fun getInitLogs( appCode: String?, apigwType: String?, @@ -173,6 +171,7 @@ class ApigwLogResourceV4Impl @Autowired constructor( if (!tag.isNullOrBlank()) path.append("&tag=$tag") if (!jobId.isNullOrBlank()) path.append("&jobId=$jobId") val headers = mutableMapOf(AUTH_HEADER_USER_ID to userId, AUTH_HEADER_PROJECT_ID to projectId) + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { headers["X-DEVOPS-TOKEN"] = devopsToken } diff --git a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt index 4726fdbc9f3..c53121b9e98 100644 --- a/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt +++ b/src/backend/ci/core/stream/biz-stream/src/main/kotlin/com/tencent/devops/stream/service/StreamLogService.kt @@ -32,6 +32,7 @@ import com.tencent.devops.common.api.exception.CustomException import com.tencent.devops.common.api.util.OkhttpUtils import com.tencent.devops.common.client.Client import com.tencent.devops.common.log.pojo.QueryLogs +import com.tencent.devops.common.security.util.EnvironmentUtil import com.tencent.devops.log.api.ServiceLogResource import com.tencent.devops.stream.config.StreamGitConfig import com.tencent.devops.stream.dao.GitPipelineResourceDao @@ -58,9 +59,6 @@ class StreamLogService @Autowired constructor( @Value("\${gateway.url}") private lateinit var gatewayUrl: String - @Value("\${auth.gateway.devopsToken:#{null}}") - private val devopsToken: String? = null - fun getInitLogs( userId: String, gitProjectId: Long, @@ -130,9 +128,12 @@ class StreamLogService @Autowired constructor( if (!jobId.isNullOrBlank()) path.append("&jobId=$jobId") val headers = mutableMapOf(AUTH_HEADER_USER_ID to userId) + + val devopsToken = EnvironmentUtil.gatewayDevopsToken() if (devopsToken != null) { headers["X-DEVOPS-TOKEN"] = devopsToken } + val response = OkhttpUtils.doLongGet(path.toString(), headers) return Response .ok(response.body()!!.byteStream(), MediaType.APPLICATION_OCTET_STREAM_TYPE) From 55154f2ee42e15022a5130a48c08d5e1ab59acd9 Mon Sep 17 00:00:00 2001 From: stubenhuang Date: Mon, 6 Feb 2023 20:59:12 +0800 Subject: [PATCH 7/7] =?UTF-8?q?feat:=20=E9=80=9A=E8=BF=87=E7=BD=91?= =?UTF-8?q?=E5=85=B3=E8=BF=9B=E8=A1=8C=E7=9A=84=E8=B7=A8=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E8=B0=83=E7=94=A8,=20=E5=BF=85=E9=A1=BB=E6=90=BA=E5=B8=A6token?= =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E6=A0=A1=E9=AA=8C=20#8317?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kotlin/com/tencent/devops/buildless/client/DispatchClient.kt | 1 - 1 file changed, 1 deletion(-) diff --git a/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt b/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt index fbb1fb98c00..4ea9c0eee10 100644 --- a/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt +++ b/src/backend/ci/core/buildless/biz-buildless/src/main/kotlin/com/tencent/devops/buildless/client/DispatchClient.kt @@ -48,7 +48,6 @@ import okhttp3.Request import okhttp3.RequestBody import org.slf4j.LoggerFactory import org.springframework.beans.factory.annotation.Autowired -import org.springframework.beans.factory.annotation.Value import org.springframework.stereotype.Component @Component