2.5.2

.github/workflows/codeql-analysis.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [ master, develop ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [ master, develop ]
   schedule:
     - cron: '22 11 * * 4'
 
@@ -39,11 +39,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/eslint.yml

@@ -0,0 +1,26 @@
+name: ESLint
+
+on:
+  push:
+    branches: [ master, develop, pre_*, ft_* ]
+  pull_request:
+    branches: [ master, develop, pre_*, ft_* ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16
+        cache: 'npm'
+        cache-dependency-path: 'src/pages/yarn.lock'
+    - name: Install modules
+      run: |
+        cd src/pages
+        npm i
+    - name: Run ESLint
+      run: |
+        cd src/pages
+        npx eslint --ext .js,.vue src/

.github/workflows/python-ci.yml

@@ -2,9 +2,9 @@ name: Python CI Check
 
 on:
   push:
-    branches: [ master, develop ]
+    branches: [ master, develop, pre_*, ft_* ]
   pull_request:
-    branches: [ master, develop ]
+    branches: [ master, develop, pre_*, ft_* ]
 
 jobs:
   build:
@@ -14,23 +14,24 @@ jobs:
       matrix:
         python-version: [3.6.14]
         poetry-version: [1.1.7]
-        os: [ubuntu-18.04]
+        os: [ubuntu-20.04]
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
+    - name: Install poetry
+      run: pipx install poetry==${{ matrix.poetry-version }}
+    - name: Export requirements.txt
+      run: poetry export -f requirements.txt --dev --without-hashes -o requirements.txt --no-ansi
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: ${{ matrix.python-version }}
-    - name: Set up Poetry
-      uses: abatilo/[email protected]
-      with:
-        poetry-version: ${{ matrix.poetry-version }}
+        cache: 'pip'
+        cache-dependency-path: 'requirements.txt'
     - name: Install dependencies
-      run: poetry config virtualenvs.create false && poetry install
+      run: pip install -r requirements.txt -i https://pypi.org/simple/
     - name: Lint with flake8
       run: pflake8 src/ --config=pyproject.toml
     - name: Lint with mypy
       run:  mypy src/ --config-file=pyproject.toml
-

.github/workflows/unittest.yml

@@ -2,9 +2,9 @@ name: Unittest
 
 on:
   push:
-    branches: [ master, develop ]
+    branches: [ master, develop, pre_*, ft_* ]
   pull_request:
-    branches: [ master, develop ]
+    branches: [ master, develop, pre_*, ft_*  ]
 
 jobs:
   build:
@@ -13,7 +13,7 @@ jobs:
       matrix:
         python-version: [3.6.14]
         poetry-version: [1.1.7]
-        os: [ubuntu-18.04]
+        os: [ubuntu-20.04]
     runs-on: ${{ matrix.os }}
 
     env:
@@ -23,26 +23,30 @@ jobs:
       DB_PORT: 3306
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: samin/[email protected]
       with:
         mysql version: '5.7'
         mysql database: ${{ env.DB_DATABASE }}
         mysql root password: ${{ env.DB_PASSWORD }}
         mysql user: ${{ env.DB_USER }}
         mysql password: ${{ env.DB_PASSWORD }}
+    - name: Install poetry
+      run: pipx install poetry==${{ matrix.poetry-version }}
+    - name: Export requirements.txt
+      run: |
+        cd src/api/
+        bash bin/export_requirements_txt.sh
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: ${{ matrix.python-version }}
-    - name: Set up Poetry
-      uses: abatilo/[email protected]
-      with:
-        poetry-version: ${{ matrix.poetry-version }}
+        cache: 'pip'
+        cache-dependency-path: 'src/api/requirements.txt'
     - name: Install dependencies
       run: |
         cd src/api/
-        poetry config virtualenvs.create false && bash bin/install_ci_dependencies.sh
+        pip install -r requirements.txt -i https://pypi.org/simple/
     - name: Run api unittest
       env:
         DJANGO_SETTINGS_MODULE: "bkuser_core.config.overlays.unittest"

Makefile

@@ -13,7 +13,7 @@ generate-release-md:
 	mv src/saas/release.md docs/
 
 test:
-	cd src/api && source ./test_env.sh && poetry run pytest bkuser_core/tests --disable-pytest-warnings
+	cd src/api && export DJANGO_SETTINGS_MODULE="bkuser_core.config.overlays.unittest" && poetry run pytest bkuser_core/tests --disable-pytest-warnings
 
 link:
 	rm src/api/bkuser_global || true

pyproject.toml

@@ -2,10 +2,10 @@
 name = "蓝鲸用户管理"
 version = "2.3.3"
 description = "project description file for ci"
-authors = ["IMBlues <bluesedenyu@gmail.com>"]
+authors = ["TencentBlueKing <contactus_bk@tencent.com>"]
 
 [tool.poetry.dependencies]
-python = "3.6.14"
+python = "^3.8"
 apigw-manager = "^1.0.3"
 
 [tool.poetry.dev-dependencies]
@@ -14,8 +14,8 @@ black = "^22.3.0"
 # isort
 isort = "^5.9.2"
 # flake8
-pyproject-flake8 = "^0.0.1-alpha.2"
-flake8-comprehensions = "^3.5.0"
+pyproject-flake8 = "0.0.1-alpha.2"
+flake8-comprehensions = "3.5.0"
 # pytest
 pytest = "^6.2.4"
 pytest-django = "^3.9.0"
@@ -39,6 +39,7 @@ exclude = '''
   | .+/migrations
   | .+/sdk
   | .+/node_modules
+  | .+/build
 )/
 '''
 
@@ -59,7 +60,7 @@ format = "pylint"
 show_source = "true"
 statistics = "true"
 count = "true"
-exclude = "*migrations*,*.pyc,.git,__pycache__,*/node_modules/*,*/templates_module*,*/bin/*,*/config/*,*sdk*"
+exclude = "*migrations*,*.pyc,.git,__pycache__,*/node_modules/*,*/templates_module*,*/bin/*,*/config/*,*sdk*,*build*"
 
 [tool.mypy]
 ignore_missing_imports = true
@@ -70,6 +71,7 @@ pretty=true
 exclude = '''(?x)(
     instrumentor\.py$
     | otel\.py$
+    | src/build/.*\.py$
 )'''
 
 [[tool.mypy.overrides]]
@@ -78,5 +80,6 @@ module = [
     "*.config.*",
     "bkuser_sdk.*",
     "*.bkuser_sdk.*",
+    "*.build.*",
 ]
 ignore_errors = true

src/api/bin/install_ci_dependencies.sh → src/api/bin/export_requirements_txt.sh

@@ -6,5 +6,3 @@ sed -i '/^--extra-index-url*/d' requirements.txt
 sed -i '/gevent/d' requirements.txt
 sed -i '/greenlet/d' requirements.txt
 sed -i '/gunicorn/d' requirements.txt
-
-pip install -r requirements.txt -i https://pypi.org/simple/

src/api/bkuser_core/api/login/serializers.py

@@ -85,6 +85,8 @@ class Meta:
             "status",
             "time_zone",
             "language",
+            "domain",
+            "category_id",
             # NOTE: 这里缩减登陆成功之后的展示字段
             # "position",
             # "logo_url", => to logo?

src/api/bkuser_core/api/login/views.py

@@ -102,8 +102,8 @@ def login(self, request):
 
         time_aware_now = now()
         config_loader = ConfigProvider(category_id=category.id)
-        # Admin 用户只需直接判断 密码是否正确 (只有本地目录有密码配置)
-        if not profile.is_superuser and category.type in [CategoryType.LOCAL.value]:
+        # 由于安全检测等原因，取消原先对admin用户的检查豁免
+        if category.type in [CategoryType.LOCAL.value]:
 
             # 判断账户状态
             if profile.status in [

src/api/bkuser_core/api/web/audit/serializers.py

@@ -11,10 +11,12 @@
 import datetime
 from typing import Optional
 
+from django.utils import timezone
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers
 
 from .constants import LOGIN_FAILED_REASON_MAP, OPERATION_ABOUT_PASSWORD, OPERATION_NAME_MAP, OPERATION_OBJ_NAME_MAP
+from bkuser_core.profiles.models import Profile
 
 PLACE_HOLDER = "--"
 
@@ -35,6 +37,7 @@ class GeneralLogListInputSLZ(LogListInputSLZ):
 class GeneralLogOutputSLZ(serializers.Serializer):
     id = serializers.IntegerField(help_text=_("ID"))
     extra_value = serializers.JSONField(help_text=_("额外信息"))
+    display_name = serializers.CharField(help_text=_("用户全名"), read_only=True)
     operator = serializers.CharField(help_text=_("操作者"))
     create_time = serializers.DateTimeField(help_text=_("创建时间"))
     status = serializers.CharField(help_text=_("状态"))
@@ -57,12 +60,15 @@ def to_representation(self, obj):
 
         category_id = extra_value.get("category_id")
         category_display_name = category_name_map.get(category_id, PLACE_HOLDER)
+        operator_profile = Profile.objects.filter(username=obj.operator).first()
+        display_name = operator_profile.display_name if operator_profile else ""
 
         return {
             "datetime": datetime.datetime.strptime(instance["create_time"], "%Y-%m-%dT%H:%M:%S.%fZ"),
             "operator": instance["operator"],
             "target_obj": instance["target_obj"],
             "category_display_name": category_display_name,
+            "display_name": display_name,
             "operation": instance["operation"],
             "client_ip": extra_value.get("client_ip", PLACE_HOLDER),
         }
@@ -79,14 +85,16 @@ class LoginLogOutputSLZ(serializers.Serializer):
     # datetime = serializers.CharField(source="create_time", help_text=_("登录时间"), required=False)
     is_success = serializers.BooleanField(help_text=_("是否登录成功"), required=False)
     username = serializers.CharField(help_text=_("登录用户"), source="profile.username")
-
+    display_name = serializers.CharField(help_text=_("用户全名"), source="profile.display_name")
     datetime = serializers.SerializerMethodField(help_text=_("登录时间"), required=False)
     category_display_name = serializers.SerializerMethodField(help_text=_("所属目录"), required=False)
     client_ip = serializers.SerializerMethodField(help_text=_("客户端 IP"), required=False)
     reason = serializers.SerializerMethodField(help_text=_("失败原因"), required=False)
 
     def get_datetime(self, obj):
-        return obj.create_time
+        # 转换成本地时间
+        local_time = timezone.localtime(obj.create_time)
+        return local_time.strftime("%Y-%m-%d %H:%M:%S")
 
     def get_reason(self, obj) -> Optional[str]:
         """get reason display name"""
@@ -132,7 +140,8 @@ def get_reason(self, obj) -> Optional[str]:
         """get reason display name"""
         if obj.is_success:
             return None
-        return LOGIN_FAILED_REASON_MAP.get(obj.reason, _("未知失败原因"))
+        # bugfix: ugettext_lazy
+        return str(LOGIN_FAILED_REASON_MAP.get(obj.reason, _("未知失败原因")))
 
     def get_datetime(self, obj):
         return obj.create_time.strftime("%Y-%m-%dT%H:%M:%S.%fZ")

src/api/bkuser_core/api/web/category/serializers.py

@@ -192,6 +192,10 @@ class CategoryFileImportInputSLZ(serializers.Serializer):
     file = serializers.FileField(required=False)
 
 
+class CategoryFileImportQuerySLZ(serializers.Serializer):
+    is_overwrite = serializers.BooleanField(required=False, default=False)
+
+
 class CategorySyncResponseOutputSLZ(serializers.Serializer):
     task_id = serializers.CharField(help_text="task_id for the sync job.")