diff --git a/CHANGELOG/en/CHANGELOG-2.0.md b/CHANGELOG/en/CHANGELOG-2.0.md
index a539a7887a1..c93f53b828b 100644
--- a/CHANGELOG/en/CHANGELOG-2.0.md
+++ b/CHANGELOG/en/CHANGELOG-2.0.md
@@ -1,14 +1,14 @@
-- [v2.0.3](#v2032024-05-28)
+- [v2.0.3](#v203)
- [Changelog since v2.0.2](#changelog-since-v202)
-- [v2.0.2](#v2022024-03-04)
+- [v2.0.2](#v202)
- [Changelog since v2.0.1](#changelog-since-v201)
-- [v2.0.1](#v2012024-03-01)
+- [v2.0.1](#v201)
- [Changelog since v2.0.0](#changelog-since-v200)
-- [v2.0.0](#v2002024-01-02)
+- [v2.0.0](#v200)
- [Changelog since v1.14.0](#changelog-since-v1140)
@@ -16,7 +16,8 @@
-# v2.0.3(2024-05-28)
+# v2.0.3
+## 2024-05-28
## Changelog since v2.0.2
#### New
- [New] Modification of the login failure pop-up window specification [link](http://github.com/TencentBlueKing/bk-ci/issues/8125)
@@ -25,17 +26,20 @@
- [Fix] Open source community, the open source version of the project management interface needs to be authorized [link](http://github.com/TencentBlueKing/bk-ci/issues/10382)
- [Fix] The front end of the community version of the simple permission center should hide the maximum authorization scope [link](http://github.com/TencentBlueKing/bk-ci/issues/10040)
-# v2.0.2(2024-03-04)
+# v2.0.2
+## 2024-03-04
## Changelog since v2.0.1
#### New
- [New] Initialize bkrepo to modify httpSchema [link](http://github.com/TencentBlueKing/bk-ci/issues/10056)
-# v2.0.1(2024-03-01)
+# v2.0.1
+## 2024-03-01
## Changelog since v2.0.0
#### Fixes
- [Fix] Fix the problem of new project failure [link](http://github.com/TencentBlueKing/bk-ci/issues/10045)
-# v2.0.0(2024-01-02)
+# v2.0.0
+## 2024-01-02
## Changelog since v1.14.0
#### New
- [New] Support the authority center RBAC [link](http://github.com/TencentBlueKing/bk-ci/issues/7794)
diff --git a/CHANGELOG/en/CHANGELOG-2.1.md b/CHANGELOG/en/CHANGELOG-2.1.md
index 44c1aefa894..b45b5f1f789 100644
--- a/CHANGELOG/en/CHANGELOG-2.1.md
+++ b/CHANGELOG/en/CHANGELOG-2.1.md
@@ -1,32 +1,32 @@
-- [v2.1.3](#v2132024-05-28)
+- [v2.1.3](#v213)
- [Changelog since v2.1.2](#changelog-since-v212)
-- [v2.1.2](#v2122024-05-20)
+- [v2.1.2](#v212)
- [Changelog since v2.1.1](#changelog-since-v211)
-- [v2.1.1](#v2112024-04-26)
+- [v2.1.1](#v211)
- [Changelog since v2.1.0](#changelog-since-v210)
-- [v2.1.0](#v2102024-04-22)
+- [v2.1.0](#v210)
- [Changelog since v2.0.0](#changelog-since-v200)
-- [v2.1.0-rc.6](#v210-rc62024-04-19)
+- [v2.1.0-rc.6](#v210-rc6)
- [Changelog since v2.1.0-rc.5](#changelog-since-v210-rc5)
-- [v2.1.0-rc.5](#v210-rc52024-04-10)
+- [v2.1.0-rc.5](#v210-rc5)
- [Changelog since v2.1.0-rc.4](#changelog-since-v210-rc4)
-- [v2.1.0-rc.4](#v210-rc42024-03-22)
+- [v2.1.0-rc.4](#v210-rc4)
- [Changelog since v2.1.0-rc.3](#changelog-since-v210-rc3)
-- [v2.1.0-rc.3](#v210-rc32024-03-07)
+- [v2.1.0-rc.3](#v210-rc3)
- [Changelog since v2.1.0-rc.2](#changelog-since-v210-rc2)
-- [v2.1.0-rc.2](#v210-rc22024-02-22)
+- [v2.1.0-rc.2](#v210-rc2)
- [Changelog since v2.1.0-rc.1](#changelog-since-v210-rc1)
-- [v2.1.0-rc.1](#v210-rc12024-01-16)
+- [v2.1.0-rc.1](#v210-rc1)
- [Changelog since v2.0.0](#changelog-since-v200)
@@ -34,7 +34,8 @@
-# v2.1.3(2024-05-28)
+# v2.1.3
+## 2024-05-28
## Changelog since v2.1.2
#### New
- [New] Modification of the login failure pop-up window specification [link](http://github.com/TencentBlueKing/bk-ci/issues/8125)
@@ -42,17 +43,20 @@
#### Fixes
- [Fix] Open source community, the open source version of the project management interface needs to be authorized [ link ](http://github.com/TencentBlueKing/bk-ci/issues/10382)
-# v2.1.2(2024-05-20)
+# v2.1.2
+## 2024-05-20
## Changelog since v2.1.1
#### Fixes
- [Fix] [Community] Listing failure & white screen issue on pipeline execution page [v2.1.0+] [Link](http://github.com/TencentBlueKing/bk-ci/issues/10357)
-# v2.1.1(2024-04-26)
+# v2.1.1
+## 2024-04-26
## Changelog since v2.1.0
#### Fixes
- [Fix] Failed to start the process service in version 2.1 [link](http://github.com/TencentBlueKing/bk-ci/issues/10271)
-# v2.1.0(2024-04-22)
+# v2.1.0
+## 2024-04-22
## Changelog since v2.0.0
#### New
- [New] Docker build machine supports extended resource scheduling [link](http://github.com/TencentBlueKing/bk-ci/issues/10162)
@@ -325,7 +329,8 @@
- [Fix] DevCloud login debugging, window size cannot adapt [link](http://github.com/TencentBlueKing/bk-ci/issues/9418)
- [Fix] Shared credentials do not need to rely on plugin sensitive interface permission verification [link](http://github.com/TencentBlueKing/bk-ci/issues/9398)
-# v2.1.0-rc.6(2024-04-19)
+# v2.1.0-rc.6
+## 2024-04-19
## Changelog since v2.1.0-rc.5
#### New
- [New] Docker build machine supports extended resource scheduling [link](http://github.com/TencentBlueKing/bk-ci/issues/10162)
@@ -351,7 +356,8 @@
- [Fix] Under the stream pipeline, refreshing the page loads the full list [link](http://github.com/TencentBlueKing/bk-ci/issues/10152)
- [Fix] Fix the special symbol escape problem in permission application jump [link](http://github.com/TencentBlueKing/bk-ci/issues/10188)
-# v2.1.0-rc.5(2024-04-10)
+# v2.1.0-rc.5
+## 2024-04-10
## Changelog since v2.1.0-rc.4
#### New
- [New] Create/edit project openapi and add mandatory check for operational products [link](http://github.com/TencentBlueKing/bk-ci/issues/10088)
@@ -382,7 +388,8 @@
- [Fix] Fix the issue of code base permission loss [link](http://github.com/TencentBlueKing/bk-ci/issues/10131)
- [Fix] Bug in full transfer permissions [link](http://github.com/TencentBlueKing/bk- ci/issues/10117)
-# v2.1.0-rc.4(2024-03-22)
+# v2.1.0-rc.4
+## 2024-03-22
## Changelog since v2.1.0-rc.3
#### New
- [New] Public build machine supports persistent build container scheduling [link](http://github.com/TencentBlueKing/bk-ci/issues/9269)
@@ -406,7 +413,8 @@
- [Fix] When deleting a pipeline, the code base association is not deleted [link](http://github.com/TencentBlueKing/bk-ci/issues/10111)
- [Fix] When the scheduled trigger plug-in checks the latest version of the SVN code base, there is no need to call the session interface [link](http://github.com/TencentBlueKing/bk-ci/issues/10096)
-# v2.1.0-rc.3(2024-03-07)
+# v2.1.0-rc.3
+## 2024-03-07
## Changelog since v2.1.0-rc.2
#### New
- [New] SVN webhook interface switch [link](http://github.com/TencentBlueKing/bk-ci/issues/9302)
@@ -440,7 +448,8 @@
- [Fix] Fix openapi startup error [link](http://github.com/TencentBlueKing/bk-ci/issues/9997)
- [Fix] After renaming the code base, using the old alias to associate the code base will result in an error [link](http://github.com/TencentBlueKing/bk-ci/issues/9984)
-# v2.1.0-rc.2(2024-02-22)
+# v2.1.0-rc.2
+## 2024-02-22
## Changelog since v2.1.0-rc.1
#### New
- [New] Migration logic optimization [link](http://github.com/TencentBlueKing/bk-ci/issues/10014)
@@ -467,7 +476,8 @@
- [Fix] Matrix variables are not replaced after opening new expression [link](http://github.com/TencentBlueKing/bk-ci/issues/9914)
- [Fix] The plugin pauses and the dependent redis cache fails to function properly [link](http://github.com/TencentBlueKing/bk-ci/issues/9913)
-# v2.1.0-rc.1(2024-01-16)
+# v2.1.0-rc.1
+## 2024-01-16
## Changelog since v2.0.0
#### New
- [New] Pipeline archive [link](http://github.com/TencentBlueKing/bk-ci/issues/9397)
diff --git a/CHANGELOG/en/CHANGELOG-3.0.md b/CHANGELOG/en/CHANGELOG-3.0.md
index fc514b2c4ed..077bfeb3e5f 100644
--- a/CHANGELOG/en/CHANGELOG-3.0.md
+++ b/CHANGELOG/en/CHANGELOG-3.0.md
@@ -1,7 +1,7 @@
-- [v3.0.0](#v3002024-09-10)
+- [v3.0.0](#v300)
- [Changelog since v2.1.0](#changelog-since-v210)
-- [v3.0.0-rc.1](#v300-rc12024-09-10)
+- [v3.0.0-rc.1](#v300-rc1)
- [Changelog since v2.1.0](#changelog-since-v210)
@@ -9,7 +9,8 @@
-# v3.0.0(2024-09-10)
+# v3.0.0
+## 2024-09-10
## Changelog since v2.1.0
#### New
##### Pipeline
@@ -224,7 +225,8 @@
- [Fix] Synchronize difference code [link](http://github.com/TencentBlueKing/bk-ci/issues/10319)
- [Fix] Fix npm dependency vulnerability [link](http://github.com/TencentBlueKing/bk-ci/issues/10604)
-# v3.0.0-rc.1(2024-09-10)
+# v3.0.0-rc.1
+## 2024-09-10
## Changelog since v2.1.0
#### New
##### Pipeline
diff --git a/CHANGELOG/genBundledVersionLog.py b/CHANGELOG/genBundledVersionLog.py
index ecee98eb44c..3d887ff5523 100644
--- a/CHANGELOG/genBundledVersionLog.py
+++ b/CHANGELOG/genBundledVersionLog.py
@@ -24,6 +24,7 @@
"requestId": None
}
DEFAULT_LANGUAGE = "zh_CN"
+time_pattern = r'\d{4}-\d{2}-\d{2}'
# 获取版本类型, 0-输出所有版本, 1-输出release版本, 2-输出rc版本
def getVersionType():
@@ -32,20 +33,10 @@ def getVersionType():
versionType = sys.argv[1]
return int(versionType)
-def extract_version_and_time(version_title):
- index = version_title.find("(")
- # 版本号上没有时间戳
- if index == -1:
- version_name = version_title
- date = ""
- else:
- version_name = version_title[0:index]
- date = version_title[index + 1: len(version_title) - 1]
- return version_name, date
-
def extract_title_and_content(changelog_content):
sections_data = []
current_heading = None
+ current_time = ""
current_content = []
lines = changelog_content.split('\n')
@@ -53,16 +44,16 @@ def extract_title_and_content(changelog_content):
line = line.rstrip()
if line.startswith('# '):
if current_heading:
- version_name, time = extract_version_and_time(current_heading)
- sections_data.append((version_name, time , '\n'.join(current_content)))
+ sections_data.append((current_heading, current_time , '\n'.join(current_content)))
current_heading = line[2:]
current_content = []
+ elif line.startswith('## ') and re.search(time_pattern, line) and current_heading:
+ current_time = line[3:]
elif current_heading:
current_content.append(line)
if current_heading:
- version_name, time = extract_version_and_time(current_heading)
- sections_data.append((version_name, time, '\n'.join(current_content)))
+ sections_data.append((current_heading, current_time, '\n'.join(current_content)))
return sections_data
def process(data, path):
diff --git a/CHANGELOG/zh_CN/CHANGELOG-2.0.md b/CHANGELOG/zh_CN/CHANGELOG-2.0.md
index fa6b17b43a1..fd7890931d9 100644
--- a/CHANGELOG/zh_CN/CHANGELOG-2.0.md
+++ b/CHANGELOG/zh_CN/CHANGELOG-2.0.md
@@ -1,17 +1,20 @@
-- [v2.0.4](#v2042024-10-18)
+- [v2.0.5](#v205)
+ - [Changelog since v2.0.4](#changelog-since-v204)
+
+- [v2.0.4](#v204)
- [Changelog since v2.0.3](#changelog-since-v203)
-- [v2.0.3](#v2032024-05-28)
+- [v2.0.3](#v203)
- [Changelog since v2.0.2](#changelog-since-v202)
-- [v2.0.2](#v2022024-03-04)
+- [v2.0.2](#v202)
- [Changelog since v2.0.1](#changelog-since-v201)
-- [v2.0.1](#v2012024-03-01)
+- [v2.0.1](#v201)
- [Changelog since v2.0.0](#changelog-since-v200)
-- [v2.0.0](#v2002024-01-02)
+- [v2.0.0](#v200)
- [Changelog since v1.14.0](#changelog-since-v1140)
@@ -19,12 +22,20 @@
-# v2.0.4(2024-10-18)
+# v2.0.5
+## 2024-10-29
+## Changelog since v2.0.4
+#### 新增
+- [新增] 最大可授权范围更改无效修复 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11153)
+
+# v2.0.4
+## 2024-10-18
## Changelog since v2.0.3
#### 修复
- [修复] 归档报告插件创建token没有实现 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10693)
-# v2.0.3(2024-05-28)
+# v2.0.3
+## 2024-05-28
## Changelog since v2.0.2
#### 新增
- [新增] 登录失效弹窗规范修改 [链接](http://github.com/TencentBlueKing/bk-ci/issues/8125)
@@ -33,17 +44,20 @@
- [修复] 开源社区,项目管理界面 开源版权限需放开 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10382)
- [修复] 社区版simple权限中心前端应该隐藏最大授权范围 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10040)
-# v2.0.2(2024-03-04)
+# v2.0.2
+## 2024-03-04
## Changelog since v2.0.1
#### 新增
- [新增] 初始化bkrepo可以修改httpSchema [链接](http://github.com/TencentBlueKing/bk-ci/issues/10056)
-# v2.0.1(2024-03-01)
+# v2.0.1
+## 2024-03-01
## Changelog since v2.0.0
#### 修复
- [修复] 修复新建项目失败 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10045)
-# v2.0.0(2024-01-02)
+# v2.0.0
+## 2024-01-02
## Changelog since v1.14.0
#### 新增
- [新增] 蓝盾对接权限中心RBAC [链接](http://github.com/TencentBlueKing/bk-ci/issues/7794)
diff --git a/CHANGELOG/zh_CN/CHANGELOG-2.1.md b/CHANGELOG/zh_CN/CHANGELOG-2.1.md
index 927e51142d1..b15d57d8f17 100644
--- a/CHANGELOG/zh_CN/CHANGELOG-2.1.md
+++ b/CHANGELOG/zh_CN/CHANGELOG-2.1.md
@@ -1,35 +1,35 @@
-- [v2.1.4](#v2142024-10-16)
+- [v2.1.4](#v214)
- [Changelog since v2.1.3](#changelog-since-v213)
--[v2.1.3](#v2132024-05-28)
+- [v2.1.3](#v213)
- [Changelog since v2.1.2](#changelog-since-v212)
-- [v2.1.2](#v2122024-05-20)
+- [v2.1.2](#v212)
- [Changelog since v2.1.1](#changelog-since-v211)
-- [v2.1.1](#v2112024-04-26)
+- [v2.1.1](#v211)
- [Changelog since v2.1.0](#changelog-since-v210)
-- [v2.1.0](#v2102024-04-22)
+- [v2.1.0](#v210)
- [Changelog since v2.0.0](#changelog-since-v200)
-- [v2.1.0-rc.6](#v210-rc62024-04-19)
+- [v2.1.0-rc.6](#v210-rc6)
- [Changelog since v2.1.0-rc.5](#changelog-since-v210-rc5)
-- [v2.1.0-rc.5](#v210-rc52024-04-10)
+- [v2.1.0-rc.5](#v210-rc5)
- [Changelog since v2.1.0-rc.4](#changelog-since-v210-rc4)
-- [v2.1.0-rc.4](#v210-rc42024-03-22)
+- [v2.1.0-rc.4](#v210-rc4)
- [Changelog since v2.1.0-rc.3](#changelog-since-v210-rc3)
-- [v2.1.0-rc.3](#v210-rc32024-03-07)
+- [v2.1.0-rc.3](#v210-rc3)
- [Changelog since v2.1.0-rc.2](#changelog-since-v210-rc2)
-- [v2.1.0-rc.2](#v210-rc22024-02-22)
+- [v2.1.0-rc.2](#v210-rc2)
- [Changelog since v2.1.0-rc.1](#changelog-since-v210-rc1)
-- [v2.1.0-rc.1](#v210-rc12024-01-16)
+- [v2.1.0-rc.1](#v210-rc1)
- [Changelog since v2.0.0](#changelog-since-v200)
@@ -37,12 +37,14 @@
-# v2.1.4(2024-10-16)
+# v2.1.4
+## 2024-10-16
## Changelog since v2.1.3
#### 修复
- [修复] 归档报告插件创建token没有实现 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10693)
-# v2.1.3(2024-05-28)
+# v2.1.3
+## 2024-05-28
## Changelog since v2.1.2
#### 新增
- [新增] 登录失效弹窗规范修改 [链接](http://github.com/TencentBlueKing/bk-ci/issues/8125)
@@ -50,17 +52,20 @@
#### 修复
- [修复] 开源社区,项目管理界面 开源版权限需放开 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10382)
-# v2.1.2(2024-05-20)
+# v2.1.2
+## 2024-05-20
## Changelog since v2.1.1
#### 修复
- [修复] [社区]上架失败&流水线执行页面白屏问题[v2.1.0+] [链接](http://github.com/TencentBlueKing/bk-ci/issues/10357)
-# v2.1.1(2024-04-26)
+# v2.1.1
+## 2024-04-26
## Changelog since v2.1.0
#### 修复
- [修复] 2.1版本process服务启动失败 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10271)
-# v2.1.0(2024-04-22)
+# v2.1.0
+## 2024-04-22
## Changelog since v2.0.0
#### 新增
- [新增] Docker构建机支持拓展资源调度 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10162)
@@ -332,7 +337,8 @@
- [修复] openapi 判断是否项目成员没有根据项目路由 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9427)
- [修复] devcloud类型登录调试,窗口大小无法自适应 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9418)
- [修复] 共享凭据不需要依赖插件敏感接口权限校验 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9398)
-# v2.1.0-rc.6(2024-04-19)
+# v2.1.0-rc.6
+## 2024-04-19
## Changelog since v2.1.0-rc.5
#### 新增
- [新增] Docker构建机支持拓展资源调度 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10162)
@@ -358,7 +364,8 @@
- [修复] stream 流水线下,刷新页面加载了全量的列表 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10152)
- [修复] 修复申请权限跳转特殊符号转义问题 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10188)
-# v2.1.0-rc.5(2024-04-10)
+# v2.1.0-rc.5
+## 2024-04-10
## Changelog since v2.1.0-rc.4
#### 新增
- [新增] 创建/编辑项目openapi增加运营产品必填检查 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10088)
@@ -389,7 +396,8 @@
- [修复] 修复代码库权限丢失问题 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10131)
- [修复] 全量交接权限存在Bug [链接](http://github.com/TencentBlueKing/bk-ci/issues/10117)
-# v2.1.0-rc.4(2024-03-22)
+# v2.1.0-rc.4
+## 2024-03-22
## Changelog since v2.1.0-rc.3
#### 新增
- [新增] 公共构建机支持持久化构建容器调度 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9269)
@@ -413,7 +421,8 @@
- [修复] 删除流水线时,代码库关联关系未删除 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10111)
- [修复] 定时触发插件检查SVN代码库最新版本时, 无需调用会话接口 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10096)
-# v2.1.0-rc.3(2024-03-07)
+# v2.1.0-rc.3
+## 2024-03-07
## Changelog since v2.1.0-rc.2
#### 新增
- [新增] svn webhook接口切换 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9302)
@@ -447,7 +456,8 @@
- [修复] 修复openapi启动报错 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9997)
- [修复] 重命名代码库以后, 使用旧别名关联代码库会报错 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9984)
-# v2.1.0-rc.2(2024-02-22)
+# v2.1.0-rc.2
+## 2024-02-22
## Changelog since v2.1.0-rc.1
#### 新增
- [新增] 迁移逻辑优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10014)
@@ -474,7 +484,8 @@
- [修复] 开启了新表达式矩阵变量没有替换 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9914)
- [修复] 插件暂停依赖的redis缓存失效时功能异常 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9913)
-# v2.1.0-rc.1(2024-01-16)
+# v2.1.0-rc.1
+## 2024-01-16
## Changelog since v2.0.0
#### 新增
- [新增] 流水线归档 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9397)
diff --git a/CHANGELOG/zh_CN/CHANGELOG-3.0.md b/CHANGELOG/zh_CN/CHANGELOG-3.0.md
index 3583e006f3c..652fd5d6acb 100644
--- a/CHANGELOG/zh_CN/CHANGELOG-3.0.md
+++ b/CHANGELOG/zh_CN/CHANGELOG-3.0.md
@@ -1,7 +1,7 @@
-- [v3.0.0](#v3002024-09-10)
+- [v3.0.0](#v300)
- [Changelog since v2.1.0](#changelog-since-v210)
-- [v3.0.0-rc.1](#v300-rc12024-09-10)
+- [v3.0.0-rc.1](#v300-rc1)
- [Changelog since v2.1.0](#changelog-since-v210)
@@ -9,7 +9,8 @@
-# v3.0.0(2024-09-10)
+# v3.0.0
+## 2024-09-10
## Changelog since v2.1.0
#### 新增
##### 流水线
@@ -224,7 +225,8 @@
- [修复] 同步差异代码 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10319)
- [修复] 修复npm依赖漏洞 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10604)
-# v3.0.0-rc.1(2024-09-10)
+# v3.0.0-rc.1
+## 2024-09-10
## Changelog since v2.1.0
#### 新增
##### 流水线
diff --git a/CHANGELOG/zh_CN/CHANGELOG-3.1.md b/CHANGELOG/zh_CN/CHANGELOG-3.1.md
index 00deffc38ac..c84e76c5bb0 100644
--- a/CHANGELOG/zh_CN/CHANGELOG-3.1.md
+++ b/CHANGELOG/zh_CN/CHANGELOG-3.1.md
@@ -1,4 +1,7 @@
+- [v3.1.0-rc.2](#v310-rc2)
+ - [Changelog since v3.1.0-rc.1](#changelog-since-v310-rc1)
+
- [v3.1.0-rc.1](#v310-rc1)
- [Changelog since v3.0.0](#changelog-since-v300)
@@ -7,7 +10,67 @@
+# v3.1.0-rc.2
+## 2024-10-26
+## Changelog since v3.1.0-rc.1
+#### 新增
+##### 流水线
+- [新增] 推荐版本号优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10958)
+- [新增] 支持流水线指标监控 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9860)
+- [新增] 流水线列表,增加标签展示 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11054)
+- [新增] 模版管理-列表支持展示字段和排序优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11056)
+- [新增] 源材料展示优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10733)
+- [新增] Post action 中支持获取父任务ID [链接](http://github.com/TencentBlueKing/bk-ci/issues/10968)
+- [新增] stage 审核支持 checklist 确认场景 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10920)
+- [新增] AI大模型融入 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10825)
+- [新增] 丰富流水线-stage准入的审核功能,支持配置角色或用户组作为审核人 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10689)
+- [新增] 流水线日志支持AI修复 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10913)
+- [新增] 流水线并发运行时,支持限制并发个数和排队 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10718)
+- [新增] 插件管理菜单对应插件列表增加默认公共插件显示 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10472)
+- [新增] 当策略为「锁定构建号」时,执行界面可以修改当前值 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11089)
+- [新增] 社区版流水线完成通知,支持通知组 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10976)
+- [新增] Job 互斥组排队时,队列长度支持最长到 50 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10975)
+- [新增] 触发事件重放操作权限控制 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11052)
+- [新增] 通过子流水线调用触发的执行,支持重试 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11015)
+- [新增] UI方式下的「所有参数满足条件时执行」和「所有参数满足条件时不执行」转为Code 优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10930)
+- [新增] MR 事件触发器支持 WIP [链接](http://github.com/TencentBlueKing/bk-ci/issues/10683)
+- [新增] 工蜂 MR 触发增加 action=edit [链接](http://github.com/TencentBlueKing/bk-ci/issues/11024)
+##### 代码库
+- [新增] 增加获取工蜂和github oauth url的build接口 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10826)
+##### 权限中心
+- [新增] 同步并分表存储资源组权限数据 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10964)
+- [新增] 创建自定义组并赋予组组权限 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11026)
+##### 环境管理
+- [新增] 第三方构建机支持使用 dcoker 运行构建任务 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9820)
+- [新增] 第三方构建机DockerUi界面支持 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10962)
+##### Openapi
+- [新增] OpenApi提供转发Turbo编译加速上报资源统计数据接口 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10508)
+##### 其他
+- [新增] 支持查看版本日志 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10938)
+- [新增] 优化AESUtil [链接](http://github.com/TencentBlueKing/bk-ci/issues/11084)
+- [新增] sql doc 文档更新 [链接](http://github.com/TencentBlueKing/bk-ci/issues/9974)
+- [新增] 引擎等MQ场景接入SCS框架 [链接](http://github.com/TencentBlueKing/bk-ci/issues/7443)
+
+#### 优化
+##### 研发商店
+- [优化] 研发商店组件指标数据字段优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10219)
+##### Stream
+- [优化] [stream] 存留问题优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11045)
+
+#### 修复
+##### 流水线
+- [修复] 某些构建场景下插入T_PIPELINE_BUILD_RECORD_TASK表的CONTAINER_ID字段值错误 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11029)
+- [修复] 触发器条件引入${{variables.xxx}}变量触发不了流水线 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10987)
+- [修复] 触发器变量补充 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11002)
+##### 研发商店
+- [修复] 研发商店组件包文件上传下载优化 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11115)
+- [修复] 修复更新组件关联初始化项目信息时,新增调试项目记录时未成功把旧的调试项目记录清理 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11011)
+##### 制品库
+- [修复] 归档报告插件创建token没有实现 [链接](http://github.com/TencentBlueKing/bk-ci/issues/10693)
+
+
# v3.1.0-rc.1
+## 2024-10-15
## Changelog since v3.0.0
#### 新增
##### 流水线
diff --git a/docs/overview/db/devops_ci_auth.md b/docs/overview/db/devops_ci_auth.md
index ae8fd164cb8..246058ced55 100644
--- a/docs/overview/db/devops_ci_auth.md
+++ b/docs/overview/db/devops_ci_auth.md
@@ -32,6 +32,7 @@
| T_AUTH_RESOURCE_GROUP_APPLY | 用户组申请记录表 |
| T_AUTH_RESOURCE_GROUP_CONFIG | 资源用户组配置表 |
| T_AUTH_RESOURCE_GROUP_MEMBER | 资源组成员 |
+| T_AUTH_RESOURCE_GROUP_PERMISSION | 资源组权限表 |
| T_AUTH_RESOURCE_SYNC | 同步 IAM 资源 |
| T_AUTH_RESOURCE_TYPE | 权限资源类型表 |
| T_AUTH_STRATEGY | 权限策略表 |
@@ -276,11 +277,12 @@
| 1 | ACCESS_TOKEN | varchar | 64 | 0 | N | N | | ACCESS_TOKEN |
| 2 | CLIENT_ID | varchar | 32 | 0 | N | N | | 客户端 ID |
| 3 | USER_NAME | varchar | 32 | 0 | Y | N | | 登录的用户名,客户端模式该值为空 |
-| 4 | GRANT_TYPE | varchar | 32 | 0 | N | N | | 授权模式 |
-| 5 | EXPIRED_TIME | bigint | 20 | 0 | N | N | | 过期时间 |
-| 6 | REFRESH_TOKEN | varchar | 64 | 0 | Y | N | | REFRESH_TOKEN,客户端模式该值为空 |
-| 7 | SCOPE_ID | int | 10 | 0 | N | N | | 授权范围 ID |
-| 8 | CREATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 创建时间 |
+| 4 | PASS_WORD | varchar | 64 | 0 | Y | N | | 用于密码模式 |
+| 5 | GRANT_TYPE | varchar | 32 | 0 | N | N | | 授权模式 |
+| 6 | EXPIRED_TIME | bigint | 20 | 0 | N | N | | 过期时间 |
+| 7 | REFRESH_TOKEN | varchar | 64 | 0 | Y | N | | REFRESH_TOKEN,客户端模式该值为空 |
+| 8 | SCOPE_ID | int | 10 | 0 | N | N | | 授权范围 ID |
+| 9 | CREATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 创建时间 |
**表名:** T_AUTH_OAUTH2_CLIENT_DETAILS
@@ -479,6 +481,29 @@
| 11 | CREATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 创建时间 |
| 12 | UPDATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 更新时间 |
+**表名:** T_AUTH_RESOURCE_GROUP_PERMISSION
+
+**说明:** 资源组权限表
+
+**数据列:**
+
+| 序号 | 名称 | 数据类型 | 长度 | 小数位 | 允许空值 | 主键 | 默认值 | 说明 |
+| :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
+| 1 | ID | bigint | 20 | 0 | N | Y | | 主键 ID |
+| 2 | PROJECT_CODE | varchar | 64 | 0 | N | N | | 项目 ID |
+| 3 | RESOURCE_TYPE | varchar | 32 | 0 | N | N | | 用户组关联的资源类型 |
+| 4 | RESOURCE_CODE | varchar | 255 | 0 | N | N | | 用户组关联的资源 ID |
+| 5 | IAM_RESOURCE_CODE | varchar | 32 | 0 | N | N | | 用户组关联的 IAM 资源 ID |
+| 6 | GROUP_CODE | varchar | 32 | 0 | N | N | | 用户组标识 |
+| 7 | IAM_GROUP_ID | int | 10 | 0 | N | N | | 关联的 IAM 组 ID |
+| 8 | ACTION | varchar | 64 | 0 | N | N | | 操作 ID |
+| 9 | ACTION_RELATED_RESOURCE_TYPE | varchar | 32 | 0 | N | N | | 动作关联的资源类型 |
+| 10 | RELATED_RESOURCE_TYPE | varchar | 32 | 0 | N | N | | 组权限关联的资源类型 |
+| 11 | RELATED_RESOURCE_CODE | varchar | 255 | 0 | N | N | | 组权限关联的资源 ID |
+| 12 | RELATED_IAM_RESOURCE_CODE | varchar | 255 | 0 | N | N | | 组权限关联的资源 ID |
+| 13 | CREATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 创建时间 |
+| 14 | UPDATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 更新时间 |
+
**表名:** T_AUTH_RESOURCE_SYNC
**说明:** 同步 IAM 资源
diff --git a/docs/overview/db/devops_ci_plugin.md b/docs/overview/db/devops_ci_plugin.md
index ac496d2a91b..6500a0ec287 100644
--- a/docs/overview/db/devops_ci_plugin.md
+++ b/docs/overview/db/devops_ci_plugin.md
@@ -7,9 +7,29 @@
**文档描述:** devops_ci_plugin 的数据库文档
| 表名 | 说明 |
| :---: | :---: |
+| T_AI_SCORE | 脚本执行报错 AI 分析-评分 |
| T_PLUGIN_GITHUB_CHECK | |
| T_PLUGIN_GIT_CHECK | |
+**表名:** T_AI_SCORE
+
+**说明:** 脚本执行报错 AI 分析-评分
+
+**数据列:**
+
+| 序号 | 名称 | 数据类型 | 长度 | 小数位 | 允许空值 | 主键 | 默认值 | 说明 |
+| :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
+| 1 | ID | bigint | 20 | 0 | N | Y | | 主键 ID |
+| 2 | LABEL | varchar | 256 | 0 | N | N | | 任务 ID |
+| 3 | ARCHIVE | bit | 1 | 0 | N | N | 0 | 是否已归档 |
+| 4 | CREATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 创建时间 |
+| 5 | UPDATE_TIME | datetime | 19 | 0 | N | N | CURRENT_TIMESTAMP | 更新时间 |
+| 6 | GOOD_USERS | text | 65535 | 0 | Y | N | | 赞的人 |
+| 7 | BAD_USERS | text | 65535 | 0 | Y | N | | 踩的人 |
+| 8 | AI_MSG | text | 65535 | 0 | Y | N | | 大模型生成的内容 |
+| 9 | SYSTEM_MSG | text | 65535 | 0 | Y | N | | Promptforsystem |
+| 10 | USER_MSG | text | 65535 | 0 | Y | N | | Promptforuser |
+
**表名:** T_PLUGIN_GITHUB_CHECK
**说明:**
diff --git a/docs/overview/db/devops_ci_process.md b/docs/overview/db/devops_ci_process.md
index 26fcaa288af..8f714dcff53 100644
--- a/docs/overview/db/devops_ci_process.md
+++ b/docs/overview/db/devops_ci_process.md
@@ -427,6 +427,7 @@
| 11 | CONDITIONS | mediumtext | 16777215 | 0 | Y | N | | 状况 |
| 12 | CHECK_IN | mediumtext | 16777215 | 0 | Y | N | | 准入检查配置 |
| 13 | CHECK_OUT | mediumtext | 16777215 | 0 | Y | N | | 准出检查配置 |
+| 14 | STAGE_ID_FOR_USER | varchar | 64 | 0 | Y | N | | 当前 stageId 阶段 ID(用户可编辑) |
**表名:** T_PIPELINE_BUILD_SUMMARY
@@ -834,7 +835,7 @@
| 24 | SUCCESS_WECHAT_GROUP_MARKDOWN_FLAG | bit | 1 | 0 | N | N | b'0' | 成功的企业微信群通知转为 Markdown 格式开关 |
| 25 | FAIL_WECHAT_GROUP_MARKDOWN_FLAG | bit | 1 | 0 | N | N | b'0' | 失败的企业微信群通知转为 Markdown 格式开关 |
| 26 | MAX_PIPELINE_RES_NUM | int | 10 | 0 | Y | N | 500 | 保存流水线编排的最大个数 |
-| 27 | MAX_CON_RUNNING_QUEUE_SIZE | int | 10 | 0 | Y | N | 50 | 并发构建数量限制 |
+| 27 | MAX_CON_RUNNING_QUEUE_SIZE | int | 10 | 0 | Y | N | | 并发构建数量限制,为 null 时表示取系统默认值 |
| 28 | BUILD_NUM_RULE | varchar | 512 | 0 | Y | N | | 构建号生成规则 |
| 29 | CONCURRENCY_GROUP | varchar | 255 | 0 | Y | N | | 并发时,设定的 group |
| 30 | CONCURRENCY_CANCEL_IN_PROGRESS | bit | 1 | 0 | Y | N | b'0' | 并发时,是否相同 group 取消正在执行的流水线 |
@@ -885,6 +886,7 @@
| 31 | FAIL_CONTENT | longtext | 2147483647 | 0 | Y | N | | |
| 32 | SUCCESS_WECHAT_GROUP_MARKDOWN_FLAG | bit | 1 | 0 | N | N | b'0' | |
| 33 | FAIL_WECHAT_GROUP_MARKDOWN_FLAG | bit | 1 | 0 | Y | N | b'0' | |
+| 34 | MAX_CON_RUNNING_QUEUE_SIZE | int | 10 | 0 | Y | N | | 并发构建数量限制,值为-1 时表示取系统默认值。 |
**表名:** T_PIPELINE_STAGE_TAG
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceGroupResource.kt
deleted file mode 100644
index 440ecb2523b..00000000000
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceGroupResource.kt
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.api
-
-import com.tencent.devops.auth.pojo.dto.GroupDTO
-import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
-import com.tencent.devops.common.api.pojo.Result
-import io.swagger.v3.oas.annotations.tags.Tag
-import io.swagger.v3.oas.annotations.Operation
-import io.swagger.v3.oas.annotations.Parameter
-import javax.ws.rs.Consumes
-import javax.ws.rs.HeaderParam
-import javax.ws.rs.POST
-import javax.ws.rs.Path
-import javax.ws.rs.PathParam
-import javax.ws.rs.Produces
-import javax.ws.rs.core.MediaType
-
-@Tag(name = "AUTH_GROUP", description = "权限-用户组")
-@Path("/service/auth/group")
-@Produces(MediaType.APPLICATION_JSON)
-@Consumes(MediaType.APPLICATION_JSON)
-interface ServiceGroupResource {
-
- @POST
- @Path("/projectCodes/{projectCode}/")
- @Operation(summary = "项目下添加指定组")
- fun createGroup(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectCode")
- projectCode: String,
- @Parameter(description = "用户组信息", required = true)
- groupInfo: GroupDTO
- ): Result
-
- @POST
- @Path("/projectCodes/{projectCode}/batchCreate")
- @Operation(summary = "项目下添加指定组")
- fun batchCreateGroup(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectCode")
- projectCode: String,
- @Parameter(description = "用户组信息", required = true)
- groupInfos: List
- ): Result
-}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceUserGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceUserGroupResource.kt
deleted file mode 100644
index a297c2c1c29..00000000000
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/ServiceUserGroupResource.kt
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.api
-
-import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
-import com.tencent.devops.common.api.pojo.Result
-import io.swagger.v3.oas.annotations.tags.Tag
-import io.swagger.v3.oas.annotations.Operation
-import io.swagger.v3.oas.annotations.Parameter
-import javax.ws.rs.Consumes
-import javax.ws.rs.POST
-import javax.ws.rs.Path
-import javax.ws.rs.PathParam
-import javax.ws.rs.Produces
-import javax.ws.rs.core.MediaType
-
-@Tag(name = "AUTH_USER_GROUP", description = "权限-用户-用户组")
-@Path("/service/auth/userGroup")
-@Produces(MediaType.APPLICATION_JSON)
-@Consumes(MediaType.APPLICATION_JSON)
-interface ServiceUserGroupResource {
-
- @POST
- @Path("/users/{userId}/groupIds/{groupId}")
- @Operation(summary = "添加用户到指定组")
- fun addUser2Group(
- @Parameter(description = "用户名", required = true)
- @PathParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "用户组Id", required = true)
- @PathParam("groupId")
- groupId: Int
- ): Result
-}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt
index 868c8d533cc..98d9fb98965 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/migrate/OpAuthMigrateResource.kt
@@ -165,4 +165,12 @@ interface OpAuthMigrateResource {
@Parameter(description = "迁移项目", required = true)
projectCodes: List
): Result
+
+ @POST
+ @Path("/enablePipelineListPermissionControl")
+ @Operation(summary = "开启流水线列表权限控制")
+ fun enablePipelineListPermissionControl(
+ @Parameter(description = "项目", required = true)
+ projectCodes: List
+ ): Result
}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpCallBackResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/op/OpCallBackResource.kt
similarity index 98%
rename from src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpCallBackResource.kt
rename to src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/op/OpCallBackResource.kt
index 363eecb272f..26167b0f38b 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/callback/OpCallBackResource.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/op/OpCallBackResource.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.api.callback
+package com.tencent.devops.auth.api.op
import com.tencent.devops.auth.pojo.IamCallBackInfo
import com.tencent.devops.auth.pojo.IamCallBackInterfaceDTO
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenPermissionAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenPermissionAuthResource.kt
new file mode 100644
index 00000000000..9ccfe984dae
--- /dev/null
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenPermissionAuthResource.kt
@@ -0,0 +1,374 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.auth.api.open
+
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID
+import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.AuthPermission
+import com.tencent.devops.common.auth.api.pojo.AuthResourceInstance
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.Parameter
+import io.swagger.v3.oas.annotations.tags.Tag
+import javax.ws.rs.Consumes
+import javax.ws.rs.DELETE
+import javax.ws.rs.GET
+import javax.ws.rs.HeaderParam
+import javax.ws.rs.POST
+import javax.ws.rs.PUT
+import javax.ws.rs.Path
+import javax.ws.rs.PathParam
+import javax.ws.rs.Produces
+import javax.ws.rs.QueryParam
+import javax.ws.rs.core.MediaType
+
+@Tag(name = "AUTH_OPEN_PERMISSION", description = "权限--权限校验以及资源操作相关接口")
+@Path("/open/service/auth/permission")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+@SuppressWarnings("LongParameterList")
+interface OpenPermissionAuthResource {
+
+ @GET
+ @Path("/projects/{projectCode}/action/validate")
+ @Operation(summary = "校验用户是否有具体操作的权限")
+ fun validateUserActionPermission(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "资源类型", required = true)
+ action: String
+ ): Result
+
+ @GET
+ @Path("/projects/{projectCode}/resource/validate")
+ @Operation(summary = "校验用户是否有具体资源的操作权限")
+ fun validateUserResourcePermission(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "资源类型", required = true)
+ action: String,
+ @QueryParam("projectCode")
+ @Parameter(description = "项目编码", required = true)
+ projectCode: String,
+ // 此处resourceCode实际为resourceType
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源类型", required = false)
+ resourceCode: String?
+ ): Result
+
+ @GET
+ @Path("/projects/{projectCode}/relation/validate")
+ @Operation(summary = "校验用户是否有具体资源实例的操作权限")
+ fun validateUserResourcePermissionByRelation(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "action类型", required = true)
+ action: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源code", required = true)
+ resourceCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型", required = true)
+ resourceType: String,
+ @QueryParam("relationResourceType")
+ @Parameter(description = "关联资源,一般为Project", required = false)
+ relationResourceType: String? = null
+ ): Result
+
+ @POST
+ @Path("/projects/{projectCode}/instance/validate")
+ @Operation(summary = "校验用户是否有具体资源实例的操作权限")
+ fun validateUserResourcePermissionByInstance(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "action类型", required = true)
+ action: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ resource: AuthResourceInstance
+ ): Result
+
+ @POST
+ @Path("/projects/{projectCode}/relation/validate/batch")
+ @Operation(summary = "批量校验用户是否有具体资源实例的操作权限")
+ fun batchValidateUserResourcePermissionByRelation(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源code", required = true)
+ resourceCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型", required = true)
+ resourceType: String,
+ @QueryParam("relationResourceType")
+ @Parameter(description = "关联资源,一般为Project", required = false)
+ relationResourceType: String? = null,
+ @Parameter(description = "action类型列表", required = true)
+ action: List
+ ): Result
+
+ @GET
+ @Path("/projects/{projectCode}/action/instanceAndParent")
+ @Operation(summary = "获取用户所拥有指定权限下的指定类型资源和类型父资源code列表")
+ fun getUserResourceAndParentByPermission(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "action类型")
+ action: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String
+ ): Result>>
+
+ @GET
+ @Path("/projects/{projectCode}/actions/instance/map")
+ @Operation(summary = "获取用户某项目下多操作的资源实例列表")
+ fun getUserResourcesByPermissions(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "action类型")
+ action: List,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String
+ ): Result>>
+
+ @GET
+ @Path("/projects/{projectCode}/action/instance")
+ @Operation(summary = "获取用户某项目下指定操作的资源实例列表")
+ fun getUserResourceByPermission(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "action类型")
+ action: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String
+ ): Result>
+
+ @POST
+ @Path("/projects/{projectCode}/actions/instance/filter")
+ @Operation(summary = "过滤用户某项目下多操作的资源实例列表")
+ fun filterUserResourcesByPermissions(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @QueryParam("action")
+ @Parameter(description = "action类型")
+ actions: List,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String,
+ resources: List
+ ): Result>>
+
+ @Path("/projects/{projectCode}/create/relation")
+ @POST
+ @Operation(summary = "创建权限中心资源")
+ fun resourceCreateRelation(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "待校验用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Id")
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源Code")
+ resourceCode: String,
+ @QueryParam("resourceName")
+ @Parameter(description = "资源名称")
+ resourceName: String
+ ): Result
+
+ @Path("/projects/{projectCode}/modify/relation")
+ @PUT
+ @Operation(summary = "修改权限中心资源")
+ fun resourceModifyRelation(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Id")
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源Code")
+ resourceCode: String,
+ @QueryParam("resourceName")
+ @Parameter(description = "资源名称")
+ resourceName: String
+ ): Result
+
+ @Path("/projects/{projectCode}/delete/relation")
+ @DELETE
+ @Operation(summary = "删除权限中心资源")
+ fun resourceDeleteRelation(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Id")
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源Code")
+ resourceCode: String
+ ): Result
+
+ @Path("/projects/{projectCode}/cancel/relation")
+ @PUT
+ @Operation(summary = "取消权限中心资源")
+ fun resourceCancelRelation(
+ @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
+ @Parameter(description = "操作用户ID", required = true)
+ userId: String,
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Id")
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型")
+ resourceType: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源Code")
+ resourceCode: String
+ ): Result
+}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenProjectAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenProjectAuthResource.kt
new file mode 100644
index 00000000000..f0e9bc38070
--- /dev/null
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenProjectAuthResource.kt
@@ -0,0 +1,250 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.auth.api.open
+
+import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
+import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE
+import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.pojo.BKAuthProjectRolesResources
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.Parameter
+import io.swagger.v3.oas.annotations.tags.Tag
+import javax.ws.rs.Consumes
+import javax.ws.rs.GET
+import javax.ws.rs.HeaderParam
+import javax.ws.rs.POST
+import javax.ws.rs.Path
+import javax.ws.rs.PathParam
+import javax.ws.rs.Produces
+import javax.ws.rs.QueryParam
+import javax.ws.rs.core.MediaType
+
+@Tag(name = "AUTH_SERVICE_PROJECT", description = "权限--项目相关接口")
+@Path("/open/service/auth/projects")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+interface OpenProjectAuthResource {
+ @GET
+ @Path("/{projectCode}/users/byGroup")
+ @Operation(summary = "获取项目成员 (需要对接的权限中心支持该功能才可以)")
+ fun getProjectUsers(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("group")
+ @Parameter(description = "用户组类型", required = false)
+ group: BkAuthGroup? = null
+ ): Result>
+
+ @GET
+ @Path("/{projectCode}/users")
+ @Operation(summary = "拉取项目所有成员,并按项目角色组分组成员信息返回")
+ fun getProjectGroupAndUserList(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String
+ ): Result>
+
+ @GET
+ @Path("/users/{userId}")
+ @Operation(summary = "获取用户有管理权限的项目Code")
+ fun getUserProjects(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("userId")
+ @Parameter(description = "用户userId", required = true)
+ userId: String
+ ): Result>
+
+ @GET
+ @Path("/users/{userId}/{action}")
+ @Operation(summary = "获取用户有某种项目资源类型权限的项目Code")
+ fun getUserProjectsByPermission(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("userId")
+ @Parameter(description = "用户userId", required = true)
+ userId: String,
+ @PathParam("action")
+ @Parameter(description = "项目资源类型action", required = true)
+ action: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型", required = true)
+ resourceType: String? = null
+ ): Result>
+
+ @GET
+ @Path("/{projectCode}/users/{userId}/isProjectUsers")
+ @Operation(summary = "判断是否某个项目中某个组角色的成员")
+ fun isProjectUser(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("userId")
+ @Parameter(description = "用户Id", required = true)
+ userId: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("group")
+ @Parameter(description = "用户组类型", required = false)
+ group: BkAuthGroup? = null
+ ): Result
+
+ @GET
+ @Path("/{projectCode}/users/{userId}/checkUserInProjectLevelGroup")
+ @Operation(summary = "是否该用户在项目级别的组中")
+ fun checkUserInProjectLevelGroup(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @PathParam("userId")
+ @Parameter(description = "用户Id", required = true)
+ userId: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String
+ ): Result
+
+ @GET
+ @Path("/{projectCode}/users/{userId}/checkProjectManager")
+ @Operation(summary = "判断是否是项目管理员")
+ fun checkProjectManager(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @HeaderParam(AUTH_HEADER_GIT_TYPE)
+ @Parameter(description = "系统类型")
+ type: String? = null,
+ @PathParam("userId")
+ @Parameter(description = "用户Id", required = true)
+ userId: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String
+ ): Result
+
+ @GET
+ @Path("/projectIds/{projectId}/checkManager")
+ @Operation(summary = "判断是否是项目管理员或CI管理员")
+ fun checkManager(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @Parameter(description = "用户名", required = true)
+ @HeaderParam(AUTH_HEADER_USER_ID)
+ userId: String,
+ @PathParam("projectId")
+ @Parameter(description = "项目Id", required = true)
+ projectId: String
+ ): Result
+
+ @POST
+ @Path("/{projectCode}/createUser")
+ @Operation(summary = "添加单个用户到指定项目指定分组")
+ fun createProjectUser(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @QueryParam("userId")
+ @Parameter(description = "用户Id", required = true)
+ userId: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("roleCode")
+ @Parameter(description = "用户组Code", required = true)
+ roleCode: String
+ ): Result
+
+ @POST
+ @Path("/{projectCode}/batchCreateProjectUser/{roleCode}")
+ @Operation(summary = "批量添加用户到指定项目指定分组")
+ fun batchCreateProjectUser(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @Parameter(description = "用户名", required = true)
+ @HeaderParam(AUTH_HEADER_USER_ID)
+ userId: String,
+ @Parameter(description = "项目Code", required = true)
+ @PathParam("projectCode")
+ projectCode: String,
+ @Parameter(description = "用户组Code", required = true)
+ @PathParam("roleCode")
+ roleCode: String,
+ @Parameter(description = "添加用户集合", required = true)
+ members: List
+ ): Result
+
+ @GET
+ @Path("/{projectCode}/roles")
+ @Operation(summary = "获取项目角色")
+ fun getProjectRoles(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("projectId")
+ @Parameter(description = "项目Id", required = true)
+ projectId: String
+ ): Result>
+
+ @GET
+ @Path("/{projectCode}/getProjectPermissionInfo")
+ @Operation(summary = "获取项目权限信息")
+ fun getProjectPermissionInfo(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String
+ ): Result
+}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenResourceMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenResourceMemberResource.kt
new file mode 100644
index 00000000000..196d3a321a4
--- /dev/null
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/open/OpenResourceMemberResource.kt
@@ -0,0 +1,99 @@
+package com.tencent.devops.auth.api.open
+
+import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.AuthResourceType
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList
+import com.tencent.devops.project.pojo.ProjectCreateUserInfo
+import com.tencent.devops.project.pojo.ProjectDeleteUserInfo
+import io.swagger.v3.oas.annotations.Operation
+import io.swagger.v3.oas.annotations.Parameter
+import io.swagger.v3.oas.annotations.tags.Tag
+import javax.ws.rs.Consumes
+import javax.ws.rs.DELETE
+import javax.ws.rs.GET
+import javax.ws.rs.HeaderParam
+import javax.ws.rs.POST
+import javax.ws.rs.Path
+import javax.ws.rs.PathParam
+import javax.ws.rs.Produces
+import javax.ws.rs.QueryParam
+import javax.ws.rs.core.MediaType
+
+@Tag(name = "AUTH_SERVICE_RESOURCE", description = "权限--资源相关接口")
+@Path("/open/service/auth/resource/member")
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+interface OpenResourceMemberResource {
+ /**
+ * @param resourceType 是个枚举类型详见 AuthResourceType
+ * @see AuthResourceType
+ */
+ @GET
+ @Path("/{projectCode}/getResourceGroupUsers")
+ @Operation(summary = "获取特定资源下用户组成员")
+ fun getResourceGroupMembers(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型", required = false)
+ resourceType: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源code", required = false)
+ resourceCode: String,
+ @QueryParam("group")
+ @Parameter(description = "资源用户组类型", required = false)
+ group: BkAuthGroup? = null
+ ): Result>
+
+ @GET
+ @Path("/{projectCode}/getResourceUsers")
+ @Operation(summary = "拉取资源下所有成员,并按项目角色组分组成员信息返回")
+ fun getResourceGroupAndMembers(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @QueryParam("resourceType")
+ @Parameter(description = "资源类型", required = false)
+ resourceType: String,
+ @QueryParam("resourceCode")
+ @Parameter(description = "资源code", required = false)
+ resourceCode: String
+ ): Result>
+
+ @POST
+ @Path("/{projectCode}/batchAddResourceGroupMembers/")
+ @Operation(summary = "用户组添加成员")
+ fun batchAddResourceGroupMembers(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @Parameter(description = "用户组添加成员请求体", required = true)
+ projectCreateUserInfo: ProjectCreateUserInfo
+ ): Result
+
+ @DELETE
+ @Path("/{projectCode}/batchDeleteResourceGroupMembers/")
+ @Operation(summary = "用户组删除成员")
+ fun batchDeleteResourceGroupMembers(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @PathParam("projectCode")
+ @Parameter(description = "项目Code", required = true)
+ projectCode: String,
+ @Parameter(description = "用户组删除成员请求体", required = true)
+ projectDeleteUserInfo: ProjectDeleteUserInfo
+ ): Result
+}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceManagerResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceManagerResource.kt
deleted file mode 100644
index c0353028065..00000000000
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceManagerResource.kt
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.api.service
-
-import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
-import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID
-import com.tencent.devops.common.api.pojo.Result
-import io.swagger.v3.oas.annotations.Parameter
-import io.swagger.v3.oas.annotations.tags.Tag
-import javax.ws.rs.Consumes
-import javax.ws.rs.GET
-import javax.ws.rs.HeaderParam
-import javax.ws.rs.Path
-import javax.ws.rs.PathParam
-import javax.ws.rs.Produces
-import javax.ws.rs.QueryParam
-import javax.ws.rs.core.MediaType
-
-@Tag(name = "SERVICE_MANAGER", description = "权限校验--超级管理员")
-@Path("/open/service/auth/manager")
-@Produces(MediaType.APPLICATION_JSON)
-@Consumes(MediaType.APPLICATION_JSON)
-interface ServiceManagerResource {
-
- @GET
- @Path("/projects/{projectCode}")
- fun validateManagerPermission(
- @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
- @Parameter(description = "待校验用户ID", required = true)
- userId: String,
- @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
- @Parameter(description = "认证token", required = true)
- token: String,
- @PathParam("projectCode")
- @Parameter(description = "项目编码", required = true)
- projectCode: String,
- @QueryParam("action")
- @Parameter(description = "资源类型", required = true)
- action: String,
- @QueryParam("resourceCode")
- @Parameter(description = "资源编码", required = false)
- resourceCode: String
- ): Result
-}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt
index 6b7fbc569cd..bcb816ef562 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServicePermissionAuthResource.kt
@@ -27,7 +27,6 @@
package com.tencent.devops.auth.api.service
-import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_USER_ID
import com.tencent.devops.common.api.auth.AUTH_HEADER_GIT_TYPE
@@ -50,7 +49,7 @@ import javax.ws.rs.QueryParam
import javax.ws.rs.core.MediaType
@Tag(name = "AUTH_SERVICE_PERMISSION", description = "权限--权限校验以及资源操作相关接口")
-@Path("/open/service/auth/permission")
+@Path("/service/auth/permission")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@SuppressWarnings("LongParameterList")
@@ -372,20 +371,4 @@ interface ServicePermissionAuthResource {
@Parameter(description = "资源Code")
resourceCode: String
): Result
-
- @Path("/projects/{projectCode}/grant")
- @POST
- @Operation(summary = "授权实例级别权限")
- fun grantInstancePermission(
- @HeaderParam(AUTH_HEADER_DEVOPS_USER_ID)
- @Parameter(description = "操作用户ID", required = true)
- userId: String,
- @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
- @Parameter(description = "认证token", required = true)
- token: String,
- @PathParam("projectCode")
- @Parameter(description = "项目Id")
- projectCode: String,
- grantInstance: GrantInstanceDTO
- ): Result
}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt
index 2b12f32d915..31fc7fdb84c 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceProjectAuthResource.kt
@@ -49,7 +49,7 @@ import javax.ws.rs.QueryParam
import javax.ws.rs.core.MediaType
@Tag(name = "AUTH_SERVICE_PROJECT", description = "权限--项目相关接口")
-@Path("/open/service/auth/projects")
+@Path("/service/auth/projects")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
interface ServiceProjectAuthResource {
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt
index 22867da08a6..c5fd9ed32b6 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceGroupResource.kt
@@ -2,8 +2,11 @@ package com.tencent.devops.auth.api.service
import com.tencent.devops.auth.pojo.dto.GroupAddDTO
import com.tencent.devops.auth.pojo.request.CustomGroupCreateReq
+import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo
import com.tencent.devops.common.api.annotation.BkInterfaceI18n
+import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
+import com.tencent.devops.common.api.model.SQLPage
import com.tencent.devops.common.api.pojo.Result
import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
import io.swagger.v3.oas.annotations.Operation
@@ -12,6 +15,7 @@ import io.swagger.v3.oas.annotations.tags.Tag
import javax.ws.rs.Consumes
import javax.ws.rs.DELETE
import javax.ws.rs.GET
+import javax.ws.rs.HeaderParam
import javax.ws.rs.POST
import javax.ws.rs.Path
import javax.ws.rs.PathParam
@@ -37,6 +41,48 @@ interface ServiceResourceGroupResource {
groupId: Int
): Result>>
+ @GET
+ @Path("/{projectCode}/{resourceType}/getMemberGroupsDetails")
+ @Operation(summary = "获取项目成员有权限的用户组详情")
+ fun getMemberGroupsDetails(
+ @Parameter(description = "用户名", required = true)
+ @HeaderParam(AUTH_HEADER_USER_ID)
+ userId: String,
+ @Parameter(description = "项目ID", required = true)
+ @PathParam("projectCode")
+ projectCode: String,
+ @Parameter(description = "资源类型")
+ @PathParam("resourceType")
+ resourceType: String,
+ @QueryParam("memberId")
+ @Parameter(description = "组织ID/成员ID")
+ memberId: String,
+ @QueryParam("groupName")
+ @Parameter(description = "用户组名称")
+ groupName: String?,
+ @QueryParam("minExpiredAt")
+ @Parameter(description = "最小过期时间")
+ minExpiredAt: Long?,
+ @QueryParam("maxExpiredAt")
+ @Parameter(description = "最大过期时间")
+ maxExpiredAt: Long?,
+ @QueryParam("relatedResourceType")
+ @Parameter(description = "资源类型")
+ relatedResourceType: String?,
+ @QueryParam("relatedResourceCode")
+ @Parameter(description = "资源ID")
+ relatedResourceCode: String?,
+ @QueryParam("action")
+ @Parameter(description = "操作")
+ action: String?,
+ @Parameter(description = "起始位置,从0开始")
+ @QueryParam("start")
+ start: Int?,
+ @Parameter(description = "每页多少条")
+ @QueryParam("limit")
+ limit: Int?
+ ): Result>
+
@POST
@Path("/{projectCode}/createGroupByGroupCode/")
@Operation(summary = "根据groupCode添加用户组")
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt
index 67c65238e08..f7e3b61387a 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceResourceMemberResource.kt
@@ -1,6 +1,8 @@
package com.tencent.devops.auth.api.service
+import com.tencent.devops.auth.pojo.request.GroupMemberSingleRenewalReq
import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_BK_TOKEN
+import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
import com.tencent.devops.common.api.pojo.Result
import com.tencent.devops.common.auth.api.AuthResourceType
import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
@@ -15,6 +17,7 @@ import javax.ws.rs.DELETE
import javax.ws.rs.GET
import javax.ws.rs.HeaderParam
import javax.ws.rs.POST
+import javax.ws.rs.PUT
import javax.ws.rs.Path
import javax.ws.rs.PathParam
import javax.ws.rs.Produces
@@ -22,7 +25,7 @@ import javax.ws.rs.QueryParam
import javax.ws.rs.core.MediaType
@Tag(name = "AUTH_SERVICE_RESOURCE", description = "权限--资源相关接口")
-@Path("/open/service/auth/resource/member")
+@Path("/service/auth/resource/member")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
interface ServiceResourceMemberResource {
@@ -96,4 +99,21 @@ interface ServiceResourceMemberResource {
@Parameter(description = "用户组删除成员请求体", required = true)
projectDeleteUserInfo: ProjectDeleteUserInfo
): Result
+
+ @PUT
+ @Path("/{projectCode}/renewal")
+ @Operation(summary = "续期单个组成员权限--无需进行审批")
+ fun renewalGroupMember(
+ @HeaderParam(AUTH_HEADER_DEVOPS_BK_TOKEN)
+ @Parameter(description = "认证token", required = true)
+ token: String,
+ @Parameter(description = "用户名", required = true)
+ @HeaderParam(AUTH_HEADER_USER_ID)
+ userId: String,
+ @Parameter(description = "项目ID", required = true)
+ @PathParam("projectCode")
+ projectCode: String,
+ @Parameter(description = "续期成员请求实体")
+ renewalConditionReq: GroupMemberSingleRenewalReq
+ ): Result
}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthUrlResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthUrlResource.kt
deleted file mode 100644
index 611478b9534..00000000000
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserAuthUrlResource.kt
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.api.user
-
-import com.tencent.devops.auth.pojo.PermissionUrlDTO
-import com.tencent.devops.common.api.pojo.Result
-import io.swagger.v3.oas.annotations.tags.Tag
-import io.swagger.v3.oas.annotations.Operation
-import io.swagger.v3.oas.annotations.Parameter
-import javax.ws.rs.Consumes
-import javax.ws.rs.GET
-import javax.ws.rs.Path
-import javax.ws.rs.Produces
-import javax.ws.rs.POST
-import javax.ws.rs.QueryParam
-import javax.ws.rs.core.MediaType
-
-@Tag(name = "AUTH_RESOURCE", description = "用户态-权限")
-@Path("/user/auth")
-@Produces(MediaType.APPLICATION_JSON)
-@Consumes(MediaType.APPLICATION_JSON)
-interface UserAuthUrlResource {
-
- @POST
- @Path("/permissionUrl")
- @Operation(summary = "权限申请重定向Url")
- fun permissionUrl(
- @Parameter(description = "待申请实例信息")
- permissionUrlDTO: List
- ): Result
-
- @GET
- @Path("/group/permission/url")
- fun getRolePermissionUrl(
- @Parameter(description = "待分配权限用户组所属项目")
- @QueryParam("projectId")
- projectId: String,
- @Parameter(description = "用户组Id")
- @QueryParam("roleId")
- roleId: String?
- ): Result
-}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt
index e9e8d73b9c7..5a106df0295 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectMemberResource.kt
@@ -28,25 +28,17 @@
package com.tencent.devops.auth.api.user
-import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
-import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo
-import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo
-import com.tencent.devops.auth.pojo.dto.RoleMemberDTO
-import com.tencent.devops.auth.pojo.vo.ProjectMembersVO
import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
import com.tencent.devops.common.api.pojo.Result
-import io.swagger.v3.oas.annotations.tags.Tag
import io.swagger.v3.oas.annotations.Operation
import io.swagger.v3.oas.annotations.Parameter
+import io.swagger.v3.oas.annotations.tags.Tag
import javax.ws.rs.Consumes
-import javax.ws.rs.DELETE
import javax.ws.rs.GET
import javax.ws.rs.HeaderParam
-import javax.ws.rs.POST
import javax.ws.rs.Path
import javax.ws.rs.PathParam
import javax.ws.rs.Produces
-import javax.ws.rs.QueryParam
import javax.ws.rs.core.MediaType
@Tag(name = "USER_PROJECT_MEMBER", description = "用户组—用户")
@@ -54,97 +46,6 @@ import javax.ws.rs.core.MediaType
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
interface UserProjectMemberResource {
- @POST
- @Path("/projectIds/{projectId}/roleIds/{roleId}")
- @Operation(summary = "项目下添加指定组组员")
- fun createRoleMember(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "角色Id", required = true)
- @PathParam("roleId")
- roleId: Int,
- @Parameter(description = "是否为管理员分组", required = true)
- @QueryParam("managerGroup")
- managerGroup: Boolean,
- @Parameter(description = "添加用户集合", required = true)
- members: List
- ): Result
-
- @GET
- @Path("/projectIds/{projectId}/roleIds/{roleId}")
- @Operation(summary = "查询项目下指定用户组用户")
- fun getRoleMember(
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "角色Id", required = true)
- @PathParam("roleId")
- roleId: Int,
- @Parameter(description = "页数", required = true)
- @QueryParam("path")
- page: Int?,
- @Parameter(description = "页面大小", required = true)
- @QueryParam("pageSize")
- pageSize: Int?
- ): Result
-
- @GET
- @Path("projectIds/{projectId}/members/all")
- @Operation(summary = "获取项目下所有用户")
- fun getProjectAllMember(
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "页数", required = true)
- @QueryParam("path")
- page: Int?,
- @Parameter(description = "页面大小", required = true)
- @QueryParam("pageSize")
- pageSize: Int?
- ): Result
-
- @DELETE
- @Path("/projectIds/{projectId}/roleIds/{roleId}")
- @Operation(summary = "删除项目下指定用户组用户")
- fun deleteRoleMember(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "角色Id", required = true)
- @PathParam("roleId")
- roleId: Int,
- @Parameter(description = "是否为管理员分组", required = true)
- @QueryParam("managerGroup")
- managerGroup: Boolean,
- @Parameter(description = "待删除用户或组织Id", required = true)
- @QueryParam("id")
- members: String,
- @Parameter(description = "组员类型 user:单用户, dept:组织", required = true)
- @QueryParam("type")
- type: ManagerScopesEnum
- ): Result
-
- @GET
- @Path("projectIds/{projectId}/user/groups")
- @Operation(summary = "获取指定用户指定项目下的用户组")
- fun getUserAllGroup(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "待搜用户", required = true)
- searchUserId: String
- ): Result?>
-
@GET
@Path("/projectIds/{projectId}/checkManager")
@Operation(summary = "判断是否是项目管理员或CI管理员")
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectRoleResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectRoleResource.kt
deleted file mode 100644
index a4b27df373d..00000000000
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/user/UserProjectRoleResource.kt
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- */
-
-package com.tencent.devops.auth.api.user
-
-import com.tencent.devops.auth.pojo.DefaultGroup
-import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO
-import com.tencent.devops.auth.pojo.vo.GroupInfoVo
-import com.tencent.devops.common.api.auth.AUTH_HEADER_USER_ID
-import com.tencent.devops.common.api.pojo.Result
-import io.swagger.v3.oas.annotations.tags.Tag
-import io.swagger.v3.oas.annotations.Operation
-import io.swagger.v3.oas.annotations.Parameter
-import javax.ws.rs.Consumes
-import javax.ws.rs.DELETE
-import javax.ws.rs.GET
-import javax.ws.rs.HeaderParam
-import javax.ws.rs.POST
-import javax.ws.rs.PUT
-import javax.ws.rs.Path
-import javax.ws.rs.PathParam
-import javax.ws.rs.Produces
-import javax.ws.rs.QueryParam
-import javax.ws.rs.core.MediaType
-
-@Tag(name = "USER_PROJECT_ROLE", description = "项目-用户组")
-@Path("/user/project/roles")
-@Produces(MediaType.APPLICATION_JSON)
-@Consumes(MediaType.APPLICATION_JSON)
-interface UserProjectRoleResource {
- @POST
- @Path("/projectIds/{projectId}/")
- @Operation(summary = "项目下添加指定组")
- fun createProjectRole(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "项目标识", required = true)
- @QueryParam("projectCode")
- projectCode: String,
- @Parameter(description = "用户组信息", required = true)
- groupInfo: ProjectRoleDTO
- ): Result
-
- @PUT
- @Path("/projectIds/{projectId}/roleIds/{roleId}")
- @Operation(summary = "用户组重命名")
- fun updateProjectRole(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "角色Id", required = true)
- @PathParam("roleId")
- roleId: Int,
- @Parameter(description = "用户组信息", required = true)
- groupInfo: ProjectRoleDTO
- ): Result
-
- @GET
- @Path("/projectIds/{projectId}")
- @Operation(summary = "获取用户组")
- fun getProjectRoles(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int
- ): Result>
-
- @DELETE
- @Path("/projectIds/{projectId}/roles/{roleId}")
- @Operation(summary = "删除用户组")
- fun deleteProjectRole(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int,
- @Parameter(description = "角色Id", required = true)
- @PathParam("roleId")
- roleId: Int
- ): Result
-
- @GET
- @Path("/projects/{projectId}/manager/hasPermission")
- @Operation(summary = "是否有项目管理操作的权限")
- fun hashPermission(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String,
- @Parameter(description = "项目标识", required = true)
- @PathParam("projectId")
- projectId: Int
- ): Result
-
- @GET
- @Path("/default/role")
- fun getDefaultRole(
- @Parameter(description = "用户名", required = true)
- @HeaderParam(AUTH_HEADER_USER_ID)
- userId: String
- ): Result>
-}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt
index 26bd35b3aff..6193dda5c6e 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt
+++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/vo/GroupDetailsInfoVo.kt
@@ -20,7 +20,7 @@ data class GroupDetailsInfoVo(
val groupDesc: String? = null,
@get:Schema(title = "有效期,天")
val expiredAtDisplay: String,
- @get:Schema(title = "过期时间戳,秒")
+ @get:Schema(title = "过期时间戳,毫秒")
val expiredAt: Long,
@get:Schema(title = "加入时间")
val joinedTime: Long,
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/Constants.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/Constants.kt
index dd56d40fc8e..e19021fbf9c 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/Constants.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/common/Constants.kt
@@ -29,7 +29,7 @@ package com.tencent.devops.auth.common
object Constants {
const val SUPER_MANAGER = -1
- const val DEPT_LABEL = "id,name,parent,enabled,has_children"
+ const val DEPT_LABEL = "id,name,parent,enabled"
const val USER_LABEL = "id,username,display_name,enabled,departments,extras"
const val USER_NAME_AND_DISPLAY_NAME_LABEL = "id,username,display_name"
const val LEVEL = "level"
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupDao.kt
deleted file mode 100644
index acad2517975..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupDao.kt
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.dao
-
-import com.tencent.devops.auth.entity.GroupCreateInfo
-import com.tencent.devops.model.auth.tables.TAuthGroupInfo
-import com.tencent.devops.model.auth.tables.records.TAuthGroupInfoRecord
-import org.jooq.DSLContext
-import org.jooq.Result
-import org.springframework.stereotype.Repository
-import java.time.LocalDateTime
-
-@Repository
-class AuthGroupDao {
-
- fun createGroup(dslContext: DSLContext, groupCreateInfo: GroupCreateInfo): Int {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.insertInto(
- this,
- GROUP_NAME,
- GROUP_CODE,
- GROUP_TYPE,
- RELATION_ID,
- DISPLAY_NAME,
- PROJECT_CODE,
- CREATE_USER,
- CREATE_TIME,
- UPDATE_USER,
- UPDATE_TIME
- ).values(
- groupCreateInfo.groupName,
- groupCreateInfo.groupCode,
- groupCreateInfo.groupType,
- groupCreateInfo.relationId,
- groupCreateInfo.displayName,
- groupCreateInfo.projectCode,
- groupCreateInfo.user,
- LocalDateTime.now(),
- null,
- null
- ).returning(ID).fetchOne()!!.id
- }
- }
-
- fun getGroup(dslContext: DSLContext, projectCode: String, groupCode: String): TAuthGroupInfoRecord? {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this)
- .where(PROJECT_CODE.eq(projectCode).and(GROUP_CODE.eq(groupCode).and(IS_DELETE.eq(false)))).fetchAny()
- }
- }
-
- fun getGroupByProject(dslContext: DSLContext, projectCode: String): Result {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this)
- .where(PROJECT_CODE.eq(projectCode).and(IS_DELETE.eq(false))).fetch()
- }
- }
-
- fun getGroupByCodes(
- dslContext: DSLContext,
- projectCode: String,
- groupCodes: List
- ): Result {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this)
- .where(PROJECT_CODE.eq(projectCode).and(GROUP_CODE.`in`(groupCodes).and(IS_DELETE.eq(false)))).fetch()
- }
- }
-
- fun getGroupById(dslContext: DSLContext, groupId: Int): TAuthGroupInfoRecord? {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this)
- .where(ID.eq(groupId)).fetchOne()
- }
- }
-
- fun getGroupByRelationId(dslContext: DSLContext, relationId: Int): TAuthGroupInfoRecord? {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this).where(RELATION_ID.eq(relationId.toString())).fetchAny()
- }
- }
-
- fun getGroupByRelationIds(dslContext: DSLContext, relationIds: List): Result {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this).where(RELATION_ID.`in`(relationIds).and(IS_DELETE.eq(false))).fetch()
- }
- }
-
- fun getGroupByName(dslContext: DSLContext, projectCode: String, groupName: String): TAuthGroupInfoRecord? {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this).where(PROJECT_CODE.eq(projectCode)
- .and(GROUP_NAME.eq(groupName))).fetchAny()
- }
- }
-
- fun batchCreateGroups(dslContext: DSLContext, groups: List) {
- if (groups.isEmpty()) {
- return
- }
- dslContext.batch(groups.map {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- dslContext.insertInto(
- this,
- GROUP_NAME,
- GROUP_CODE,
- GROUP_TYPE,
- RELATION_ID,
- DISPLAY_NAME,
- PROJECT_CODE,
- CREATE_USER,
- CREATE_TIME,
- UPDATE_USER,
- UPDATE_TIME
- ).values(
- it.groupName,
- it.groupCode,
- it.groupType,
- it.relationId,
- it.displayName,
- it.projectCode,
- it.user,
- LocalDateTime.now(),
- null,
- null
- )
- }
- }).execute()
- }
-
- fun update(
- dslContext: DSLContext,
- id: Int,
- groupName: String,
- displayName: String,
- userId: String
- ): Int {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.update(this).set(GROUP_NAME, groupName)
- .set(DISPLAY_NAME, displayName)
- .set(UPDATE_USER, userId)
- .set(UPDATE_TIME, LocalDateTime.now())
- .where(ID.eq(id)).execute()
- }
- }
-
- fun updateRelationId(dslContext: DSLContext, roleId: Int, relationId: String): Int {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.update(this).set(RELATION_ID, relationId).where(ID.eq(roleId)).execute()
- }
- }
-
- fun getRelationId(dslContext: DSLContext, roleId: Int): TAuthGroupInfoRecord? {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- return dslContext.selectFrom(this).where(ID.eq(roleId)).fetchAny()
- }
- }
-
- fun softDelete(dslContext: DSLContext, roleId: Int) {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- dslContext.update(this).set(IS_DELETE, true).where(ID.eq(roleId)).execute()
- }
- }
-
- fun deleteRole(dslContext: DSLContext, roleId: Int) {
- with(TAuthGroupInfo.T_AUTH_GROUP_INFO) {
- dslContext.delete(this).where(ID.eq(roleId)).execute()
- }
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupPermissionDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupPermissionDao.kt
deleted file mode 100644
index b102acae785..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupPermissionDao.kt
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.dao
-
-import com.tencent.devops.common.api.util.UUIDUtil
-import com.tencent.devops.model.auth.tables.TAuthGroupPerssion
-import com.tencent.devops.model.auth.tables.records.TAuthGroupPerssionRecord
-import org.jooq.DSLContext
-import org.jooq.Result
-import org.springframework.stereotype.Repository
-import java.time.LocalDateTime
-import java.util.UUID
-
-@Repository
-class AuthGroupPermissionDao {
-
- fun create(dslContext: DSLContext, groupCode: String, userId: String, authAction: String): Int {
- with(TAuthGroupPerssion.T_AUTH_GROUP_PERSSION) {
- return dslContext.insertInto(
- this,
- ID,
- GROUP_CODE,
- AUTH_ACTION,
- CREATE_USER,
- CREATE_TIME,
- UPDATE_USER,
- UPDATE_TIME
- ).values(
- UUIDUtil.generate(),
- groupCode,
- authAction,
- userId,
- LocalDateTime.now(),
- null,
- null
- ).execute()
- }
- }
-
- fun batchCreateAction(dslContext: DSLContext, groupCode: String, userId: String, authActions: List) {
- if (authActions.isEmpty()) {
- return
- }
- dslContext.batch(authActions.map {
- with(TAuthGroupPerssion.T_AUTH_GROUP_PERSSION) {
- dslContext.insertInto(
- this,
- ID,
- GROUP_CODE,
- AUTH_ACTION,
- CREATE_USER,
- CREATE_TIME,
- UPDATE_USER,
- UPDATE_TIME
- ).values(
- UUID.randomUUID().toString(),
- groupCode,
- it,
- userId,
- LocalDateTime.now(),
- null,
- null
- )
- }
- }).execute()
- }
-
- fun getByGroupCode(dslContext: DSLContext, groupCode: String): Result? {
- with(TAuthGroupPerssion.T_AUTH_GROUP_PERSSION) {
- return dslContext.selectFrom(this).where(GROUP_CODE.eq(groupCode)).fetch()
- }
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupUserDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupUserDao.kt
deleted file mode 100644
index 83ac4ee0cda..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthGroupUserDao.kt
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.dao
-
-import com.tencent.devops.common.api.util.UUIDUtil
-import com.tencent.devops.model.auth.tables.TAuthGroupUser
-import com.tencent.devops.model.auth.tables.records.TAuthGroupUserRecord
-import org.jooq.DSLContext
-import org.springframework.stereotype.Repository
-import java.time.LocalDateTime
-
-@Repository
-class AuthGroupUserDao {
-
- fun create(dslContext: DSLContext, userId: String, groupId: String): Int {
- with(TAuthGroupUser.T_AUTH_GROUP_USER) {
- return dslContext.insertInto(
- this,
- ID,
- USER_ID,
- GROUP_ID,
- CREATE_USER,
- CREATE_TIME
- ).values(
- UUIDUtil.generate(),
- userId,
- groupId,
- userId,
- LocalDateTime.now()
- ).execute()
- }
- }
-
- fun get(dslContext: DSLContext, userId: String, groupId: String): TAuthGroupUserRecord? {
- with(TAuthGroupUser.T_AUTH_GROUP_USER) {
- return dslContext.selectFrom(this)
- .where(USER_ID.eq(userId).and(GROUP_ID.eq(groupId))).fetchOne()
- }
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt
index c1aa8191f28..abb70fb6c37 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt
@@ -42,7 +42,7 @@ class AuthOauth2ClientDetailsDao {
clientDetailsDTO.clientName,
clientDetailsDTO.scope,
clientDetailsDTO.icon,
- clientDetailsDTO.authorizedGrantTypes.map { it.grantType }.joinToString { "," },
+ clientDetailsDTO.authorizedGrantTypes.joinToString(",") { it.grantType },
clientDetailsDTO.webServerRedirectUri,
clientDetailsDTO.accessTokenValidity,
clientDetailsDTO.refreshTokenValidity,
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupApplyDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupApplyDao.kt
index 24aa6bea53a..5cd98deab4a 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupApplyDao.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthResourceGroupApplyDao.kt
@@ -61,4 +61,15 @@ class AuthResourceGroupApplyDao {
}
}
}
+
+ fun delete(
+ dslContext: DSLContext,
+ id: Long
+ ) {
+ with(TAuthResourceGroupApply.T_AUTH_RESOURCE_GROUP_APPLY) {
+ dslContext.deleteFrom(this)
+ .where(ID.eq(id))
+ .execute()
+ }
+ }
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacMQConfiguration.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacMQConfiguration.kt
index 65834d74a18..39b1542714e 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacMQConfiguration.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/config/RbacMQConfiguration.kt
@@ -38,6 +38,7 @@ import com.tencent.devops.auth.provider.rbac.pojo.event.AuthResourceGroupCreateE
import com.tencent.devops.auth.provider.rbac.pojo.event.AuthResourceGroupModifyEvent
import com.tencent.devops.auth.provider.rbac.service.PermissionGradeManagerService
import com.tencent.devops.auth.provider.rbac.service.PermissionSubsetManagerService
+import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService
import com.tencent.devops.auth.service.iam.PermissionResourceGroupSyncService
import com.tencent.devops.common.client.Client
import com.tencent.devops.common.event.annotation.EventConsumer
@@ -61,9 +62,11 @@ class RbacMQConfiguration {
@Bean
fun syncGroupAndMemberListener(
- permissionResourceGroupSyncService: PermissionResourceGroupSyncService
+ resourceGroupSyncService: PermissionResourceGroupSyncService,
+ resourceGroupPermissionService: PermissionResourceGroupPermissionService
) = SyncGroupAndMemberListener(
- permissionResourceGroupSyncService = permissionResourceGroupSyncService
+ resourceGroupSyncService = resourceGroupSyncService,
+ resourceGroupPermissionService = resourceGroupPermissionService
)
@EventConsumer
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/listener/SyncGroupAndMemberListener.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/listener/SyncGroupAndMemberListener.kt
index 710346d1324..b16d0c5673a 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/listener/SyncGroupAndMemberListener.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/listener/SyncGroupAndMemberListener.kt
@@ -28,6 +28,7 @@
package com.tencent.devops.auth.provider.rbac.listener
+import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService
import com.tencent.devops.auth.service.iam.PermissionResourceGroupSyncService
import com.tencent.devops.common.event.listener.EventListener
import com.tencent.devops.project.pojo.mq.ProjectEnableStatusBroadCastEvent
@@ -35,13 +36,17 @@ import org.slf4j.LoggerFactory
import org.springframework.beans.factory.annotation.Autowired
class SyncGroupAndMemberListener @Autowired constructor(
- private val permissionResourceGroupSyncService: PermissionResourceGroupSyncService
+ private val resourceGroupSyncService: PermissionResourceGroupSyncService,
+ private val resourceGroupPermissionService: PermissionResourceGroupPermissionService
) : EventListener {
override fun execute(event: ProjectEnableStatusBroadCastEvent) {
- logger.info("sync group and member when enabled project $event")
+ logger.info("sync group,group member and group permissions when enabled project $event")
if (event.enabled) {
- permissionResourceGroupSyncService.syncGroupAndMember(projectCode = event.projectId)
+ // 项目启用时,同步用户组/用户组成员/用户组权限
+ resourceGroupSyncService.syncProjectGroup(projectCode = event.projectId)
+ resourceGroupSyncService.syncGroupAndMember(projectCode = event.projectId)
+ resourceGroupPermissionService.syncProjectPermissions(projectCode = event.projectId)
}
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt
index bc836f761a1..e5ff247f490 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionApplyService.kt
@@ -27,7 +27,6 @@ import com.tencent.devops.auth.pojo.vo.AuthRedirectGroupInfoVo
import com.tencent.devops.auth.pojo.vo.ManagerRoleGroupVO
import com.tencent.devops.auth.pojo.vo.ResourceTypeInfoVo
import com.tencent.devops.auth.service.DeptService
-import com.tencent.devops.auth.service.GroupUserService
import com.tencent.devops.auth.service.iam.PermissionApplyService
import com.tencent.devops.auth.service.iam.PermissionService
import com.tencent.devops.common.api.exception.ErrorCodeException
@@ -640,7 +639,7 @@ class RbacPermissionApplyService @Autowired constructor(
}
companion object {
- private val logger = LoggerFactory.getLogger(GroupUserService::class.java)
+ private val logger = LoggerFactory.getLogger(RbacPermissionApplyService::class.java)
private val executor = Executors.newFixedThreadPool(10)
}
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt
index 40ddb9fb584..4f14cdb55f5 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt
@@ -197,6 +197,7 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor(
isMemberJoinedToGroup
} catch (ignore: Exception) {
logger.warn("verify group valid member failed,${it.memberId}|${it.iamGroupId}", ignore)
+ authResourceGroupApplyDao.delete(dslContext, it.id)
false
}
}
@@ -314,7 +315,7 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor(
}
@Suppress("NestedBlockDepth")
- private fun syncProjectGroup(projectCode: String) {
+ override fun syncProjectGroup(projectCode: String) {
val startEpoch = System.currentTimeMillis()
logger.info("start to sync project group :$projectCode")
try {
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
index d5525d3fb69..8fd0e90c4b6 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
@@ -683,7 +683,7 @@ class RbacPermissionResourceMemberService(
dslContext = dslContext,
projectCode = projectCode,
iamGroupId = groupId,
- expiredTime = DateTimeUtil.convertTimestampToLocalDateTime(expiredAt),
+ expiredTime = DateTimeUtil.convertTimestampToLocalDateTime(finalExpiredAt),
memberId = targetMember.id
)
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt
index cf292ec217f..6c6f54198f8 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt
@@ -698,4 +698,15 @@ class RbacPermissionMigrateService constructor(
}
return true
}
+
+ override fun enablePipelineListPermissionControl(projectCodes: List): Boolean {
+ projectCodes.forEach {
+ val projectInfo = client.get(ServiceProjectResource::class).get(it).data!!
+ val properties = projectInfo.properties ?: ProjectProperties()
+ properties.pipelineListPermissionControl = true
+ logger.info("update project($it) properties|$properties")
+ client.get(ServiceProjectResource::class).updateProjectProperties(it, properties)
+ }
+ return true
+ }
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt
index 279ba8e8728..84587ca37b7 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/config/MockAuthConfiguration.kt
@@ -5,11 +5,9 @@ import com.tencent.devops.auth.provider.sample.service.SampleAuthAuthorizationSc
import com.tencent.devops.auth.provider.sample.service.SampleAuthMonitorSpaceService
import com.tencent.devops.auth.provider.sample.service.SampleAuthPermissionProjectService
import com.tencent.devops.auth.provider.sample.service.SampleAuthPermissionService
-import com.tencent.devops.auth.provider.sample.service.SampleGrantPermissionServiceImpl
import com.tencent.devops.auth.provider.sample.service.SampleOrganizationService
import com.tencent.devops.auth.provider.sample.service.SamplePermissionApplyService
import com.tencent.devops.auth.provider.sample.service.SamplePermissionExtService
-import com.tencent.devops.auth.provider.sample.service.SamplePermissionGradeService
import com.tencent.devops.auth.provider.sample.service.SamplePermissionItsmCallbackService
import com.tencent.devops.auth.provider.sample.service.SamplePermissionMigrateService
import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceGroupAndMemberFacadeService
@@ -19,9 +17,6 @@ import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceG
import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceMemberService
import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceService
import com.tencent.devops.auth.provider.sample.service.SamplePermissionResourceValidateService
-import com.tencent.devops.auth.provider.sample.service.SamplePermissionRoleMemberService
-import com.tencent.devops.auth.provider.sample.service.SamplePermissionRoleService
-import com.tencent.devops.auth.provider.sample.service.SamplePermissionUrlServiceImpl
import com.tencent.devops.auth.provider.sample.service.SampleSuperManagerServiceImpl
import com.tencent.devops.auth.service.AuthAuthorizationScopesService
import com.tencent.devops.auth.service.AuthMonitorSpaceService
@@ -32,8 +27,6 @@ import com.tencent.devops.auth.service.PermissionAuthorizationService
import com.tencent.devops.auth.service.SuperManagerService
import com.tencent.devops.auth.service.iam.PermissionApplyService
import com.tencent.devops.auth.service.iam.PermissionExtService
-import com.tencent.devops.auth.service.iam.PermissionGradeService
-import com.tencent.devops.auth.service.iam.PermissionGrantService
import com.tencent.devops.auth.service.iam.PermissionItsmCallbackService
import com.tencent.devops.auth.service.iam.PermissionMigrateService
import com.tencent.devops.auth.service.iam.PermissionProjectService
@@ -44,10 +37,7 @@ import com.tencent.devops.auth.service.iam.PermissionResourceGroupSyncService
import com.tencent.devops.auth.service.iam.PermissionResourceMemberService
import com.tencent.devops.auth.service.iam.PermissionResourceService
import com.tencent.devops.auth.service.iam.PermissionResourceValidateService
-import com.tencent.devops.auth.service.iam.PermissionRoleMemberService
-import com.tencent.devops.auth.service.iam.PermissionRoleService
import com.tencent.devops.auth.service.iam.PermissionService
-import com.tencent.devops.auth.service.iam.PermissionUrlService
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
import org.springframework.context.annotation.Bean
@@ -67,10 +57,6 @@ class MockAuthConfiguration {
@ConditionalOnMissingBean(PermissionExtService::class)
fun permissionExtService() = SamplePermissionExtService()
- @Bean
- @ConditionalOnMissingBean(PermissionUrlService::class)
- fun permissionUrlService() = SamplePermissionUrlServiceImpl()
-
@Bean
@ConditionalOnMissingBean(PermissionProjectService::class)
fun sampleAuthPermissionProjectService() = SampleAuthPermissionProjectService()
@@ -79,26 +65,10 @@ class MockAuthConfiguration {
@ConditionalOnMissingBean(PermissionService::class)
fun sampleAuthPermissionService() = SampleAuthPermissionService()
- @Bean
- @ConditionalOnMissingBean(PermissionGrantService::class)
- fun sampleGrantPermissionServiceImpl() = SampleGrantPermissionServiceImpl()
-
@Bean
@ConditionalOnMissingBean(SuperManagerService::class)
fun sampleSuperManagerServiceImpl() = SampleSuperManagerServiceImpl()
- @Bean
- @ConditionalOnMissingBean(PermissionGradeService::class)
- fun samplePermissionGradeService() = SamplePermissionGradeService()
-
- @Bean
- @ConditionalOnMissingBean(PermissionRoleMemberService::class)
- fun samplePermissionRoleMemberService() = SamplePermissionRoleMemberService()
-
- @Bean
- @ConditionalOnMissingBean(PermissionRoleService::class)
- fun samplePermissionRoleService() = SamplePermissionRoleService()
-
@Bean
@ConditionalOnMissingBean(OrganizationService::class)
fun sampleOrganizationService() = SampleOrganizationService()
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SampleGrantPermissionServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SampleGrantPermissionServiceImpl.kt
deleted file mode 100644
index 7b51e11baef..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SampleGrantPermissionServiceImpl.kt
+++ /dev/null
@@ -1,10 +0,0 @@
-package com.tencent.devops.auth.provider.sample.service
-
-import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO
-import com.tencent.devops.auth.service.iam.PermissionGrantService
-
-class SampleGrantPermissionServiceImpl : PermissionGrantService {
- override fun grantInstancePermission(projectId: String, grantInfo: GrantInstanceDTO): Boolean {
- return false
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt
index aedbef85813..3c79190e0b0 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionMigrateService.kt
@@ -103,4 +103,6 @@ class SamplePermissionMigrateService(
}
override fun fixResourceGroups(projectCodes: List): Boolean = true
+
+ override fun enablePipelineListPermissionControl(projectCodes: List) = true
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupSyncService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupSyncService.kt
index eceb19c8a3c..774476405d7 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupSyncService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionResourceGroupSyncService.kt
@@ -39,6 +39,8 @@ class SamplePermissionResourceGroupSyncService : PermissionResourceGroupSyncServ
override fun syncGroupAndMember(projectCode: String) = Unit
+ override fun syncProjectGroup(projectCode: String) = Unit
+
override fun getStatusOfSync(projectCode: String): AuthMigrateStatus = AuthMigrateStatus.SUCCEED
override fun batchSyncProjectGroup(projectCodes: List) = Unit
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleMemberService.kt
deleted file mode 100644
index e3ca29e427f..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleMemberService.kt
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.provider.sample.service
-
-import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
-import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo
-import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo
-import com.tencent.devops.auth.pojo.dto.RoleMemberDTO
-import com.tencent.devops.auth.pojo.vo.ProjectMembersVO
-import com.tencent.devops.auth.service.iam.PermissionRoleMemberService
-
-class SamplePermissionRoleMemberService : PermissionRoleMemberService {
- override fun createRoleMember(
- userId: String,
- projectId: Int,
- roleId: Int,
- members: List,
- managerGroup: Boolean,
- checkAGradeManager: Boolean?
- ) {
- TODO("Not yet implemented")
- }
-
- override fun deleteRoleMember(
- userId: String,
- projectId: Int,
- roleId: Int,
- id: String,
- type: ManagerScopesEnum,
- managerGroup: Boolean
- ) {
- TODO("Not yet implemented")
- }
-
- override fun getRoleMember(projectId: Int, roleId: Int, page: Int?, pageSize: Int?): ManagerGroupMemberVo {
- TODO("Not yet implemented")
- }
-
- override fun getProjectAllMember(projectId: Int, page: Int?, pageSize: Int?): ProjectMembersVO? {
- TODO("Not yet implemented")
- }
-
- override fun getUserGroups(projectId: Int, userId: String): List? {
- TODO("Not yet implemented")
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleService.kt
deleted file mode 100644
index cc3f1b215c5..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionRoleService.kt
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.provider.sample.service
-
-import com.tencent.devops.auth.pojo.DefaultGroup
-import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO
-import com.tencent.devops.auth.pojo.vo.GroupInfoVo
-import com.tencent.devops.auth.service.iam.PermissionRoleService
-
-class SamplePermissionRoleService : PermissionRoleService {
- override fun createPermissionRole(
- userId: String,
- projectId: Int,
- projectCode: String,
- groupInfo: ProjectRoleDTO
- ): Int {
- TODO("Not yet implemented")
- }
-
- override fun renamePermissionRole(userId: String, projectId: Int, roleId: Int, groupInfo: ProjectRoleDTO) {
- TODO("Not yet implemented")
- }
-
- override fun getPermissionRole(projectId: Int): List {
- TODO("Not yet implemented")
- }
-
- override fun deletePermissionRole(userId: String, projectId: Int, roleId: Int) {
- TODO("Not yet implemented")
- }
-
- override fun getDefaultRole(): List {
- TODO("Not yet implemented")
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceGroupResourceImpl.kt
deleted file mode 100644
index 5f1d238df12..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceGroupResourceImpl.kt
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.resources
-
-import com.tencent.devops.auth.api.ServiceGroupResource
-import com.tencent.devops.auth.pojo.dto.GroupDTO
-import com.tencent.devops.auth.service.AuthGroupService
-import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.web.RestResource
-import org.springframework.beans.factory.annotation.Autowired
-
-@RestResource
-class ServiceGroupResourceImpl @Autowired constructor(
- val authGroupService: AuthGroupService
-) : ServiceGroupResource {
-
- override fun createGroup(
- userId: String,
- projectCode: String,
- groupInfo: GroupDTO
- ): Result {
- authGroupService.createGroup(userId, projectCode, groupInfo)
- return Result(true)
- }
-
- override fun batchCreateGroup(userId: String, projectCode: String, groupInfos: List): Result {
- return authGroupService.batchCreate(userId, projectCode, groupInfos)
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceUserGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceUserGroupResourceImpl.kt
deleted file mode 100644
index 381baddf45c..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceUserGroupResourceImpl.kt
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.resources
-
-import com.tencent.devops.auth.api.ServiceUserGroupResource
-import com.tencent.devops.auth.service.GroupUserService
-import com.tencent.devops.common.api.pojo.Result
-import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.web.bind.annotation.RestController
-
-@RestController
-class ServiceUserGroupResourceImpl @Autowired constructor(
- val groupUserService: GroupUserService
-) : ServiceUserGroupResource {
-
- override fun addUser2Group(userId: String, groupId: Int): Result {
- return groupUserService.addUser2Group(userId, groupId)
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt
deleted file mode 100644
index c14de3fe690..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectMemberResourceImpl.kt
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- */
-
-package com.tencent.devops.auth.resources
-
-import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
-import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo
-import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo
-import com.tencent.devops.auth.api.user.UserProjectMemberResource
-import com.tencent.devops.auth.pojo.dto.RoleMemberDTO
-import com.tencent.devops.auth.pojo.vo.ProjectMembersVO
-import com.tencent.devops.auth.service.iam.PermissionProjectService
-import com.tencent.devops.auth.service.iam.PermissionRoleMemberService
-import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
-import com.tencent.devops.common.web.RestResource
-import org.springframework.beans.factory.annotation.Autowired
-
-@RestResource
-class UserProjectMemberResourceImpl @Autowired constructor(
- val permissionRoleMemberService: PermissionRoleMemberService,
- val permissionProjectService: PermissionProjectService
-) : UserProjectMemberResource {
- override fun createRoleMember(
- userId: String,
- projectId: Int,
- roleId: Int,
- managerGroup: Boolean,
- members: List
- ): Result {
- permissionRoleMemberService.createRoleMember(
- userId = userId,
- projectId = projectId,
- roleId = roleId,
- members = members,
- managerGroup = managerGroup,
- checkAGradeManager = true
- )
- return Result(true)
- }
-
- override fun getRoleMember(
- projectId: Int,
- roleId: Int,
- page: Int?,
- pageSize: Int?
- ): Result {
- return Result(
- permissionRoleMemberService.getRoleMember(
- projectId = projectId,
- roleId = roleId,
- page = page,
- pageSize = pageSize
- )
- )
- }
-
- override fun getProjectAllMember(projectId: Int, page: Int?, pageSize: Int?): Result {
- return Result(permissionRoleMemberService.getProjectAllMember(projectId, page, pageSize))
- }
-
- override fun deleteRoleMember(
- userId: String,
- projectId: Int,
- roleId: Int,
- managerGroup: Boolean,
- members: String,
- type: ManagerScopesEnum
- ): Result {
- Result(
- permissionRoleMemberService.deleteRoleMember(
- userId = userId,
- projectId = projectId,
- roleId = roleId,
- id = members,
- type = type,
- managerGroup = managerGroup
- )
- )
- return Result(true)
- }
-
- override fun getUserAllGroup(
- userId: String,
- projectId: Int,
- searchUserId: String
- ): Result?> {
- return Result(permissionRoleMemberService.getUserGroups(projectId, searchUserId))
- }
-
- override fun checkManager(userId: String, projectId: String): Result {
- val result = permissionProjectService.checkProjectManager(userId, projectId) ||
- permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER)
- return Result(result)
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectRoleResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectRoleResourceImpl.kt
deleted file mode 100644
index 04716d8c200..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserProjectRoleResourceImpl.kt
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- */
-
-package com.tencent.devops.auth.resources
-
-import com.tencent.devops.auth.api.user.UserProjectRoleResource
-import com.tencent.devops.auth.pojo.DefaultGroup
-import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO
-import com.tencent.devops.auth.pojo.vo.GroupInfoVo
-import com.tencent.devops.auth.service.iam.PermissionGradeService
-import com.tencent.devops.auth.service.iam.PermissionRoleService
-import com.tencent.devops.common.api.exception.PermissionForbiddenException
-import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.web.RestResource
-import org.springframework.beans.factory.annotation.Autowired
-
-@RestResource
-class UserProjectRoleResourceImpl @Autowired constructor(
- val permissionRoleService: PermissionRoleService,
- val permissionGradeService: PermissionGradeService
-) : UserProjectRoleResource {
- override fun createProjectRole(
- userId: String,
- projectId: Int,
- projectCode: String,
- groupInfo: ProjectRoleDTO
- ): Result {
- return Result(
- permissionRoleService.createPermissionRole(
- userId = userId,
- projectId = projectId,
- projectCode = projectCode,
- groupInfo = groupInfo
- ).toString()
- )
- }
-
- override fun updateProjectRole(
- userId: String,
- projectId: Int,
- roleId: Int,
- groupInfo: ProjectRoleDTO
- ): Result {
- permissionRoleService.renamePermissionRole(
- userId = userId,
- projectId = projectId,
- roleId = roleId,
- groupInfo = groupInfo
- )
- return Result(true)
- }
-
- override fun getProjectRoles(userId: String, projectId: Int): Result> {
- return Result(permissionRoleService.getPermissionRole(projectId))
- }
-
- override fun deleteProjectRole(userId: String, projectId: Int, roleId: Int): Result {
- permissionRoleService.deletePermissionRole(userId, projectId, roleId)
- return Result(true)
- }
-
- override fun hashPermission(userId: String, projectId: Int): Result {
- try {
- permissionGradeService.checkGradeManagerUser(userId, projectId)
- } catch (e: PermissionForbiddenException) {
- return Result(false)
- }
- return Result(true)
- }
-
- override fun getDefaultRole(userId: String): Result> {
- return Result(permissionRoleService.getDefaultRole())
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalAuthItsmCallbackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalAuthItsmCallbackResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalAuthItsmCallbackResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalAuthItsmCallbackResourceImpl.kt
index 8690520c263..7a65f7f317a 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalAuthItsmCallbackResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalAuthItsmCallbackResourceImpl.kt
@@ -26,7 +26,7 @@
*
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.external
import com.tencent.devops.auth.api.callback.ExternalAuthItsmCallbackResource
import com.tencent.devops.auth.pojo.ItsmCallBackInfo
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalThirdLoginResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalThirdLoginResourceImpl.kt
similarity index 97%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalThirdLoginResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalThirdLoginResourceImpl.kt
index 528f10584dc..d23dbca915a 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ExternalThirdLoginResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/external/ExternalThirdLoginResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.external
import com.tencent.devops.auth.api.login.ExternalThirdLoginResource
import com.tencent.devops.auth.service.ThirdLoginService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2DesktopEndpointResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2DesktopEndpointResourceImpl.kt
similarity index 96%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2DesktopEndpointResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2DesktopEndpointResourceImpl.kt
index aae663c0ef3..08a1ce1151f 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2DesktopEndpointResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2DesktopEndpointResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.oauth2
import com.tencent.devops.auth.api.oauth2.Oauth2DesktopEndpointResource
import com.tencent.devops.auth.pojo.dto.Oauth2AuthorizationCodeDTO
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2ServiceEndpointResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2ServiceEndpointResourceImpl.kt
index a4620163561..77d6006aa59 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/oauth2/Oauth2ServiceEndpointResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.oauth2
import com.tencent.devops.auth.api.oauth2.Oauth2ServiceEndpointResource
import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthMigrateResourceImpl.kt
similarity index 95%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthMigrateResourceImpl.kt
index b2b53bb43bd..a43804cbe06 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthMigrateResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthMigrateResourceImpl.kt
@@ -26,7 +26,7 @@
*
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.migrate.OpAuthMigrateResource
import com.tencent.devops.auth.pojo.dto.MigrateResourceDTO
@@ -113,4 +113,8 @@ class OpAuthMigrateResourceImpl @Autowired constructor(
override fun fixResourceGroups(projectCodes: List): Result {
return Result(permissionMigrateService.fixResourceGroups(projectCodes))
}
+
+ override fun enablePipelineListPermissionControl(projectCodes: List): Result {
+ return Result(permissionMigrateService.enablePipelineListPermissionControl(projectCodes))
+ }
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupPermSyncResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupPermSyncResourceImpl.kt
index 104eb3c4cc8..fdd544d0b68 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupPermSyncResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.sync.OpAuthResourceGroupPermSyncResource
import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupSyncResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupSyncResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupSyncResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupSyncResourceImpl.kt
index 40cccbbb9ba..b5bae65a264 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupSyncResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpAuthResourceGroupSyncResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.sync.OpAuthResourceGroupSyncResource
import com.tencent.devops.auth.service.iam.PermissionResourceGroupSyncService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpCallBackResourceImpl.kt
similarity index 96%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpCallBackResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpCallBackResourceImpl.kt
index cb51a10eb15..40503d8992c 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpCallBackResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpCallBackResourceImpl.kt
@@ -25,9 +25,9 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
-import com.tencent.devops.auth.api.callback.OpCallBackResource
+import com.tencent.devops.auth.api.op.OpCallBackResource
import com.tencent.devops.auth.pojo.IamCallBackInfo
import com.tencent.devops.auth.pojo.IamCallBackInterfaceDTO
import com.tencent.devops.auth.service.CallBackService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerOrganizationResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerOrganizationResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerOrganizationResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerOrganizationResourceImpl.kt
index 48e3c3b6d3a..8e6ca5763c3 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerOrganizationResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerOrganizationResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.manager.OpManagerOrganizationResource
import com.tencent.devops.auth.pojo.ManageOrganizationEntity
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerStrategyResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerStrategyResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerStrategyResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerStrategyResourceImpl.kt
index c4e1d48557b..8de3d17ece0 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerStrategyResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerStrategyResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.manager.OpManagerStrategyResource
import com.tencent.devops.auth.pojo.StrategyEntity
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerUserResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerUserResourceImpl.kt
similarity index 99%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerUserResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerUserResourceImpl.kt
index d09a76baae4..f513f1ec44f 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpManagerUserResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpManagerUserResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.manager.OpManagerUserResource
import com.tencent.devops.auth.pojo.ManagerUserEntity
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpOauth2ResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpOauth2ResourceImpl.kt
similarity index 96%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpOauth2ResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpOauth2ResourceImpl.kt
index cc5ae56a256..a99a00651bc 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpOauth2ResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpOauth2ResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.oauth2.OpOauth2Resource
import com.tencent.devops.auth.pojo.dto.ClientDetailsDTO
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpPermissionFacadeResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpPermissionFacadeResourceImpl.kt
similarity index 96%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpPermissionFacadeResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpPermissionFacadeResourceImpl.kt
index fa1e3ae544d..d98383997c0 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpPermissionFacadeResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/op/OpPermissionFacadeResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.op
import com.tencent.devops.auth.api.op.OpPermissionFacadeResource
import com.tencent.devops.auth.pojo.request.CustomGroupCreateReq
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenAuthResourceCallBackResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenAuthResourceCallBackResourceImpl.kt
index 1ea7995c582..4e3a66dfe3c 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/OpenAuthResourceCallBackResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenAuthResourceCallBackResourceImpl.kt
@@ -26,7 +26,7 @@
*
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.open
import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO
import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenPermissionAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenPermissionAuthResourceImpl.kt
new file mode 100644
index 00000000000..615ff1cf000
--- /dev/null
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenPermissionAuthResourceImpl.kt
@@ -0,0 +1,293 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.auth.resources.open
+
+import com.tencent.devops.auth.api.open.OpenPermissionAuthResource
+import com.tencent.devops.auth.service.iam.PermissionExtService
+import com.tencent.devops.auth.service.iam.PermissionService
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.AuthPermission
+import com.tencent.devops.common.auth.api.pojo.AuthResourceInstance
+import com.tencent.devops.common.web.RestResource
+import com.tencent.devops.common.web.annotation.BkApiPermission
+import com.tencent.devops.common.web.constant.BkApiHandleType
+import org.springframework.beans.factory.annotation.Autowired
+
+@RestResource
+class OpenPermissionAuthResourceImpl @Autowired constructor(
+ val permissionService: PermissionService,
+ val permissionExtService: PermissionExtService
+) : OpenPermissionAuthResource {
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun validateUserActionPermission(
+ userId: String,
+ token: String,
+ type: String?,
+ action: String
+ ): Result {
+ return Result(permissionService.validateUserActionPermission(userId, action))
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun validateUserResourcePermission(
+ userId: String,
+ token: String,
+ type: String?,
+ action: String,
+ projectCode: String,
+ resourceCode: String?
+ ): Result {
+ return Result(permissionService.validateUserResourcePermission(userId, action, projectCode, resourceCode))
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun validateUserResourcePermissionByRelation(
+ userId: String,
+ token: String,
+ type: String?,
+ action: String,
+ projectCode: String,
+ resourceCode: String,
+ resourceType: String,
+ relationResourceType: String?
+ ): Result {
+ return Result(
+ permissionService.validateUserResourcePermissionByRelation(
+ userId = userId,
+ action = action,
+ projectCode = projectCode,
+ resourceCode = resourceCode,
+ resourceType = resourceType,
+ relationResourceType = relationResourceType
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun validateUserResourcePermissionByInstance(
+ userId: String,
+ token: String,
+ type: String?,
+ action: String,
+ projectCode: String,
+ resource: AuthResourceInstance
+ ): Result {
+ return Result(
+ permissionService.validateUserResourcePermissionByInstance(
+ userId = userId,
+ action = action,
+ projectCode = projectCode,
+ resource = resource
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun batchValidateUserResourcePermissionByRelation(
+ userId: String,
+ token: String,
+ type: String?,
+ projectCode: String,
+ resourceCode: String,
+ resourceType: String,
+ relationResourceType: String?,
+ action: List
+ ): Result {
+ var actionCheckPermission = true
+ action.forEach {
+ val checkActionPermission = permissionService.validateUserResourcePermissionByRelation(
+ userId = userId,
+ action = it,
+ projectCode = projectCode,
+ resourceCode = resourceCode,
+ resourceType = resourceType,
+ relationResourceType = relationResourceType
+ )
+ if (!checkActionPermission) {
+ actionCheckPermission = false
+ return@forEach
+ }
+ }
+ return Result(actionCheckPermission)
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getUserResourceByPermission(
+ userId: String,
+ token: String,
+ type: String?,
+ action: String,
+ projectCode: String,
+ resourceType: String
+ ): Result> {
+ return Result(
+ permissionService.getUserResourceByAction(
+ userId = userId,
+ action = action,
+ projectCode = projectCode,
+ resourceType = resourceType
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getUserResourcesByPermissions(
+ userId: String,
+ token: String,
+ type: String?,
+ actions: List,
+ projectCode: String,
+ resourceType: String
+ ): Result>> {
+ return Result(
+ permissionService.getUserResourcesByActions(
+ userId = userId,
+ actions = actions,
+ projectCode = projectCode,
+ resourceType = resourceType
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun filterUserResourcesByPermissions(
+ userId: String,
+ token: String,
+ type: String?,
+ actions: List,
+ projectCode: String,
+ resourceType: String,
+ resources: List
+ ): Result>> {
+ return Result(
+ permissionService.filterUserResourcesByActions(
+ userId = userId,
+ actions = actions,
+ projectCode = projectCode,
+ resourceType = resourceType,
+ resources = resources
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getUserResourceAndParentByPermission(
+ userId: String,
+ token: String,
+ type: String?,
+ action: String,
+ projectCode: String,
+ resourceType: String
+ ): Result>> {
+ return Result(
+ permissionService.getUserResourceAndParentByPermission(
+ userId = userId,
+ action = action,
+ projectCode = projectCode,
+ resourceType = resourceType
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun resourceCreateRelation(
+ userId: String,
+ token: String,
+ type: String?,
+ projectCode: String,
+ resourceType: String,
+ resourceCode: String,
+ resourceName: String
+ ): Result {
+ return Result(
+ permissionExtService.resourceCreateRelation(
+ userId = userId,
+ projectCode = projectCode,
+ resourceType = resourceType,
+ resourceCode = resourceCode,
+ resourceName = resourceName
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun resourceModifyRelation(
+ token: String,
+ type: String?,
+ projectCode: String,
+ resourceType: String,
+ resourceCode: String,
+ resourceName: String
+ ): Result {
+ return Result(
+ permissionExtService.resourceModifyRelation(
+ projectCode = projectCode,
+ resourceType = resourceType,
+ resourceCode = resourceCode,
+ resourceName = resourceName
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun resourceDeleteRelation(
+ token: String,
+ type: String?,
+ projectCode: String,
+ resourceType: String,
+ resourceCode: String
+ ): Result {
+ return Result(
+ permissionExtService.resourceDeleteRelation(
+ projectCode = projectCode,
+ resourceType = resourceType,
+ resourceCode = resourceCode
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun resourceCancelRelation(
+ userId: String,
+ token: String,
+ type: String?,
+ projectCode: String,
+ resourceType: String,
+ resourceCode: String
+ ): Result {
+ return Result(
+ permissionExtService.resourceCancelRelation(
+ userId = userId,
+ projectCode = projectCode,
+ resourceType = resourceType,
+ resourceCode = resourceCode
+ )
+ )
+ }
+}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenProjectAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenProjectAuthResourceImpl.kt
new file mode 100644
index 00000000000..8b85c8c6797
--- /dev/null
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenProjectAuthResourceImpl.kt
@@ -0,0 +1,204 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.auth.resources.open
+
+import com.tencent.devops.auth.api.open.OpenProjectAuthResource
+import com.tencent.devops.auth.pojo.vo.ProjectPermissionInfoVO
+import com.tencent.devops.auth.service.iam.PermissionProjectService
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.pojo.BKAuthProjectRolesResources
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList
+import com.tencent.devops.common.web.RestResource
+import com.tencent.devops.common.web.annotation.BkApiPermission
+import com.tencent.devops.common.web.constant.BkApiHandleType
+import org.springframework.beans.factory.annotation.Autowired
+
+@RestResource
+class OpenProjectAuthResourceImpl @Autowired constructor(
+ val permissionProjectService: PermissionProjectService
+) : OpenProjectAuthResource {
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getProjectUsers(
+ token: String,
+ type: String?,
+ projectCode: String,
+ group: BkAuthGroup?
+ ): Result> {
+ return Result(
+ permissionProjectService.getProjectUsers(
+ projectCode = projectCode,
+ group = group
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getProjectGroupAndUserList(
+ token: String,
+ projectCode: String
+ ): Result> {
+ return Result(
+ permissionProjectService.getProjectGroupAndUserList(projectCode = projectCode)
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getUserProjects(token: String, userId: String): Result> {
+ return Result(permissionProjectService.getUserProjects(userId))
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getUserProjectsByPermission(
+ token: String,
+ userId: String,
+ action: String,
+ resourceType: String?
+ ): Result> {
+ return Result(
+ permissionProjectService.getUserProjectsByPermission(
+ userId = userId,
+ action = action,
+ resourceType = resourceType
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun isProjectUser(
+ token: String,
+ type: String?,
+ userId: String,
+ projectCode: String,
+ group: BkAuthGroup?
+ ): Result {
+ return Result(
+ permissionProjectService.isProjectUser(
+ userId = userId,
+ projectCode = projectCode,
+ group = group
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun checkUserInProjectLevelGroup(
+ token: String,
+ userId: String,
+ projectCode: String
+ ): Result {
+ return Result(
+ permissionProjectService.checkUserInProjectLevelGroup(
+ userId = userId,
+ projectCode = projectCode
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun checkManager(token: String, userId: String, projectId: String): Result {
+ val result = permissionProjectService.checkProjectManager(userId, projectId) ||
+ permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER)
+ return Result(result)
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun checkProjectManager(
+ token: String,
+ type: String?,
+ userId: String,
+ projectCode: String
+ ): Result {
+ return Result(
+ permissionProjectService.checkProjectManager(
+ userId = userId,
+ projectCode = projectCode
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun createProjectUser(
+ token: String,
+ userId: String,
+ projectCode: String,
+ role: String
+ ): Result {
+ return Result(
+ permissionProjectService.createProjectUser(
+ userId = userId,
+ projectCode = projectCode,
+ roleCode = role
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun batchCreateProjectUser(
+ token: String,
+ userId: String,
+ projectCode: String,
+ roleCode: String,
+ members: List
+ ): Result {
+ return Result(
+ permissionProjectService.batchCreateProjectUser(
+ userId = userId,
+ projectCode = projectCode,
+ roleCode = roleCode,
+ members = members
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getProjectRoles(
+ token: String,
+ projectCode: String,
+ projectId: String
+ ): Result> {
+ return Result(
+ permissionProjectService.getProjectRoles(
+ projectCode = projectCode,
+ projectId = projectId
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getProjectPermissionInfo(
+ token: String,
+ projectCode: String
+ ): Result {
+ return Result(
+ permissionProjectService.getProjectPermissionInfo(
+ projectCode = projectCode
+ )
+ )
+ }
+}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenResourceMemberResourceImpl.kt
new file mode 100644
index 00000000000..36d0953e388
--- /dev/null
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/open/OpenResourceMemberResourceImpl.kt
@@ -0,0 +1,112 @@
+package com.tencent.devops.auth.resources.open
+
+import com.tencent.devops.auth.api.open.OpenResourceMemberResource
+import com.tencent.devops.auth.service.iam.PermissionResourceMemberService
+import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroupAndUserList
+import com.tencent.devops.common.web.RestResource
+import com.tencent.devops.common.web.annotation.BkApiPermission
+import com.tencent.devops.common.web.constant.BkApiHandleType
+import com.tencent.devops.project.pojo.ProjectCreateUserInfo
+import com.tencent.devops.project.pojo.ProjectDeleteUserInfo
+import java.util.concurrent.TimeUnit
+
+@RestResource
+class OpenResourceMemberResourceImpl(
+ private val permissionResourceMemberService: PermissionResourceMemberService
+) : OpenResourceMemberResource {
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getResourceGroupMembers(
+ token: String,
+ projectCode: String,
+ resourceType: String,
+ resourceCode: String,
+ group: BkAuthGroup?
+ ): Result> {
+ return Result(
+ permissionResourceMemberService.getResourceGroupMembers(
+ projectCode = projectCode,
+ resourceType = resourceType,
+ resourceCode = resourceCode,
+ group = group
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun getResourceGroupAndMembers(
+ token: String,
+ projectCode: String,
+ resourceType: String,
+ resourceCode: String
+ ): Result> {
+ return Result(
+ permissionResourceMemberService.getResourceGroupAndMembers(
+ projectCode = projectCode,
+ resourceType = resourceType,
+ resourceCode = resourceCode
+ )
+ )
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun batchAddResourceGroupMembers(
+ token: String,
+ projectCode: String,
+ projectCreateUserInfo: ProjectCreateUserInfo
+ ): Result {
+ with(projectCreateUserInfo) {
+ val expiredTime = System.currentTimeMillis() / 1000 + TimeUnit.DAYS.toSeconds(365L)
+ return Result(
+ permissionResourceMemberService.batchAddResourceGroupMembers(
+ projectCode = projectCode,
+ iamGroupId = getIamGroupId(
+ groupId = groupId,
+ projectCode = projectCode,
+ roleName = roleName,
+ roleId = roleId
+ ),
+ expiredTime = expiredTime,
+ members = userIds,
+ departments = deptIds
+ )
+ )
+ }
+ }
+
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun batchDeleteResourceGroupMembers(
+ token: String,
+ projectCode: String,
+ projectDeleteUserInfo: ProjectDeleteUserInfo
+ ): Result {
+ with(projectDeleteUserInfo) {
+ return Result(
+ permissionResourceMemberService.batchDeleteResourceGroupMembers(
+ projectCode = projectCode,
+ iamGroupId = getIamGroupId(
+ groupId = groupId,
+ projectCode = projectCode,
+ roleName = roleName,
+ roleId = roleId
+ ),
+ members = userIds,
+ departments = deptIds
+ )
+ )
+ }
+ }
+
+ private fun getIamGroupId(
+ groupId: Int?,
+ projectCode: String,
+ roleName: String?,
+ roleId: Int?
+ ): Int {
+ return groupId ?: permissionResourceMemberService.roleCodeToIamGroupId(
+ projectCode = projectCode,
+ roleCode = roleName ?: BkAuthGroup.getByRoleId(roleId!!).value
+ )
+ }
+}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceAuthResourceCallBackResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceAuthResourceCallBackResourceImpl.kt
index 48ef616ce6e..55bed829a21 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceAuthResourceCallBackResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceAuthResourceCallBackResourceImpl.kt
@@ -26,7 +26,7 @@
*
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.service
import com.tencent.bk.sdk.iam.dto.callback.request.CallbackRequestDTO
import com.tencent.bk.sdk.iam.dto.callback.response.CallbackBaseResponseDTO
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerApprovalResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerApprovalResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerApprovalResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerApprovalResourceImpl.kt
index 7e629317eb5..b1a6b52309f 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerApprovalResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerApprovalResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.service
import com.tencent.devops.auth.api.manager.ServiceManagerApprovalResource
import com.tencent.devops.auth.pojo.enum.ApprovalType
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerResourceImpl.kt
deleted file mode 100644
index 9ecb56fb985..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerResourceImpl.kt
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.resources.service
-
-import com.tencent.devops.auth.api.service.ServiceManagerResource
-import com.tencent.devops.auth.service.SuperManagerService
-import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.web.RestResource
-import com.tencent.devops.common.web.annotation.BkApiPermission
-import com.tencent.devops.common.web.constant.BkApiHandleType
-import org.springframework.beans.factory.annotation.Autowired
-
-@RestResource
-class ServiceManagerResourceImpl @Autowired constructor(
- val superManagerService: SuperManagerService
-) : ServiceManagerResource {
- @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
- override fun validateManagerPermission(
- userId: String,
- token: String,
- projectCode: String,
- action: String,
- resourceCode: String
- ): Result {
- return Result(superManagerService.projectManagerCheck(
- userId = userId,
- projectCode = projectCode,
- action = action,
- resourceType = resourceCode
- ))
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerUserResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerUserResourceImpl.kt
similarity index 97%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerUserResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerUserResourceImpl.kt
index fb88a0d1791..27b7ef299e2 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceManagerUserResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceManagerUserResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.service
import com.tencent.devops.auth.api.manager.ServiceManagerUserResource
import com.tencent.devops.auth.pojo.UserPermissionInfo
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceMonitorSpaceResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceMonitorSpaceResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceMonitorSpaceResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceMonitorSpaceResourceImpl.kt
index 194e40946ab..763b09e70b2 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/ServiceMonitorSpaceResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceMonitorSpaceResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.service
import com.tencent.devops.auth.api.service.ServiceMonitorSpaceResource
import com.tencent.devops.auth.service.AuthMonitorSpaceService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt
index 0772fa5cfb7..24eb78b3c4e 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServicePermissionAuthResourceImpl.kt
@@ -28,9 +28,7 @@
package com.tencent.devops.auth.resources.service
import com.tencent.devops.auth.api.service.ServicePermissionAuthResource
-import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO
import com.tencent.devops.auth.service.iam.PermissionExtService
-import com.tencent.devops.auth.service.iam.PermissionGrantService
import com.tencent.devops.auth.service.iam.PermissionService
import com.tencent.devops.common.api.pojo.Result
import com.tencent.devops.common.auth.api.AuthPermission
@@ -43,8 +41,7 @@ import org.springframework.beans.factory.annotation.Autowired
@RestResource
class ServicePermissionAuthResourceImpl @Autowired constructor(
val permissionService: PermissionService,
- val permissionExtService: PermissionExtService,
- val permissionGrantService: PermissionGrantService
+ val permissionExtService: PermissionExtService
) : ServicePermissionAuthResource {
@BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
@@ -293,19 +290,4 @@ class ServicePermissionAuthResourceImpl @Autowired constructor(
)
)
}
-
- @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
- override fun grantInstancePermission(
- userId: String,
- token: String,
- projectCode: String,
- grantInstance: GrantInstanceDTO
- ): Result {
- return Result(
- permissionGrantService.grantInstancePermission(
- projectId = projectCode,
- grantInfo = grantInstance
- )
- )
- }
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt
index f336c2275ff..cea4a8350a8 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceGroupResourceImpl.kt
@@ -3,9 +3,12 @@ package com.tencent.devops.auth.resources.service
import com.tencent.devops.auth.api.service.ServiceResourceGroupResource
import com.tencent.devops.auth.pojo.dto.GroupAddDTO
import com.tencent.devops.auth.pojo.request.CustomGroupCreateReq
+import com.tencent.devops.auth.pojo.vo.GroupDetailsInfoVo
import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo
+import com.tencent.devops.auth.service.iam.PermissionResourceGroupAndMemberFacadeService
import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService
import com.tencent.devops.auth.service.iam.PermissionResourceGroupService
+import com.tencent.devops.common.api.model.SQLPage
import com.tencent.devops.common.api.pojo.Result
import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
import com.tencent.devops.common.web.RestResource
@@ -13,7 +16,8 @@ import com.tencent.devops.common.web.RestResource
@RestResource
class ServiceResourceGroupResourceImpl(
val permissionResourceGroupService: PermissionResourceGroupService,
- val resourceGroupPermissionService: PermissionResourceGroupPermissionService
+ val resourceGroupPermissionService: PermissionResourceGroupPermissionService,
+ val resourceGroupAndMemberFacadeService: PermissionResourceGroupAndMemberFacadeService
) : ServiceResourceGroupResource {
override fun getGroupPermissionDetail(
projectCode: String,
@@ -26,6 +30,37 @@ class ServiceResourceGroupResourceImpl(
)
}
+ override fun getMemberGroupsDetails(
+ userId: String,
+ projectCode: String,
+ resourceType: String,
+ memberId: String,
+ groupName: String?,
+ minExpiredAt: Long?,
+ maxExpiredAt: Long?,
+ relatedResourceType: String?,
+ relatedResourceCode: String?,
+ action: String?,
+ start: Int?,
+ limit: Int?
+ ): Result> {
+ return Result(
+ resourceGroupAndMemberFacadeService.getMemberGroupsDetails(
+ projectId = projectCode,
+ resourceType = resourceType,
+ memberId = memberId,
+ groupName = groupName,
+ minExpiredAt = minExpiredAt,
+ maxExpiredAt = maxExpiredAt,
+ relatedResourceType = relatedResourceType,
+ relatedResourceCode = relatedResourceCode,
+ action = action,
+ start = start,
+ limit = limit
+ )
+ )
+ }
+
override fun createGroupByGroupCode(
projectCode: String,
resourceType: String,
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt
index c9946730b02..02c0636974f 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceResourceMemberResourceImpl.kt
@@ -1,6 +1,7 @@
package com.tencent.devops.auth.resources.service
import com.tencent.devops.auth.api.service.ServiceResourceMemberResource
+import com.tencent.devops.auth.pojo.request.GroupMemberSingleRenewalReq
import com.tencent.devops.auth.service.iam.PermissionResourceMemberService
import com.tencent.devops.common.api.pojo.Result
import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
@@ -98,6 +99,22 @@ class ServiceResourceMemberResourceImpl constructor(
}
}
+ @BkApiPermission([BkApiHandleType.API_OPEN_TOKEN_CHECK])
+ override fun renewalGroupMember(
+ token: String,
+ userId: String,
+ projectCode: String,
+ renewalConditionReq: GroupMemberSingleRenewalReq
+ ): Result {
+ return Result(
+ permissionResourceMemberService.renewalGroupMember(
+ userId = userId,
+ projectCode = projectCode,
+ renewalConditionReq = renewalConditionReq
+ )
+ )
+ }
+
private fun getIamGroupId(
groupId: Int?,
projectCode: String,
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthApplyResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthApplyResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthApplyResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthApplyResourceImpl.kt
index 69fa55a4677..10c63c3c4c3 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthApplyResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthApplyResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthApplyResource
import com.tencent.devops.auth.pojo.ApplyJoinGroupInfo
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthAuthorizationResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthAuthorizationResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthAuthorizationResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthAuthorizationResourceImpl.kt
index a184fd8cf63..e4c5ed68aa4 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthAuthorizationResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthAuthorizationResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthAuthorizationResource
import com.tencent.devops.auth.pojo.vo.ResourceTypeInfoVo
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthItsmCallbackResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthItsmCallbackResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthItsmCallbackResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthItsmCallbackResourceImpl.kt
index c55888d8d7e..1104942b842 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthItsmCallbackResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthItsmCallbackResourceImpl.kt
@@ -26,7 +26,7 @@
*
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthItsmCallbackResource
import com.tencent.devops.auth.dao.AuthItsmCallbackDao
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthPermissionResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthPermissionResourceImpl.kt
similarity index 96%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthPermissionResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthPermissionResourceImpl.kt
index 16f15f2ac5c..a9aa3d540af 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthPermissionResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthPermissionResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthPermissionResource
import com.tencent.devops.auth.pojo.dto.PermissionBatchValidateDTO
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupResourceImpl.kt
similarity index 99%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupResourceImpl.kt
index a49c0327503..4c99458fb86 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupResourceImpl.kt
@@ -26,7 +26,7 @@
*
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
import com.tencent.devops.auth.api.user.UserAuthResourceGroupResource
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupSyncResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupSyncResourceImpl.kt
similarity index 98%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupSyncResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupSyncResourceImpl.kt
index 4a98618ce51..46240f0f357 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceGroupSyncResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceGroupSyncResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthResourceGroupSyncResource
import com.tencent.devops.auth.pojo.enum.AuthMigrateStatus
@@ -40,7 +40,6 @@ class UserAuthResourceGroupSyncResourceImpl @Autowired constructor(
private val permissionResourceGroupSyncService: PermissionResourceGroupSyncService,
private val permissionResourceGroupPermissionService: PermissionResourceGroupPermissionService
) : UserAuthResourceGroupSyncResource {
-
override fun syncGroupAndMember(userId: String, projectId: String): Result {
permissionResourceGroupSyncService.syncGroupAndMember(projectId)
return Result(true)
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceMemberResourceImpl.kt
similarity index 99%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceMemberResourceImpl.kt
index 4672c1c64ea..bd76fea6919 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceMemberResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceMemberResourceImpl.kt
@@ -1,4 +1,4 @@
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthResourceMemberResource
import com.tencent.devops.auth.pojo.ResourceMemberInfo
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceResourceImpl.kt
similarity index 99%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceResourceImpl.kt
index 5ee46656fe5..7df892506cc 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthResourceResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserAuthResourceResourceImpl.kt
@@ -26,7 +26,7 @@
*
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserAuthResourceResource
import com.tencent.devops.auth.pojo.AuthResourceInfo
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserManagerUserResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserManagerUserResourceImpl.kt
similarity index 97%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserManagerUserResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserManagerUserResourceImpl.kt
index 53b41873b99..f8d999bc42b 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserManagerUserResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserManagerUserResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.manager.UserManagerUserResource
import com.tencent.devops.auth.service.ManagerUserService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserMonitorSpaceResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserMonitorSpaceResourceImpl.kt
similarity index 97%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserMonitorSpaceResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserMonitorSpaceResourceImpl.kt
index 62803cfb6eb..d7e01441fcf 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserMonitorSpaceResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserMonitorSpaceResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserMonitorSpaceResource
import com.tencent.devops.auth.service.AuthMonitorSpaceService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthUrlResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserProjectMemberResourceImpl.kt
similarity index 70%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthUrlResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserProjectMemberResourceImpl.kt
index 15fddef4fc7..8b52a40e862 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserAuthUrlResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserProjectMemberResourceImpl.kt
@@ -25,24 +25,22 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
-import com.tencent.devops.auth.api.user.UserAuthUrlResource
-import com.tencent.devops.auth.pojo.PermissionUrlDTO
-import com.tencent.devops.auth.service.iam.PermissionUrlService
+import com.tencent.devops.auth.api.user.UserProjectMemberResource
+import com.tencent.devops.auth.service.iam.PermissionProjectService
import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
import com.tencent.devops.common.web.RestResource
import org.springframework.beans.factory.annotation.Autowired
@RestResource
-class UserAuthUrlResourceImpl @Autowired constructor(
- val urlService: PermissionUrlService
-) : UserAuthUrlResource {
- override fun permissionUrl(permissionUrlDTO: List): Result {
- return urlService.getPermissionUrl(permissionUrlDTO)
- }
-
- override fun getRolePermissionUrl(projectId: String, roleId: String?): Result {
- return Result(urlService.getRolePermissionUrl(projectId, roleId))
+class UserProjectMemberResourceImpl @Autowired constructor(
+ val permissionProjectService: PermissionProjectService
+) : UserProjectMemberResource {
+ override fun checkManager(userId: String, projectId: String): Result {
+ val result = permissionProjectService.checkProjectManager(userId, projectId) ||
+ permissionProjectService.isProjectUser(userId, projectId, BkAuthGroup.CI_MANAGER)
+ return Result(result)
}
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserThirdLoginResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserThirdLoginResourceImpl.kt
similarity index 97%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserThirdLoginResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserThirdLoginResourceImpl.kt
index 02dfe4a015a..58c58d0a229 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserThirdLoginResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserThirdLoginResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.login.UserThirdLoginResource
import com.tencent.devops.auth.service.ThirdLoginService
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserTokenResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserTokenResourceImpl.kt
similarity index 97%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserTokenResourceImpl.kt
rename to src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserTokenResourceImpl.kt
index f5bea0b2c96..6bc3e14768a 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/UserTokenResourceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/user/UserTokenResourceImpl.kt
@@ -25,7 +25,7 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources
+package com.tencent.devops.auth.resources.user
import com.tencent.devops.auth.api.user.UserTokenResource
import com.tencent.devops.auth.pojo.TokenInfo
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt
index bedb4278b84..2c95c78278d 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthDeptServiceImpl.kt
@@ -180,12 +180,14 @@ class AuthDeptServiceImpl @Autowired constructor(
)
}
}
+
ManagerScopesEnum.DEPARTMENT -> {
val deptInfos = getDeptInfo(deptSearch)
deptInfos.results.forEach {
it.toUserAndDeptInfoVo()
}
}
+
ManagerScopesEnum.ALL -> {
val userInfos = getUserInfo(userSearch)
userInfos.results.forEach {
@@ -271,6 +273,7 @@ class AuthDeptServiceImpl @Autowired constructor(
)
}
+ @Suppress("NestedBlockDepth")
override fun listMemberInfos(
memberIds: List,
memberType: ManagerScopesEnum
@@ -280,12 +283,15 @@ class AuthDeptServiceImpl @Autowired constructor(
if (membersNotInCache.isNotEmpty()) {
val fetchedMembers = fetchMemberInfos(membersNotInCache, memberType)
- fetchedMembers.forEach { memberInfoCache.put(it.name, it) }
-
- if (memberType == ManagerScopesEnum.USER) {
- val departedMembers = membersNotInCache.subtract(fetchedMembers.map { it.name }.toSet())
- if (departedMembers.isNotEmpty()) {
- departedMembersCache.addAll(departedMembers)
+ fetchedMembers.forEach {
+ if (it.type == ManagerScopesEnum.USER) {
+ memberInfoCache.put(it.name, it)
+ val departedMembers = membersNotInCache.subtract(fetchedMembers.map { it.name }.toSet())
+ if (departedMembers.isNotEmpty()) {
+ departedMembersCache.addAll(departedMembers)
+ }
+ } else {
+ memberInfoCache.put(it.id.toString(), it)
}
}
}
@@ -327,6 +333,7 @@ class AuthDeptServiceImpl @Autowired constructor(
)
getUserInfo(userSearch).results.map { it.toUserAndDeptInfoVo() }
}
+
ManagerScopesEnum.DEPARTMENT -> {
val deptSearch = SearchUserAndDeptEntity(
bk_app_code = appCode!!,
@@ -338,6 +345,7 @@ class AuthDeptServiceImpl @Autowired constructor(
)
getDeptInfo(deptSearch).results.map { it.toUserAndDeptInfoVo() }
}
+
else -> emptyList()
}
return memberInfos
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthGroupService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthGroupService.kt
deleted file mode 100644
index 7e778946edb..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/AuthGroupService.kt
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.service
-
-import com.tencent.devops.auth.constant.AuthMessageCode
-import com.tencent.devops.auth.dao.AuthGroupDao
-import com.tencent.devops.auth.entity.GroupCreateInfo
-import com.tencent.devops.auth.pojo.dto.GroupDTO
-import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO
-import com.tencent.devops.common.api.exception.OperationException
-import com.tencent.devops.common.api.exception.ParamBlankException
-import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.auth.api.pojo.DefaultGroupType
-import com.tencent.devops.common.web.utils.I18nUtil
-import com.tencent.devops.model.auth.tables.records.TAuthGroupInfoRecord
-import org.jooq.DSLContext
-import org.slf4j.LoggerFactory
-import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.stereotype.Service
-
-@Service
-class AuthGroupService @Autowired constructor(
- val dslContext: DSLContext,
- val groupDao: AuthGroupDao
-) {
- fun createGroup(
- userId: String,
- projectCode: String,
- groupInfo: GroupDTO
- ): Int {
- logger.info("createGroup : userId = $userId| projectCode = $projectCode | groupInfo = $groupInfo")
- val groupRecord = groupDao.getGroup(
- dslContext = dslContext,
- projectCode = projectCode,
- groupCode = groupInfo.groupCode
- )
- if (groupRecord != null) {
- // 项目下分组已存在,不能重复创建
- logger.warn(
- "group is exsit, don't create repeatedly : userId = $userId | " +
- "projectCode = $projectCode | groupInfo = $groupInfo "
- )
- throw OperationException(
- I18nUtil.getCodeLanMessage(
- messageCode = AuthMessageCode.GROUP_EXIST,
- language = I18nUtil.getLanguage(userId)
- )
- )
- }
- val groupCreateInfo = GroupCreateInfo(
- groupCode = groupInfo.groupCode,
- groupType = groupInfo.groupType,
- groupName = groupInfo.groupName,
- projectCode = projectCode,
- relationId = groupInfo.relationId,
- displayName = groupInfo.displayName,
- user = userId
- )
- return groupDao.createGroup(dslContext, groupCreateInfo)
- }
-
- fun batchCreate(
- userId: String,
- projectCode: String,
- groupInfos: List
- ): Result {
- val groupCodes = groupInfos.map { it.groupCode }
- val groupRecord = groupDao.getGroupByCodes(
- dslContext = dslContext,
- projectCode = projectCode,
- groupCodes = groupCodes
- )
- if (groupRecord.isNotEmpty) {
- // 项目下分组已存在,不能重复创建
- logger.warn(
- "group is exsit, don't create repeatedly : userId = $userId | " +
- "projectCode = $projectCode | groupInfo = $groupCodes "
- )
- throw OperationException(
- I18nUtil.getCodeLanMessage(AuthMessageCode.GROUP_EXIST, language = I18nUtil.getLanguage(userId))
- )
- }
- val groupCreateInfos = mutableListOf()
- groupInfos.forEach {
- val groupCreateInfo = GroupCreateInfo(
- groupCode = it.groupCode,
- groupType = it.groupType,
- groupName = it.groupName,
- projectCode = projectCode,
- relationId = it.relationId,
- displayName = it.displayName,
- user = userId
- )
- groupCreateInfos.add(groupCreateInfo)
- }
- groupDao.batchCreateGroups(dslContext, groupCreateInfos)
- return Result(true)
- }
-
- fun updateGroupName(userId: String, groupId: Int, groupInfo: ProjectRoleDTO): Int {
- val groupEntity = groupDao.getGroupById(dslContext, groupId)
- ?: throw ParamBlankException("group not exist : groupId = $groupId")
-
- if (DefaultGroupType.contains(groupEntity.groupCode)) {
- throw ParamBlankException(AuthMessageCode.DEFAULT_GROUP_UPDATE_NAME_ERROR)
- }
-
- return groupDao.update(
- dslContext,
- groupEntity.id,
- groupInfo.name,
- groupInfo.displayName ?: groupInfo.name,
- userId
- )
- }
-
- fun getGroupCode(groupId: Int): TAuthGroupInfoRecord? {
- return groupDao.getGroupById(dslContext, groupId)
- }
-
- fun getGroupByName(projectCode: String, groupName: String): TAuthGroupInfoRecord? {
- return groupDao.getGroupByName(dslContext, projectCode, groupName)
- }
-
- fun getGroupByCode(projectCode: String, groupCode: String): TAuthGroupInfoRecord? {
- return groupDao.getGroup(dslContext, projectCode, groupCode)
- }
-
- fun getGroupByProject(projectCode: String): List? {
- return groupDao.getGroupByProject(dslContext, projectCode)
- }
-
- fun bindRelationId(id: Int, relationId: String): Int {
- return groupDao.updateRelationId(dslContext, id, relationId)
- }
-
- fun getRelationId(roleId: Int): String? {
- val groupInfo = groupDao.getRelationId(dslContext, roleId) ?: return null
- return groupInfo.relationId!!
- }
-
- fun deleteGroup(id: Int, softDelete: Boolean? = true) {
- if (softDelete!!) {
- groupDao.softDelete(dslContext, id)
- } else {
- groupDao.deleteRole(dslContext, id)
- }
- }
-
- fun getGroupByRelationIds(relationIds: List): List {
- return groupDao.getGroupByRelationIds(
- dslContext = dslContext,
- relationIds = relationIds
- )
- }
-
- companion object {
- private val logger = LoggerFactory.getLogger(AuthGroupService::class.java)
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupUserService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupUserService.kt
deleted file mode 100644
index 81a5a3fb12a..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/GroupUserService.kt
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- */
-
-package com.tencent.devops.auth.service
-
-import com.tencent.devops.auth.constant.AuthMessageCode
-import com.tencent.devops.auth.dao.AuthGroupUserDao
-import com.tencent.devops.common.api.exception.OperationException
-import com.tencent.devops.common.api.pojo.Result
-import com.tencent.devops.common.web.utils.I18nUtil
-import org.jooq.DSLContext
-import org.slf4j.LoggerFactory
-import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.stereotype.Service
-
-@Service
-class GroupUserService @Autowired constructor(
- val dslContext: DSLContext,
- val authGroupService: AuthGroupService,
- val groupUserDao: AuthGroupUserDao
-) {
- fun addUser2Group(userId: String, groupId: Int): Result {
- logger.info("addUser2Group |$userId| $groupId")
- val groupUserRecord = groupUserDao.get(
- dslContext = dslContext,
- userId = userId,
- groupId = groupId.toString()
- )
- if (groupUserRecord != null) {
- logger.warn("addUser2Group user $userId already in this group $groupId")
- throw OperationException(
- I18nUtil.getCodeLanMessage(
- AuthMessageCode.GROUP_USER_ALREADY_EXIST,
- language = I18nUtil.getLanguage(userId)
- )
- )
- }
- val groupRecord = authGroupService.getGroupCode(groupId)
-
- if (groupRecord == null) {
- logger.warn("addUser2Group group $groupId is not exist")
- throw OperationException(
- I18nUtil.getCodeLanMessage(AuthMessageCode.GROUP_NOT_EXIST, language = I18nUtil.getLanguage(userId))
- )
- }
- // 添加用户至用户组
- groupUserDao.create(
- dslContext = dslContext,
- userId = userId,
- groupId = groupId.toString()
- )
- return Result(true)
- }
-
- companion object {
- private val logger = LoggerFactory.getLogger(GroupUserService::class.java)
- }
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGrantService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGrantService.kt
deleted file mode 100644
index 3c9a3304b28..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGrantService.kt
+++ /dev/null
@@ -1,10 +0,0 @@
-package com.tencent.devops.auth.service.iam
-
-import com.tencent.devops.auth.pojo.dto.GrantInstanceDTO
-
-interface PermissionGrantService {
- fun grantInstancePermission(
- projectId: String,
- grantInfo: GrantInstanceDTO
- ): Boolean
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt
index 477cc8fe7c4..f9769b90ef3 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionMigrateService.kt
@@ -117,4 +117,9 @@ interface PermissionMigrateService {
* 修复资源组数据,存在同步iam资源组数据,数据库 iam组id为NULL的情况,需要进行修复
*/
fun fixResourceGroups(projectCodes: List): Boolean
+
+ /**
+ * 开启流水线列表权限控制开关
+ */
+ fun enablePipelineListPermissionControl(projectCodes: List): Boolean
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupSyncService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupSyncService.kt
index c9e5f5c8157..cdc21a05d0c 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupSyncService.kt
+++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupSyncService.kt
@@ -49,6 +49,11 @@ interface PermissionResourceGroupSyncService {
*/
fun syncGroupAndMember(projectCode: String)
+ /**
+ * 同步项目下组
+ */
+ fun syncProjectGroup(projectCode: String)
+
/**
* 获取项目的同步状态
*/
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleMemberService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleMemberService.kt
deleted file mode 100644
index 9c1f7bcdee1..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleMemberService.kt
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- */
-
-package com.tencent.devops.auth.service.iam
-
-import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
-import com.tencent.bk.sdk.iam.dto.manager.ManagerRoleGroupInfo
-import com.tencent.bk.sdk.iam.dto.manager.vo.ManagerGroupMemberVo
-import com.tencent.devops.auth.pojo.dto.RoleMemberDTO
-import com.tencent.devops.auth.pojo.vo.ProjectMembersVO
-
-interface PermissionRoleMemberService {
- fun createRoleMember(
- userId: String,
- projectId: Int,
- roleId: Int,
- members: List,
- managerGroup: Boolean,
- checkAGradeManager: Boolean? = true
- )
-
- fun deleteRoleMember(
- userId: String,
- projectId: Int,
- roleId: Int,
- id: String,
- type: ManagerScopesEnum,
- managerGroup: Boolean
- )
-
- fun getRoleMember(projectId: Int, roleId: Int, page: Int?, pageSize: Int?): ManagerGroupMemberVo
-
- fun getProjectAllMember(projectId: Int, page: Int?, pageSize: Int?): ProjectMembersVO?
-
- fun getUserGroups(projectId: Int, userId: String): List?
-}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleService.kt
deleted file mode 100644
index 5feb43e5d95..00000000000
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionRoleService.kt
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
- *
- * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
- *
- * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
- *
- * A copy of the MIT License is included in this file.
- *
- *
- * Terms of the MIT License:
- * ---------------------------------------------------
- * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
- * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
- * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
- * permit persons to whom the Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
- * the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
- * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
- * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
- * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
- */
-
-package com.tencent.devops.auth.service.iam
-
-import com.tencent.devops.auth.pojo.DefaultGroup
-import com.tencent.devops.auth.pojo.dto.ProjectRoleDTO
-import com.tencent.devops.auth.pojo.vo.GroupInfoVo
-
-interface PermissionRoleService {
- fun createPermissionRole(userId: String, projectId: Int, projectCode: String, groupInfo: ProjectRoleDTO): Int
-
- fun renamePermissionRole(userId: String, projectId: Int, roleId: Int, groupInfo: ProjectRoleDTO)
-
- fun getPermissionRole(projectId: Int): List
-
- fun deletePermissionRole(userId: String, projectId: Int, roleId: Int)
-
- fun getDefaultRole(): List
-}
diff --git a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonMessageCode.kt b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonMessageCode.kt
index 7bc6dd624e7..84dd2c98865 100644
--- a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonMessageCode.kt
+++ b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/constant/CommonMessageCode.kt
@@ -185,6 +185,7 @@ object CommonMessageCode {
const val SVN_TOKEN_FAIL = "2100135" // SVN Token 不正确
const val SVN_TOKEN_EMPTY = "2100136" // SVN Token 为空, 请检查代码库的凭证类型
+ const val ERROR_VARIABLE_NOT_FOUND = "2100137" // SVN Token 为空, 请检查代码库的凭证类型
const val BK_CONTAINER_TIMED_OUT = "bkContainerTimedOut" // 创建容器超时
const val BK_CREATION_FAILED_EXCEPTION_INFORMATION = "bkCreationFailedExceptionInformation" // 创建失败,异常信息
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionUrlService.kt b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/exception/VariableNotFoundException.kt
similarity index 76%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionUrlService.kt
rename to src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/exception/VariableNotFoundException.kt
index 3cc8e37624d..2cb2cd196a9 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionUrlService.kt
+++ b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/exception/VariableNotFoundException.kt
@@ -25,13 +25,19 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.service.iam
+package com.tencent.devops.common.api.exception
-import com.tencent.devops.auth.pojo.PermissionUrlDTO
-import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.api.constant.CommonMessageCode
-interface PermissionUrlService {
- fun getPermissionUrl(permissionUrlDTO: List): Result
-
- fun getRolePermissionUrl(projectId: String, groupId: String?): String?
-}
+/**
+ * 变量不存在异常
+ */
+class VariableNotFoundException(
+ val variableKey: String?,
+ errorCode: String = CommonMessageCode.ERROR_VARIABLE_NOT_FOUND
+) :
+ ErrorCodeException(
+ errorCode = errorCode,
+ defaultMessage = "variable $variableKey not found",
+ params = variableKey?.let { arrayOf(it) }
+ )
diff --git a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/PipelineAsCodeSettings.kt b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/PipelineAsCodeSettings.kt
index 0ee3d4d9e45..a31760df568 100644
--- a/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/PipelineAsCodeSettings.kt
+++ b/src/backend/ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/PipelineAsCodeSettings.kt
@@ -32,5 +32,35 @@ import io.swagger.v3.oas.annotations.media.Schema
@Schema(title = "设置-YAML流水线功能设置")
data class PipelineAsCodeSettings(
@get:Schema(title = "是否支持YAML流水线功能", required = true)
- val enable: Boolean = false
-)
+ val enable: Boolean = false,
+ @get:Schema(title = "项目级流水线语法风格", required = false)
+ var projectDialect: String? = null,
+ @get:Schema(title = "是否继承项目流水线语言风格", required = false)
+ val inheritedDialect: Boolean? = true,
+ @get:Schema(title = "流水线语言风格", required = false)
+ var pipelineDialect: String? = null
+) {
+ companion object {
+ fun initDialect(inheritedDialect: Boolean?, pipelineDialect: String?): PipelineAsCodeSettings {
+ return PipelineAsCodeSettings(
+ inheritedDialect = inheritedDialect ?: true,
+ // 如果继承项目方言配置,置空pipelineDialect字段,防止数据库存储多余数据
+ pipelineDialect = if (inheritedDialect == false) {
+ pipelineDialect
+ } else {
+ null
+ }
+ )
+ }
+ }
+
+ /**
+ * 入库时,重置方言字段值
+ */
+ fun resetDialect() {
+ projectDialect = null
+ if (inheritedDialect != false) {
+ pipelineDialect = null
+ }
+ }
+}
diff --git a/src/backend/ci/core/common/common-event/src/main/kotlin/com/tencent/devops/common/event/enums/PipelineBuildStatusBroadCastEventType.kt b/src/backend/ci/core/common/common-event/src/main/kotlin/com/tencent/devops/common/event/enums/PipelineBuildStatusBroadCastEventType.kt
new file mode 100644
index 00000000000..ec680a6bedc
--- /dev/null
+++ b/src/backend/ci/core/common/common-event/src/main/kotlin/com/tencent/devops/common/event/enums/PipelineBuildStatusBroadCastEventType.kt
@@ -0,0 +1,16 @@
+package com.tencent.devops.common.event.enums
+
+enum class PipelineBuildStatusBroadCastEventType {
+ BUILD_QUEUE, /*构建排队,包含并发超限时排队、并发组排队。*/
+ BUILD_START, /*构建开始,不包含并发超限时排队、并发组排队。*/
+ BUILD_END, /*构建结束*/
+ BUILD_STAGE_START, /*stage开始*/
+ BUILD_STAGE_END, /*stage结束*/
+ BUILD_JOB_QUEUE, /*job排队,包含互斥组排队、构建机复用互斥排队、最大job并发排队。*/
+ BUILD_JOB_START, /*job开始,不包含BUILD_JOB_QUEUE。如果job SKIP或没有可执行的插件,就不会有该事件。*/
+ BUILD_JOB_END, /*job结束,job SKIP或没有可执行的插件时会有该事件。*/
+ BUILD_AGENT_START, /*构建机启动,现在仅包含第三方构建机*/
+ BUILD_TASK_START, /*插件开始*/
+ BUILD_TASK_END, /*插件结束*/
+ BUILD_TASK_PAUSE; /*插件前置暂停*/
+}
diff --git a/src/backend/ci/core/common/common-event/src/main/kotlin/com/tencent/devops/common/event/pojo/pipeline/PipelineBuildStatusBroadCastEvent.kt b/src/backend/ci/core/common/common-event/src/main/kotlin/com/tencent/devops/common/event/pojo/pipeline/PipelineBuildStatusBroadCastEvent.kt
index 2260a9386c1..72c5bb74df3 100644
--- a/src/backend/ci/core/common/common-event/src/main/kotlin/com/tencent/devops/common/event/pojo/pipeline/PipelineBuildStatusBroadCastEvent.kt
+++ b/src/backend/ci/core/common/common-event/src/main/kotlin/com/tencent/devops/common/event/pojo/pipeline/PipelineBuildStatusBroadCastEvent.kt
@@ -29,6 +29,7 @@ package com.tencent.devops.common.event.pojo.pipeline
import com.tencent.devops.common.event.annotation.Event
import com.tencent.devops.common.event.enums.ActionType
+import com.tencent.devops.common.event.enums.PipelineBuildStatusBroadCastEventType
import com.tencent.devops.common.stream.constants.StreamBinding
import java.time.LocalDateTime
@@ -51,6 +52,8 @@ data class PipelineBuildStatusBroadCastEvent(
val buildStatus: String?,
val atomCode: String? = null,
val eventTime: LocalDateTime? = LocalDateTime.now(),
+ val type: PipelineBuildStatusBroadCastEventType? = null,
+ val labels: Map? = null,
override var actionType: ActionType,
override var delayMills: Int = 0
) : IPipelineEvent(actionType, source, projectId, pipelineId, userId, delayMills)
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionException.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionException.kt
index 37d42ccbd2c..48188a1aedb 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionException.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionException.kt
@@ -82,12 +82,6 @@ class FunctionFormatException(override val message: String?) : ExpressionExcepti
}
}
-class ContextNotFoundException(override val message: String?) : ExpressionException() {
- companion object {
- fun contextNameNotFound(arg0: String) = ContextNotFoundException(
- "Expression context $arg0 not found."
- )
- }
-}
+class ContextNotFoundException(override var message: String? = null) : ExpressionException()
class ContextJsonFormatException(override val message: String?) : ExpressionException()
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionParser.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionParser.kt
index 7e473d70363..dd71969721e 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionParser.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/ExpressionParser.kt
@@ -27,9 +27,11 @@
package com.tencent.devops.common.expression
+import com.tencent.devops.common.expression.ExpressionParser.legalizeExpression
import com.tencent.devops.common.expression.context.ContextValueNode
import com.tencent.devops.common.expression.context.DictionaryContextData
import com.tencent.devops.common.expression.context.PipelineContextData
+import com.tencent.devops.common.expression.expression.EvaluationOptions
import com.tencent.devops.common.expression.expression.ExpressionConstants
import com.tencent.devops.common.expression.expression.IExpressionNode
import com.tencent.devops.common.expression.expression.IFunctionInfo
@@ -74,8 +76,9 @@ object ExpressionParser {
nameValue: List,
fetchValue: Boolean
): Any? {
+ val options = EvaluationOptions(false)
val result = createTree(expression.legalizeExpression(), null, nameValue, null)!!
- .evaluate(null, context, null, null)
+ .evaluate(null, context, options, null)
if (!fetchValue) {
return result
}
@@ -90,10 +93,32 @@ object ExpressionParser {
val context = ExecutionContext(DictionaryContextData())
val nameValue = mutableListOf()
fillContextByMap(contextMap, context, nameValue)
+ val options = EvaluationOptions(false)
+ try {
+ return doEvaluateByMap(
+ expression = expression,
+ context = context,
+ nameValue = nameValue,
+ options = options,
+ fetchValue = fetchValue
+ )
+ } catch (e: Throwable) {
+ if (options.contextNotNull() && e is ContextNotFoundException) {
+ throw ContextNotFoundException("Expression context ${options.contextNotNull.errKey()} not found.")
+ }
+ throw e
+ }
+ }
+ private fun doEvaluateByMap(
+ expression: String,
+ context: ExecutionContext,
+ nameValue: MutableList,
+ options: EvaluationOptions,
+ fetchValue: Boolean
+ ): Any? {
val result = createTree(expression.legalizeExpression(), null, nameValue, null)!!
- .evaluate(null, context, null, null)
-
+ .evaluate(null, context, options, null)
if (!fetchValue) {
return result
}
@@ -104,8 +129,9 @@ object ExpressionParser {
/**
* 将流水线变量转换为表达式上下文类型,存在如下情况
* 1、a = str, 直接使用 string 类型的上下文保存即可
- * 2、a.b.c = str, 将 a.b.c 升格为上下文中的嵌套 map 保存 既 a {b: {c: str}}
- * 3、a.b.c = str 且 a.b = {"c": "str"}, 需要校验 a.b 所保存的 json 与 a.b.c 结构和数据是否相同后再升格
+ * 2、a.b.c = str, 将 a.b.c 转换为上下文中的嵌套 map 保存 既 a {b: {c: str}}
+ * 3、a.b.c = str 且 a.b = {"c": "str"}, 将 a.b 保存为兼容用户的数据类型,在不涉及引擎计算纯输出的情况下使用 a.b 的原数据,
+ * 在涉及引擎计算时,则使用 a.b.c 转换后的 map,同 2 中所述
*/
fun fillContextByMap(
contextMap: Map,
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/AbsDictionaryContextData.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/AbsDictionaryContextData.kt
index 0de7a0d8bf7..c88b3fd03ae 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/AbsDictionaryContextData.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/AbsDictionaryContextData.kt
@@ -1,6 +1,7 @@
package com.tencent.devops.common.expression.context
import com.fasterxml.jackson.databind.JsonNode
+import com.tencent.devops.common.expression.expression.sdk.CollectionPipelineResult
import com.tencent.devops.common.expression.expression.sdk.IReadOnlyObject
import com.tencent.devops.common.expression.utils.ExpressionJsonUtil
import java.util.TreeMap
@@ -8,11 +9,7 @@ import java.util.TreeMap
/**
* dict 的抽象类,总结公共方法
*/
-abstract class AbsDictionaryContextData :
- PipelineContextData(PipelineContextDataType.DICTIONARY),
- Iterable>,
- IReadOnlyObject {
-
+abstract class AbsDictionaryContextData : PipelineContextData(PipelineContextDataType.DICTIONARY), IReadOnlyObject {
protected open var mIndexLookup: TreeMap? = null
protected open var mList: MutableList = mutableListOf()
@@ -24,14 +21,6 @@ abstract class AbsDictionaryContextData :
return emptyList()
}
- override fun tryGetValue(key: String): Pair {
- if (mList.isNotEmpty() && indexLookup.containsKey(key)) {
- return Pair(mList[indexLookup[key]!!].value, true)
- }
-
- return Pair(null, false)
- }
-
protected val indexLookup: MutableMap
get() {
if (mIndexLookup == null) {
@@ -51,6 +40,29 @@ abstract class AbsDictionaryContextData :
return mList
}
+ override operator fun get(key: String): PipelineContextData? {
+ val index = indexLookup[key] ?: return null
+ return list[index].value
+ }
+
+ override fun getRes(key: String): CollectionPipelineResult {
+ return if (containsKey(key)) {
+ CollectionPipelineResult(list.getOrNull(indexLookup[key]!!)?.value)
+ } else {
+ CollectionPipelineResult.noKey()
+ }
+ }
+
+ override fun toJson(): JsonNode {
+ val json = ExpressionJsonUtil.createObjectNode()
+ if (mList.isNotEmpty()) {
+ mList.forEach {
+ json.set(it.key, it.value?.toJson())
+ }
+ }
+ return json
+ }
+
operator fun set(k: String, value: PipelineContextData?) {
// Existing
val index = indexLookup[k]
@@ -64,22 +76,6 @@ abstract class AbsDictionaryContextData :
}
}
- open operator fun get(k: String): PipelineContextData? {
- // Existing
- val index = indexLookup[k] ?: return null
- return list[index].value
- }
-
- open operator fun IReadOnlyObject.get(key: String): Any? {
- val index = indexLookup[key] ?: return null
- return list[index].value
- }
-
- operator fun Pair.get(key: Int): Pair {
- val pair = mList[key]
- return Pair(pair.key, pair.value)
- }
-
fun add(pairs: Iterable>) {
pairs.forEach { pair ->
add(pair.first, pair.second)
@@ -94,18 +90,8 @@ abstract class AbsDictionaryContextData :
list.add(DictionaryContextDataPair(key, value))
}
- override fun iterator(): Iterator> {
- return mList.map { pair -> Pair(pair.key, pair.value); }.iterator()
- }
-
- override fun toJson(): JsonNode {
- val json = ExpressionJsonUtil.createObjectNode()
- if (mList.isNotEmpty()) {
- mList.forEach {
- json.set(it.key, it.value?.toJson())
- }
- }
- return json
+ fun containsKey(key: String): Boolean {
+ return mList.isNotEmpty() && indexLookup.containsKey(key)
}
protected data class DictionaryContextDataPair(
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ArrayContextData.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ArrayContextData.kt
index edd43646ef0..7dbb0e41b73 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ArrayContextData.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ArrayContextData.kt
@@ -28,6 +28,7 @@
package com.tencent.devops.common.expression.context
import com.fasterxml.jackson.databind.JsonNode
+import com.tencent.devops.common.expression.expression.sdk.CollectionPipelineResult
import com.tencent.devops.common.expression.expression.sdk.IReadOnlyArray
import com.tencent.devops.common.expression.utils.ExpressionJsonUtil
@@ -40,11 +41,14 @@ class ArrayContextData : PipelineContextData(PipelineContextDataType.ARRAY), IRe
override val count: Int
get() = mItems.count()
- fun add(item: PipelineContextData?) {
- mItems.add(item)
- }
+ override operator fun get(index: Int): PipelineContextData? = mItems[index]
- override fun get(index: Int): Any? = mItems[index]
+ override fun getRes(index: Int): CollectionPipelineResult {
+ if (index >= 0 && index <= mItems.lastIndex) {
+ return CollectionPipelineResult(mItems[index])
+ }
+ return CollectionPipelineResult.noKey()
+ }
override fun clone(): PipelineContextData {
val result = ArrayContextData()
@@ -71,9 +75,17 @@ class ArrayContextData : PipelineContextData(PipelineContextDataType.ARRAY), IRe
val list = mutableListOf()
if (mItems.isNotEmpty()) {
mItems.forEach {
+ if (it is DictionaryContextDataWithVal) {
+ list.add(it.fetchValueNative())
+ return@forEach
+ }
list.add(it?.fetchValue() ?: return@forEach)
}
}
return list
}
+
+ fun add(item: PipelineContextData?) {
+ mItems.add(item)
+ }
}
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ContextValueNode.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ContextValueNode.kt
index 0843ef0d73e..8fe80fde0c8 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ContextValueNode.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/ContextValueNode.kt
@@ -27,6 +27,7 @@
package com.tencent.devops.common.expression.context
+import com.tencent.devops.common.expression.ContextNotFoundException
import com.tencent.devops.common.expression.ExecutionContext
import com.tencent.devops.common.expression.expression.sdk.EvaluationContext
import com.tencent.devops.common.expression.expression.sdk.NamedValue
@@ -34,7 +35,12 @@ import com.tencent.devops.common.expression.expression.sdk.ResultMemory
class ContextValueNode : NamedValue() {
override fun evaluateCore(context: EvaluationContext): Pair {
- return Pair(null, (context.state as ExecutionContext).expressionValues[name])
+ val value = (context.state as ExecutionContext).expressionValues.getRes(name)
+ if (context.options.contextNotNull() && value.noKey()) {
+ context.options.contextNotNull.trace(name)
+ throw ContextNotFoundException()
+ }
+ return Pair(null, value.value)
}
override fun createNode(): NamedValue {
@@ -43,7 +49,7 @@ class ContextValueNode : NamedValue() {
override fun subNameValueEvaluateCore(context: EvaluationContext): Pair {
val values = (context.state as ExecutionContext).expressionValues
- return if (values[name] != null) {
+ return if (values.containsKey(name)) {
Pair(values[name], true)
} else {
Pair(name, false)
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextData.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextData.kt
index ff13dfc165c..61716b4007f 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextData.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextData.kt
@@ -46,10 +46,14 @@ open class DictionaryContextData : AbsDictionaryContextData() {
return result
}
- override fun fetchValue(): Map {
+ override fun fetchValue(): Any {
val map = mutableMapOf()
if (mList.isNotEmpty()) {
mList.forEach {
+ if (it.value is DictionaryContextDataWithVal) {
+ map[it.key] = it.value.fetchValueNative()
+ return@forEach
+ }
map[it.key] = it.value?.fetchValue() ?: ""
}
}
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextDataWithVal.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextDataWithVal.kt
index 15bc0e3ba58..b47c08e9645 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextDataWithVal.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/DictionaryContextDataWithVal.kt
@@ -9,7 +9,7 @@ import java.util.TreeMap
*/
class DictionaryContextDataWithVal(
private val oriValue: String
-) : AbsDictionaryContextData() {
+) : DictionaryContextData() {
override var mIndexLookup: TreeMap? = null
override var mList: MutableList = mutableListOf()
@@ -26,6 +26,9 @@ class DictionaryContextDataWithVal(
return result
}
+ /**
+ * 兼容用户数据,输出的fetchValue
+ */
override fun fetchValue(): Any {
return try {
ExpressionJsonUtil.getObjectMapper().readTree(oriValue)
@@ -33,4 +36,9 @@ class DictionaryContextDataWithVal(
return oriValue
}
}
+
+ /**
+ * 引擎中计算使用的fetchValue
+ */
+ fun fetchValueNative() = super.fetchValue()
}
\ No newline at end of file
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextData.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextData.kt
index f8c6793dae5..3cabb836d5e 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextData.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextData.kt
@@ -28,7 +28,7 @@
package com.tencent.devops.common.expression.context
import com.tencent.devops.common.expression.ContextDataRuntimeException
-import com.tencent.devops.common.expression.expression.sdk.IReadOnlyObject
+import com.tencent.devops.common.expression.expression.sdk.CollectionPipelineResult
import java.lang.Exception
import java.util.TreeMap
@@ -43,40 +43,24 @@ interface RuntimeNamedValue {
* @throws ContextDataRuntimeException
*/
@Suppress("TooManyFunctions", "ReturnCount")
-class RuntimeDictionaryContextData(private val runtimeNamedValue: RuntimeNamedValue) :
- DictionaryContextData() {
-
+class RuntimeDictionaryContextData(private val runtimeNamedValue: RuntimeNamedValue) : DictionaryContextData() {
override var mIndexLookup: TreeMap? = null
override var mList: MutableList = mutableListOf()
- private fun requestAndSaveValue(key: String): PipelineContextData? {
- return try {
- val value = runtimeNamedValue.getValue(key)
- if (value != null) {
- set(key, value)
- }
- value
- } catch (ignore: Exception) {
- throw ContextDataRuntimeException("RuntimeDictionaryContextData request key:$key 's value error")
- }
+ override operator fun get(key: String): PipelineContextData? {
+ return getRes(key).value
}
- override fun tryGetValue(key: String): Pair {
- if (mList.isNotEmpty() && indexLookup.containsKey(key)) {
- return Pair(mList[indexLookup[key]!!].value, true)
+ override fun getRes(key: String): CollectionPipelineResult {
+ if (containsKey(key)) {
+ return CollectionPipelineResult(mList.getOrNull(indexLookup[key]!!)?.value)
}
- // 对象中没有则去请求一次
- val value = requestAndSaveValue(key) ?: return Pair(null, false)
-
- return Pair(value, true)
- }
- override operator fun get(k: String): PipelineContextData? {
- return tryGetValue(k).first
- }
+ // 对象中没有则去请求一次
+ // 暂时全部按照无KEY处理,上线后看看情况
+ val value = requestAndSaveValue(key) ?: return CollectionPipelineResult.noKey()
- override operator fun IReadOnlyObject.get(key: String): Any? {
- return tryGetValue(key).first
+ return CollectionPipelineResult(value)
}
override fun clone(): PipelineContextData {
@@ -91,4 +75,16 @@ class RuntimeDictionaryContextData(private val runtimeNamedValue: RuntimeNamedVa
return result
}
+
+ private fun requestAndSaveValue(key: String): PipelineContextData? {
+ return try {
+ val value = runtimeNamedValue.getValue(key)
+ if (value != null) {
+ set(key, value)
+ }
+ value
+ } catch (ignore: Exception) {
+ throw ContextDataRuntimeException("RuntimeDictionaryContextData request key:$key 's value error")
+ }
+ }
}
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/EvaluationOptions.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/EvaluationOptions.kt
index 77591db5e4d..00d787b7adc 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/EvaluationOptions.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/EvaluationOptions.kt
@@ -27,13 +27,47 @@
package com.tencent.devops.common.expression.expression
-class EvaluationOptions() {
+/**
+ * @param contextNotNull 上下文计算时需要不存在的变量抛出异常而不是返回空
+ * @param maxMemory 暂未使用
+ */
+data class EvaluationOptions(
+ val contextNotNull: ExceptionInsteadOfNullOption,
+ var maxMemory: Int = 0
+) {
+ fun contextNotNull(): Boolean {
+ return contextNotNull.enable
+ }
- constructor(copy: EvaluationOptions?) : this() {
- if (copy != null) {
- maxMemory = copy.maxMemory
+ constructor(contextNotNull: Boolean) : this(
+ if (contextNotNull) {
+ ExceptionInsteadOfNullOption.enable()
+ } else {
+ ExceptionInsteadOfNullOption.disabled()
}
+ )
+}
+
+/**
+ * @param enable 是否开启
+ * @param exceptionTraceMsg 存放为空的变量的索引链路,方便排查
+ */
+data class ExceptionInsteadOfNullOption(
+ val enable: Boolean,
+ val exceptionTraceMsg: MutableList?
+) {
+ fun trace(name: String) {
+ if (!enable) {
+ return
+ }
+ // 字符串的格式化会带 ''
+ exceptionTraceMsg?.add(name.removeSurrounding("'"))
}
- var maxMemory: Int = 0
-}
+ fun errKey() = exceptionTraceMsg?.joinToString(".")
+
+ companion object {
+ fun disabled(): ExceptionInsteadOfNullOption = ExceptionInsteadOfNullOption(false, null)
+ fun enable(): ExceptionInsteadOfNullOption = ExceptionInsteadOfNullOption(true, mutableListOf())
+ }
+}
\ No newline at end of file
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/IExpressionNode.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/IExpressionNode.kt
index f7e118642f4..d1d82c5bdb4 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/IExpressionNode.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/IExpressionNode.kt
@@ -34,7 +34,7 @@ interface IExpressionNode {
fun evaluate(
trace: ITraceWriter?,
state: Any?,
- options: EvaluationOptions?,
+ options: EvaluationOptions,
expressionOutput: ExpressionOutput?
): EvaluationResult
@@ -53,7 +53,7 @@ interface IExpressionNode {
fun subNameValueEvaluate(
trace: ITraceWriter?,
state: Any?,
- options: EvaluationOptions?,
+ options: EvaluationOptions,
subInfo: SubNameValueEvaluateInfo,
expressionOutput: ExpressionOutput?
): SubNameValueEvaluateResult
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/CollectionResult.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/CollectionResult.kt
new file mode 100644
index 00000000000..8863609ba49
--- /dev/null
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/CollectionResult.kt
@@ -0,0 +1,63 @@
+package com.tencent.devops.common.expression.expression.sdk
+
+import com.tencent.devops.common.expression.ContextNotFoundException
+import com.tencent.devops.common.expression.context.PipelineContextData
+
+/**
+ * 从集合类型上下文取出值的封装对象
+ * 如 IReadOnlyArray,IReadOnlyObject
+ */
+open class CollectionResult(
+ open val type: CollectionResultType,
+ open val value: Any?
+) {
+ constructor(value: Any?) : this(
+ type = if (value == null) {
+ CollectionResultType.NO_VALUE
+ } else {
+ CollectionResultType.VALUE
+ },
+ value = value
+ )
+
+ fun noKey() = type == CollectionResultType.NO_KEY
+
+ fun throwIfNoKey() {
+ if (noKey()) {
+ throw ContextNotFoundException()
+ }
+ }
+
+ companion object {
+ fun noKey() = CollectionPipelineResult(CollectionResultType.NO_KEY, null)
+ }
+}
+
+enum class CollectionResultType {
+ // 集合中不存在取值的KEY
+ NO_KEY,
+
+ // 集合中存在KEY但是取值为空
+ NO_VALUE,
+
+ // 存在KEY且取值不为空
+ VALUE
+}
+
+data class CollectionPipelineResult(
+ override val type: CollectionResultType,
+ override val value: PipelineContextData?
+) : CollectionResult(type, value) {
+ constructor(value: PipelineContextData?) : this(
+ type = if (value == null) {
+ CollectionResultType.NO_VALUE
+ } else {
+ CollectionResultType.VALUE
+ },
+ value = value
+ )
+
+ companion object {
+ fun noKey() = CollectionPipelineResult(CollectionResultType.NO_KEY, null)
+ }
+}
\ No newline at end of file
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/EvaluationContext.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/EvaluationContext.kt
index 5921c4f3887..a7df27314e4 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/EvaluationContext.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/EvaluationContext.kt
@@ -35,11 +35,10 @@ import com.tencent.devops.common.expression.expression.ITraceWriter
class EvaluationContext(
val trace: ITraceWriter?,
val state: Any?,
- ops: EvaluationOptions?,
+ val options: EvaluationOptions,
val node: ExpressionNode?,
val expressionOutput: ExpressionOutput?
) {
- val options: EvaluationOptions = EvaluationOptions(ops)
val memory: EvaluationMemory
private val mTraceResults = mutableMapOf()
private val mTraceMemory: MemoryCounter
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/ExpressionNode.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/ExpressionNode.kt
index eaa54dbcc77..663ed5287b3 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/ExpressionNode.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/ExpressionNode.kt
@@ -69,10 +69,14 @@ abstract class ExpressionNode : IExpressionNode {
protected abstract val traceFullyRealized: Boolean
+ // 用来展示打印这个节点
+ protected open val formatValue: String? = null
+ open fun format() = formatValue ?: name
+
override fun evaluate(
trace: ITraceWriter?,
state: Any?,
- options: EvaluationOptions?,
+ options: EvaluationOptions,
expressionOutput: ExpressionOutput?
): EvaluationResult {
if (container != null) {
@@ -140,7 +144,7 @@ abstract class ExpressionNode : IExpressionNode {
override fun subNameValueEvaluate(
trace: ITraceWriter?,
state: Any?,
- options: EvaluationOptions?,
+ options: EvaluationOptions,
subInfo: SubNameValueEvaluateInfo,
expressionOutput: ExpressionOutput?
): SubNameValueEvaluateResult {
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyArray.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyArray.kt
index 4ec03b5960a..3e563188d7f 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyArray.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyArray.kt
@@ -30,5 +30,14 @@ package com.tencent.devops.common.expression.expression.sdk
interface IReadOnlyArray : Iterable {
val count: Int
+ /**
+ * 使用kotlin原生List的get方法
+ * 使用时需要注意场景,小心IndexOutOfBoundsException
+ */
operator fun get(index: Int): Any?
+
+ /**
+ * 封装get,令返回结果更清晰
+ */
+ fun getRes(index: Int): CollectionResult
}
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyObject.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyObject.kt
index 625a61d1eb0..0ae24065792 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyObject.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/IReadOnlyObject.kt
@@ -30,5 +30,14 @@ package com.tencent.devops.common.expression.expression.sdk
interface IReadOnlyObject {
val values: Iterable
- fun tryGetValue(key: String): Pair
+ /**
+ * 使用kotlin原生Map的get方法
+ * 使用时需要注意场景
+ */
+ operator fun get(key: String): Any?
+
+ /**
+ * 封装get,令返回结果更清晰
+ */
+ fun getRes(key: String): CollectionResult
}
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/Literal.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/Literal.kt
index 910250c3e2d..561b46d757f 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/Literal.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/Literal.kt
@@ -44,6 +44,8 @@ class Literal(v: Any?) : ExpressionNode() {
// 这样可以避免不必要地复制内存中的值。
override val traceFullyRealized = false
+ override fun format() = ExpressionUtility.formatValue(value, kind)
+
override fun convertToExpression() = ExpressionUtility.formatValue(value, kind)
override fun convertToRealizedExpression(context: EvaluationContext) = ExpressionUtility.formatValue(value, kind)
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/operators/Index.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/operators/Index.kt
index 3f1e1101c9b..d7b5094d244 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/operators/Index.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/sdk/operators/Index.kt
@@ -27,9 +27,12 @@
package com.tencent.devops.common.expression.expression.sdk.operators
+import com.tencent.devops.common.expression.ContextNotFoundException
import com.tencent.devops.common.expression.ExecutionContext
import com.tencent.devops.common.expression.context.ContextValueNode
import com.tencent.devops.common.expression.expression.EvaluationResult
+import com.tencent.devops.common.expression.expression.ExpressionConstants
+import com.tencent.devops.common.expression.expression.sdk.CollectionResult
import com.tencent.devops.common.expression.expression.sdk.Container
import com.tencent.devops.common.expression.expression.sdk.EvaluationContext
import com.tencent.devops.common.expression.expression.sdk.ExpressionNode
@@ -47,9 +50,10 @@ class Index : Container() {
override val traceFullyRealized = true
+ override val formatValue: String = ExpressionConstants.DEREFERENCE.toString()
+
override fun convertToExpression(): String {
- // 验证我们是否可以简化表达式,我们宁愿返回
- // github.sha 然后 github['sha'] 所以我们检查这是否是一个简单的案例。
+ // 验证我们是否可以简化表达式,我们宁愿返回 github.sha 然后 github['sha'] 所以我们检查这是否是一个简单的案例
return if (parameters[1] is Literal &&
(parameters[1] as Literal).value is String &&
ExpressionUtility.isLegalKeyword((parameters[1] as Literal).value as String)
@@ -68,12 +72,15 @@ class Index : Container() {
}
return parameters[0].convertToRealizedExpression(context) +
- "[${parameters[1].convertToRealizedExpression(context)}]"
+ "[${parameters[1].convertToRealizedExpression(context)}]"
}
override fun evaluateCore(context: EvaluationContext): Pair {
val left = parameters[0].evaluate(context)
-
+ // 如果有多个索引如 a.b.c 因为是递归计算,到 c的时候拿到的左参数一定是 a.b 中的 .,所以追踪左参数只追踪第一个
+ if (parameters[0] !is Index) {
+ context.options.contextNotNull.trace(parameters[0].format())
+ }
// Not a collection
val (collection, ok) = left.tryGetCollectionInterface()
if (!ok) {
@@ -136,6 +143,7 @@ class Index : Container() {
return Pair(result, true)
}
+ @Suppress("ComplexMethod")
private fun handleFilteredArray(
context: EvaluationContext,
filteredArray: FilteredArray
@@ -161,9 +169,13 @@ class Index : Container() {
}
// String
else if (index.hasStringIndex) {
- val (nestedObjectValue, res) = nestedCollection.tryGetValue(index.stringIndex!!)
- if (res) {
- result.add(nestedObjectValue)
+ val key = index.stringIndex!!
+ val nestedObjectValueRes = nestedCollection.getRes(key)
+ if (context.options.contextNotNull()) {
+ nestedObjectValueRes.throwIfNoKey()
+ }
+ if (!nestedObjectValueRes.noKey()) {
+ result.add(nestedObjectValueRes.value)
counter.add(Int.SIZE_BYTES)
}
}
@@ -209,9 +221,16 @@ class Index : Container() {
}
// String
else {
- val (result, ok) = obj.tryGetValue(index.stringIndex ?: return Pair(null, null))
- if (index.hasStringIndex && ok) {
- return Pair(null, result)
+ val key = index.stringIndex
+ if (key == null && context.options.contextNotNull()) {
+ throw ContextNotFoundException()
+ }
+ val result = obj.getRes(key ?: return Pair(null, null))
+ if (context.options.contextNotNull()) {
+ result.throwIfNoKey()
+ }
+ if (index.hasStringIndex && !result.noKey()) {
+ return Pair(null, result.value)
}
}
@@ -241,6 +260,9 @@ class Index : Container() {
else if (index.hasIntegerIndex && index.integerIndex < array.count) {
return Pair(null, array[index.integerIndex])
}
+ if (context.options.contextNotNull()) {
+ throw ContextNotFoundException()
+ }
return Pair(null, null)
}
@@ -260,19 +282,29 @@ class Index : Container() {
return mList[index]
}
+ override fun getRes(index: Int): CollectionResult {
+ if (index >= 0 && index <= mList.lastIndex) {
+ return CollectionResult(mList[index])
+ }
+ return CollectionResult.noKey()
+ }
+
override fun iterator(): Iterator {
return mList.iterator()
}
}
private class IndexHelper(context: EvaluationContext, val parameter: ExpressionNode) {
- private val mResult: EvaluationResult
+ val mResult: EvaluationResult
private val mIntegerIndex: Lazy
private val mStringIndex: Lazy
init {
mResult = parameter.evaluate(context)
+ // 追踪右参数
+ context.options.contextNotNull.trace(parameter.format())
+
mIntegerIndex = lazy {
var doubleIndex = mResult.convertToNumber()
if (doubleIndex.isNaN() || doubleIndex < 0.0) {
diff --git a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunction.kt b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunction.kt
index 5dd4ed7b08c..6cd16664970 100644
--- a/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunction.kt
+++ b/src/backend/ci/core/common/common-expression/src/main/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunction.kt
@@ -48,18 +48,12 @@ class HashFilesFunction : Function() {
val contextValues = context.state as ExecutionContext
var workspaceData = contextValues.expressionValues[ciWorkSpaceKey.split(".")[0]]
workspaceData = if (workspaceData == null) {
- if (contextValues.expressionValues[workSpaceKey] == null) {
- throw ContextNotFoundException("$workSpaceKey/$ciWorkSpaceKey")
- } else {
- contextValues.expressionValues[workSpaceKey]
- }
+ contextValues.expressionValues[workSpaceKey]
+ ?: throw ContextNotFoundException("$workSpaceKey/$ciWorkSpaceKey")
} else {
- if (workspaceData !is DictionaryContextData || workspaceData[ciWorkSpaceKey.split(".")[1]] == null) {
- if (contextValues.expressionValues[workSpaceKey] == null) {
- throw ContextNotFoundException("$workSpaceKey/$ciWorkSpaceKey")
- } else {
- contextValues.expressionValues[workSpaceKey]
- }
+ if (workspaceData !is DictionaryContextData || !workspaceData.containsKey(ciWorkSpaceKey.split(".")[1])) {
+ contextValues.expressionValues[workSpaceKey]
+ ?: throw ContextNotFoundException("$workSpaceKey/$ciWorkSpaceKey")
} else {
workspaceData[ciWorkSpaceKey.split(".")[1]]
}
diff --git a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextDataTest.kt b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextDataTest.kt
index 2d49d08d896..be44807b5c4 100644
--- a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextDataTest.kt
+++ b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/context/RuntimeDictionaryContextDataTest.kt
@@ -29,6 +29,7 @@ package com.tencent.devops.common.expression.context
import com.tencent.devops.common.expression.ExecutionContext
import com.tencent.devops.common.expression.ExpressionParser
+import com.tencent.devops.common.expression.expression.EvaluationOptions
import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
import org.junit.jupiter.api.Assertions
import org.junit.jupiter.api.BeforeAll
@@ -46,7 +47,7 @@ internal class RuntimeDictionaryContextDataTest {
fun contextSingleBuildTest() {
val context = RuntimeDictionaryContextData(RuntimeNamedValueImpl())
data.forEach { (k, v) ->
- Assertions.assertEquals(v, context.tryGetValue(k).first)
+ Assertions.assertEquals(v, context[k])
}
Assertions.assertEquals(data.map { it.value }, context.values)
}
@@ -59,12 +60,13 @@ internal class RuntimeDictionaryContextDataTest {
"settings.access_token.access_token == '456' => true",
"settings['appId'].secretKey == '101112' => true",
"settings.token['username'] == " +
- "fromJSON('{\"token\":\"212223\",\"username\":\"789\",\"password\":\"123\"}').username => true"
+ "fromJSON('{\"token\":\"212223\",\"username\":\"789\",\"password\":\"123\"}').username => true"
]
)
fun contextExpressionParseTest(expAndExpect: String) {
val (exp, expect) = expAndExpect.split(" => ")
- val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ val res = ExpressionParser.createTree(exp, null, nameValue, null)!!
+ .evaluate(null, ev, EvaluationOptions(false), null).value
Assertions.assertEquals(
if (expect == "true" || expect == "false") {
expect.toBoolean()
diff --git a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/EvaluationOptionsTest.kt b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/EvaluationOptionsTest.kt
new file mode 100644
index 00000000000..069d07a4dbe
--- /dev/null
+++ b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/EvaluationOptionsTest.kt
@@ -0,0 +1,102 @@
+package com.tencent.devops.common.expression.expression
+
+import com.tencent.devops.common.expression.ContextNotFoundException
+import com.tencent.devops.common.expression.ExecutionContext
+import com.tencent.devops.common.expression.ExpressionParser
+import com.tencent.devops.common.expression.context.ArrayContextData
+import com.tencent.devops.common.expression.context.ContextValueNode
+import com.tencent.devops.common.expression.context.DictionaryContextData
+import com.tencent.devops.common.expression.context.StringContextData
+import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
+import org.junit.jupiter.api.Assertions
+import org.junit.jupiter.api.DisplayName
+import org.junit.jupiter.api.Nested
+import org.junit.jupiter.api.assertThrows
+import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.ValueSource
+import org.slf4j.LoggerFactory
+
+@Suppress("ComplexMethod", "LongMethod", "MaxLineLength")
+@DisplayName("测试EvaluationOptions配置的不同选项")
+class EvaluationOptionsTest {
+ @DisplayName("exceptionInsteadOfNull相关场景测试")
+ @Nested
+ inner class ExceptionTest {
+ @DisplayName("配置了exceptionInsteadOfNull")
+ @ParameterizedTest
+ @ValueSource(
+ strings = [
+ "string => string",
+ "obj.a.obj_obj1[2] == 1 => obj.a",
+ "arr[0].arr_obj_1_n2 => arr.0.arr_obj_1_n2",
+ "obj.obj_obj1.obj_obj1_n1.a => obj.obj_obj1.obj_obj1_n1.a"
+ ]
+ )
+ fun exceptionInsteadOfNull(group: String) {
+ val (exp, exArg) = group.split(" => ")
+ val options = EvaluationOptions(true)
+ assertThrows {
+ ExpressionParser.createTree(exp, null, nameValue, null)!!
+ .evaluate(TestTraceWriter(), ev, options, null)
+ }
+ println(options.contextNotNull.exceptionTraceMsg)
+ Assertions.assertEquals(
+ ContextNotFoundException(exArg).message,
+ options.contextNotNull.exceptionTraceMsg?.joinToString(".")
+ )
+ }
+
+ @DisplayName("不配置exceptionInsteadOfNull")
+ @ParameterizedTest
+ @ValueSource(
+ strings = [
+ "string == null",
+ "obj.a.obj_obj1[2] == null",
+ "arr[0].arr_obj_1_n2 == null",
+ "obj.obj_obj1.obj_obj1_n1.a == null"
+ ]
+ )
+ fun noExceptionInsteadOfNull(exp: String) {
+ val options = EvaluationOptions(false)
+ val result = ExpressionParser.createTree(exp, null, nameValue, null)!!
+ .evaluate(TestTraceWriter(), ev, options, null)
+ Assertions.assertTrue(result.equalsTrue)
+ }
+
+ private val nameValue = mutableListOf().apply {
+ add(NamedValueInfo("string", ContextValueNode()))
+ add(NamedValueInfo("obj", ContextValueNode()))
+ add(NamedValueInfo("arr", ContextValueNode()))
+ }
+ private val ev = ExecutionContext(DictionaryContextData().apply {
+ add("obj", DictionaryContextData().apply {
+ add("obj_arr1", ArrayContextData().apply {
+ add(null)
+ })
+ add("obj_obj1", DictionaryContextData().apply {
+ add("obj_obj1_n1", DictionaryContextData().apply {
+ })
+ })
+ })
+ add("arr", ArrayContextData().apply {
+ add(DictionaryContextData().apply {
+ add("arr_obj_1_n1", StringContextData("arr_obj_1_n1_v"))
+ })
+ })
+ })
+ }
+}
+
+class TestTraceWriter : ITraceWriter {
+ override fun info(message: String?) {
+ logger.info(message ?: return)
+ }
+
+ override fun verbose(message: String?) {
+ logger.debug(message ?: return)
+ }
+
+ companion object {
+ private val logger = LoggerFactory.getLogger(TestTraceWriter::class.java)
+ }
+}
\ No newline at end of file
diff --git a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/ExpressionParserTest.kt b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/ExpressionParserTest.kt
index 17ad9d05165..8eb866a45bb 100644
--- a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/ExpressionParserTest.kt
+++ b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/ExpressionParserTest.kt
@@ -117,11 +117,6 @@ class ExpressionParserTest {
@DisplayName("测试流水线变量中对象的转换")
@Test
fun variablesObjectConvert() {
-// val variablesWithError = mapOf(
-// "matrix.power" to "{url=cn.com, project=p-xxx}",
-// "matrix.power.url" to "cn.com",
-// "matrix.power.project" to "p-xxx"
-// )
val variables = mapOf(
"matrix.power" to "{ \"url\" : \"cn.com\", \"project\": \"p-xxx\" }",
"matrix.power.url" to "cn.com",
@@ -249,9 +244,50 @@ class ExpressionParserTest {
}
Assertions.assertEquals(v, ExpressionParser.evaluateByMap(k, variables, true))
}
-// assertThrows {
-// ExpressionParser.evaluateByMap("matrix.power.url=='cn.com'", variablesWithError, true)
-// }
+ }
+
+ @DisplayName("测试流水线变量中对象的转换2")
+ @Test
+ fun variablesObjectConvert2() {
+ val variables = mapOf(
+ "matrix.power" to "{ \"url\" : \"cn.com\", \"project\": \"p-xxx\" }",
+ "matrix.power.url" to "c1.com",
+ "matrix.power.project" to "p-xxx",
+ "jsonStr" to "{ \"url\" : \"cn.com\", \"project\": \"p-1xx\" }"
+ )
+ val jsonKeys = setOf(
+ "matrix.power"
+ )
+ val mapKeys = setOf(
+ "matrix"
+ )
+ val expAndExpect = mapOf(
+ "matrix.power" to "{ \"url\" : \"cn.com\", \"project\": \"p-xxx\" }",
+ "matrix.power.url" to "c1.com",
+ "matrix.power.project" to "p-xxx",
+ "matrix" to mapOf("power" to mapOf("url" to "c1.com", "project" to "p-xxx")),
+ "fromJSON(toJSON(matrix.power)).url" to "c1.com",
+ "fromJSON(jsonStr).project" to "p-1xx"
+ )
+ expAndExpect.forEach { (exp, expect) ->
+ if (exp in jsonKeys) {
+ Assertions.assertEquals(
+ JsonUtil.getObjectMapper().readTree(expect.toString()),
+ JsonUtil.getObjectMapper().readTree(
+ ExpressionParser.evaluateByMap(exp, variables, true).toString()
+ )
+ )
+ return@forEach
+ }
+ if (exp in mapKeys) {
+ Assertions.assertEquals(
+ JsonUtil.getObjectMapper().readTree(JsonUtil.toJson(expect)),
+ JsonUtil.getObjectMapper()
+ .readTree(JsonUtil.toJson(ExpressionParser.evaluateByMap(exp, variables, true)!!))
+ )
+ }
+ Assertions.assertEquals(expect, ExpressionParser.evaluateByMap(exp, variables, true))
+ }
}
@DisplayName("测试解析文字")
@@ -267,7 +303,8 @@ class ExpressionParserTest {
)
literals.forEach { (exp, v) ->
- val res = ExpressionParser.createTree(exp, null, null, null)!!.evaluate(null, null, null, null).value
+ val res = ExpressionParser.createTree(exp, null, null, null)!!
+ .evaluate(null, null, EvaluationOptions(false), null).value
Assertions.assertEquals(v, res)
}
}
@@ -495,7 +532,8 @@ class ExpressionParserTest {
)
fun functionFromJsonTest(fromJson: String) {
val (index, exp) = fromJson.split(" => ")
- val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ val res = ExpressionParser.createTree(exp, null, nameValue, null)!!
+ .evaluate(null, ev, EvaluationOptions(false), null).value
when (index.toInt()) {
1 -> {
Assertions.assertTrue(res is DictionaryContextData)
@@ -536,7 +574,8 @@ class ExpressionParserTest {
)
fun functionJoinTest(join: String) {
val (index, exp) = join.split(" => ")
- val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ val res = ExpressionParser.createTree(exp, null, nameValue, null)!!
+ .evaluate(null, ev, EvaluationOptions(false), null).value
when (index.toInt()) {
1 -> {
Assertions.assertEquals("push|mr|tag", res)
@@ -583,7 +622,13 @@ class ExpressionParserTest {
val result = items[1]
val subInfo = SubNameValueEvaluateInfo()
val tree = ExpressionParser.createSubNameValueEvaluateTree(exp, null, parametersNameValue, null, subInfo)!!
- var (res, isComplete, type) = tree.subNameValueEvaluate(null, parametersEv, null, subInfo, null)
+ var (res, isComplete, type) = tree.subNameValueEvaluate(
+ null,
+ parametersEv,
+ EvaluationOptions(false),
+ subInfo,
+ null
+ )
if (isComplete && (type == SubNameValueResultType.ARRAY || type == SubNameValueResultType.DICT)) {
res = res.replace("\\\"", "\"")
}
@@ -598,7 +643,8 @@ class ExpressionParserTest {
private fun valuesTest(param: String) {
val (exp, result) = param.split(" => ")
- val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ val res = ExpressionParser.createTree(exp, null, nameValue, null)!!
+ .evaluate(null, ev, EvaluationOptions(false), null).value
Assertions.assertEquals(
when (result) {
"true", "false" -> {
diff --git a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/FormatTest.kt b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/FormatTest.kt
index 8413abe9ab6..76f7f77a59d 100644
--- a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/FormatTest.kt
+++ b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/FormatTest.kt
@@ -37,6 +37,7 @@ import com.tencent.devops.common.expression.context.ContextValueNode
import com.tencent.devops.common.expression.context.DictionaryContextData
import com.tencent.devops.common.expression.context.NumberContextData
import com.tencent.devops.common.expression.context.StringContextData
+import com.tencent.devops.common.expression.expression.EvaluationOptions
import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
import org.junit.jupiter.api.Assertions
import org.junit.jupiter.api.BeforeAll
@@ -56,28 +57,28 @@ internal class FormatTest {
ExpressionParser.createTree(
"format('{0}-{1}:{3}', variables.str, variables.doub, variables.arry)",
null, nameValue, null
- )!!.evaluate(null, ev, null, null)
+ )!!.evaluate(null, ev, EvaluationOptions(false), null)
}
Assertions.assertThrows(FunctionFormatException::class.java) {
ExpressionParser.createTree(
"format('{0}-{1}:3}', variables.str, variables.doub, variables.arry)",
null, nameValue, null
- )!!.evaluate(null, ev, null, null)
+ )!!.evaluate(null, ev, EvaluationOptions(false), null)
}
Assertions.assertThrows(FunctionFormatException::class.java) {
ExpressionParser.createTree(
"format('{0}-{1}:{3', variables.str, variables.doub, variables.arry)",
null, nameValue, null
- )!!.evaluate(null, ev, null, null)
+ )!!.evaluate(null, ev, EvaluationOptions(false), null)
}
Assertions.assertThrows(FunctionFormatException::class.java) {
ExpressionParser.createTree(
"format('{0:yyyyMMdd}', variables.str, variables.doub, variables.arry)",
null, nameValue, null
- )!!.evaluate(null, ev, null, null)
+ )!!.evaluate(null, ev, EvaluationOptions(false), null)
}
}
@@ -92,7 +93,7 @@ internal class FormatTest {
)
fun evaluateCoreTest(format: String) {
val (exp, expect) = format.split(" => ")
- val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, EvaluationOptions(false), null).value
Assertions.assertEquals(expect, res)
}
@@ -109,7 +110,7 @@ internal class FormatTest {
val res =
ExpressionParser
.createSubNameValueEvaluateTree(exp, null, parametersNameValue, null, SubNameValueEvaluateInfo())!!
- .subNameValueEvaluate(null, parametersEv, null, SubNameValueEvaluateInfo(), null).value
+ .subNameValueEvaluate(null, parametersEv, EvaluationOptions(false), SubNameValueEvaluateInfo(), null).value
Assertions.assertEquals(expect, res)
}
diff --git a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/StrToTimeTest.kt b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/StrToTimeTest.kt
index c027658e949..31a1ecc0c8d 100644
--- a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/StrToTimeTest.kt
+++ b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/functions/StrToTimeTest.kt
@@ -37,6 +37,7 @@ import com.tencent.devops.common.expression.context.ContextValueNode
import com.tencent.devops.common.expression.context.DictionaryContextData
import com.tencent.devops.common.expression.context.NumberContextData
import com.tencent.devops.common.expression.context.StringContextData
+import com.tencent.devops.common.expression.expression.EvaluationOptions
import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
import org.junit.jupiter.api.Assertions
import org.junit.jupiter.api.BeforeAll
@@ -56,7 +57,7 @@ internal class StrToTimeTest {
ExpressionParser.createTree(
"strToTime('2023-3-15')",
null, nameValue, null
- )!!.evaluate(null, ev, null, null)
+ )!!.evaluate(null, ev, EvaluationOptions(false), null)
}
}
@@ -69,8 +70,8 @@ internal class StrToTimeTest {
)
fun evaluateCoreTest(format: String) {
val (exp, expect) = format.split(" => ")
- val res1 = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
- val res2 = ExpressionParser.createTree(expect, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ val res1 = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, EvaluationOptions(false), null).value
+ val res2 = ExpressionParser.createTree(expect, null, nameValue, null)!!.evaluate(null, ev, EvaluationOptions(false), null).value
Assertions.assertEquals(res1, res2)
}
@@ -84,7 +85,7 @@ internal class StrToTimeTest {
)
fun eqTest(format: String) {
val (exp, expect) = format.split(" => ")
- val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ val res = ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, EvaluationOptions(false), null).value
Assertions.assertEquals(expect, res.toString())
}
@@ -100,7 +101,7 @@ internal class StrToTimeTest {
val res =
ExpressionParser
.createSubNameValueEvaluateTree(exp, null, parametersNameValue, null, SubNameValueEvaluateInfo())!!
- .subNameValueEvaluate(null, parametersEv, null, SubNameValueEvaluateInfo(), null).value
+ .subNameValueEvaluate(null, parametersEv, EvaluationOptions(false), SubNameValueEvaluateInfo(), null).value
Assertions.assertEquals(expect, res)
}
diff --git a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunctionTest.kt b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunctionTest.kt
index f65cb065926..1fd06d75d5c 100644
--- a/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunctionTest.kt
+++ b/src/backend/ci/core/common/common-expression/src/test/kotlin/com/tencent/devops/common/expression/expression/specialFuctions/hashFiles/HashFilesFunctionTest.kt
@@ -36,6 +36,7 @@ import com.tencent.devops.common.expression.context.ContextValueNode
import com.tencent.devops.common.expression.context.DictionaryContextData
import com.tencent.devops.common.expression.context.NumberContextData
import com.tencent.devops.common.expression.context.StringContextData
+import com.tencent.devops.common.expression.expression.EvaluationOptions
import com.tencent.devops.common.expression.expression.FunctionInfo
import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
import org.junit.jupiter.api.Assertions
@@ -62,11 +63,11 @@ internal class HashFilesFunctionTest {
fun noRootPath() {
val exp = "hashFiles('/data/a/a')"
Assertions.assertThrows(RuntimeException::class.java) {
- ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, EvaluationOptions(false), null).value
}
val exp1 = "hashFiles('D: \\data\\.\\..')"
Assertions.assertThrows(RuntimeException::class.java) {
- ExpressionParser.createTree(exp1, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ ExpressionParser.createTree(exp1, null, nameValue, null)!!.evaluate(null, ev, EvaluationOptions(false), null).value
}
}
@@ -75,7 +76,7 @@ internal class HashFilesFunctionTest {
fun noIndexPath() {
val exp = "hashFiles('/data/./..')"
Assertions.assertThrows(RuntimeException::class.java) {
- ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, null, null).value
+ ExpressionParser.createTree(exp, null, nameValue, null)!!.evaluate(null, ev, EvaluationOptions(false), null).value
}
}
}
@@ -103,7 +104,7 @@ internal class HashFilesFunctionTest {
HashFilesFunction()
)
)
- )!!.evaluate(null, ev, null, null).value
+ )!!.evaluate(null, ev, EvaluationOptions(false), null).value
)
}
@@ -129,7 +130,7 @@ internal class HashFilesFunctionTest {
)
),
subInfo
- )!!.subNameValueEvaluate(null, parametersEv, null, subInfo, null).value
+ )!!.subNameValueEvaluate(null, parametersEv, EvaluationOptions(false), subInfo, null).value
)
}
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/transfer/ModelTransfer.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/transfer/ModelTransfer.kt
index 093fe644a3b..6e366899724 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/transfer/ModelTransfer.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/transfer/ModelTransfer.kt
@@ -28,9 +28,11 @@
package com.tencent.devops.process.yaml.transfer
import com.tencent.devops.common.api.constant.CommonMessageCode.YAML_NOT_VALID
+import com.tencent.devops.common.api.pojo.PipelineAsCodeSettings
import com.tencent.devops.common.client.Client
import com.tencent.devops.common.pipeline.Model
import com.tencent.devops.common.pipeline.container.Stage
+import com.tencent.devops.common.pipeline.dialect.PipelineDialectType
import com.tencent.devops.common.pipeline.pojo.setting.PipelineRunLockType
import com.tencent.devops.common.pipeline.pojo.setting.PipelineSetting
import com.tencent.devops.common.pipeline.pojo.setting.Subscription
@@ -42,6 +44,7 @@ import com.tencent.devops.process.yaml.transfer.VariableDefault.nullIfDefault
import com.tencent.devops.process.yaml.transfer.aspect.PipelineTransferAspectWrapper
import com.tencent.devops.process.yaml.transfer.pojo.ModelTransferInput
import com.tencent.devops.process.yaml.transfer.pojo.YamlTransferInput
+import com.tencent.devops.process.yaml.v3.enums.SyntaxDialectType
import com.tencent.devops.process.yaml.v3.models.Concurrency
import com.tencent.devops.process.yaml.v3.models.Extends
import com.tencent.devops.process.yaml.v3.models.GitNotices
@@ -98,7 +101,7 @@ class ModelTransfer @Autowired constructor(
maxQueueSize = yaml.concurrency?.queueLength ?: VariableDefault.DEFAULT_PIPELINE_SETTING_MAX_QUEUE_SIZE,
maxConRunningQueueSize = yaml.concurrency?.maxParallel ?: PIPELINE_SETTING_MAX_CON_QUEUE_SIZE_MAX,
labels = yaml2Labels(yamlInput),
- pipelineAsCodeSettings = yamlInput.asCodeSettings,
+ pipelineAsCodeSettings = yamlSyntaxDialect2Setting(yaml.syntaxDialect),
successSubscriptionList = yamlNotice2Setting(
projectId = yamlInput.projectCode,
notices = yaml.notices?.filter { it.checkNotifyForSuccess() }
@@ -118,6 +121,22 @@ class ModelTransfer @Autowired constructor(
}
}
+ private fun yamlSyntaxDialect2Setting(syntaxDialectType: String?): PipelineAsCodeSettings? {
+ if (syntaxDialectType.isNullOrBlank()) return null
+ return when (syntaxDialectType) {
+ SyntaxDialectType.INHERIT.name -> PipelineAsCodeSettings(inheritedDialect = true)
+ SyntaxDialectType.CLASSIC.name -> PipelineAsCodeSettings(
+ inheritedDialect = false,
+ pipelineDialect = PipelineDialectType.CLASSIC.name
+ )
+ SyntaxDialectType.CONSTRAINT.name -> PipelineAsCodeSettings(
+ inheritedDialect = false,
+ pipelineDialect = PipelineDialectType.CONSTRAINED.name
+ )
+ else -> null
+ }
+ }
+
private fun prepareModelGroups(projectId: String, notice: Subscription): Subscription {
if (notice.groups.isEmpty()) return notice
val info = transferCache.getProjectGroupAndUsers(projectId)?.associateBy { it.displayName } ?: return notice
@@ -207,7 +226,8 @@ class ModelTransfer @Autowired constructor(
desc = modelInput.setting.desc.ifEmpty { null },
label = label,
resources = modelInput.model.resources,
- notices = makeNoticesV3(modelInput.setting)
+ notices = makeNoticesV3(modelInput.setting),
+ syntaxDialect = makeSyntaxDialect(modelInput.setting)
)
else -> {
throw PipelineTransferException(
@@ -404,6 +424,16 @@ class ModelTransfer @Autowired constructor(
}
}
+ private fun makeSyntaxDialect(setting: PipelineSetting): String? {
+ val asCodeSettings = setting.pipelineAsCodeSettings ?: return null
+ return when {
+ asCodeSettings.inheritedDialect == true -> SyntaxDialectType.INHERIT.name
+ asCodeSettings.pipelineDialect == PipelineDialectType.CLASSIC.name -> SyntaxDialectType.CLASSIC.name
+ asCodeSettings.pipelineDialect == PipelineDialectType.CONSTRAINED.name -> SyntaxDialectType.CONSTRAINT.name
+ else -> null
+ }
+ }
+
@Suppress("NestedBlockDepth")
private fun preparePipelineLabels(
userId: String,
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v2/parsers/template/ParametersExpressionParse.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v2/parsers/template/ParametersExpressionParse.kt
index bba8eade3cd..aaea3fdcabb 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v2/parsers/template/ParametersExpressionParse.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v2/parsers/template/ParametersExpressionParse.kt
@@ -15,6 +15,7 @@ import com.tencent.devops.common.expression.context.ExpressionContextData
import com.tencent.devops.common.expression.context.NumberContextData
import com.tencent.devops.common.expression.context.PipelineContextData
import com.tencent.devops.common.expression.context.StringContextData
+import com.tencent.devops.common.expression.expression.EvaluationOptions
import com.tencent.devops.common.expression.expression.FunctionInfo
import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
import com.tencent.devops.common.expression.expression.specialFuctions.hashFiles.HashFilesFunction
@@ -398,7 +399,7 @@ object ParametersExpressionParse {
val (value, isComplete, type) = try {
ExpressionParser.createSubNameValueEvaluateTree(
expression, null, nameValues, functionList, subInfo
- )?.subNameValueEvaluate(null, context, null, subInfo, null)
+ )?.subNameValueEvaluate(null, context, EvaluationOptions(false), subInfo, null)
?: throw YamlTemplateException("create evaluate tree is null")
} catch (e: Throwable) {
throw error(Constants.EXPRESSION_EVALUATE_ERROR.format(path, expression, e.message))
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGradeService.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/enums/SyntaxDialectType.kt
similarity index 90%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGradeService.kt
rename to src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/enums/SyntaxDialectType.kt
index 7196c76544e..47e63569be2 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/iam/PermissionGradeService.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/enums/SyntaxDialectType.kt
@@ -23,11 +23,15 @@
* NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
- *
*/
-package com.tencent.devops.auth.service.iam
+package com.tencent.devops.process.yaml.v3.enums
-interface PermissionGradeService {
- fun checkGradeManagerUser(userId: String, projectId: Int)
+/**
+ * 流水线方言类型
+ */
+enum class SyntaxDialectType {
+ INHERIT,
+ CLASSIC,
+ CONSTRAINT
}
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlParser.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlParser.kt
index fb547685247..403ad5a6647 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlParser.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlParser.kt
@@ -57,6 +57,7 @@ interface PreScriptBuildYamlIParser : YamlVersionParser {
val disablePipeline: Boolean?
val recommendedVersion: RecommendedVersion?
val customBuildNum: String?
+ val syntaxDialect: String?
}
/**
@@ -83,7 +84,8 @@ data class PreScriptBuildYamlParser(
override val concurrency: Concurrency? = null,
override val disablePipeline: Boolean? = null,
override val recommendedVersion: RecommendedVersion? = null,
- override val customBuildNum: String? = null
+ override val customBuildNum: String? = null,
+ override val syntaxDialect: String?
) : PreScriptBuildYamlIParser {
override fun yamlVersion() = YamlVersion.V2_0
}
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlV3Parser.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlV3Parser.kt
index 7c4933e59cb..c8777006258 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlV3Parser.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreScriptBuildYamlV3Parser.kt
@@ -61,7 +61,8 @@ data class PreScriptBuildYamlV3Parser(
override val concurrency: Concurrency? = null,
override val disablePipeline: Boolean? = null,
override val recommendedVersion: RecommendedVersion? = null,
- override val customBuildNum: String? = null
+ override val customBuildNum: String? = null,
+ override val syntaxDialect: String?
) : PreScriptBuildYamlIParser {
override fun yamlVersion() = YamlVersion.V3_0
}
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlParser.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlParser.kt
index 35dc3c90cd0..87a06af8357 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlParser.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlParser.kt
@@ -63,6 +63,7 @@ interface IPreTemplateScriptBuildYamlParser : YamlVersionParser {
var disablePipeline: Boolean?
var recommendedVersion: RecommendedVersion?
var customBuildNum: String?
+ var syntaxDialect: String?
fun replaceTemplate(f: (param: ITemplateFilter) -> PreScriptBuildYamlIParser)
@@ -132,7 +133,9 @@ data class PreTemplateScriptBuildYamlParser(
@JsonProperty("recommended-version")
override var recommendedVersion: RecommendedVersion? = null,
@JsonProperty("custom-build-num")
- override var customBuildNum: String? = null
+ override var customBuildNum: String? = null,
+ @JsonProperty("syntax-dialect")
+ override var syntaxDialect: String?
) : IPreTemplateScriptBuildYamlParser, ITemplateFilter {
init {
@@ -149,7 +152,8 @@ data class PreTemplateScriptBuildYamlParser(
triggerOn = triggerOn,
resources = resources,
notices = notices,
- concurrency = concurrency
+ concurrency = concurrency,
+ syntaxDialect = syntaxDialect
)
}
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlV3Parser.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlV3Parser.kt
index 3085cdc7ad5..4a94b46520f 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlV3Parser.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/models/PreTemplateScriptBuildYamlV3Parser.kt
@@ -68,7 +68,9 @@ data class PreTemplateScriptBuildYamlV3Parser(
@JsonProperty("recommended-version")
override var recommendedVersion: RecommendedVersion? = null,
@JsonProperty("custom-build-num")
- override var customBuildNum: String? = null
+ override var customBuildNum: String? = null,
+ @JsonProperty("syntax-dialect")
+ override var syntaxDialect: String? = null
) : IPreTemplateScriptBuildYamlParser, ITemplateFilter {
companion object {
private val logger = LoggerFactory.getLogger(PreTemplateScriptBuildYamlV3Parser::class.java)
@@ -89,7 +91,8 @@ data class PreTemplateScriptBuildYamlV3Parser(
resources = resources,
notices = notices,
concurrency = concurrency,
- disablePipeline = disablePipeline
+ disablePipeline = disablePipeline,
+ syntaxDialect = syntaxDialect
)
}
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/parsers/template/ParametersExpressionParse.kt b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/parsers/template/ParametersExpressionParse.kt
index 22c64bee830..3aa2e9508a6 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/parsers/template/ParametersExpressionParse.kt
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/kotlin/com/tencent/devops/process/yaml/v3/parsers/template/ParametersExpressionParse.kt
@@ -15,6 +15,7 @@ import com.tencent.devops.common.expression.context.ExpressionContextData
import com.tencent.devops.common.expression.context.NumberContextData
import com.tencent.devops.common.expression.context.PipelineContextData
import com.tencent.devops.common.expression.context.StringContextData
+import com.tencent.devops.common.expression.expression.EvaluationOptions
import com.tencent.devops.common.expression.expression.FunctionInfo
import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
import com.tencent.devops.common.expression.expression.specialFuctions.hashFiles.HashFilesFunction
@@ -399,7 +400,7 @@ object ParametersExpressionParse {
val (value, isComplete, type) = try {
ExpressionParser.createSubNameValueEvaluateTree(
expression, null, nameValues, functionList, subInfo
- )?.subNameValueEvaluate(null, context, null, subInfo, null)
+ )?.subNameValueEvaluate(null, context, EvaluationOptions(false), subInfo, null)
?: throw YamlTemplateException("create evaluate tree is null")
} catch (e: Throwable) {
throw error(Constants.EXPRESSION_EVALUATE_ERROR.format(path, expression, e.message))
diff --git a/src/backend/ci/core/common/common-pipeline-yaml/src/main/resources/schema/V3_0/ci.json b/src/backend/ci/core/common/common-pipeline-yaml/src/main/resources/schema/V3_0/ci.json
index 4082bc8bb12..4edadcaff14 100644
--- a/src/backend/ci/core/common/common-pipeline-yaml/src/main/resources/schema/V3_0/ci.json
+++ b/src/backend/ci/core/common/common-pipeline-yaml/src/main/resources/schema/V3_0/ci.json
@@ -1980,6 +1980,9 @@
},
"gpus" : {
"type" : "string"
+ },
+ "privileged" : {
+ "type" : "string"
}
}
},
@@ -2470,6 +2473,9 @@
},
"gpus" : {
"type" : "string"
+ },
+ "privileged" : {
+ "type" : "string"
}
}
},
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/java/com/tencent/devops/common/pipeline/ExprReplaceEnvVarUtil.java b/src/backend/ci/core/common/common-pipeline/src/main/java/com/tencent/devops/common/pipeline/ExprReplaceEnvVarUtil.java
new file mode 100644
index 00000000000..8f68673917b
--- /dev/null
+++ b/src/backend/ci/core/common/common-pipeline/src/main/java/com/tencent/devops/common/pipeline/ExprReplaceEnvVarUtil.java
@@ -0,0 +1,159 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.common.pipeline;
+
+import com.tencent.devops.common.api.util.JsonSchemaUtil;
+import com.tencent.devops.common.api.util.JsonUtil;
+import com.tencent.devops.common.api.util.ReflectUtil;
+import com.tencent.devops.common.pipeline.utils.ExprReplacementUtil;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+public class ExprReplaceEnvVarUtil {
+
+ public static Object replaceEnvVar(Object obj, Map envMap) {
+ return replaceEnvVar(obj,
+ new ExprReplacementOptions(envMap, false, null, null, null)
+ );
+ }
+
+ /**
+ * 把对象字段值中的表达式替换成环境变量
+ * @param obj 需要把占位符替换环境变量的对象(对象如果是集合对象,注意要选择支持增加、删除等操作的集合类型,不要选择类似SingletonMap这种)
+ * @param envMap 环境变量Map
+ * @return 变量替换后的对象
+ */
+ @SuppressWarnings("all")
+ public static Object replaceEnvVar(Object obj, ExprReplacementOptions options) {
+ Map envMap = options.getContextMap();
+ if (obj instanceof Map) {
+ // 递归替换map对象中的变量
+ Set> entrySet = ((Map) obj).entrySet();
+ for (Map.Entry entry : entrySet) {
+ Object value = entry.getValue();
+ if (!isNormalReplaceEnvVar(value)) {
+ entry.setValue(replaceEnvVar(value, options));
+ } else {
+ entry.setValue(handleNormalEnvVar(value, options));
+ }
+ }
+ } else if (obj instanceof List) {
+ // 递归替换list对象中的变量
+ List dataList = (List) obj;
+ for (int i = 0; i < dataList.size(); i++) {
+ Object value = dataList.get(i);
+ if (!isNormalReplaceEnvVar(value)) {
+ dataList.set(i, replaceEnvVar(value, options));
+ } else {
+ dataList.set(i, handleNormalEnvVar(value, options));
+ }
+ }
+ } else if (obj instanceof Set) {
+ // 递归替换set对象中的变量
+ Set objSet = (Set) obj;
+ Set replaceObjSet = new HashSet(objSet);
+ Iterator it = replaceObjSet.iterator();
+ while (it.hasNext()) {
+ Object value = it.next();
+ objSet.remove(value);
+ if (!isNormalReplaceEnvVar(value)) {
+ objSet.add(replaceEnvVar(value, options));
+ } else {
+ objSet.add(handleNormalEnvVar(value, options));
+ }
+ }
+ } else if (isNormalReplaceEnvVar(obj)) {
+ // 替换基本类型对象或字符串对象中的变量
+ obj = handleNormalEnvVar(obj, options);
+ } else {
+ try {
+ // 把对象转换成map后进行递归替换变量
+ Map dataMap = JsonUtil.INSTANCE.toMap(obj);
+ replaceEnvVar(dataMap, options);
+ obj = JsonUtil.INSTANCE.to(JsonUtil.INSTANCE.toJson(dataMap, true), obj.getClass());
+ } catch (Throwable e) {
+ // 转换不了map的对象则进行直接替换
+ obj = ExprReplacementUtil.INSTANCE.parseExpression(
+ JsonUtil.INSTANCE.toJson(obj, true), options
+ );
+ }
+ }
+ return obj;
+ }
+
+ private static Object handleNormalEnvVar(Object obj, ExprReplacementOptions options) {
+ // 只有字符串参数才需要进行变量替换,其它基本类型参数无需进行变量替换
+ if (obj instanceof String) {
+ String objStr = ((String) obj).trim();
+ if (objStr.startsWith("{") && objStr.endsWith("}") && JsonSchemaUtil.INSTANCE.validateJson(objStr)) {
+ try {
+ Object dataObj = JsonUtil.INSTANCE.to((String) obj, Map.class);
+ // string能正常转换成map,则说明是json串,那么把dataObj进行递归替换变量后再转成json串
+ dataObj = replaceEnvVar(dataObj, options);
+ obj = JsonUtil.INSTANCE.toJson(dataObj, true);
+ } catch (Throwable e) {
+ // 转换不了map的字符串对象则直接替换
+ obj = ExprReplacementUtil.INSTANCE.parseExpression(
+ JsonUtil.INSTANCE.toJson(obj, true), options
+ );
+ }
+ } else if (objStr.startsWith("[") && objStr.endsWith("]") && JsonSchemaUtil.INSTANCE.validateJson(objStr)) {
+ try {
+ Object dataObj = JsonUtil.INSTANCE.to((String) obj, List.class);
+ // string能正常转成list,说明是json串,把dataObj进行递归替换变量后再转成json串
+ dataObj = replaceEnvVar(dataObj, options);
+ obj = JsonUtil.INSTANCE.toJson(dataObj, true);
+ } catch (Throwable e1) {
+ // 转换不了list的字符串对象则直接替换
+ obj = ExprReplacementUtil.INSTANCE.parseExpression(
+ JsonUtil.INSTANCE.toJson(obj, true), options
+ );
+ }
+ } else {
+ // 转换不了map或者list的字符串对象则直接替换
+ obj = ExprReplacementUtil.INSTANCE.parseExpression(
+ JsonUtil.INSTANCE.toJson(obj, true), options
+ );
+ }
+ }
+ return obj;
+ }
+
+ /**
+ * 判断对象是否是普通替换对象
+ * @param obj 需要把占位符替换环境变量的对象(对象如果是集合对象,注意要选择支持增加、删除等操作的集合类型,不要选择类似SingletonMap这种)
+ * @return 是否是普通替换对象
+ */
+ private static Boolean isNormalReplaceEnvVar(Object obj) {
+ return obj == null || ReflectUtil.INSTANCE.isNativeType(obj) || obj instanceof String;
+ }
+}
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParser.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParser.kt
index 161f22831f2..3624042aa80 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParser.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParser.kt
@@ -30,20 +30,14 @@ package com.tencent.devops.common.pipeline
import com.tencent.devops.common.api.util.JsonUtil
import com.tencent.devops.common.api.util.ObjectReplaceEnvVarUtil
import com.tencent.devops.common.expression.ExecutionContext
-import com.tencent.devops.common.expression.ExpressionParseException
-import com.tencent.devops.common.expression.ExpressionParser
-import com.tencent.devops.common.expression.context.ContextValueNode
-import com.tencent.devops.common.expression.context.DictionaryContextData
-import com.tencent.devops.common.expression.context.PipelineContextData
-import com.tencent.devops.common.expression.context.RuntimeDictionaryContextData
import com.tencent.devops.common.expression.context.RuntimeNamedValue
import com.tencent.devops.common.expression.expression.ExpressionOutput
import com.tencent.devops.common.expression.expression.IFunctionInfo
import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
-import org.apache.tools.ant.filters.StringInputStream
+import com.tencent.devops.common.pipeline.dialect.IPipelineDialect
+import com.tencent.devops.common.pipeline.utils.ExprReplacementUtil
import org.slf4j.LoggerFactory
-import java.io.BufferedReader
-import java.io.InputStreamReader
+import java.util.regex.Pattern
@Suppress(
"LoopWithTooManyJumpStatements",
@@ -56,6 +50,7 @@ import java.io.InputStreamReader
object EnvReplacementParser {
private val logger = LoggerFactory.getLogger(EnvReplacementParser::class.java)
+ private val expressionPattern = Pattern.compile("\\$[{]{2}([^$^{}]+)[}]{2}")
/**
* 根据环境变量map进行object处理并保持原类型
@@ -67,259 +62,75 @@ object EnvReplacementParser {
* @param output 表达式计算时输出
*/
fun parse(
- value: String?,
+ value: Any?,
contextMap: Map,
onlyExpression: Boolean? = false,
contextPair: Pair>? = null,
functions: Iterable? = null,
output: ExpressionOutput? = null
): String {
- if (value.isNullOrBlank()) return ""
- return if (onlyExpression == true) {
- try {
- val (context, nameValues) = contextPair
- ?: getCustomExecutionContextByMap(contextMap)
- ?: return value
- parseExpression(
- value = value,
- context = context,
- nameValues = nameValues,
- functions = functions,
- output = output
- )
- } catch (ignore: Throwable) {
- logger.warn("[$value]|EnvReplacementParser expression invalid: ", ignore)
- value
- }
- } else {
- ObjectReplaceEnvVarUtil.replaceEnvVar(value, contextMap).let {
- JsonUtil.toJson(it, false)
- }
- }
- }
-
- fun getCustomExecutionContextByMap(
- variables: Map,
- extendNamedValueMap: List? = null
- ): Pair>? {
- try {
- val context = ExecutionContext(DictionaryContextData())
- val nameValue = mutableListOf()
- extendNamedValueMap?.forEach { namedValue ->
- nameValue.add(NamedValueInfo(namedValue.key, ContextValueNode()))
- context.expressionValues.add(
- namedValue.key,
- RuntimeDictionaryContextData(namedValue)
- )
- }
- ExpressionParser.fillContextByMap(variables, context, nameValue)
- return Pair(context, nameValue)
- } catch (ignore: Throwable) {
- logger.warn("EnvReplacementParser context invalid: $variables", ignore)
- return null
- }
- }
-
- private fun parseExpression(
- value: String,
- nameValues: List,
- context: ExecutionContext,
- functions: Iterable? = null,
- output: ExpressionOutput? = null
- ): String {
- val strReader = InputStreamReader(StringInputStream(value))
- val bufferReader = BufferedReader(strReader)
- val newValue = StringBuilder()
- try {
- var line = bufferReader.readLine()
- while (line != null) {
- // 跳过空行和注释行
- val blocks = findExpressions(line)
- if (line.isBlank() || blocks.isEmpty()) {
- newValue.append(line).append("\n")
- line = bufferReader.readLine()
- continue
- }
- val onceResult = parseExpressionLine(
- value = line,
- blocks = blocks,
- context = context,
- nameValues = nameValues,
- functions = functions,
- output = output
- )
-
- val newLine = findExpressions(onceResult).let {
- if (it.isEmpty()) {
- onceResult
- } else {
- parseExpressionLine(
- value = onceResult,
- blocks = it,
- context = context,
- nameValues = nameValues,
- functions = functions,
- output = output
- )
- }
- }
- newValue.append(newLine).append("\n")
- line = bufferReader.readLine()
- }
- } finally {
- strReader.close()
- bufferReader.close()
- }
- return newValue.toString().removeSuffix("\n")
+ val options = ExprReplacementOptions(
+ contextMap = contextMap,
+ contextPair = contextPair,
+ functions = functions,
+ output = output
+ )
+ return parse(value = value, onlyExpression = onlyExpression, options = options)
}
/**
- * 解析表达式,根据 findExpressions 寻找的括号优先级进行解析
+ * 根据环境变量map进行object处理并保持原类型
+ * 根据方言的配置判断是否能够使用${}或者变量值是否存在
*/
- private fun parseExpressionLine(
- value: String,
- blocks: List>,
- nameValues: List,
- context: ExecutionContext,
+ fun parse(
+ value: Any?,
+ contextMap: Map,
+ dialect: IPipelineDialect,
+ contextPair: Pair>? = null,
functions: Iterable? = null,
output: ExpressionOutput? = null
): String {
- var chars = value.toList()
- blocks.forEachIndexed nextBlockLevel@{ blockLevel, blocksInLevel ->
- blocksInLevel.forEachIndexed nextBlock@{ blockI, block ->
- // 表达式因为含有 ${{ }} 所以起始向后推3位,末尾往前推两位
- val expression = chars.joinToString("").substring(block.startIndex + 3, block.endIndex - 1)
- if (expression.isBlank()) return@nextBlock
- var result = try {
- ExpressionParser.createTree(expression, null, nameValues, functions)!!
- .evaluate(null, context, null, output).value.let {
- if (it is PipelineContextData) it.fetchValue() else it
- }?.let {
- JsonUtil.toJson(it, false)
- } ?: ""
- } catch (ignore: ExpressionParseException) {
- return@nextBlock
- }
-
- if ((blockLevel + 1 < blocks.size) &&
- !(
- (block.startIndex - 1 >= 0 && chars[block.startIndex - 1] == '.') ||
- (block.endIndex + 1 < chars.size && chars[block.endIndex + 1] == '.')
- )
- ) {
- result = "'$result'"
- }
-
- val charList = result.toList()
-
- // 将替换后的表达式嵌入原本的line
- val startSub = if (block.startIndex - 1 < 0) {
- listOf()
- } else {
- chars.slice(0 until block.startIndex)
- }
- val endSub = if (block.endIndex + 1 >= chars.size) {
- listOf()
- } else {
- chars.slice(block.endIndex + 1 until chars.size)
- }
- chars = startSub + charList + endSub
-
- // 将替换后的字符查传递给后边的括号位数
- val diffNum = charList.size - (block.endIndex - block.startIndex + 1)
- blocks.forEachIndexed { i, bl ->
- bl.forEachIndexed level@{ j, b ->
- if (i <= blockLevel && j <= blockI) {
- return@level
- }
- if (blocks[i][j].startIndex > block.endIndex) {
- blocks[i][j].startIndex += diffNum
- }
- if (blocks[i][j].endIndex > block.endIndex) {
- blocks[i][j].endIndex += diffNum
- }
- }
- }
- }
- }
-
- return chars.joinToString("")
+ val options = ExprReplacementOptions(
+ contextMap = contextMap,
+ contextNotNull = !dialect.supportMissingVar(),
+ contextPair = contextPair,
+ functions = functions,
+ output = output
+ )
+ return parse(
+ value = value,
+ onlyExpression = dialect.supportUseExpression(),
+ options = options
+ )
}
- /**
- * 寻找语句中包含 ${{}}的表达式的位置,返回成对的位置坐标,并根据优先级排序
- * 优先级算法目前暂定为 从里到外,从左到右
- * @param levelMax 返回的最大层数,从深到浅。默认为2层
- * 例如: 替换顺序如数字所示 ${{ 4 ${{ 2 ${{ 1 }} }} ${{ 3 }} }}
- * @return [ 层数次序 [ 括号 ] ] [[1], [2, 3], [4]]]]
- */
- private fun findExpressions(condition: String, levelMax: Int = 2): List> {
- val stack = ArrayDeque()
- var index = 0
- val chars = condition.toCharArray()
- val levelMap = mutableMapOf>()
- while (index < chars.size) {
- if (index + 2 < chars.size && chars[index] == '$' && chars[index + 1] == '{' && chars[index + 2] == '{'
- ) {
- stack.addLast(index)
- index += 3
- continue
- }
-
- if (index + 1 < chars.size && chars[index] == '}' && chars[index + 1] == '}'
- ) {
- val start = stack.removeLastOrNull()
- if (start != null) {
- // 栈里剩下几个前括号,这个完整括号的优先级就是多少
- val level = stack.size + 1
- if (levelMap.containsKey(level)) {
- levelMap[level]!!.add(ExpressionBlock(start, index + 1))
- } else {
- levelMap[level] = mutableListOf(ExpressionBlock(start, index + 1))
- }
- }
- index += 2
- continue
- }
-
- index++
- }
-
- if (levelMap.isEmpty()) {
- return listOf()
+ fun parse(
+ value: Any?,
+ onlyExpression: Boolean?,
+ options: ExprReplacementOptions
+ ): String {
+ if (value == null) return ""
+ return if (onlyExpression == true) {
+ ExprReplaceEnvVarUtil.replaceEnvVar(value, options)
+ } else {
+ ObjectReplaceEnvVarUtil.replaceEnvVar(value, options.contextMap)
+ }.let {
+ JsonUtil.toJson(it, false)
}
+ }
- val result = mutableListOf>()
- var max = 0
- var listIndex = 0
- run end@{
- levelMap.keys.sortedDescending().forEach result@{ level ->
- val blocks = levelMap[level] ?: return@result
- blocks.sortBy { it.startIndex }
- blocks.forEach { block ->
- if (result.size < listIndex + 1) {
- result.add(mutableListOf(block))
- } else {
- result[listIndex].add(block)
- }
- }
- listIndex++
- max++
- if (max == levelMax) {
- return@end
- }
- }
- }
- return result
+ fun getCustomExecutionContextByMap(
+ variables: Map,
+ extendNamedValueMap: List? = null
+ ): Pair>? {
+ return ExprReplacementUtil.getCustomExecutionContextByMap(
+ variables = variables,
+ extendNamedValueMap = extendNamedValueMap
+ )
}
- /**
- * 表达式括号项 ${{ }}
- * @param startIndex 括号开始位置即 $ 位置
- * @param endIndex 括号结束位置即最后一个 } 位置
- */
- data class ExpressionBlock(
- var startIndex: Int,
- var endIndex: Int
- )
+ fun containsExpressions(value: String?): Boolean {
+ if (value == null) return false
+ return expressionPattern.matcher(value).find()
+ }
}
diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceGroupStrategyResource.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/ExprReplacementOptions.kt
similarity index 61%
rename from src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceGroupStrategyResource.kt
rename to src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/ExprReplacementOptions.kt
index 76dbfab87d4..b3f0abd8989 100644
--- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/service/ServiceGroupStrategyResource.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/ExprReplacementOptions.kt
@@ -25,24 +25,25 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.api.service
+package com.tencent.devops.common.pipeline
-import com.tencent.devops.auth.pojo.StrategyEntity
-import io.swagger.v3.oas.annotations.tags.Tag
-import io.swagger.v3.oas.annotations.Operation
-import javax.ws.rs.Consumes
-import javax.ws.rs.GET
-import javax.ws.rs.Path
-import javax.ws.rs.Produces
-import javax.ws.rs.core.MediaType
+import com.tencent.devops.common.expression.ExecutionContext
+import com.tencent.devops.common.expression.expression.ExpressionOutput
+import com.tencent.devops.common.expression.expression.IFunctionInfo
+import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
+import io.swagger.v3.oas.annotations.media.Schema
-@Tag(name = "AUTH_GROUP_STRATEGY", description = "权限-用户-策略")
-@Path("/service/auth/strategy")
-@Produces(MediaType.APPLICATION_JSON)
-@Consumes(MediaType.APPLICATION_JSON)
-interface ServiceGroupStrategyResource {
- @GET
- @Path("/getGroupStrategy")
- @Operation(summary = "获取组策略")
- fun getGroupStrategy(): List
-}
+/**
+ * 表达式替换上下文
+ */
+@Schema(title = "表达式替换参数")
+data class ExprReplacementOptions(
+ @get:Schema(title = "环境变量", required = true)
+ val contextMap: Map,
+ @get:Schema(title = "值是否能不存在", required = true)
+ val contextNotNull: Boolean = false,
+ @get:Schema(title = "表达式上下文", required = true)
+ val contextPair: Pair>? = null,
+ val functions: Iterable? = null,
+ val output: ExpressionOutput? = null
+)
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/PipelineVersionWithModel.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/PipelineVersionWithModel.kt
index 88ce275873f..6717fea9cf5 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/PipelineVersionWithModel.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/PipelineVersionWithModel.kt
@@ -51,5 +51,9 @@ data class PipelineVersionWithModel(
@get:Schema(title = "是否支持YAML解析", required = true)
val yamlSupported: Boolean,
@get:Schema(title = "YAML解析异常信息")
- val yamlInvalidMsg: String?
+ val yamlInvalidMsg: String?,
+ @get:Schema(title = "更新操作人", required = true)
+ val updater: String?,
+ @get:Schema(title = "版本修改时间", required = true)
+ val updateTime: Long?
)
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionUrlServiceImpl.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/ClassicPipelineDialect.kt
similarity index 73%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionUrlServiceImpl.kt
rename to src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/ClassicPipelineDialect.kt
index f1a00323d0f..8b090955d07 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionUrlServiceImpl.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/ClassicPipelineDialect.kt
@@ -25,18 +25,21 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.provider.sample.service
+package com.tencent.devops.common.pipeline.dialect
-import com.tencent.devops.auth.pojo.PermissionUrlDTO
-import com.tencent.devops.auth.service.iam.PermissionUrlService
-import com.tencent.devops.common.api.pojo.Result
+/**
+ * 传统模式流水线方言
+ */
+class ClassicPipelineDialect : IPipelineDialect {
+ override fun getPipelineDialectType() = PipelineDialectType.CLASSIC.name
+
+ override fun supportUseExpression() = false
+
+ override fun supportUseSingleCurlyBracesVar() = true
+
+ override fun supportLongVarValue() = true
-class SamplePermissionUrlServiceImpl : PermissionUrlService {
- override fun getPermissionUrl(permissionUrlDTO: List): Result {
- return Result("")
- }
+ override fun supportChineseVarName() = true
- override fun getRolePermissionUrl(projectId: String, groupId: String?): String? {
- return null
- }
+ override fun supportMissingVar() = true
}
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/ConstrainedPipelineDialect.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/ConstrainedPipelineDialect.kt
new file mode 100644
index 00000000000..a3efb42ae1c
--- /dev/null
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/ConstrainedPipelineDialect.kt
@@ -0,0 +1,45 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.common.pipeline.dialect
+
+/**
+ * 约束模式语法风格
+ */
+class ConstrainedPipelineDialect : IPipelineDialect {
+ override fun getPipelineDialectType() = PipelineDialectType.CONSTRAINED.name
+
+ override fun supportUseExpression() = true
+
+ override fun supportUseSingleCurlyBracesVar() = false
+
+ override fun supportLongVarValue() = false
+
+ override fun supportChineseVarName() = false
+
+ override fun supportMissingVar() = false
+}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceGroupStrategyResourceImpl.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/IPipelineDialect.kt
similarity index 70%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceGroupStrategyResourceImpl.kt
rename to src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/IPipelineDialect.kt
index 1f76b72900e..c04fbff1d0a 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/service/ServiceGroupStrategyResourceImpl.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/IPipelineDialect.kt
@@ -25,19 +25,37 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.resources.service
+package com.tencent.devops.common.pipeline.dialect
-import com.tencent.devops.auth.api.service.ServiceGroupStrategyResource
-import com.tencent.devops.auth.pojo.StrategyEntity
-import com.tencent.devops.auth.service.StrategyService
-import com.tencent.devops.common.web.RestResource
-import org.springframework.beans.factory.annotation.Autowired
+/**
+ * 流水线语法风格
+ */
+interface IPipelineDialect {
+
+ fun getPipelineDialectType(): String
+
+ /**
+ * 支持插件变量使用表达式
+ */
+ fun supportUseExpression(): Boolean
+ /**
+ * 是否支持${}变量引用
+ *
+ */
+ fun supportUseSingleCurlyBracesVar(): Boolean
+
+ /**
+ * 是否支持长变量
+ */
+ fun supportLongVarValue(): Boolean
+
+ /**
+ * 是否支持中文变量名
+ */
+ fun supportChineseVarName(): Boolean
-@RestResource
-class ServiceGroupStrategyResourceImpl @Autowired constructor(
- private val strategyService: StrategyService
-) : ServiceGroupStrategyResource {
- override fun getGroupStrategy(): List {
- return strategyService.listStrategy()
- }
+ /**
+ * 是否支持变量不存在
+ */
+ fun supportMissingVar(): Boolean
}
diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionGradeService.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/PipelineDialectType.kt
similarity index 83%
rename from src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionGradeService.kt
rename to src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/PipelineDialectType.kt
index 4a69f0e4343..7ab9c207f71 100644
--- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/sample/service/SamplePermissionGradeService.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/PipelineDialectType.kt
@@ -25,12 +25,16 @@
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-package com.tencent.devops.auth.provider.sample.service
+package com.tencent.devops.common.pipeline.dialect
-import com.tencent.devops.auth.service.iam.PermissionGradeService
+/**
+ * 流水线语法风格
+ *
+ */
+enum class PipelineDialectType(val dialect: IPipelineDialect) {
+ // 传统模式
+ CLASSIC(ClassicPipelineDialect()),
-class SamplePermissionGradeService : PermissionGradeService {
- override fun checkGradeManagerUser(userId: String, projectId: Int) {
- TODO("Not yet implemented")
- }
+ // 约束模式
+ CONSTRAINED(ConstrainedPipelineDialect());
}
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/PipelineDialectUtil.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/PipelineDialectUtil.kt
new file mode 100644
index 00000000000..07b3c51f667
--- /dev/null
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/dialect/PipelineDialectUtil.kt
@@ -0,0 +1,115 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.common.pipeline.dialect
+
+import com.tencent.devops.common.api.pojo.PipelineAsCodeSettings
+import com.tencent.devops.common.pipeline.dialect.PipelineDialectType.CLASSIC
+import com.tencent.devops.common.pipeline.dialect.PipelineDialectType.CONSTRAINED
+import com.tencent.devops.common.pipeline.enums.ChannelCode
+
+object PipelineDialectUtil {
+ fun getPipelineDialect(pipelineDialectType: String?): IPipelineDialect {
+ return pipelineDialectType?.let {
+ PipelineDialectType.valueOf(it).dialect
+ } ?: CLASSIC.dialect
+ }
+
+ fun getPipelineDialect(asCodeSettings: PipelineAsCodeSettings?): IPipelineDialect {
+ if (asCodeSettings == null) return CLASSIC.dialect
+ return with(asCodeSettings) {
+ getPipelineDialect(
+ inheritedDialect = inheritedDialect,
+ projectDialect = projectDialect,
+ pipelineDialect = pipelineDialect
+ )
+ }
+ }
+
+ fun getPipelineDialect(
+ inheritedDialect: Boolean?,
+ projectDialect: String?,
+ pipelineDialect: String?
+ ): IPipelineDialect {
+ return getPipelineDialectType(
+ inheritedDialect = inheritedDialect,
+ projectDialect = projectDialect,
+ pipelineDialect = pipelineDialect
+ ).dialect
+ }
+
+ fun getPipelineDialectType(
+ inheritedDialect: Boolean?,
+ projectDialect: String?,
+ pipelineDialect: String?
+ ): PipelineDialectType {
+ return when {
+ // inheritedDialect为空和true都继承项目配置
+ inheritedDialect != false && projectDialect != null ->
+ PipelineDialectType.valueOf(projectDialect)
+
+ inheritedDialect == false && pipelineDialect != null ->
+ PipelineDialectType.valueOf(pipelineDialect)
+
+ else ->
+ CLASSIC
+ }
+ }
+
+ fun getPipelineDialectType(asCodeSettings: PipelineAsCodeSettings?): PipelineDialectType {
+ if (asCodeSettings == null) return CLASSIC
+ return with(asCodeSettings) {
+ getPipelineDialectType(
+ inheritedDialect = inheritedDialect,
+ projectDialect = projectDialect,
+ pipelineDialect = pipelineDialect
+ )
+ }
+ }
+
+ fun getPipelineDialectType(
+ channelCode: ChannelCode,
+ asCodeSettings: PipelineAsCodeSettings?
+ ): PipelineDialectType {
+ return when {
+ asCodeSettings == null -> CLASSIC
+ // stream并且开启pac需要使用制约模式
+ channelCode == ChannelCode.GIT && asCodeSettings.enable ->
+ CONSTRAINED
+
+ else -> {
+ with(asCodeSettings) {
+ getPipelineDialectType(
+ inheritedDialect = inheritedDialect,
+ projectDialect = projectDialect,
+ pipelineDialect = pipelineDialect
+ )
+ }
+ }
+ }
+ }
+}
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/event/CallBackData.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/event/CallBackData.kt
index 996d86cb0cb..5a5fec47db8 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/event/CallBackData.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/event/CallBackData.kt
@@ -85,25 +85,34 @@ class CallBackData(
val data: T
)
+/**
+ *
+ * @see com.tencent.devops.common.event.enums.PipelineBuildStatusBroadCastEventType
+ */
enum class CallBackEvent {
- DELETE_PIPELINE,
- CREATE_PIPELINE,
- UPDATE_PIPELINE,
- STREAM_ENABLED,
- RESTORE_PIPELINE,
- BUILD_START,
- BUILD_END,
- BUILD_TASK_START,
- BUILD_TASK_END,
- BUILD_STAGE_START,
- BUILD_STAGE_END,
- BUILD_JOB_START,
- BUILD_JOB_END,
- BUILD_TASK_PAUSE,
- PROJECT_CREATE,
- PROJECT_UPDATE,
- PROJECT_ENABLE,
- PROJECT_DISABLE
+ DELETE_PIPELINE, /*流水线删除*/
+ CREATE_PIPELINE, /*流水线创建*/
+ UPDATE_PIPELINE, /*流水线更新,包括model和setting。*/
+ STREAM_ENABLED, /*stream ci 开启/关闭*/
+ RESTORE_PIPELINE, /*流水线恢复*/
+
+ BUILD_QUEUE, /*构建排队,包含并发超限时排队、并发组排队。*/
+ BUILD_START, /*构建开始,不包含并发超限时排队、并发组排队。*/
+ BUILD_END, /*构建结束*/
+ BUILD_STAGE_START, /*stage开始*/
+ BUILD_STAGE_END, /*stage结束*/
+ BUILD_JOB_QUEUE, /*job排队,包含互斥组排队、构建机复用互斥排队、最大job并发排队。*/
+ BUILD_JOB_START, /*job开始,不包含BUILD_JOB_QUEUE。如果job SKIP或没有可执行的插件,就不会有该事件。*/
+ BUILD_JOB_END, /*job结束,job SKIP或没有可执行的插件时会有该事件。*/
+ BUILD_AGENT_START, /*构建机启动,现在仅包含第三方构建机*/
+ BUILD_TASK_START, /*插件开始*/
+ BUILD_TASK_END, /*插件结束*/
+ BUILD_TASK_PAUSE, /*插件前置暂停*/
+
+ PROJECT_CREATE, /*项目创建*/
+ PROJECT_UPDATE, /*项目更新*/
+ PROJECT_ENABLE, /*项目启用*/
+ PROJECT_DISABLE /*项目禁用*/
}
data class PipelineEvent(
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/extend/ModelCheckPlugin.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/extend/ModelCheckPlugin.kt
index a4da973a95b..7b66e9ffca4 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/extend/ModelCheckPlugin.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/extend/ModelCheckPlugin.kt
@@ -30,6 +30,7 @@ package com.tencent.devops.common.pipeline.extend
import com.tencent.devops.common.api.exception.ErrorCodeException
import com.tencent.devops.common.pipeline.Model
import com.tencent.devops.common.pipeline.container.Container
+import com.tencent.devops.common.pipeline.dialect.IPipelineDialect
import com.tencent.devops.common.pipeline.option.JobControlOption
import com.tencent.devops.common.pipeline.pojo.element.Element
import com.tencent.devops.common.pipeline.pojo.element.atom.BeforeDeleteParam
@@ -45,6 +46,7 @@ interface ModelCheckPlugin {
* 检查[model]编排的完整性,并返回[JobSize + ElementSize = MetaSize]所有元素数量
* @param userId 操作人
* @param oauthUser 当前流水线权限代持人
+ * @param pipelineDialect 流水线方言,只有新增/编辑流水线或模版时才需要传入
* @throws RuntimeException 子类 将检查失败或异常的以[ErrorCodeException]类抛出
*/
@Throws(ErrorCodeException::class)
@@ -53,7 +55,8 @@ interface ModelCheckPlugin {
projectId: String?,
userId: String,
isTemplate: Boolean = false,
- oauthUser: String? = null
+ oauthUser: String? = null,
+ pipelineDialect: IPipelineDialect? = null
): Int
/**
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/option/MatrixControlOption.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/option/MatrixControlOption.kt
index c0deded3ff5..8a120250a09 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/option/MatrixControlOption.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/option/MatrixControlOption.kt
@@ -72,7 +72,7 @@ data class MatrixControlOption(
/**
* 根据[strategyStr], [includeCaseStr], [excludeCaseStr]计算后得到的矩阵配置
*/
- fun convertMatrixConfig(buildContext: Map, asCodeEnabled: Boolean? = false): MatrixConfig {
+ fun convertMatrixConfig(buildContext: Map): MatrixConfig {
val matrixConfig = try {
// 由于yaml和json结构不同,就不放在同一函数进行解析了
convertStrategyYaml(buildContext)
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/StagePauseCheck.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/StagePauseCheck.kt
index 54a00096db9..5238e314f49 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/StagePauseCheck.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/StagePauseCheck.kt
@@ -30,6 +30,7 @@ package com.tencent.devops.common.pipeline.pojo
import com.tencent.devops.common.api.util.UUIDUtil
import com.tencent.devops.common.api.util.timestampmilli
import com.tencent.devops.common.pipeline.EnvReplacementParser
+import com.tencent.devops.common.pipeline.dialect.IPipelineDialect
import com.tencent.devops.common.pipeline.enums.BuildStatus
import com.tencent.devops.common.pipeline.enums.ManualReviewAction
import com.tencent.devops.common.pipeline.option.StageControlOption
@@ -180,25 +181,44 @@ data class StagePauseCheck(
/**
* 进入审核流程前完成所有审核人变量替换
*/
- fun parseReviewVariables(variables: Map, asCodeEnabled: Boolean?) {
+ fun parseReviewVariables(variables: Map, dialect: IPipelineDialect) {
+ val contextPair = EnvReplacementParser.getCustomExecutionContextByMap(variables)
reviewGroups?.forEach { group ->
if (group.status != null) return@forEach
if (group.reviewers.isNotEmpty()) {
val reviewers = group.reviewers.joinToString(",")
- val realReviewers = EnvReplacementParser.parse(reviewers, variables, asCodeEnabled)
- .split(",").toList()
+ val realReviewers = EnvReplacementParser.parse(
+ value = reviewers,
+ contextMap = variables,
+ onlyExpression = dialect.supportUseExpression(),
+ contextPair = contextPair
+ ).split(",").toList()
group.reviewers = realReviewers
}
if (group.groups.isNotEmpty()) {
val groups = group.groups.joinToString(",")
- val realGroups = EnvReplacementParser.parse(groups, variables, asCodeEnabled)
- .split(",").toList()
+ val realGroups = EnvReplacementParser.parse(
+ value = groups,
+ contextMap = variables,
+ onlyExpression = dialect.supportUseExpression(),
+ contextPair = contextPair
+ ).split(",").toList()
group.groups = realGroups
}
}
- reviewDesc = EnvReplacementParser.parse(reviewDesc, variables, asCodeEnabled)
+ reviewDesc = EnvReplacementParser.parse(
+ value = reviewDesc,
+ contextMap = variables,
+ onlyExpression = dialect.supportUseExpression(),
+ contextPair = contextPair
+ )
notifyGroup = notifyGroup?.map {
- EnvReplacementParser.parse(it, variables, asCodeEnabled)
+ EnvReplacementParser.parse(
+ value = it,
+ contextMap = variables,
+ onlyExpression = dialect.supportUseExpression(),
+ contextPair = contextPair
+ )
}?.toMutableList()
reviewParams?.forEach { it.parseValueWithType(variables) }
}
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/TemplateInstanceCreateRequest.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/TemplateInstanceCreateRequest.kt
index c9bea63c3e8..9d9e8948e1d 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/TemplateInstanceCreateRequest.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/TemplateInstanceCreateRequest.kt
@@ -48,5 +48,9 @@ data class TemplateInstanceCreateRequest(
@get:Schema(title = "是否为空模板", required = false)
var emptyTemplate: Boolean? = false,
@get:Schema(title = "静态流水线组", required = false)
- var staticViews: List = emptyList()
+ var staticViews: List = emptyList(),
+ @get:Schema(title = "是否继承项目流水线语言风格", required = false)
+ var inheritedDialect: Boolean? = true,
+ @get:Schema(title = "流水线语言风格", required = false)
+ var pipelineDialect: String? = null
)
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/setting/PipelineSetting.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/setting/PipelineSetting.kt
index 0b20127f6a8..41c077ce668 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/setting/PipelineSetting.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/pojo/setting/PipelineSetting.kt
@@ -101,7 +101,9 @@ data class PipelineSetting(
pipelineId: String,
pipelineName: String,
maxPipelineResNum: Int? = null,
- failSubscription: Subscription? = null
+ failSubscription: Subscription? = null,
+ inheritedDialectSetting: Boolean? = null,
+ pipelineDialectSetting: String? = null
): PipelineSetting {
return PipelineSetting(
projectId = projectId,
@@ -117,7 +119,10 @@ data class PipelineSetting(
failSubscription = null,
successSubscriptionList = emptyList(),
failSubscriptionList = failSubscription?.let { listOf(it) },
- pipelineAsCodeSettings = PipelineAsCodeSettings()
+ pipelineAsCodeSettings = PipelineAsCodeSettings.initDialect(
+ inheritedDialect = inheritedDialectSetting,
+ pipelineDialect = pipelineDialectSetting
+ )
)
}
}
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/utils/EventUtils.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/utils/EventUtils.kt
index e2ba28f9420..44685a17626 100644
--- a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/utils/EventUtils.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/utils/EventUtils.kt
@@ -33,7 +33,11 @@ import com.tencent.devops.common.pipeline.event.CallBackEvent
@Suppress("ComplexMethod")
object EventUtils {
+ private val callBackEventMap = CallBackEvent.values().associateBy { it.name }
fun PipelineBuildStatusBroadCastEvent.toEventType(): CallBackEvent? {
+ if (type != null && callBackEventMap[type!!.name] != null) {
+ return callBackEventMap[type!!.name]
+ }
if (!taskId.isNullOrBlank()) {
if (actionType == ActionType.START) {
return CallBackEvent.BUILD_TASK_START
diff --git a/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/utils/ExprReplacementUtil.kt b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/utils/ExprReplacementUtil.kt
new file mode 100644
index 00000000000..6a923f71b0d
--- /dev/null
+++ b/src/backend/ci/core/common/common-pipeline/src/main/kotlin/com/tencent/devops/common/pipeline/utils/ExprReplacementUtil.kt
@@ -0,0 +1,324 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.common.pipeline.utils
+
+import com.tencent.devops.common.api.exception.VariableNotFoundException
+import com.tencent.devops.common.api.util.JsonUtil
+import com.tencent.devops.common.expression.ContextNotFoundException
+import com.tencent.devops.common.expression.ExecutionContext
+import com.tencent.devops.common.expression.ExpressionParseException
+import com.tencent.devops.common.expression.ExpressionParser
+import com.tencent.devops.common.expression.context.ContextValueNode
+import com.tencent.devops.common.expression.context.DictionaryContextData
+import com.tencent.devops.common.expression.context.PipelineContextData
+import com.tencent.devops.common.expression.context.RuntimeDictionaryContextData
+import com.tencent.devops.common.expression.context.RuntimeNamedValue
+import com.tencent.devops.common.expression.expression.EvaluationOptions
+import com.tencent.devops.common.expression.expression.ExpressionOutput
+import com.tencent.devops.common.expression.expression.IFunctionInfo
+import com.tencent.devops.common.expression.expression.ParseExceptionKind
+import com.tencent.devops.common.expression.expression.sdk.NamedValueInfo
+import com.tencent.devops.common.pipeline.ExprReplacementOptions
+import org.apache.tools.ant.filters.StringInputStream
+import org.slf4j.LoggerFactory
+import java.io.BufferedReader
+import java.io.InputStreamReader
+
+@Suppress(
+ "LoopWithTooManyJumpStatements",
+ "ComplexCondition",
+ "ComplexMethod",
+ "NestedBlockDepth",
+ "ReturnCount",
+ "LongParameterList"
+)
+object ExprReplacementUtil {
+ private val logger = LoggerFactory.getLogger(ExprReplacementUtil::class.java)
+
+ fun parseExpression(value: String, options: ExprReplacementOptions): String {
+ with(options) {
+ return try {
+ val (executeContext, nameValues) = contextPair
+ ?: getCustomExecutionContextByMap(contextMap)
+ ?: return value
+ parseExpression(
+ value = value,
+ context = executeContext,
+ nameValues = nameValues,
+ functions = functions,
+ output = output,
+ contextNotNull = contextNotNull
+ )
+ } catch (ex: VariableNotFoundException) {
+ throw ex
+ } catch (ignore: Throwable) {
+ logger.warn("[$value]|EnvReplacementParser expression invalid: ", ignore)
+ value
+ }
+ }
+ }
+
+ fun getCustomExecutionContextByMap(
+ variables: Map,
+ extendNamedValueMap: List? = null
+ ): Pair>? {
+ try {
+ val context = ExecutionContext(DictionaryContextData())
+ val nameValue = mutableListOf()
+ extendNamedValueMap?.forEach { namedValue ->
+ nameValue.add(NamedValueInfo(namedValue.key, ContextValueNode()))
+ context.expressionValues.add(
+ namedValue.key,
+ RuntimeDictionaryContextData(namedValue)
+ )
+ }
+ ExpressionParser.fillContextByMap(variables, context, nameValue)
+ return Pair(context, nameValue)
+ } catch (ignore: Throwable) {
+ logger.warn("EnvReplacementParser context invalid: $variables", ignore)
+ return null
+ }
+ }
+
+ private fun parseExpression(
+ value: String,
+ nameValues: List,
+ context: ExecutionContext,
+ functions: Iterable? = null,
+ output: ExpressionOutput? = null,
+ contextNotNull: Boolean
+ ): String {
+ val strReader = InputStreamReader(StringInputStream(value))
+ val bufferReader = BufferedReader(strReader)
+ val newValue = StringBuilder()
+ try {
+ var line = bufferReader.readLine()
+ while (line != null) {
+ // 跳过空行和注释行
+ val blocks = findExpressions(line)
+ if (line.isBlank() || blocks.isEmpty()) {
+ newValue.append(line).append("\n")
+ line = bufferReader.readLine()
+ continue
+ }
+ val onceResult = parseExpressionLine(
+ value = line,
+ blocks = blocks,
+ context = context,
+ nameValues = nameValues,
+ functions = functions,
+ output = output,
+ contextNotNull = contextNotNull
+ )
+
+ val newLine = findExpressions(onceResult).let {
+ if (it.isEmpty()) {
+ onceResult
+ } else {
+ parseExpressionLine(
+ value = onceResult,
+ blocks = it,
+ context = context,
+ nameValues = nameValues,
+ functions = functions,
+ output = output,
+ contextNotNull = contextNotNull
+ )
+ }
+ }
+ newValue.append(newLine).append("\n")
+ line = bufferReader.readLine()
+ }
+ } finally {
+ strReader.close()
+ bufferReader.close()
+ }
+ return newValue.toString().removeSuffix("\n")
+ }
+
+ /**
+ * 解析表达式,根据 findExpressions 寻找的括号优先级进行解析
+ */
+ private fun parseExpressionLine(
+ value: String,
+ blocks: List>,
+ nameValues: List,
+ context: ExecutionContext,
+ functions: Iterable? = null,
+ output: ExpressionOutput? = null,
+ contextNotNull: Boolean
+ ): String {
+ var chars = value.toList()
+ blocks.forEachIndexed nextBlockLevel@{ blockLevel, blocksInLevel ->
+ blocksInLevel.forEachIndexed nextBlock@{ blockI, block ->
+ // 表达式因为含有 ${{ }} 所以起始向后推3位,末尾往前推两位
+ val expression = chars.joinToString("").substring(block.startIndex + 3, block.endIndex - 1)
+ if (expression.isBlank()) return@nextBlock
+ val options = EvaluationOptions(contextNotNull)
+ var result = try {
+ ExpressionParser.createTree(expression, null, nameValues, functions)!!
+ .evaluate(null, context, options, output).value.let {
+ if (it is PipelineContextData) it.fetchValue() else it
+ }?.let {
+ JsonUtil.toJson(it, false)
+ } ?: ""
+ } catch (ignore: ContextNotFoundException) {
+ throw VariableNotFoundException(
+ variableKey = options.contextNotNull.errKey()
+ )
+ } catch (ignore: ExpressionParseException) {
+ if (contextNotNull && ignore.kind == ParseExceptionKind.UnrecognizedNamedValue) {
+ throw VariableNotFoundException(
+ variableKey = ignore.expression
+ )
+ }
+ return@nextBlock
+ }
+
+ if ((blockLevel + 1 < blocks.size) &&
+ !(
+ (block.startIndex - 1 >= 0 && chars[block.startIndex - 1] == '.') ||
+ (block.endIndex + 1 < chars.size && chars[block.endIndex + 1] == '.')
+ )
+ ) {
+ result = "'$result'"
+ }
+
+ val charList = result.toList()
+
+ // 将替换后的表达式嵌入原本的line
+ val startSub = if (block.startIndex - 1 < 0) {
+ listOf()
+ } else {
+ chars.slice(0 until block.startIndex)
+ }
+ val endSub = if (block.endIndex + 1 >= chars.size) {
+ listOf()
+ } else {
+ chars.slice(block.endIndex + 1 until chars.size)
+ }
+ chars = startSub + charList + endSub
+
+ // 将替换后的字符查传递给后边的括号位数
+ val diffNum = charList.size - (block.endIndex - block.startIndex + 1)
+ blocks.forEachIndexed { i, bl ->
+ bl.forEachIndexed level@{ j, b ->
+ if (i <= blockLevel && j <= blockI) {
+ return@level
+ }
+ if (blocks[i][j].startIndex > block.endIndex) {
+ blocks[i][j].startIndex += diffNum
+ }
+ if (blocks[i][j].endIndex > block.endIndex) {
+ blocks[i][j].endIndex += diffNum
+ }
+ }
+ }
+ }
+ }
+
+ return chars.joinToString("")
+ }
+
+ /**
+ * 寻找语句中包含 ${{}}的表达式的位置,返回成对的位置坐标,并根据优先级排序
+ * 优先级算法目前暂定为 从里到外,从左到右
+ * @param levelMax 返回的最大层数,从深到浅。默认为2层
+ * 例如: 替换顺序如数字所示 ${{ 4 ${{ 2 ${{ 1 }} }} ${{ 3 }} }}
+ * @return [ 层数次序 [ 括号 ] ] [[1], [2, 3], [4]]]]
+ */
+ private fun findExpressions(condition: String, levelMax: Int = 2): List> {
+ val stack = ArrayDeque()
+ var index = 0
+ val chars = condition.toCharArray()
+ val levelMap = mutableMapOf>()
+ while (index < chars.size) {
+ if (index + 2 < chars.size && chars[index] == '$' && chars[index + 1] == '{' && chars[index + 2] == '{'
+ ) {
+ stack.addLast(index)
+ index += 3
+ continue
+ }
+
+ if (index + 1 < chars.size && chars[index] == '}' && chars[index + 1] == '}'
+ ) {
+ val start = stack.removeLastOrNull()
+ if (start != null) {
+ // 栈里剩下几个前括号,这个完整括号的优先级就是多少
+ val level = stack.size + 1
+ if (levelMap.containsKey(level)) {
+ levelMap[level]!!.add(ExpressionBlock(start, index + 1))
+ } else {
+ levelMap[level] = mutableListOf(ExpressionBlock(start, index + 1))
+ }
+ }
+ index += 2
+ continue
+ }
+
+ index++
+ }
+
+ if (levelMap.isEmpty()) {
+ return listOf()
+ }
+
+ val result = mutableListOf>()
+ var max = 0
+ var listIndex = 0
+ run end@{
+ levelMap.keys.sortedDescending().forEach result@{ level ->
+ val blocks = levelMap[level] ?: return@result
+ blocks.sortBy { it.startIndex }
+ blocks.forEach { block ->
+ if (result.size < listIndex + 1) {
+ result.add(mutableListOf(block))
+ } else {
+ result[listIndex].add(block)
+ }
+ }
+ listIndex++
+ max++
+ if (max == levelMax) {
+ return@end
+ }
+ }
+ }
+ return result
+ }
+
+ /**
+ * 表达式括号项 ${{ }}
+ * @param startIndex 括号开始位置即 $ 位置
+ * @param endIndex 括号结束位置即最后一个 } 位置
+ */
+ data class ExpressionBlock(
+ var startIndex: Int,
+ var endIndex: Int
+ )
+}
diff --git a/src/backend/ci/core/common/common-pipeline/src/test/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParserTest.kt b/src/backend/ci/core/common/common-pipeline/src/test/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParserTest.kt
index fda0762b9c4..d41c80b7b5b 100644
--- a/src/backend/ci/core/common/common-pipeline/src/test/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParserTest.kt
+++ b/src/backend/ci/core/common/common-pipeline/src/test/kotlin/com/tencent/devops/common/pipeline/EnvReplacementParserTest.kt
@@ -346,10 +346,19 @@ internal class EnvReplacementParserTest {
val command8 = "echo \${{ variables.hello }}"
val command9 = "echo \${{ ci.workspace }}"
+ val command10 = mutableMapOf(
+ "params" to mutableListOf(
+ mutableMapOf(
+ "key" to "instance",
+ "value" to "\${{variables.instance}}"
+ )
+ )
+ )
val data = mapOf(
"variables.abc" to "variables.value",
- "variables.hello" to "hahahahaha"
+ "variables.hello" to "hahahahaha",
+ "variables.instance" to "{\"instances\":[{\"cluster\":\"ci-prod\",\"pod\":\"ci-123\"}]}"
)
// 与EnvUtils的差异点:不支持传可空对象
// Assertions.assertEquals("", EnvReplacementParser.parse(null, data))
@@ -396,6 +405,13 @@ internal class EnvReplacementParserTest {
onlyExpression = true
)
)
+ val command10Expected = """
+ {"params":[{"key":"instance","value":"{\"instances\":[{\"cluster\":\"ci-prod\",\"pod\":\"ci-123\"}]}"}]}
+ """.trimIndent()
+ Assertions.assertEquals(
+ command10Expected,
+ EnvReplacementParser.parse(command10, data, true)
+ )
}
@Test
@@ -559,4 +575,52 @@ echo true"""
println("template=$template\nreplaced=$buff\n")
Assertions.assertEquals(expect, buff)
}
+
+ @Test
+ fun containsExpressions() {
+ val command = "{\"age\": \${{age}} , \"sex\": \"boy\", \"name\": \${{name}}}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command))
+
+ val command1 = "hello \${{variables.abc}} world"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command1))
+
+ val command2 = "\${{variables.abc}}world"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command2))
+
+ val command3 = "hello\${{variables.abc}}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command3))
+
+ val command4 = "hello\${{variables.abc"
+ Assertions.assertFalse(EnvReplacementParser.containsExpressions(command4))
+
+ val command5 = "hello\${{variables.abc}"
+ Assertions.assertFalse(EnvReplacementParser.containsExpressions(command5))
+
+ val command6 = "hello\${variables.abc}}"
+ Assertions.assertFalse(EnvReplacementParser.containsExpressions(command6))
+
+ val command7 = "hello\$variables.abc}}"
+ Assertions.assertFalse(EnvReplacementParser.containsExpressions(command7))
+
+ val command8 = "echo \${{ variables.hello }}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command8))
+
+ val command9 = "echo \${{ ci.workspace }} || \${{variables.hello}}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command9))
+
+ val command10 = "echo \${{ ci.xyz == 'zzzz' }}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command10))
+
+ val command11 = "echo \${{ variables.xyz == 'zzzz' }}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command11))
+
+ val command12 = "echo \${{ strToTime(variables.date) > strToTime('2023-03-16 12:06:21') }}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command12))
+
+ val command13 = "echo \${{ strToTime(variables.date) > strToTime('2023-03-14 12:06:21') }}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command13))
+
+ val command14 = "\${{ strToTime(\${{variables.date}}) > strToTime('2023-03-14 12:06:21') }}"
+ Assertions.assertTrue(EnvReplacementParser.containsExpressions(command14))
+ }
}
diff --git a/src/backend/ci/core/common/common-pipeline/src/test/kotlin/com/tencent/devops/common/pipeline/ExprReplaceEnvVarUtilTest.kt b/src/backend/ci/core/common/common-pipeline/src/test/kotlin/com/tencent/devops/common/pipeline/ExprReplaceEnvVarUtilTest.kt
new file mode 100644
index 00000000000..f6a11c54c0a
--- /dev/null
+++ b/src/backend/ci/core/common/common-pipeline/src/test/kotlin/com/tencent/devops/common/pipeline/ExprReplaceEnvVarUtilTest.kt
@@ -0,0 +1,319 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+package com.tencent.devops.common.pipeline
+
+import com.tencent.devops.common.api.util.JsonUtil
+import com.tencent.devops.common.api.util.JsonUtil.toJson
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Test
+
+@Suppress("ALL", "UNCHECKED_CAST")
+class ExprReplaceEnvVarUtilTest {
+
+ private val envMap: MutableMap = HashMap()
+
+ @BeforeEach
+ fun setup() {
+ envMap["normalStrEnvVar"] = "123"
+ envMap["specStrEnvVar"] = "D:\\tmp\\hha"
+ envMap["jsonStrEnvVar"] = "{\"abc\":\"123\"}"
+ }
+
+ private val lineSeparator = System.getProperty("line.separator")
+ private val jsonExcept = "{$lineSeparator" +
+ " \"abc\" : \"变量替换测试_{\\\"abc\\\":\\\"123\\\"}\"$lineSeparator" +
+ "}"
+
+ private val arrayJsonExcept = "[ \"变量替换测试_{\\\"abc\\\":\\\"123\\\"}\" ]"
+
+ @Test
+ fun replaceList() {
+ val testBean = TestBean(
+ testBeanKey = "bean变量替换测试_\${{specStrEnvVar}}",
+ testBeanValue = "{\"abc\":\"变量替换测试_\${{jsonStrEnvVar}}\"}"
+ )
+ // 对list对象进行变量替换
+ val originDataListObj = ArrayList