feat：同步并分表存储资源组权限数据 TencentBlueKing#10964

fcfang123 · Sep 23, 2024 · 0d3aee0 · 0d3aee0
1 parent 8867a47
commit 0d3aee0
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 11 deletions.
diff --git a/...h/src/main/kotlin/com/tencent/devops/auth/api/sync/OpAuthResourceGroupPermSyncResource.kt b/...h/src/main/kotlin/com/tencent/devops/auth/api/sync/OpAuthResourceGroupPermSyncResource.kt
@@ -28,6 +28,7 @@
 package com.tencent.devops.auth.api.sync
 
 import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.pojo.ProjectConditionDTO
 import io.swagger.v3.oas.annotations.Operation
 import io.swagger.v3.oas.annotations.Parameter
 import io.swagger.v3.oas.annotations.tags.Tag
@@ -42,12 +43,19 @@ import javax.ws.rs.core.MediaType
 @Produces(MediaType.APPLICATION_JSON)
 @Consumes(MediaType.APPLICATION_JSON)
 interface OpAuthResourceGroupPermSyncResource {
-
     @POST
     @Path("/syncProject")
     @Operation(summary = "按条件同步组和成员")
     fun syncProject(
         @Parameter(description = "按条件迁移项目实体", required = true)
         projectIds: List<String>
     ): Result<Boolean>
+
+    @POST
+    @Path("/syncByCondition")
+    @Operation(summary = "按条件同步组和成员")
+    fun syncByCondition(
+        @Parameter(description = "按条件迁移项目实体", required = true)
+        projectConditionDTO: ProjectConditionDTO
+    ): Result<Boolean>
 }
diff --git a/...tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupPermissionService.kt b/...tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupPermissionService.kt
@@ -40,14 +40,20 @@ import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo
 import com.tencent.devops.auth.service.AuthMonitorSpaceService
 import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService
 import com.tencent.devops.common.api.exception.ErrorCodeException
+import com.tencent.devops.common.api.util.PageUtil
 import com.tencent.devops.common.auth.api.AuthResourceType
+import com.tencent.devops.common.auth.api.pojo.ProjectConditionDTO
 import com.tencent.devops.common.client.Client
+import com.tencent.devops.common.service.trace.TraceTag
 import com.tencent.devops.common.web.utils.I18nUtil
 import com.tencent.devops.project.api.service.ServiceAllocIdResource
+import com.tencent.devops.project.api.service.ServiceProjectResource
 import org.jooq.DSLContext
 import org.jooq.impl.DSL
 import org.slf4j.LoggerFactory
+import org.slf4j.MDC
 import org.springframework.beans.factory.annotation.Value
+import java.util.concurrent.Executors
 
 @Suppress("LongParameterList")
 class RbacPermissionResourceGroupPermissionService(
@@ -73,6 +79,8 @@ class RbacPermissionResourceGroupPermissionService(
         private val logger = LoggerFactory.getLogger(RbacPermissionResourceGroupPermissionService::class.java)
         private const val AUTH_RESOURCE_GROUP_PERMISSION_ID_TAG = "AUTH_RESOURCE_GROUP_PERMISSION_ID"
         private const val ALL_RESOURCE = "*"
+        private val syncExecutorService = Executors.newFixedThreadPool(5)
+        private val syncProjectsExecutorService = Executors.newFixedThreadPool(10)
     }
 
     override fun getGroupPermissionDetail(groupId: Int): Map<String, List<GroupPermissionDetailVo>> {
@@ -211,17 +219,43 @@ class RbacPermissionResourceGroupPermissionService(
     }
 
     override fun syncProject(projectCode: String): Boolean {
-        logger.info("sync project group permissions:$projectCode")
-        val iamGroupIds = authResourceGroupDao.listIamGroupIdsByConditions(
-            dslContext = dslContext,
-            projectCode = projectCode
-        )
-        logger.debug("sync project group permissions iamGroupIds:{}", iamGroupIds)
-        iamGroupIds.forEach {
-            syncGroup(
-                projectCode = projectCode,
-                groupId = it
+        val traceId = MDC.get(TraceTag.BIZID)
+        syncProjectsExecutorService.submit {
+            MDC.put(TraceTag.BIZID, traceId)
+            logger.info("sync project group permissions:$projectCode")
+            val iamGroupIds = authResourceGroupDao.listIamGroupIdsByConditions(
+                dslContext = dslContext,
+                projectCode = projectCode
             )
+            logger.debug("sync project group permissions iamGroupIds:{}", iamGroupIds)
+            iamGroupIds.forEach {
+                syncGroup(
+                    projectCode = projectCode,
+                    groupId = it
+                )
+            }
+        }
+        return true
+    }
+
+    override fun syncByCondition(projectConditionDTO: ProjectConditionDTO): Boolean {
+        logger.info("start to sync group permissions by condition by condition|$projectConditionDTO")
+        val traceId = MDC.get(TraceTag.BIZID)
+        syncExecutorService.submit {
+            MDC.put(TraceTag.BIZID, traceId)
+            var offset = 0
+            val limit = PageUtil.MAX_PAGE_SIZE / 2
+            do {
+                val projectCodes = client.get(ServiceProjectResource::class).listProjectsByCondition(
+                    projectConditionDTO = projectConditionDTO,
+                    limit = limit,
+                    offset = offset
+                ).data ?: break
+                projectCodes.forEach {
+                    syncProject(it.englishName)
+                }
+                offset += limit
+            } while (projectCodes.size == limit)
         }
         return true
     }

diff --git a/...ent/devops/auth/provider/sample/service/SamplePermissionResourceGroupPermissionService.kt b/...ent/devops/auth/provider/sample/service/SamplePermissionResourceGroupPermissionService.kt
@@ -30,6 +30,7 @@ package com.tencent.devops.auth.provider.sample.service
 
 import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo
 import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService
+import com.tencent.devops.common.auth.api.pojo.ProjectConditionDTO
 
 class SamplePermissionResourceGroupPermissionService : PermissionResourceGroupPermissionService {
     override fun getGroupPermissionDetail(
@@ -49,4 +50,6 @@ class SamplePermissionResourceGroupPermissionService : PermissionResourceGroupPe
     override fun syncProject(
         projectCode: String
     ): Boolean = true
+
+    override fun syncByCondition(projectConditionDTO: ProjectConditionDTO): Boolean = true
 }
diff --git a/.../main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt b/.../main/kotlin/com/tencent/devops/auth/resources/OpAuthResourceGroupPermSyncResourceImpl.kt
@@ -30,6 +30,7 @@ package com.tencent.devops.auth.resources
 import com.tencent.devops.auth.api.sync.OpAuthResourceGroupPermSyncResource
 import com.tencent.devops.auth.service.iam.PermissionResourceGroupPermissionService
 import com.tencent.devops.common.api.pojo.Result
+import com.tencent.devops.common.auth.api.pojo.ProjectConditionDTO
 import com.tencent.devops.common.web.RestResource
 import org.springframework.beans.factory.annotation.Autowired
 
@@ -43,4 +44,9 @@ class OpAuthResourceGroupPermSyncResourceImpl @Autowired constructor(
         }
         return Result(true)
     }
+
+    override fun syncByCondition(projectConditionDTO: ProjectConditionDTO): Result<Boolean> {
+        permissionResourceGroupPermissionService.syncByCondition(projectConditionDTO)
+        return Result(true)
+    }
 }
diff --git a/...in/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupPermissionService.kt b/...in/kotlin/com/tencent/devops/auth/service/iam/PermissionResourceGroupPermissionService.kt
@@ -29,6 +29,7 @@
 package com.tencent.devops.auth.service.iam
 
 import com.tencent.devops.auth.pojo.vo.GroupPermissionDetailVo
+import com.tencent.devops.common.auth.api.pojo.ProjectConditionDTO
 
 interface PermissionResourceGroupPermissionService {
     fun getGroupPermissionDetail(groupId: Int): Map<String, List<GroupPermissionDetailVo>>
@@ -45,4 +46,8 @@ interface PermissionResourceGroupPermissionService {
     fun syncProject(
         projectCode: String,
     ): Boolean
+
+    fun syncByCondition(
+        projectConditionDTO: ProjectConditionDTO
+    ): Boolean
 }