feat: IAM回调添加项目审批人 TencentBlueKing#5228

Signed-off-by: fitzcao <cao150260819@126.com>
fitzcao · Sep 24, 2021 · 33e0b62 · 33e0b62
1 parent 666bffd
commit 33e0b62
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 4 deletions.
diff --git a/src/backend/ci/core/project/biz-project/build.gradle.kts b/src/backend/ci/core/project/biz-project/build.gradle.kts
@@ -35,6 +35,7 @@ dependencies {
     api(project(":core:common:common-auth:common-auth-api"))
     api(project(":core:project:model-project"))
     api(project(":core:project:api-project"))
+    api(project(":core:auth:api-auth"))
     api(project(":core:artifactory:api-artifactory"))
 
     api("com.amazonaws:aws-java-sdk-s3")

diff --git a/...ct/biz-project/src/main/kotlin/com/tencent/devops/project/resources/AuthProjectService.kt b/...ct/biz-project/src/main/kotlin/com/tencent/devops/project/resources/AuthProjectService.kt
@@ -27,28 +27,42 @@
 
 package com.tencent.devops.project.resources
 
+import com.google.common.cache.CacheBuilder
 import com.tencent.bk.sdk.iam.dto.PageInfoDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.FetchInstanceInfoResponseDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.InstanceInfoDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.ListInstanceResponseDTO
 import com.tencent.bk.sdk.iam.dto.callback.response.SearchInstanceResponseDTO
+import com.tencent.devops.auth.api.service.ServiceProjectAuthResource
 import com.tencent.devops.common.auth.api.AuthTokenApi
+import com.tencent.devops.common.auth.api.pojo.BkAuthGroup
 import com.tencent.devops.common.auth.callback.AuthConstants
 import com.tencent.devops.common.auth.callback.FetchInstanceInfo
 import com.tencent.devops.common.auth.callback.ListInstanceInfo
 import com.tencent.devops.common.auth.callback.SearchInstanceInfo
+import com.tencent.devops.common.client.Client
+import com.tencent.devops.common.client.ClientTokenService
 import com.tencent.devops.project.pojo.enums.ProjectChannelCode
 import com.tencent.devops.project.service.ProjectService
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.stereotype.Service
+import java.util.concurrent.TimeUnit
 
 @Service
 class AuthProjectService @Autowired constructor(
     val projectService: ProjectService,
-    val authTokenApi: AuthTokenApi
+    val authTokenApi: AuthTokenApi,
+    val client: Client,
+    val tokenService: ClientTokenService,
 ) {
 
+    // 项目-管理员列表 缓存， 5分钟有效时间
+    private val projectManager = CacheBuilder.newBuilder()
+        .maximumSize(100)
+        .expireAfterWrite(5, TimeUnit.MINUTES)
+        .build<String, List<String>>()
+
     fun getProjectList(page: PageInfoDTO?, token: String): ListInstanceResponseDTO {
         logger.info("getProjectList page $page, token: $token ")
         authTokenApi.checkToken(token)
@@ -72,17 +86,27 @@ class AuthProjectService @Autowired constructor(
         return result.buildListInstanceResult(projectInfo, count)
     }
 
-    fun getProjectInfo(idList: List<String>, token: String): FetchInstanceInfoResponseDTO {
-        logger.info("getProjectInfo ids[$idList]")
+    fun getProjectInfo(
+        idList: List<String>,
+        token: String,
+        attribute: String
+    ): FetchInstanceInfoResponseDTO {
+        logger.info("getProjectInfo ids[$idList], attribute[$attribute]")
         authTokenApi.checkToken(token)
         val ids = idList.toSet()
         val projectInfo = projectService.list(ids)
         val entityList = mutableListOf<InstanceInfoDTO>()
+
         projectInfo?.map {
+            val approve = if (attribute.contains("_bk_iam_approver_")) {
+                getProjectManager(it.projectCode)
+            } else {
+                emptyList()
+            }
             val entity = InstanceInfoDTO()
             entity.id = it.englishName
             entity.displayName = it.projectName
-            entity.iamApprover = arrayListOf(it.creator)
+            entity.iamApprover = approve
             entityList.add(entity)
         }
         logger.info("entityInfo $entityList")
@@ -111,6 +135,19 @@ class AuthProjectService @Autowired constructor(
         return result.buildSearchInstanceResult(projectInfo, count)
     }
 
+    private fun getProjectManager(projectCode: String): List<String> {
+        if (projectManager.getIfPresent(projectCode) != null) {
+            return projectManager.getIfPresent(projectCode)!!
+        }
+        val managerUser = client.get(ServiceProjectAuthResource::class).getProjectUsers(
+            token = tokenService.getSystemToken(null)!!,
+            projectCode = projectCode,
+            group = BkAuthGroup.MANAGER
+        ).data ?: emptyList()
+        projectManager.put(projectCode, managerUser)
+        return managerUser
+    }
+
     companion object {
         val logger = LoggerFactory.getLogger(AuthProjectService::class.java)
     }

diff --git a/...ain/kotlin/com/tencent/devops/project/resources/ServiceProjectAuthCallBackResourceImpl.kt b/...ain/kotlin/com/tencent/devops/project/resources/ServiceProjectAuthCallBackResourceImpl.kt
@@ -47,6 +47,7 @@ class ServiceProjectAuthCallBackResourceImpl @Autowired constructor(
             }
             CallbackMethodEnum.FETCH_INSTANCE_INFO -> {
                 val ids = callBackInfo.filter.idList.map { it.toString() }
+                val attribute = callBackInfo.filter.attribute
                 return authProjectService.getProjectInfo(ids, token)
             }
             CallbackMethodEnum.SEARCH_INSTANCE -> {