From 40fffa38af18d998a11377cd70999f96d5d80bdb Mon Sep 17 00:00:00 2001 From: jsonwan Date: Sun, 18 Jul 2021 22:16:47 +0800 Subject: [PATCH] =?UTF-8?q?feature:=20=E6=8F=90=E4=BE=9B=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E6=BA=90=E7=AE=A1=E7=90=86=E3=80=81=E5=87=AD=E6=8D=AE=E7=AE=A1?= =?UTF-8?q?=E7=90=86=E7=9B=B8=E5=85=B3ESB=20API=20#92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 增加新建、更新凭据API --- src/backend/commons/common-web/build.gradle | 1 + .../web/model/InnerServiceResponse.java | 209 ++++++++++++++++++ .../service/CredentialService.java | 4 +- .../service/impl/CredentialServiceImpl.java | 11 +- .../impl/BaseRemoteFileReqGenServiceImpl.java | 12 +- .../bk/job/file/worker/model/req/BaseReq.java | 4 +- .../service/ArtifactoryBaseService.java | 4 +- .../worker/cos/service/COSBaseService.java | 4 +- .../api/esb/v3/EsbCredentialV3Resource.java | 52 +++++ .../EsbCreateOrUpdateCredentialV3Req.java | 85 +++++++ .../EsbCredentialSimpleInfoV3DTO.java | 38 ++++ .../service-job-manage/build.gradle | 1 + .../impl/v3/EsbCredentialResourceV3Impl.java | 126 +++++++++++ .../ServiceCredentialResourceClient.java | 35 +++ .../job/ticket/consts/CredentialTypeEnum.java | 18 +- ...edentialDTO.java => CommonCredential.java} | 2 +- .../inner/resp/ServiceBasicCredentialDTO.java | 43 ++++ .../inner/resp/ServiceCredentialDTO.java | 7 +- .../web/req/CredentialCreateUpdateReq.java | 32 +-- .../job-ticket/api-job-ticket/build.gradle | 1 + .../api/inner/ServiceCredentialResource.java | 33 +++ .../inner/ServiceCredentialResourceImpl.java | 61 ++++- .../ticket/dao/impl/CredentialDAOImpl.java | 30 ++- .../job/ticket/model/dto/CredentialDTO.java | 58 ++--- .../service/impl/CredentialServiceImpl.java | 2 +- 25 files changed, 779 insertions(+), 94 deletions(-) create mode 100644 src/backend/commons/common-web/src/main/java/com/tencent/bk/job/common/web/model/InnerServiceResponse.java create mode 100644 src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/v3/EsbCredentialV3Resource.java create mode 100644 src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/request/EsbCreateOrUpdateCredentialV3Req.java create mode 100644 src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/response/EsbCredentialSimpleInfoV3DTO.java create mode 100644 src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/impl/v3/EsbCredentialResourceV3Impl.java create mode 100644 src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/client/ServiceCredentialResourceClient.java rename src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/credential/{CommonCredentialDTO.java => CommonCredential.java} (98%) create mode 100644 src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceBasicCredentialDTO.java diff --git a/src/backend/commons/common-web/build.gradle b/src/backend/commons/common-web/build.gradle index 2685ffd418..1c3834f63c 100644 --- a/src/backend/commons/common-web/build.gradle +++ b/src/backend/commons/common-web/build.gradle @@ -29,6 +29,7 @@ dependencies { implementation project(":commons:common-spring-ext") implementation project(":commons:esb-sdk") implementation project(":commons:common-iam") + implementation 'io.springfox:springfox-swagger2' implementation "org.hibernate.validator:hibernate-validator" implementation('jakarta.validation:jakarta.validation-api') implementation "org.springframework.cloud:spring-cloud-starter-sleuth" diff --git a/src/backend/commons/common-web/src/main/java/com/tencent/bk/job/common/web/model/InnerServiceResponse.java b/src/backend/commons/common-web/src/main/java/com/tencent/bk/job/common/web/model/InnerServiceResponse.java new file mode 100644 index 0000000000..3ba5ab9dbf --- /dev/null +++ b/src/backend/commons/common-web/src/main/java/com/tencent/bk/job/common/web/model/InnerServiceResponse.java @@ -0,0 +1,209 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.common.web.model; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.tencent.bk.job.common.constant.ErrorCode; +import com.tencent.bk.job.common.exception.ServiceException; +import com.tencent.bk.job.common.i18n.service.MessageI18nService; +import com.tencent.bk.job.common.iam.model.AuthResult; +import com.tencent.bk.job.common.model.ValidateResult; +import com.tencent.bk.job.common.model.error.ErrorDetail; +import com.tencent.bk.job.common.model.permission.AuthResultVO; +import com.tencent.bk.job.common.util.ApplicationContextRegister; +import com.tencent.bk.job.common.util.JobContextUtil; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; +import lombok.ToString; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; + +@Slf4j +@Getter +@Setter +@ToString +@NoArgsConstructor +@ApiModel("服务间调用通用返回结构") +public class InnerServiceResponse { + public static final Integer SUCCESS_CODE = 0; + public static final Integer COMMON_FAIL_CODE = 1; + private static volatile MessageI18nService i18nService; + + @ApiModelProperty("是否成功") + private boolean success; + + @ApiModelProperty("返回码") + private Integer code; + + @ApiModelProperty("错误信息") + private String errorMsg; + + @ApiModelProperty("请求成功返回的数据") + private T data; + + @ApiModelProperty("请求 ID") + private String requestId; + + @ApiModelProperty("鉴权结果,当返回码为1238001时,该字段有值") + @JsonProperty("authResult") + private AuthResult authResult; + + @ApiModelProperty("错误详情") + @JsonProperty("errorDetail") + private ErrorDetail errorDetail; + + public InnerServiceResponse(Integer code, String errorMsg, T data) { + this.code = code; + this.errorMsg = errorMsg; + this.data = data; + this.requestId = JobContextUtil.getRequestId(); + } + + private static MessageI18nService getI18nService() { + if (i18nService == null) { + synchronized (InnerServiceResponse.class) { + if (i18nService == null) { + i18nService = ApplicationContextRegister.getBean(MessageI18nService.class); + } + } + } + return i18nService; + } + + public static InnerServiceResponse buildSuccessResp(T data) { + InnerServiceResponse resp = new InnerServiceResponse<>(SUCCESS_CODE, null, data); + resp.success = true; + return resp; + } + + public static InnerServiceResponse buildAuthFailResp(AuthResult authResult) { + MessageI18nService i18nService = getI18nService(); + String message = null; + if (i18nService != null) { + message = i18nService.getI18n(String.valueOf(ErrorCode.USER_NO_PERMISSION_COMMON)); + } else { + log.warn("cannot find available i18nService"); + } + InnerServiceResponse resp = new InnerServiceResponse(ErrorCode.USER_NO_PERMISSION_COMMON, message, null); + resp.success = false; + resp.authResult = authResult; + return resp; + } + + public static InnerServiceResponse buildCommonFailResp(String msg) { + InnerServiceResponse resp = new InnerServiceResponse<>(COMMON_FAIL_CODE, msg, null); + resp.success = false; + return resp; + } + + public static InnerServiceResponse buildCommonFailResp(Integer errorCode, String msg) { + InnerServiceResponse resp = new InnerServiceResponse<>(errorCode, msg, null); + resp.success = false; + return resp; + } + + public static InnerServiceResponse buildCommonFailResp(Integer errorCode) { + try { + getI18nService(); + } catch (Exception e) { + log.warn("cannot get i18nService from spring context"); + } + String errorMsg = null; + if (i18nService != null) { + errorMsg = i18nService.getI18n(errorCode.toString()); + } + InnerServiceResponse resp = new InnerServiceResponse<>(errorCode, errorMsg, null); + resp.success = false; + return resp; + } + + public static InnerServiceResponse buildCommonFailResp(Integer errorCode, MessageI18nService i18nService) { + String errorMsg = i18nService.getI18n(String.valueOf(errorCode)); + if (StringUtils.isEmpty(errorMsg)) { + errorMsg = String.valueOf(errorCode); + } + InnerServiceResponse resp = new InnerServiceResponse<>(errorCode, errorMsg, null); + resp.success = false; + return resp; + } + + public static InnerServiceResponse buildCommonFailResp(Integer errorCode, Object[] params) { + getI18nService(); + return buildCommonFailResp(errorCode, params, i18nService); + } + + public static InnerServiceResponse buildCommonFailResp(Integer errorCode, Object[] params, + MessageI18nService i18nService) { + String errorMsg = ""; + if (params != null && params.length > 0) { + errorMsg = i18nService.getI18nWithArgs(String.valueOf(errorCode), params); + } else { + errorMsg = i18nService.getI18n(String.valueOf(errorCode)); + } + if (StringUtils.isEmpty(errorMsg)) { + errorMsg = String.valueOf(errorCode); + } + InnerServiceResponse resp = new InnerServiceResponse<>(errorCode, errorMsg, null); + resp.success = false; + return resp; + } + + public static InnerServiceResponse buildCommonFailResp(ServiceException e, MessageI18nService i18nService) { + log.info("exception: {}|{}|{}", e.getErrorCode(), e.getErrorMsg(), e.getErrorParams()); + int errorCode = e.getErrorCode(); + String errorMsg = e.getErrorMsg(); + if (StringUtils.isEmpty(errorMsg)) { + errorMsg = i18nService.getI18nWithArgs(String.valueOf(errorCode), e.getErrorParams()); + log.info("{}", errorMsg); + } + if (StringUtils.isEmpty(errorMsg)) { + errorMsg = String.valueOf(errorCode); + } + return new InnerServiceResponse<>(e.getErrorCode(), errorMsg, null); + } + + public static InnerServiceResponse buildValidateFailResp(MessageI18nService i18nService, + ValidateResult validateResult) { + if (validateResult.getErrorParams() != null && validateResult.getErrorParams().length > 0) { + return InnerServiceResponse.buildCommonFailResp(validateResult.getErrorCode(), + i18nService.getI18nWithArgs(String.valueOf(validateResult.getErrorCode()), + validateResult.getErrorParams())); + } else { + return InnerServiceResponse.buildCommonFailResp(validateResult.getErrorCode(), + i18nService.getI18n(String.valueOf(validateResult.getErrorCode()))); + } + } + + public static InnerServiceResponse buildCommonFailResp(int errorCode, ErrorDetail errorDetail, + MessageI18nService i18nService) { + String errorMsg = i18nService.getI18n(String.valueOf(errorCode)); + InnerServiceResponse esbResp = new InnerServiceResponse<>(errorCode, errorMsg, null); + esbResp.setErrorDetail(errorDetail); + return esbResp; + } +} diff --git a/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/CredentialService.java b/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/CredentialService.java index e4622f4a84..21eb8886f2 100644 --- a/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/CredentialService.java +++ b/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/CredentialService.java @@ -24,7 +24,7 @@ package com.tencent.bk.job.file_gateway.service; -import com.tencent.bk.job.ticket.model.credential.CommonCredentialDTO; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; public interface CredentialService { @@ -34,5 +34,5 @@ public interface CredentialService { * @param id * @return */ - CommonCredentialDTO getCredentialById(Long appId, String id); + CommonCredential getCredentialById(Long appId, String id); } diff --git a/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/impl/CredentialServiceImpl.java b/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/impl/CredentialServiceImpl.java index 5af544e422..99847d8a57 100644 --- a/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/impl/CredentialServiceImpl.java +++ b/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/impl/CredentialServiceImpl.java @@ -28,7 +28,7 @@ import com.tencent.bk.job.common.util.json.JsonUtils; import com.tencent.bk.job.file_gateway.client.ServiceCredentialResourceClient; import com.tencent.bk.job.file_gateway.service.CredentialService; -import com.tencent.bk.job.ticket.model.credential.CommonCredentialDTO; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import com.tencent.bk.job.ticket.model.inner.resp.ServiceCredentialDTO; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; @@ -46,7 +46,7 @@ public CredentialServiceImpl(ServiceCredentialResourceClient credentialService) } @Override - public CommonCredentialDTO getCredentialById(Long appId, String id) { + public CommonCredential getCredentialById(Long appId, String id) { ServiceResponse credentialServiceResponse = credentialService.getCredentialById(appId, id); ServiceCredentialDTO credentialDTO = credentialServiceResponse.getData(); @@ -54,11 +54,10 @@ public CommonCredentialDTO getCredentialById(Long appId, String id) { return null; } try { - CommonCredentialDTO commonCredentialDTO = JsonUtils.fromJson(credentialDTO.getValue(), - CommonCredentialDTO.class); + CommonCredential commonCredential = credentialDTO.getCredential(); // Type补全 - commonCredentialDTO.setType(credentialDTO.getType()); - return commonCredentialDTO; + commonCredential.setType(credentialDTO.getType()); + return commonCredential; } catch (Exception e) { log.error("credential not valid:{}", credentialDTO); return null; diff --git a/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/remote/impl/BaseRemoteFileReqGenServiceImpl.java b/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/remote/impl/BaseRemoteFileReqGenServiceImpl.java index c5c7c12fb9..0fdbbddeb8 100644 --- a/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/remote/impl/BaseRemoteFileReqGenServiceImpl.java +++ b/src/backend/job-file-gateway/service-job-file-gateway/src/main/java/com/tencent/bk/job/file_gateway/service/remote/impl/BaseRemoteFileReqGenServiceImpl.java @@ -30,7 +30,7 @@ import com.tencent.bk.job.file_gateway.model.dto.FileSourceDTO; import com.tencent.bk.job.file_gateway.model.dto.FileWorkerDTO; import com.tencent.bk.job.file_gateway.service.CredentialService; -import com.tencent.bk.job.ticket.model.credential.CommonCredentialDTO; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Service; @@ -55,14 +55,14 @@ protected String fillBaseReqGetUrl(BaseReq req, Long appId, FileWorkerDTO fileWo FileSourceDTO fileSourceDTO, String url) { String completeUrl = getCompleteUrl(fileWorkerDTO, url); String credentialId = fileSourceDTO.getCredentialId(); - CommonCredentialDTO commonCredentialDTO = null; + CommonCredential commonCredential = null; if (StringUtils.isNotBlank(credentialId)) { - commonCredentialDTO = credentialService.getCredentialById(fileSourceDTO.getAppId(), + commonCredential = credentialService.getCredentialById(fileSourceDTO.getAppId(), fileSourceDTO.getCredentialId()); } - if (commonCredentialDTO != null) { - req.setCredential(commonCredentialDTO); - log.debug("Credential of id {} is {}", credentialId, commonCredentialDTO); + if (commonCredential != null) { + req.setCredential(commonCredential); + log.debug("Credential of id {} is {}", credentialId, commonCredential); } else if (StringUtils.isNotBlank(credentialId)) { log.warn("Cannot find credential by id {}", credentialId); } diff --git a/src/backend/job-file-worker-sdk/api-job-file-worker-sdk/src/main/java/com/tencent/bk/job/file/worker/model/req/BaseReq.java b/src/backend/job-file-worker-sdk/api-job-file-worker-sdk/src/main/java/com/tencent/bk/job/file/worker/model/req/BaseReq.java index 322eeb8b3c..dc4e2ab5a9 100644 --- a/src/backend/job-file-worker-sdk/api-job-file-worker-sdk/src/main/java/com/tencent/bk/job/file/worker/model/req/BaseReq.java +++ b/src/backend/job-file-worker-sdk/api-job-file-worker-sdk/src/main/java/com/tencent/bk/job/file/worker/model/req/BaseReq.java @@ -24,7 +24,7 @@ package com.tencent.bk.job.file.worker.model.req; -import com.tencent.bk.job.ticket.model.credential.CommonCredentialDTO; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import lombok.Data; import lombok.EqualsAndHashCode; @@ -38,7 +38,7 @@ public class BaseReq { String fileSourceTypeCode; // 凭据信息 - CommonCredentialDTO credential; + CommonCredential credential; // 文件源信息Map Map fileSourceInfoMap; diff --git a/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/artifactory/service/ArtifactoryBaseService.java b/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/artifactory/service/ArtifactoryBaseService.java index 14055554db..f89601a2dc 100644 --- a/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/artifactory/service/ArtifactoryBaseService.java +++ b/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/artifactory/service/ArtifactoryBaseService.java @@ -25,7 +25,7 @@ package com.tencent.bk.job.file.worker.artifactory.service; import com.tencent.bk.job.file.worker.model.req.BaseReq; -import com.tencent.bk.job.ticket.model.credential.CommonCredentialDTO; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import io.micrometer.core.instrument.MeterRegistry; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -43,7 +43,7 @@ public ArtifactoryBaseService(MeterRegistry meterRegistry) { } public ArtifactoryRemoteClient getArtifactoryClientFromBaseReq(BaseReq req) { - CommonCredentialDTO credential = req.getCredential(); + CommonCredential credential = req.getCredential(); Map fileSourceInfoMap = req.getFileSourceInfoMap(); return new ArtifactoryRemoteClient((String) fileSourceInfoMap.get("baseUrl"), credential.getUsername(), credential.getPassword(), meterRegistry); diff --git a/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/cos/service/COSBaseService.java b/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/cos/service/COSBaseService.java index c9c9402d6d..1d74f747ca 100644 --- a/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/cos/service/COSBaseService.java +++ b/src/backend/job-file-worker/service-job-file-worker/src/main/java/com/tencent/bk/job/file/worker/cos/service/COSBaseService.java @@ -26,7 +26,7 @@ import com.tencent.bk.job.file.worker.cos.JobTencentInnerCOSClient; import com.tencent.bk.job.file.worker.model.req.BaseReq; -import com.tencent.bk.job.ticket.model.credential.CommonCredentialDTO; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import org.springframework.stereotype.Service; import java.util.Map; @@ -37,7 +37,7 @@ public class COSBaseService { public JobTencentInnerCOSClient getCOSClientFromBaseReq(BaseReq req) { // endPointDomain // appId - CommonCredentialDTO credential = req.getCredential(); + CommonCredential credential = req.getCredential(); Map fileSourceInfoMap = req.getFileSourceInfoMap(); return new JobTencentInnerCOSClient(credential.getAccessKey(), credential.getSecretKey(), getEndPointDomain(req), fileSourceInfoMap.get("appId").toString()); diff --git a/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/v3/EsbCredentialV3Resource.java b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/v3/EsbCredentialV3Resource.java new file mode 100644 index 0000000000..8776ae0df4 --- /dev/null +++ b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/v3/EsbCredentialV3Resource.java @@ -0,0 +1,52 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.manage.api.esb.v3; + +import com.tencent.bk.job.common.annotation.EsbAPI; +import com.tencent.bk.job.common.esb.model.EsbResp; +import com.tencent.bk.job.manage.model.esb.v3.request.EsbCreateOrUpdateCredentialV3Req; +import com.tencent.bk.job.manage.model.esb.v3.response.EsbCredentialSimpleInfoV3DTO; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +/** + * 凭据API-V3 + */ +@RequestMapping("/esb/api/v3") +@RestController +@EsbAPI +public interface EsbCredentialV3Resource { + + @PostMapping("/create_credential") + EsbResp createCredential( + @RequestBody EsbCreateOrUpdateCredentialV3Req req); + + @PostMapping("/update_credential") + EsbResp updateCredential( + @RequestBody EsbCreateOrUpdateCredentialV3Req req); + +} diff --git a/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/request/EsbCreateOrUpdateCredentialV3Req.java b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/request/EsbCreateOrUpdateCredentialV3Req.java new file mode 100644 index 0000000000..89c3a6862f --- /dev/null +++ b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/request/EsbCreateOrUpdateCredentialV3Req.java @@ -0,0 +1,85 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.manage.model.esb.v3.request; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.tencent.bk.job.common.esb.model.EsbReq; +import lombok.Data; +import lombok.EqualsAndHashCode; + +/** + * 新建凭据请求 + */ +@EqualsAndHashCode(callSuper = true) +@Data +public class EsbCreateOrUpdateCredentialV3Req extends EsbReq { + /** + * 业务ID + */ + @JsonProperty("bk_biz_id") + private Long appId; + + /** + * 凭据ID + */ + private String id; + + /** + * 凭据名称 + */ + private String name; + + /** + * 凭据类型 + */ + private String type; + + /** + * 描述 + */ + private String description; + + /** + * AccessKey + */ + @JsonProperty("access_key") + private String accessKey; + + /** + * SecretKey + */ + @JsonProperty("secret_key") + private String secretKey; + + /** + * Username + */ + private String username; + + /** + * Password + */ + private String password; +} diff --git a/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/response/EsbCredentialSimpleInfoV3DTO.java b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/response/EsbCredentialSimpleInfoV3DTO.java new file mode 100644 index 0000000000..f119357a6d --- /dev/null +++ b/src/backend/job-manage/api-job-manage/src/main/java/com/tencent/bk/job/manage/model/esb/v3/response/EsbCredentialSimpleInfoV3DTO.java @@ -0,0 +1,38 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.manage.model.esb.v3.response; + +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@Data +@NoArgsConstructor +@AllArgsConstructor +public class EsbCredentialSimpleInfoV3DTO { + + private String id; + +} diff --git a/src/backend/job-manage/service-job-manage/build.gradle b/src/backend/job-manage/service-job-manage/build.gradle index 40da634964..6b5e5cdf57 100644 --- a/src/backend/job-manage/service-job-manage/build.gradle +++ b/src/backend/job-manage/service-job-manage/build.gradle @@ -30,6 +30,7 @@ dependencies { compile project(":job-manage:model-job-manage") compile project(":job-crontab:api-job-crontab") compile project(":job-analysis:api-job-analysis") + compile project(":job-ticket:api-job-ticket") compile project(":commons:common") compile project(":commons:common-security") compile project(":commons:common-redis") diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/impl/v3/EsbCredentialResourceV3Impl.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/impl/v3/EsbCredentialResourceV3Impl.java new file mode 100644 index 0000000000..7d07f44fcc --- /dev/null +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/api/esb/impl/v3/EsbCredentialResourceV3Impl.java @@ -0,0 +1,126 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.manage.api.esb.impl.v3; + +import com.tencent.bk.job.common.esb.model.EsbResp; +import com.tencent.bk.job.common.exception.InvalidParamException; +import com.tencent.bk.job.common.i18n.service.MessageI18nService; +import com.tencent.bk.job.common.iam.service.AuthService; +import com.tencent.bk.job.common.web.model.InnerServiceResponse; +import com.tencent.bk.job.manage.api.esb.v3.EsbCredentialV3Resource; +import com.tencent.bk.job.manage.client.ServiceCredentialResourceClient; +import com.tencent.bk.job.manage.model.esb.v3.request.EsbCreateOrUpdateCredentialV3Req; +import com.tencent.bk.job.manage.model.esb.v3.response.EsbCredentialSimpleInfoV3DTO; +import com.tencent.bk.job.ticket.consts.CredentialTypeEnum; +import com.tencent.bk.job.ticket.model.inner.resp.ServiceBasicCredentialDTO; +import com.tencent.bk.job.ticket.model.web.req.CredentialCreateUpdateReq; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.RestController; + +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.APP_ID_SECRET_KEY; +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.PASSWORD; +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.SECRET_KEY; +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.USERNAME_PASSWORD; + +@RestController +@Slf4j +public class EsbCredentialResourceV3Impl implements EsbCredentialV3Resource { + private final ServiceCredentialResourceClient credentialService; + private final AuthService authService; + private final MessageI18nService i18nService; + + @Autowired + public EsbCredentialResourceV3Impl(ServiceCredentialResourceClient credentialService, AuthService authService, MessageI18nService i18nService) { + this.credentialService = credentialService; + this.authService = authService; + this.i18nService = i18nService; + } + + @Override + public EsbResp createCredential(EsbCreateOrUpdateCredentialV3Req req) { + return saveCredential(req); + } + + @Override + public EsbResp updateCredential(EsbCreateOrUpdateCredentialV3Req req) { + return saveCredential(req); + } + + private EsbResp saveCredential(EsbCreateOrUpdateCredentialV3Req req) { + CredentialCreateUpdateReq createUpdateReq = convertToCreateUpdateReq(req); + InnerServiceResponse resp = + credentialService.createCredential( + req.getUsername(), + req.getAppId(), + createUpdateReq + ); + if (resp.getAuthResult() != null) { + return authService.buildEsbAuthFailResp( + resp.getAuthResult().getRequiredActionResources() + ); + } else if (!resp.isSuccess()) { + return EsbResp.buildCommonFailResp( + resp.getCode(), + resp.getErrorDetail(), + i18nService + ); + } + ServiceBasicCredentialDTO data = resp.getData(); + return EsbResp.buildSuccessResp(new EsbCredentialSimpleInfoV3DTO(data.getId())); + } + + private CredentialCreateUpdateReq convertToCreateUpdateReq( + EsbCreateOrUpdateCredentialV3Req req + ) { + String type = req.getType(); + CredentialCreateUpdateReq createUpdateReq = new CredentialCreateUpdateReq(); + createUpdateReq.setId(req.getId()); + createUpdateReq.setName(req.getName()); + createUpdateReq.setType(CredentialTypeEnum.valueOf(req.getType())); + createUpdateReq.setDescription(req.getDescription()); + if (SECRET_KEY.name().equals(type)) { + createUpdateReq.setValue1(req.getSecretKey()); + } else if (PASSWORD.name().equals(type)) { + createUpdateReq.setValue1(req.getPassword()); + } else if (APP_ID_SECRET_KEY.name().equals(type)) { + createUpdateReq.setValue1(req.getAccessKey()); + createUpdateReq.setValue2(req.getSecretKey()); + } else if (USERNAME_PASSWORD.name().equals(type)) { + createUpdateReq.setValue1(req.getUsername()); + createUpdateReq.setValue2(req.getPassword()); + } else { + throw new InvalidParamException( + "type", + String.format( + "Unsupported type:%s, supported types:%s", + type, + CredentialTypeEnum.getAllNameStr() + ) + ); + } + return createUpdateReq; + } +} diff --git a/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/client/ServiceCredentialResourceClient.java b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/client/ServiceCredentialResourceClient.java new file mode 100644 index 0000000000..a877e724ba --- /dev/null +++ b/src/backend/job-manage/service-job-manage/src/main/java/com/tencent/bk/job/manage/client/ServiceCredentialResourceClient.java @@ -0,0 +1,35 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.manage.client; + +import com.tencent.bk.job.ticket.api.inner.ServiceCredentialResource; +import org.springframework.cloud.openfeign.FeignClient; + +/** + * 凭据服务内部接口远程调用客户端 + */ +@FeignClient(value = "job-ticket", contextId = "credential") +public interface ServiceCredentialResourceClient extends ServiceCredentialResource { +} diff --git a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/consts/CredentialTypeEnum.java b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/consts/CredentialTypeEnum.java index d0caf0cad3..1d37b6b9ba 100644 --- a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/consts/CredentialTypeEnum.java +++ b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/consts/CredentialTypeEnum.java @@ -31,10 +31,22 @@ public enum CredentialTypeEnum { SECRET_KEY(4, "单一SecretKey"); private final Integer value; - private final String name; + private final String description; - CredentialTypeEnum(Integer type, String name) { + public static String getAllNameStr() { + StringBuilder sb = new StringBuilder(); + CredentialTypeEnum[] values = CredentialTypeEnum.values(); + for (int i = 0; i < values.length; i++) { + sb.append(values[i].name()); + if (i < values.length - 1) { + sb.append(","); + } + } + return sb.toString(); + } + + CredentialTypeEnum(Integer type, String description) { this.value = type; - this.name = name; + this.description = description; } } diff --git a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/credential/CommonCredentialDTO.java b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/credential/CommonCredential.java similarity index 98% rename from src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/credential/CommonCredentialDTO.java rename to src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/credential/CommonCredential.java index 875c725fe7..8e3c71a321 100644 --- a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/credential/CommonCredentialDTO.java +++ b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/credential/CommonCredential.java @@ -33,7 +33,7 @@ @AllArgsConstructor @Data @EqualsAndHashCode -public class CommonCredentialDTO { +public class CommonCredential { String accessKey; String secretKey; String username; diff --git a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceBasicCredentialDTO.java b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceBasicCredentialDTO.java new file mode 100644 index 0000000000..cd21b182cb --- /dev/null +++ b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceBasicCredentialDTO.java @@ -0,0 +1,43 @@ +/* + * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available. + * + * Copyright (C) 2021 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License. + * + * License for BK-JOB蓝鲸智云作业平台: + * -------------------------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and + * to permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO + * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +package com.tencent.bk.job.ticket.model.inner.resp; + +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +@ApiModel("凭据基本信息") +@Data +@AllArgsConstructor +@NoArgsConstructor +public class ServiceBasicCredentialDTO { + /** + * 主键Id + */ + @ApiModelProperty("主键Id") + private String id; +} diff --git a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceCredentialDTO.java b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceCredentialDTO.java index 081a6f877f..1fa62554f3 100644 --- a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceCredentialDTO.java +++ b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/inner/resp/ServiceCredentialDTO.java @@ -24,6 +24,7 @@ package com.tencent.bk.job.ticket.model.inner.resp; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; @@ -52,8 +53,8 @@ public class ServiceCredentialDTO { @ApiModelProperty("类型") private String type; /** - * 值 + * 凭据 */ - @ApiModelProperty("值") - private String value; + @ApiModelProperty("凭据") + private CommonCredential credential; } diff --git a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/web/req/CredentialCreateUpdateReq.java b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/web/req/CredentialCreateUpdateReq.java index e116e22d86..b5f0dcffa3 100644 --- a/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/web/req/CredentialCreateUpdateReq.java +++ b/src/backend/job-ticket/api-job-ticket-pojo/src/main/java/com/tencent/bk/job/ticket/model/web/req/CredentialCreateUpdateReq.java @@ -24,20 +24,19 @@ package com.tencent.bk.job.ticket.model.web.req; -import com.tencent.bk.job.common.util.json.JsonUtils; import com.tencent.bk.job.ticket.consts.CredentialTypeEnum; -import com.tencent.bk.job.ticket.model.credential.AccessKeySecretKey; -import com.tencent.bk.job.ticket.model.credential.Password; -import com.tencent.bk.job.ticket.model.credential.SecretKey; -import com.tencent.bk.job.ticket.model.credential.UsernamePassword; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; -import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.*; +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.APP_ID_SECRET_KEY; +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.PASSWORD; +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.SECRET_KEY; +import static com.tencent.bk.job.ticket.consts.CredentialTypeEnum.USERNAME_PASSWORD; @Data -@ApiModel("凭据创建请求") +@ApiModel("凭据创建/更新请求") public class CredentialCreateUpdateReq { @ApiModelProperty(value = "ID,更新凭据的时候需要传入,新建时不需要", required = false) @@ -73,21 +72,22 @@ public class CredentialCreateUpdateReq { @ApiModelProperty("值3") private String value3; - public String getSerializedValue() { + public CommonCredential toCommonCredential() { + CommonCredential credential = new CommonCredential(); + credential.setType(type.name()); if (type == SECRET_KEY) { - SecretKey secretKey = new SecretKey(value1); - return JsonUtils.toJson(secretKey); + credential.setSecretKey(value1); } else if (type == PASSWORD) { - Password password = new Password(value1); - return JsonUtils.toJson(password); + credential.setPassword(value1); } else if (type == APP_ID_SECRET_KEY) { - AccessKeySecretKey accessKeySecretKey = new AccessKeySecretKey(value1, value2); - return JsonUtils.toJson(accessKeySecretKey); + credential.setAccessKey(value1); + credential.setSecretKey(value2); } else if (type == USERNAME_PASSWORD) { - UsernamePassword usernamePassword = new UsernamePassword(value1, value2); - return JsonUtils.toJson(usernamePassword); + credential.setUsername(value1); + credential.setPassword(value2); } else { return null; } + return credential; } } diff --git a/src/backend/job-ticket/api-job-ticket/build.gradle b/src/backend/job-ticket/api-job-ticket/build.gradle index d656e92f79..32fbc72ace 100644 --- a/src/backend/job-ticket/api-job-ticket/build.gradle +++ b/src/backend/job-ticket/api-job-ticket/build.gradle @@ -25,6 +25,7 @@ dependencies { compile project(':commons:common') compile project(':commons:common-iam') + compile project(':commons:common-web') compile project(':job-ticket:api-job-ticket-pojo') implementation "org.springframework:spring-web" implementation "javax.ws.rs:javax.ws.rs-api" diff --git a/src/backend/job-ticket/api-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResource.java b/src/backend/job-ticket/api-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResource.java index 736b342de2..a5b0c6fb21 100644 --- a/src/backend/job-ticket/api-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResource.java +++ b/src/backend/job-ticket/api-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResource.java @@ -26,12 +26,19 @@ import com.tencent.bk.job.common.annotation.InternalAPI; import com.tencent.bk.job.common.model.ServiceResponse; +import com.tencent.bk.job.common.web.model.InnerServiceResponse; +import com.tencent.bk.job.ticket.model.inner.resp.ServiceBasicCredentialDTO; import com.tencent.bk.job.ticket.model.inner.resp.ServiceCredentialDTO; +import com.tencent.bk.job.ticket.model.web.req.CredentialCreateUpdateReq; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -50,4 +57,30 @@ ServiceResponse getCredentialById( @PathVariable("id") String id ); + + @ApiOperation(value = "新建凭据", produces = "application/json") + @PostMapping("/create") + InnerServiceResponse createCredential( + @ApiParam(value = "用户名,网关自动传入", required = true) + @RequestHeader("username") + String username, + @ApiParam(value = "业务ID", required = true) + @PathVariable("appId") Long appId, + @ApiParam(value = "创建或更新请求体", required = true) + @RequestBody + CredentialCreateUpdateReq createUpdateReq + ); + + @ApiOperation(value = "更新凭据", produces = "application/json") + @PutMapping("/update") + InnerServiceResponse updateCredential( + @ApiParam(value = "用户名,网关自动传入", required = true) + @RequestHeader("username") + String username, + @ApiParam(value = "业务ID", required = true) + @PathVariable("appId") Long appId, + @ApiParam(value = "创建或更新请求体", required = true) + @RequestBody + CredentialCreateUpdateReq createUpdateReq + ); } diff --git a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResourceImpl.java b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResourceImpl.java index 5163856bc6..903622bb9f 100644 --- a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResourceImpl.java +++ b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/api/inner/ServiceCredentialResourceImpl.java @@ -24,10 +24,19 @@ package com.tencent.bk.job.ticket.api.inner; +import com.tencent.bk.job.common.iam.constant.ActionId; +import com.tencent.bk.job.common.iam.constant.ResourceTypeEnum; +import com.tencent.bk.job.common.iam.model.AuthResult; +import com.tencent.bk.job.common.iam.service.AuthService; import com.tencent.bk.job.common.model.ServiceResponse; +import com.tencent.bk.job.common.web.model.InnerServiceResponse; +import com.tencent.bk.job.ticket.model.inner.resp.ServiceBasicCredentialDTO; import com.tencent.bk.job.ticket.model.inner.resp.ServiceCredentialDTO; +import com.tencent.bk.job.ticket.model.web.req.CredentialCreateUpdateReq; import com.tencent.bk.job.ticket.service.CredentialService; +import com.tencent.bk.sdk.iam.util.PathBuilder; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.RestController; @@ -36,10 +45,12 @@ @Slf4j public class ServiceCredentialResourceImpl implements ServiceCredentialResource { + private final AuthService authService; private final CredentialService credentialService; @Autowired - public ServiceCredentialResourceImpl(CredentialService credentialService) { + public ServiceCredentialResourceImpl(AuthService authService, CredentialService credentialService) { + this.authService = authService; this.credentialService = credentialService; } @@ -48,4 +59,52 @@ public ServiceResponse getCredentialById(Long appId, Strin ServiceCredentialDTO serviceCredentialDTO = credentialService.getServiceCredentialById(appId, id); return ServiceResponse.buildSuccessResp(serviceCredentialDTO); } + + @Override + public InnerServiceResponse createCredential( + String username, + Long appId, + CredentialCreateUpdateReq createUpdateReq + ) { + return saveCredential(username, appId, createUpdateReq); + } + + @Override + public InnerServiceResponse updateCredential( + String username, + Long appId, + CredentialCreateUpdateReq createUpdateReq + ) { + return saveCredential(username, appId, createUpdateReq); + } + + private InnerServiceResponse saveCredential( + String username, + Long appId, + CredentialCreateUpdateReq createUpdateReq + ) { + AuthResult authResult = null; + if (StringUtils.isBlank(createUpdateReq.getId())) { + authResult = checkCreateTicketPermission(username, appId); + } else { + authResult = checkManageTicketPermission(username, appId, createUpdateReq.getId()); + } + if (!authResult.isPass()) { + return InnerServiceResponse.buildAuthFailResp(authResult); + } + String credentialId = credentialService.saveCredential(username, appId, createUpdateReq); + return InnerServiceResponse.buildSuccessResp(new ServiceBasicCredentialDTO(credentialId)); + } + + public AuthResult checkCreateTicketPermission(String username, Long appId) { + // 需要拥有在业务下创建凭证的权限 + return authService.auth(true, username, ActionId.CREATE_TICKET, ResourceTypeEnum.BUSINESS, + appId.toString(), null); + } + + public AuthResult checkManageTicketPermission(String username, Long appId, String credentialId) { + // 需要拥有在业务下管理某个具体凭证的权限 + return authService.auth(true, username, ActionId.MANAGE_TICKET, ResourceTypeEnum.TICKET, + credentialId, PathBuilder.newBuilder(ResourceTypeEnum.BUSINESS.getId(), appId.toString()).build()); + } } diff --git a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/dao/impl/CredentialDAOImpl.java b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/dao/impl/CredentialDAOImpl.java index 5ab117b90d..cef7723fbc 100644 --- a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/dao/impl/CredentialDAOImpl.java +++ b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/dao/impl/CredentialDAOImpl.java @@ -24,16 +24,23 @@ package com.tencent.bk.job.ticket.dao.impl; +import com.fasterxml.jackson.core.type.TypeReference; import com.tencent.bk.job.common.util.Base64Util; import com.tencent.bk.job.common.util.JobUUID; import com.tencent.bk.job.common.util.crypto.AESUtils; +import com.tencent.bk.job.common.util.json.JsonUtils; import com.tencent.bk.job.ticket.config.JobTicketConfig; import com.tencent.bk.job.ticket.dao.CredentialDAO; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import com.tencent.bk.job.ticket.model.dto.CredentialDTO; import io.micrometer.core.instrument.util.StringUtils; import lombok.extern.slf4j.Slf4j; import lombok.val; -import org.jooq.*; +import org.jooq.Condition; +import org.jooq.DSLContext; +import org.jooq.Record10; +import org.jooq.Result; +import org.jooq.UpdateConditionStep; import org.jooq.conf.ParamType; import org.jooq.generated.tables.Credential; import org.jooq.generated.tables.records.CredentialRecord; @@ -80,8 +87,10 @@ public String insertCredential(DSLContext dslContext, CredentialDTO credentialDT credentialDTO.getName(), credentialDTO.getType(), credentialDTO.getDescription(), - AESUtils.encryptToBase64EncodedCipherText(credentialDTO.getValue(), - jobTicketConfig.getEncryptPassword()), + AESUtils.encryptToBase64EncodedCipherText( + JsonUtils.toJson(credentialDTO.getCredential()), + jobTicketConfig.getEncryptPassword() + ), credentialDTO.getCreator(), credentialDTO.getCreateTime(), credentialDTO.getLastModifyUser(), @@ -107,7 +116,8 @@ public String updateCredentialById(DSLContext dslContext, CredentialDTO credenti .set(defaultTable.NAME, credentialDTO.getName()) .set(defaultTable.TYPE, credentialDTO.getType()) .set(defaultTable.DESCRIPTION, credentialDTO.getDescription()) - .set(defaultTable.VALUE, AESUtils.encryptToBase64EncodedCipherText(credentialDTO.getValue(), + .set(defaultTable.VALUE, AESUtils.encryptToBase64EncodedCipherText( + JsonUtils.toJson(credentialDTO.getCredential()), jobTicketConfig.getEncryptPassword())) .set(defaultTable.LAST_MODIFY_USER, credentialDTO.getLastModifyUser()) .set(defaultTable.LAST_MODIFY_TIME, System.currentTimeMillis()) @@ -267,8 +277,8 @@ private Integer countCredentialByConditions(DSLContext dslContext, List record) { + private CredentialDTO convertRecordToDto( + Record10 record) { try { return new CredentialDTO( record.get(defaultTable.ID), @@ -276,8 +286,12 @@ private CredentialDTO convertRecordToDto(Record10() { + }), record.get(defaultTable.CREATOR), record.get(defaultTable.CREATE_TIME), record.get(defaultTable.LAST_MODIFY_USER), diff --git a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/model/dto/CredentialDTO.java b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/model/dto/CredentialDTO.java index b496cbcb5e..cc9a623c0b 100644 --- a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/model/dto/CredentialDTO.java +++ b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/model/dto/CredentialDTO.java @@ -24,12 +24,8 @@ package com.tencent.bk.job.ticket.model.dto; -import com.tencent.bk.job.common.util.json.JsonUtils; import com.tencent.bk.job.ticket.consts.CredentialTypeEnum; -import com.tencent.bk.job.ticket.model.credential.AccessKeySecretKey; -import com.tencent.bk.job.ticket.model.credential.Password; -import com.tencent.bk.job.ticket.model.credential.SecretKey; -import com.tencent.bk.job.ticket.model.credential.UsernamePassword; +import com.tencent.bk.job.ticket.model.credential.CommonCredential; import com.tencent.bk.job.ticket.model.inner.resp.ServiceCredentialDTO; import com.tencent.bk.job.ticket.model.web.resp.CredentialVO; import lombok.AllArgsConstructor; @@ -63,7 +59,7 @@ public class CredentialDTO { /** * 值JSON串 */ - private String value; + private CommonCredential credential; /** * 创建人 */ @@ -91,11 +87,9 @@ public CredentialVO toVO() { credentialVO.setValue2("******"); credentialVO.setValue3("******"); if (type.equals(CredentialTypeEnum.USERNAME_PASSWORD.name())) { - UsernamePassword usernamePassword = JsonUtils.fromJson(value, UsernamePassword.class); - credentialVO.setValue1(usernamePassword.getUsername()); + credentialVO.setValue1(credential.getUsername()); } else if (type.equals(CredentialTypeEnum.APP_ID_SECRET_KEY.name())) { - AccessKeySecretKey accessKeySecretKey = JsonUtils.fromJson(value, AccessKeySecretKey.class); - credentialVO.setValue1(accessKeySecretKey.getAccessKey()); + credentialVO.setValue1(credential.getAccessKey()); } credentialVO.setCreator(creator); credentialVO.setCreateTime(createTime); @@ -110,23 +104,19 @@ public ServiceCredentialDTO toServiceCredentialDTO() { serviceCredentialDTO.setAppId(appId); serviceCredentialDTO.setName(name); serviceCredentialDTO.setType(type); - serviceCredentialDTO.setValue(value); + serviceCredentialDTO.setCredential(credential); return serviceCredentialDTO; } public String getFirstValue() { if (type.equals(CredentialTypeEnum.USERNAME_PASSWORD.name())) { - UsernamePassword usernamePassword = JsonUtils.fromJson(this.value, UsernamePassword.class); - return usernamePassword.getUsername(); + return credential.getUsername(); } else if (type.equals(CredentialTypeEnum.PASSWORD.name())) { - Password password = JsonUtils.fromJson(this.value, Password.class); - return password.getPassword(); + return credential.getPassword(); } else if (type.equals(CredentialTypeEnum.SECRET_KEY.name())) { - SecretKey secretKey = JsonUtils.fromJson(this.value, SecretKey.class); - return secretKey.getSecretKey(); + return credential.getSecretKey(); } else if (type.equals(CredentialTypeEnum.APP_ID_SECRET_KEY.name())) { - AccessKeySecretKey accessKeySecretKey = JsonUtils.fromJson(this.value, AccessKeySecretKey.class); - return accessKeySecretKey.getAccessKey(); + return credential.getAccessKey(); } else { throw new RuntimeException("Not support type:" + type); } @@ -134,21 +124,13 @@ public String getFirstValue() { public void setFirstValue(String val) { if (type.equals(CredentialTypeEnum.USERNAME_PASSWORD.name())) { - UsernamePassword usernamePassword = JsonUtils.fromJson(this.value, UsernamePassword.class); - usernamePassword.setUsername(val); - this.value = JsonUtils.toJson(usernamePassword); + this.credential.setUsername(val); } else if (type.equals(CredentialTypeEnum.PASSWORD.name())) { - Password password = JsonUtils.fromJson(this.value, Password.class); - password.setPassword(val); - this.value = JsonUtils.toJson(password); + this.credential.setPassword(val); } else if (type.equals(CredentialTypeEnum.SECRET_KEY.name())) { - SecretKey secretKey = JsonUtils.fromJson(this.value, SecretKey.class); - secretKey.setSecretKey(val); - this.value = JsonUtils.toJson(secretKey); + this.credential.setSecretKey(val); } else if (type.equals(CredentialTypeEnum.APP_ID_SECRET_KEY.name())) { - AccessKeySecretKey accessKeySecretKey = JsonUtils.fromJson(this.value, AccessKeySecretKey.class); - accessKeySecretKey.setAccessKey(val); - this.value = JsonUtils.toJson(accessKeySecretKey); + this.credential.setAccessKey(val); } else { throw new RuntimeException("Not support type:" + type); } @@ -156,15 +138,13 @@ public void setFirstValue(String val) { public String getSecondValue() { if (type.equals(CredentialTypeEnum.USERNAME_PASSWORD.name())) { - UsernamePassword usernamePassword = JsonUtils.fromJson(this.value, UsernamePassword.class); - return usernamePassword.getPassword(); + return credential.getPassword(); } else if (type.equals(CredentialTypeEnum.PASSWORD.name())) { return null; } else if (type.equals(CredentialTypeEnum.SECRET_KEY.name())) { return null; } else if (type.equals(CredentialTypeEnum.APP_ID_SECRET_KEY.name())) { - AccessKeySecretKey accessKeySecretKey = JsonUtils.fromJson(this.value, AccessKeySecretKey.class); - return accessKeySecretKey.getSecretKey(); + return credential.getSecretKey(); } else { throw new RuntimeException("Not support type:" + type); } @@ -172,13 +152,9 @@ public String getSecondValue() { public void setSecondValue(String val) { if (type.equals(CredentialTypeEnum.USERNAME_PASSWORD.name())) { - UsernamePassword usernamePassword = JsonUtils.fromJson(this.value, UsernamePassword.class); - usernamePassword.setPassword(val); - this.value = JsonUtils.toJson(usernamePassword); + this.credential.setPassword(val); } else if (type.equals(CredentialTypeEnum.APP_ID_SECRET_KEY.name())) { - AccessKeySecretKey accessKeySecretKey = JsonUtils.fromJson(this.value, AccessKeySecretKey.class); - accessKeySecretKey.setSecretKey(val); - this.value = JsonUtils.toJson(accessKeySecretKey); + this.credential.setSecretKey(val); } else if (type.equals(CredentialTypeEnum.PASSWORD.name())) { } else if (type.equals(CredentialTypeEnum.SECRET_KEY.name())) { } else { diff --git a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/service/impl/CredentialServiceImpl.java b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/service/impl/CredentialServiceImpl.java index 097890cdb3..4e7747926b 100644 --- a/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/service/impl/CredentialServiceImpl.java +++ b/src/backend/job-ticket/service-job-ticket/src/main/java/com/tencent/bk/job/ticket/service/impl/CredentialServiceImpl.java @@ -153,7 +153,7 @@ private CredentialDTO buildCredentialDTO(String username, Long appId, Credential credentialDTO.setName(createUpdateReq.getName()); credentialDTO.setType(createUpdateReq.getType().name()); credentialDTO.setDescription(createUpdateReq.getDescription()); - credentialDTO.setValue(createUpdateReq.getSerializedValue()); + credentialDTO.setCredential(createUpdateReq.toCommonCredential()); credentialDTO.setLastModifyUser(username); credentialDTO.setLastModifyTime(System.currentTimeMillis()); return credentialDTO;