Skip to content

Commit

Permalink
Merge pull request TencentBlueKing#3209 from TencentBlueKing/master
Browse files Browse the repository at this point in the history 
merge: 3.10.x merge from master
  • Loading branch information
@wangyu096
wangyu096 authored Sep 13, 2024
2 parents 6614f54 + 98f254b commit 6dbdfe5
Show file tree
Hide file tree
Showing 30 changed files with 283 additions and 198 deletions.
6 changes: 6 additions & 0 deletions src/backend/job-gateway/src/main/java/com/tencent/bk/job/gateway/config/BkGatewayConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,10 @@ public class BkGatewayConfig {
*/
@Value("${job.bkApiGateway.jwtPublicKey.get.failPolicy:retry}")
private String jwtPublicKeyFailPolicy;

/**
* 网关名称
*/
@Value("${job.bkApiGateway.gatewayName: bk-job}")
private String gatewayName;
}
6 changes: 5 additions & 1 deletion .../main/java/com/tencent/bk/job/gateway/filter/esb/CheckOpenApiJwtGatewayFilterFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,14 @@ public GatewayFilter apply(Config config) {
ServerHttpRequest request = exchange.getRequest();

String requestFrom = RequestUtil.getHeaderValue(request, JobCommonHeaders.BK_GATEWAY_FROM);
if (log.isDebugEnabled()) {
log.debug("Open api request from : {}",
StringUtils.isNotEmpty(requestFrom) ? requestFrom : "bk-job-esb");
}
JobContextUtil.setRequestFrom(requestFrom);
String token = RequestUtil.getHeaderValue(request, JobCommonHeaders.BK_GATEWAY_JWT);
if (StringUtils.isEmpty(token)) {
log.warn("Esb token is empty! requestFrom={}", requestFrom);
log.warn("Jwt token is empty! requestFrom={}", requestFrom);
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
}
Expand Down
24 changes: 14 additions & 10 deletions ...src/main/java/com/tencent/bk/job/gateway/service/impl/OpenApiJwtPublicKeyServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import com.tencent.bk.job.common.esb.config.EsbProperties;
import com.tencent.bk.job.common.esb.model.EsbResp;
import com.tencent.bk.job.common.util.json.JsonUtils;
import com.tencent.bk.job.gateway.config.BkGatewayConfig;
import com.tencent.bk.job.gateway.model.esb.EsbPublicKeyDTO;
import com.tencent.bk.job.gateway.service.OpenApiJwtPublicKeyService;
import lombok.extern.slf4j.Slf4j;
Expand All @@ -54,17 +55,22 @@ public class OpenApiJwtPublicKeyServiceImpl implements OpenApiJwtPublicKeyServic
private final RestTemplate restTemplate;
private volatile String esbJwtPublicKey;
private volatile String bkApiGatewayPublicKey;
private BkApiGatewayProperties bkApiGatewayProperties;
private final BkApiGatewayProperties bkApiGatewayProperties;
private final BkGatewayConfig bkApiGatewayConfig;

private static final String URI_BK_APIGW_JWT_PUBLIC_KEY = "/api/v1/apis/{api_name}/public_key/";

@Autowired
public OpenApiJwtPublicKeyServiceImpl(AppProperties appProperties,
EsbProperties esbProperties,
RestTemplate restTemplate,
BkApiGatewayProperties bkApiGatewayProperties) {
BkApiGatewayProperties bkApiGatewayProperties,
BkGatewayConfig bkApiGatewayConfig) {
this.appProperties = appProperties;
this.esbProperties = esbProperties;
this.restTemplate = restTemplate;
this.bkApiGatewayProperties = bkApiGatewayProperties;
this.bkApiGatewayConfig = bkApiGatewayConfig;
}

@Override
Expand All @@ -86,7 +92,6 @@ public String getEsbJWTPublicKey() {
throw new RuntimeException("Get esb jwt public key fail");
}
String esbJwtPublicKey = resp.getData().getPublicKey();
log.info("Get esb public key success, public key : {}", esbJwtPublicKey);
this.esbJwtPublicKey = esbJwtPublicKey;
return esbJwtPublicKey;
}
Expand All @@ -96,7 +101,8 @@ public String getBkApiGatewayJWTPublicKey() {
if (StringUtils.isNotEmpty(bkApiGatewayPublicKey)) {
return bkApiGatewayPublicKey;
}
String url = getBkApiGatewayUrl() + "api/v1/apis/bk-job/public_key/";
String url = getBkApiGatewayUrl() + URI_BK_APIGW_JWT_PUBLIC_KEY.replace("{api_name}",
bkApiGatewayConfig.getGatewayName());
Map<String, Object> authInfo = new HashMap<>();
authInfo.put("bk_app_code", appProperties.getCode());
authInfo.put("bk_app_secret", appProperties.getSecret());
Expand All @@ -110,14 +116,12 @@ public String getBkApiGatewayJWTPublicKey() {
}
).getBody();

log.info("Get gateway jwt public key, resp: {}", resp);
log.info("Get bkApiGateway jwt public key, resp: {}", resp);
if (resp == null || !resp.getCode().equals(ErrorCode.RESULT_OK) || resp.getData() == null) {
log.error("Get gateway jwt public key fail!");
log.error("Get bkApiGateway jwt public key fail!");
throw new RuntimeException("Get gateway jwt public key fail");
}
String bkApiGatewayPublicKey = resp.getData().getPublicKey();
log.info("Get gateway public key success, public key : {}", bkApiGatewayPublicKey);
this.bkApiGatewayPublicKey = bkApiGatewayPublicKey;
this.bkApiGatewayPublicKey = resp.getData().getPublicKey();
return bkApiGatewayPublicKey;
}

Expand All @@ -140,6 +144,6 @@ private String getBkApiGatewayUrl() {
if (!bkApiGatewayUrl.endsWith("/")) {
bkApiGatewayUrl = bkApiGatewayUrl + "/";
}
return bkApiGatewayUrl;
return bkApiGatewayUrl + "prod/";
}
}
26 changes: 17 additions & 9 deletions ...-gateway/src/main/java/com/tencent/bk/job/gateway/service/impl/OpenApiJwtServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,8 @@
@Slf4j
public class OpenApiJwtServiceImpl implements OpenApiJwtService {
private final OpenApiJwtPublicKeyService openApiJwtPublicKeyService;
private PublicKey esbJwtPublicKey;
private PublicKey bkApiGatewayJwtPublicKey;
private volatile PublicKey esbJwtPublicKey;
private volatile PublicKey bkApiGatewayJwtPublicKey;
private final BkGatewayConfig bkApiGatewayConfig;

/**
Expand All @@ -71,7 +71,8 @@ public class OpenApiJwtServiceImpl implements OpenApiJwtService {
.maximumSize(99999).expireAfterWrite(30, TimeUnit.SECONDS).build();

@Autowired
public OpenApiJwtServiceImpl(OpenApiJwtPublicKeyService openApiJwtPublicKeyService, BkGatewayConfig bkApiGatewayConfig) {
public OpenApiJwtServiceImpl(OpenApiJwtPublicKeyService openApiJwtPublicKeyService,
BkGatewayConfig bkApiGatewayConfig) {
this.openApiJwtPublicKeyService = openApiJwtPublicKeyService;
this.bkApiGatewayConfig = bkApiGatewayConfig;
getJwtPublicKeyByPolicy();
Expand All @@ -80,7 +81,7 @@ public OpenApiJwtServiceImpl(OpenApiJwtPublicKeyService openApiJwtPublicKeyServi
private void getJwtPublicKeyByPolicy() {
boolean publicKeyGotten = tryToGetAndCachePublicKeyOnce();
if (publicKeyGotten) {
return;
log.info("Get and cache bkApiGateway/esb public key success");
} else if ("abort".equalsIgnoreCase(bkApiGatewayConfig.getJwtPublicKeyFailPolicy())) {
throw new InternalException("Failed to get jwt public key, abort policy triggered");
} else if ("retry".equalsIgnoreCase(bkApiGatewayConfig.getJwtPublicKeyFailPolicy())) {
Expand All @@ -98,16 +99,16 @@ private void getJwtPublicKeyWithBackgroundRetry() {
// 最多重试3天
int maxRetryCount = 3 * 24 * 3600 / 5;
do {
log.warn("esbJwtPublicKey not gotten, retry {} after 5s", ++retryCount);
log.warn("Gateway public key not gotten, retry {} after 5s", ++retryCount);
ThreadUtils.sleep(sleepMillsOnce);
keyGotten = tryToGetAndCachePublicKeyOnce();
} while (!keyGotten && retryCount <= maxRetryCount);
if (!keyGotten) {
log.error("esbJwtPublicKey not gotten after {} retry (3 days), plz check esb", maxRetryCount);
log.error("Gateway public key not gotten after {} retry (3 days), plz check esb", maxRetryCount);
}
});
openApiPublicKeyGetter.setDaemon(true);
openApiPublicKeyGetter.setName("esbPublicKeyGetter");
openApiPublicKeyGetter.setName("gatewayPublicKeyGetter");
openApiPublicKeyGetter.start();
}

Expand All @@ -120,15 +121,17 @@ private boolean tryToGetAndCachePublicKeyOnce() {
return false;
}
this.esbJwtPublicKey = buildPublicKey(esbJwtPublicKey);
log.info("Init esb jwt public key success");
}

if (this.bkApiGatewayJwtPublicKey == null && bkApiGatewayConfig.isEnabled()) {
String bkApiGatewayJwtPublicKey = openApiJwtPublicKeyService.getBkApiGatewayJWTPublicKey();
if (StringUtils.isEmpty(bkApiGatewayJwtPublicKey)) {
log.error("gateway jwt public key is not configured!");
log.error("BkApiGateway jwt public key is not configured!");
return false;
}
this.bkApiGatewayJwtPublicKey = buildPublicKey(bkApiGatewayJwtPublicKey);
log.info("Init bkApiGateway jwt public key success");
}
return true;
} catch (Throwable e) {
Expand All @@ -143,7 +146,7 @@ private PublicKey buildPublicKey(String pemContent)
PemReader pemReader = new PemReader(new StringReader(pemContent));
PemObject pemObject = pemReader.readPemObject();
if (pemObject == null) {
log.error("Esb public key pem is illegal!");
log.error("Public key pem is illegal!");
return null;
}
java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
Expand All @@ -156,8 +159,10 @@ private PublicKey buildPublicKey(String pemContent)
@Override
public EsbJwtInfo extractFromJwt(String token) {
if (requestFromApiGw()) {
log.debug("Extract bkApiGateway jwt");
return extractFromJwt(token, this.bkApiGatewayJwtPublicKey);
} else {
log.debug("Extract esb jwt");
return extractFromJwt(token, this.esbJwtPublicKey);
}
}
Expand Down Expand Up @@ -223,6 +228,9 @@ public EsbJwtInfo extractFromJwt(String token, PublicKey publicKey) {
tokenCache.put(token, esbJwtInfo);
} catch (Exception e) {
log.warn("Verify jwt caught exception", e);
if (log.isDebugEnabled()) {
log.debug("Parse jwt error, token: {}", token);
}
return null;
} finally {
long cost = System.currentTimeMillis() - start;
Expand Down
13 changes: 11 additions & 2 deletions ...manage/src/main/java/com/tencent/bk/job/manage/api/esb/impl/v3/EsbPlanV3ResourceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
import com.tencent.bk.job.manage.manager.variable.StepRefVariableParser;
import com.tencent.bk.job.manage.model.dto.TaskPlanQueryDTO;
import com.tencent.bk.job.manage.model.dto.task.TaskPlanInfoDTO;
import com.tencent.bk.job.manage.model.dto.task.TaskStepDTO;
import com.tencent.bk.job.manage.model.esb.v3.request.EsbGetPlanDetailV3Request;
import com.tencent.bk.job.manage.model.esb.v3.request.EsbGetPlanListV3Request;
import com.tencent.bk.job.manage.model.esb.v3.response.EsbPlanBasicInfoV3DTO;
Expand All @@ -49,6 +50,9 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;
import java.util.stream.Collectors;

/**
* @since 15/10/2020 18:08
*/
Expand Down Expand Up @@ -173,8 +177,13 @@ public EsbResp<EsbPlanInfoV3DTO> getPlanDetailUsingPost(String username,
TaskPlanInfoDTO taskPlanInfo = taskPlanService.getTaskPlan(username,
request.getAppId(), request.getPlanId());

// 解析步骤引用全局变量的信息
StepRefVariableParser.parseStepRefVars(taskPlanInfo.getStepList(), taskPlanInfo.getVariableList());
List<TaskStepDTO> enabledTaskStepList = taskPlanInfo.getStepList()
.stream()
.filter(taskStep -> taskStep.getEnable() != 0)
.collect(Collectors.toList());

// 解析启用的步骤引用全局变量的信息
StepRefVariableParser.parseStepRefVars(enabledTaskStepList, taskPlanInfo.getVariableList());
return EsbResp.buildSuccessResp(TaskPlanInfoDTO.toEsbPlanInfoV3(taskPlanInfo));
}

Expand Down
Loading

0 comments on commit 6dbdfe5

Please sign in to comment.