Merge remote-tracking branch 'origin/master' into feat-11019

TencentBlueKing · Jan 9, 2025 · 53ea22a · 53ea22a
2 parents e358f41 + b71500e
commit 53ea22a
Show file tree

Hide file tree

Showing 20 changed files with 800 additions and 341 deletions.
diff --git a/CHANGELOG/en/CHANGELOG-3.1.md b/CHANGELOG/en/CHANGELOG-3.1.md
diff --git a/CHANGELOG/zh_CN/CHANGELOG-3.0.md b/CHANGELOG/zh_CN/CHANGELOG-3.0.md
@@ -1,8 +1,11 @@
 <!-- BEGIN MUNGE: GENERATED_TOC -->
+- [v3.0.12](#v3012)
+   - [Changelog since v3.0.11](#changelog-since-v3011)
+
 - [v3.0.11](#v3011)
    - [Changelog since v3.0.0](#changelog-since-v300)
-- [v3.0.1-v3.0.11]
-   - 因镜像版本与仓库版本没有统一,v3.0.1-v3.0.11已有镜像版本,但没有仓库版本,所以仓库这些版本直接跳过
+- [v3.0.1-v3.0.10]
+   - 因镜像版本与仓库版本没有统一,v3.0.1-v3.0.10已有镜像版本,但没有仓库版本,所以仓库这些版本直接跳过
 - [v3.0.0](#v300)
   - [Changelog since v2.1.0](#changelog-since-v210)
 - [v3.0.0-rc.1](#v300-rc1)
@@ -13,6 +16,14 @@
 
 
 <!-- NEW RELEASE NOTES ENTRY -->
+# v3.0.12
+## 2025-01-08
+### Changelog since v3.0.11
+#### 修复
+
+##### 未分类
+- [修复] bug: 修复v3.0版本打helm chart包时报错 [链接](http://github.com/TencentBlueKing/bk-ci/issues/11391)
+
 # v3.0.11
 ## 2024-12-05
 ### Changelog since v3.0.0

diff --git a/CHANGELOG/zh_CN/CHANGELOG-3.1.md b/CHANGELOG/zh_CN/CHANGELOG-3.1.md
diff --git a/...n/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt b/...n/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt
@@ -29,6 +29,7 @@ package com.tencent.devops.auth.provider.rbac.service
 
 import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
 import com.tencent.bk.sdk.iam.dto.V2PageInfoDTO
+import com.tencent.bk.sdk.iam.dto.manager.GroupMemberVerifyInfo
 import com.tencent.bk.sdk.iam.dto.manager.dto.SearchGroupDTO
 import com.tencent.bk.sdk.iam.exception.IamException
 import com.tencent.bk.sdk.iam.service.v2.V2ManagerService
@@ -161,10 +162,16 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor(
                 if (deptService.isUserDeparted(memberId)) {
                     return@forEach
                 }
-                val verifyResults = iamV2ManagerService.verifyGroupValidMember(
-                    memberId,
-                    groupInfos.joinToString(",") { it.iamGroupId.toString() }
-                )
+                // 获取用户加入组的有效期
+                val groupIds = groupInfos.map { it.iamGroupId }
+                val verifyResults = mutableMapOf<Int, GroupMemberVerifyInfo>()
+                groupIds.chunked(20).forEach { batchGroupIds ->
+                    val batchVerifyGroupValidMember = iamV2ManagerService.verifyGroupValidMember(
+                        memberId,
+                        batchGroupIds.joinToString(",")
+                    )
+                    verifyResults.putAll(batchVerifyGroupValidMember)
+                }
                 verifyResults.forEach { (groupId, verifyResult) ->
                     if (verifyResult.belong == true && verifyResult.expiredAt > LocalDateTime.now().timestamp()) {
                         logger.info("The member of group needs to be renewed:$projectCode|$groupId|$memberId")

diff --git a/...tlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt b/...tlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
@@ -589,7 +589,7 @@ class RbacPermissionResourceMemberService(
         groupId: Int,
         memberRenewalDTO: GroupMemberRenewalDTO
     ): Boolean {
-        logger.info("renewal group member|$userId|$projectCode|$resourceType|$groupId")
+        logger.info("renewal group member|$userId|$projectCode|$resourceType|$groupId|${memberRenewalDTO.expiredAt}")
         val managerMemberGroupDTO = GroupMemberRenewApplicationDTO.builder()
             .groupIds(listOf(groupId))
             .expiredAt(memberRenewalDTO.expiredAt)

diff --git a/...th/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt b/...th/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionService.kt
@@ -51,6 +51,7 @@ import com.tencent.devops.common.auth.rbac.utils.RbacAuthUtils
 import com.tencent.devops.common.client.Client
 import com.tencent.devops.common.service.trace.TraceTag
 import com.tencent.devops.common.service.utils.LogUtils
+import com.tencent.devops.process.api.service.ServicePipelineViewResource
 import com.tencent.devops.process.api.user.UserPipelineViewResource
 import org.slf4j.LoggerFactory
 import org.slf4j.MDC
@@ -360,6 +361,30 @@ class RbacPermissionService(
                         projectCode = projectCode,
                         resourceType = resourceType
                     )
+
+                resourceType == AuthResourceType.PIPELINE_DEFAULT.value -> {
+                    val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds ->
+                        client.get(ServicePipelineViewResource::class).listPipelineIdByViewIds(
+                            projectId = projectCode,
+                            viewIdsEncode = authViewIds
+                        ).data
+                    } ?: emptyList()
+
+                    val authPipelineIamIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList()
+                    val pipelineIds = mutableSetOf<String>().apply {
+                        addAll(authViewPipelineIds)
+                        addAll(
+                            getFinalResourceCodes(
+                                projectCode = projectCode,
+                                resourceType = resourceType,
+                                iamResourceCodes = authPipelineIamIds,
+                                createUser = userId
+                            )
+                        )
+                    }
+                    pipelineIds.toList()
+                }
+
                 // 返回具体资源列表
                 else -> {
                     val iamResourceCodes = instanceMap[resourceType] ?: emptyList()

diff --git a/...ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/ErrorType.kt b/...ci/core/common/common-api/src/main/kotlin/com/tencent/devops/common/api/pojo/ErrorType.kt
@@ -36,6 +36,7 @@ enum class ErrorType(
     val typeName: String,
     val num: Int
 ) {
+    // 非常注意：此关联前端展示的图标，前端枚举需要同步更新
     SYSTEM("system", 0), // 0 系统运行报错
     USER("user", 1), // 1 用户配置报错
     THIRD_PARTY("thirdParty", 2), // 2 第三方系统接入错误

diff --git a/...ess/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt b/...ess/src/main/kotlin/com/tencent/devops/process/api/service/ServicePipelineViewResource.kt
@@ -208,4 +208,14 @@ interface ServicePipelineViewResource {
         @PathParam("pipelineId")
         pipelineId: String
     ): Result<Set<Long>>
+
+    @Operation(summary = "根据视图ID获取流水线ID列表")
+    @POST
+    @Path("/pipelines/listPipelineIdByViewIds")
+    fun listPipelineIdByViewIds(
+        @PathParam("projectId")
+        projectId: String,
+        @Parameter(description = "按视图过滤", required = false)
+        viewIdsEncode: List<String>
+    ): Result<List<String>>
 }
diff --git a/...process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt b/...process/src/main/kotlin/com/tencent/devops/process/api/ServicePipelineViewResourceImpl.kt
@@ -208,4 +208,13 @@ class ServicePipelineViewResourceImpl @Autowired constructor(
             pipelineViewGroupService.listViewIdsByPipelineId(projectId, pipelineId)
         )
     }
+
+    override fun listPipelineIdByViewIds(
+        projectId: String,
+        viewIdsEncode: List<String>
+    ): Result<List<String>> {
+        return Result(
+            pipelineViewGroupService.listPipelineIdsByViewIds(projectId, viewIdsEncode)
+        )
+    }
 }
diff --git a/...rc/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt b/...rc/main/kotlin/com/tencent/devops/process/permission/AbstractPipelinePermissionService.kt
@@ -242,6 +242,6 @@ abstract class AbstractPipelinePermissionService constructor(
     }
 
     override fun isControlPipelineListPermission(projectId: String): Boolean {
-        return true
+        return false
     }
 }
diff --git a/...ss/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt b/...ss/src/main/kotlin/com/tencent/devops/process/permission/RbacPipelinePermissionService.kt
@@ -186,43 +186,19 @@ class RbacPipelinePermissionService(
         }
     }
 
-    override fun getResourceByPermission(userId: String, projectId: String, permission: AuthPermission): List<String> {
-        logger.info("[rbac] get resource by permission|$userId|$projectId|$permission")
-        val startEpoch = System.currentTimeMillis()
-        try {
-            // 获取有权限的流水线、流水线组、项目列表
-            val instanceMap = authPermissionApi.getUserResourceAndParentByPermission(
-                user = userId,
-                serviceCode = pipelineAuthServiceCode,
-                projectCode = projectId,
-                permission = permission,
-                resourceType = resourceType
-            )
-            return when {
-                // 如果有项目下所有该资源权限,返回项目下流水线列表
-                instanceMap[AuthResourceType.PROJECT.value]?.contains(projectId) == true ->
-                    getAllAuthPipelineIds(projectId = projectId)
-
-                else -> {
-                    // 获取有权限流水线组下的流水线
-                    val authViewPipelineIds = instanceMap[AuthResourceType.PIPELINE_GROUP.value]?.let { authViewIds ->
-                        pipelineViewGroupCommonService.listPipelineIdsByViewIds(projectId, authViewIds)
-                    } ?: emptyList()
-                    // 获取有权限的流水线列表
-                    val authPipelineIds = instanceMap[AuthResourceType.PIPELINE_DEFAULT.value] ?: emptyList()
-
-                    val pipelineIds = mutableSetOf<String>()
-                    pipelineIds.addAll(authViewPipelineIds)
-                    pipelineIds.addAll(authPipelineIds)
-                    pipelineIds.toList()
-                }
-            }
-        } finally {
-            logger.info(
-                "It take(${System.currentTimeMillis() - startEpoch})ms to get resource by permission|" +
-                    "$userId|$projectId|$permission"
-            )
-        }
+    override fun getResourceByPermission(
+        userId: String,
+        projectId: String,
+        permission: AuthPermission
+    ): List<String> {
+        return authPermissionApi.getUserResourceByPermission(
+            user = userId,
+            serviceCode = pipelineAuthServiceCode,
+            resourceType = resourceType,
+            projectCode = projectId,
+            permission = permission,
+            supplier = null
+        )
     }
 
     override fun filterPipelines(

diff --git a/...z-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt b/...z-process/src/main/kotlin/com/tencent/devops/process/service/PipelineInfoFacadeService.kt
@@ -1084,6 +1084,18 @@ class PipelineInfoFacadeService @Autowired constructor(
                 )
                 modelCheckPlugin.beforeDeleteElementInExistsModel(existModel, model, param)
             }
+            val templateId = model.templateId
+
+            if (templateId != null) {
+                // 如果是根据模板创建的流水线需为model设置srcTemplateId
+                model.srcTemplateId = templateDao.getSrcTemplateId(
+                    dslContext = dslContext,
+                    projectId = projectId,
+                    templateId = templateId,
+                    type = TemplateType.CONSTRAINT.name
+                )
+            }
+
             val deployResult = pipelineRepositoryService.deployPipeline(
                 model = model,
                 projectId = projectId,

diff --git a/...-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt b/...-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt
@@ -59,6 +59,7 @@ import com.tencent.devops.common.auth.api.pojo.ProjectConditionDTO
 import com.tencent.devops.common.auth.api.pojo.ResourceRegisterInfo
 import com.tencent.devops.common.auth.api.pojo.SubjectScopeInfo
 import com.tencent.devops.common.auth.code.ProjectAuthServiceCode
+import com.tencent.devops.common.auth.enums.SubjectScopeType
 import com.tencent.devops.common.client.Client
 import com.tencent.devops.common.client.ClientTokenService
 import com.tencent.devops.common.event.dispatcher.SampleEventDispatcher
@@ -766,9 +767,27 @@ abstract class AbsProjectServiceImpl @Autowired constructor(
         beforeSubjectScopes: List<SubjectScopeInfo>,
         afterSubjectScopes: List<SubjectScopeInfo>
     ): Boolean {
-        val beforeIds = beforeSubjectScopes.map { it.id }.toSet()
-        val afterIds = afterSubjectScopes.map { it.id }.toSet()
-        return beforeIds != afterIds
+        val beforeUsernames = beforeSubjectScopes
+            .filter { it.type == SubjectScopeType.USER.value }
+            .map { it.username }
+            .toSet()
+
+        val afterUsernames = afterSubjectScopes
+            .filter { it.type == SubjectScopeType.USER.value }
+            .map { it.username }
+            .toSet()
+
+        val beforeDeptIds = beforeSubjectScopes
+            .filter { it.type != SubjectScopeType.USER.value }
+            .map { it.id }
+            .toSet()
+
+        val afterDeptIds = afterSubjectScopes
+            .filter { it.type != SubjectScopeType.USER.value }
+            .map { it.id }
+            .toSet()
+
+        return beforeUsernames != afterUsernames || beforeDeptIds != afterDeptIds
     }
 
     private fun updateApprovalInfo(

diff --git a/...z-store/src/main/kotlin/com/tencent/devops/store/atom/service/impl/AtomPropServiceImpl.kt b/...z-store/src/main/kotlin/com/tencent/devops/store/atom/service/impl/AtomPropServiceImpl.kt
@@ -29,19 +29,22 @@ package com.tencent.devops.store.atom.service.impl
 
 import com.fasterxml.jackson.core.type.TypeReference
 import com.github.benmanes.caffeine.cache.Caffeine
+import com.tencent.devops.common.api.auth.REFERER
 import com.tencent.devops.common.api.constant.CommonMessageCode
 import com.tencent.devops.common.api.exception.ErrorCodeException
 import com.tencent.devops.common.api.util.JsonUtil
+import com.tencent.devops.common.api.util.ThreadLocalUtil
 import com.tencent.devops.common.util.RegexUtils
+import com.tencent.devops.common.web.utils.BkApiUtil
 import com.tencent.devops.common.web.utils.I18nUtil
 import com.tencent.devops.model.store.tables.TAtom
 import com.tencent.devops.store.atom.dao.AtomDao
 import com.tencent.devops.store.atom.dao.AtomPropDao
-import com.tencent.devops.store.pojo.atom.AtomProp
 import com.tencent.devops.store.atom.service.AtomPropService
 import com.tencent.devops.store.common.service.StoreI18nMessageService
 import com.tencent.devops.store.common.service.action.StoreDecorateFactory
 import com.tencent.devops.store.common.utils.StoreUtils
+import com.tencent.devops.store.pojo.atom.AtomProp
 import com.tencent.devops.store.pojo.atom.enums.AtomStatusEnum
 import com.tencent.devops.store.pojo.common.ATOM_OUTPUT
 import com.tencent.devops.store.pojo.common.enums.StoreTypeEnum
@@ -81,8 +84,10 @@ class AtomPropServiceImpl @Autowired constructor(
         var atomPropMap: MutableMap<String, AtomProp>? = null
         // 从缓存中查找插件属性信息
         var queryDbAtomCodes: MutableList<String>? = null
+        val referer = BkApiUtil.getHttpServletRequest()?.getHeader(REFERER) ?: ThreadLocalUtil.get(REFERER)?.toString()
+        val refererHost = referer?.let { RegexUtils.splitDomainContextPath("$referer/")?.first } ?: ""
         atomCodes.forEach { atomCode ->
-            val atomProp = atomPropCache.getIfPresent(atomCode)
+            val atomProp = atomPropCache.getIfPresent("$refererHost:$atomCode")
             if (atomProp != null) {
                 if (atomPropMap == null) {
                     atomPropMap = mutableMapOf()
@@ -124,7 +129,7 @@ class AtomPropServiceImpl @Autowired constructor(
                 )
                 atomPropMap!![atomCode] = atomProp
                 // 把数据放入缓存
-                atomPropCache.put(atomCode, atomProp)
+                atomPropCache.put("$refererHost:$atomCode", atomProp)
             }
         }
         return atomPropMap

diff --git a/src/frontend/devops-pipeline/src/components/ExecPipeline.vue b/src/frontend/devops-pipeline/src/components/ExecPipeline.vue
@@ -358,8 +358,8 @@
             errorList () {
                 return this.execDetail?.errorInfoList?.map((error, index) => ({
                 ...error,
-                errorTypeAlias: this.$t(errorTypeMap[error.errorType].title),
-                errorTypeConf: errorTypeMap[error.errorType]
+                errorTypeAlias: this.$t(errorTypeMap[error.errorType]?.title ?? errorTypeMap[0]?.title),
+                errorTypeConf: errorTypeMap[error.errorType] ?? errorTypeMap[0]
             }))
             },
             showErrorPopup () {

diff --git a/src/frontend/devops-pipeline/src/utils/pipelineConst.js b/src/frontend/devops-pipeline/src/utils/pipelineConst.js
@@ -101,6 +101,10 @@ export const errorTypeMap = [
     {
         title: 'pluginError',
         icon: 'error-plugin'
+    },
+    {
+        title: 'containerError',
+        icon: 'error-node'
     }
 ]
 

diff --git a/src/frontend/locale/pipeline/en-US.json b/src/frontend/locale/pipeline/en-US.json
@@ -40,6 +40,7 @@
   "systemError": "SYSTEM",
   "thirdPartyError": "THIRD_PARTY",
   "pluginError": "PLUGIN",
+  "containerError": "AGENT",
   "createTime": "Create time",
   "retry": "Retry",
   "resume": "Continue",

diff --git a/src/frontend/locale/pipeline/zh-CN.json b/src/frontend/locale/pipeline/zh-CN.json
@@ -28,6 +28,7 @@
   "systemError": "系统运行错误",
   "thirdPartyError": "第三方系统错误",
   "pluginError": "插件执行错误",
+  "containerError": "构建机执行错误",
   "create": "创建",
   "createTime": "创建时间",
   "add": "新建",