feat: Job 支持多租户 TencentBlueKing#3369

wangyu096 · Jan 13, 2025 · 9638f56 · 9638f56
1 parent 29f5eed
commit 9638f56
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 40 deletions.
diff --git a/...nd/commons/cmdb-sdk/src/main/java/com/tencent/bk/job/common/cc/sdk/BaseCmdbApiClient.java b/...nd/commons/cmdb-sdk/src/main/java/com/tencent/bk/job/common/cc/sdk/BaseCmdbApiClient.java
@@ -99,10 +99,6 @@ public class BaseCmdbApiClient {
      */
     protected final FlowController globalFlowController;
     protected final CmdbConfig cmdbConfig;
-    /**
-     * CMDB ESB API 客户端
-     */
-    protected BkApiV1Client esbCmdbApiClient;
     /**
      * CMDB 蓝鲸网关 API 客户端
      */
@@ -138,14 +134,6 @@ protected BaseCmdbApiClient(FlowController flowController,
                                 TenantEnvService tenantEnvService,
                                 String lang) {
         WatchableHttpHelper httpHelper = HttpHelperFactory.getRetryableHttpHelper();
-        this.esbCmdbApiClient = new BkApiV1Client(meterRegistry,
-            CmdbMetricNames.CMDB_API_PREFIX,
-            esbProperties.getService().getUrl(),
-            httpHelper,
-            lang,
-            tenantEnvService
-        );
-        this.esbCmdbApiClient.setLogger(LoggerFactory.getLogger(this.getClass()));
         this.apiGwCmdbApiClient = new BkApiV1Client(meterRegistry,
             CmdbMetricNames.CMDB_API_PREFIX,
             bkApiGatewayProperties.getCmdb().getUrl(),
@@ -166,17 +154,15 @@ protected <T extends EsbReq> T makeCmdbBaseReq(Class<T> reqClass) {
         return EsbReq.buildRequest(reqClass, cmdbSupplierAccount);
     }
 
-    protected <R> EsbResp<R> requestCmdbApi(ApiGwType apiGwType,
-                                            HttpMethodEnum method,
+    protected <R> EsbResp<R> requestCmdbApi(HttpMethodEnum method,
                                             String uri,
                                             String queryParams,
                                             EsbReq reqBody,
                                             TypeReference<EsbResp<R>> typeReference) {
-        return requestCmdbApi(apiGwType, method, uri, queryParams, reqBody, typeReference, null);
+        return requestCmdbApi(method, uri, queryParams, reqBody, typeReference, null);
     }
 
-    protected <R> EsbResp<R> requestCmdbApi(ApiGwType apiGwType,
-                                            HttpMethodEnum method,
+    protected <R> EsbResp<R> requestCmdbApi(HttpMethodEnum method,
                                             String uri,
                                             String queryParams,
                                             EsbReq reqBody,
@@ -210,7 +196,7 @@ protected <R> EsbResp<R> requestCmdbApi(ApiGwType apiGwType,
                 .body(reqBody)
                 .authorization(cmdbBkApiAuthorization)
                 .build();
-            return getApiClientByApiGwType(apiGwType).doRequest(requestInfo, typeReference, httpHelper);
+            return apiGwCmdbApiClient.doRequest(requestInfo, typeReference, httpHelper);
         } catch (Throwable e) {
             String errorMsg = "Fail to request CMDB data|method=" + method + "|uri=" + uri + "|queryParams="
                 + queryParams + "|body="
@@ -222,15 +208,15 @@ protected <R> EsbResp<R> requestCmdbApi(ApiGwType apiGwType,
         }
     }
 
-    private BkApiV1Client getApiClientByApiGwType(ApiGwType apiGwType) {
-        switch (apiGwType) {
-            case ESB:
-                return esbCmdbApiClient;
-            case BK_APIGW:
-                return apiGwCmdbApiClient;
-            default:
-                log.error("BkApiClient for type: {} not found", apiGwType.name());
-                throw new InternalException(ErrorCode.INTERNAL_ERROR);
-        }
-    }
+//    private BkApiV1Client getApiClientByApiGwType(ApiGwType apiGwType) {
+//        switch (apiGwType) {
+//            case ESB:
+//                return esbCmdbApiClient;
+//            case BK_APIGW:
+//                return apiGwCmdbApiClient;
+//            default:
+//                log.error("BkApiClient for type: {} not found", apiGwType.name());
+//                throw new InternalException(ErrorCode.INTERNAL_ERROR);
+//        }
+//    }
 }
diff --git a/...mon-web/src/main/java/com/tencent/bk/job/common/web/interceptor/JobCommonInterceptor.java b/...mon-web/src/main/java/com/tencent/bk/job/common/web/interceptor/JobCommonInterceptor.java
@@ -233,13 +233,24 @@ private boolean isClientOrServerError(HttpServletResponse response) {
     }
 
     private void addTenantId(HttpServletRequest request) {
-        // 使用 job-gateway 设置的租户 Header
-        String tenantId = request.getHeader(JobCommonHeaders.BK_TENANT_ID);
-        if (StringUtils.isEmpty(tenantId)) {
-            log.warn("Invalid request, tenant is not set");
+        HttpRequestSourceEnum requestSource = RequestUtil.parseHttpRequestSource(request);
+        if (requestSource == HttpRequestSourceEnum.UNKNOWN) {
             return;
         }
-        log.debug("Add tenant id to JobContext, tenantId: {}", tenantId);
-        JobContextUtil.setTenantId(tenantId);
+
+        switch (requestSource) {
+            // 仅需要处理 web/蓝鲸网关/esb 的请求
+            case WEB:
+            case ESB:
+                // 使用 job-gateway 设置的租户 Header
+                String tenantId = request.getHeader(JobCommonHeaders.BK_TENANT_ID);
+                if (StringUtils.isEmpty(tenantId)) {
+                    log.warn("Invalid request, tenant is not set");
+                    return;
+                }
+                log.debug("Add tenant id to JobContext, tenantId: {}", tenantId);
+                JobContextUtil.setTenantId(tenantId);
+                break;
+        }
     }
 }
diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/dto/BkUserDTO.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/dto/BkUserDTO.java
@@ -27,6 +27,8 @@
 import lombok.Getter;
 import lombok.Setter;
 import lombok.ToString;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 
 import java.util.Objects;
 
@@ -36,6 +38,7 @@
 @Getter
 @Setter
 @ToString
+@Slf4j
 public class BkUserDTO {
     /**
      * 用户ID
@@ -100,4 +103,16 @@ public boolean equals(Object o) {
     public int hashCode() {
         return Objects.hash(username);
     }
+
+    public boolean validate() {
+        if (StringUtils.isEmpty(username)) {
+            log.warn("Empty username");
+            return false;
+        }
+        if (StringUtils.isEmpty(tenantId)) {
+            log.warn("Empty tenantId");
+            return false;
+        }
+        return true;
+    }
 }
diff --git a/...ommons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/login/CustomLoginClient.java b/...ommons/paas-sdk/src/main/java/com/tencent/bk/job/common/paas/login/CustomLoginClient.java
@@ -25,6 +25,7 @@
 package com.tencent.bk.job.common.paas.login;
 
 import com.fasterxml.jackson.core.type.TypeReference;
+import com.tencent.bk.job.common.constant.TenantIdConstants;
 import com.tencent.bk.job.common.model.dto.BkUserDTO;
 import com.tencent.bk.job.common.util.http.HttpConPoolUtil;
 import com.tencent.bk.job.common.util.json.JsonUtils;
@@ -84,6 +85,7 @@ public BkUserDTO getUserInfoByToken(String token) {
             }
             BkUserDTO bkUserDto = new BkUserDTO();
             bkUserDto.setUsername(resp.getData().getUsername());
+            bkUserDto.setTenantId(TenantIdConstants.DEFAULT_TENANT_ID);
             return bkUserDto;
         } catch (Exception e) {
             log.error("Error occur when get user info", e);

diff --git a/...ay/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java b/...ay/src/main/java/com/tencent/bk/job/gateway/filter/web/AuthorizeGatewayFilterFactory.java
@@ -124,7 +124,7 @@ private GatewayFilter getLoginFilter() {
                     throw e;
                 }
             }
-            if (user == null) {
+            if (user == null || !user.validate()) {
                 log.warn("Invalid user token");
                 response.setStatusCode(HttpStatus.UNAUTHORIZED);
                 response.getHeaders().add("x-login-url", loginService.getLoginRedirectUrl());
@@ -135,6 +135,7 @@ private GatewayFilter getLoginFilter() {
             String tenantId = tenantEnvService.isTenantEnabled() ? user.getTenantId() :
                 TenantIdConstants.DEFAULT_TENANT_ID;
             request.mutate().header(JobCommonHeaders.BK_TENANT_ID, new String[]{tenantId}).build();
+            log.debug("Add user info, username: {}, tenantId: {}", user.getUsername(), tenantId);
             return chain.filter(exchange.mutate().request(request).build());
         };
     }

diff --git a/...src/main/java/com/tencent/bk/job/gateway/service/impl/OpenApiJwtPublicKeyServiceImpl.java b/...src/main/java/com/tencent/bk/job/gateway/service/impl/OpenApiJwtPublicKeyServiceImpl.java
@@ -25,6 +25,8 @@
 package com.tencent.bk.job.gateway.service.impl;
 
 import com.tencent.bk.job.common.constant.ErrorCode;
+import com.tencent.bk.job.common.constant.JobCommonHeaders;
+import com.tencent.bk.job.common.constant.TenantIdConstants;
 import com.tencent.bk.job.common.esb.config.AppProperties;
 import com.tencent.bk.job.common.esb.config.BkApiGatewayProperties;
 import com.tencent.bk.job.common.esb.config.EsbProperties;
@@ -108,6 +110,7 @@ public String getBkApiGatewayJWTPublicKey() {
         authInfo.put("bk_app_secret", appProperties.getSecret());
         HttpHeaders headers = new HttpHeaders();
         headers.add("X-Bkapi-Authorization", JsonUtils.toJson(authInfo));
+        headers.add(JobCommonHeaders.BK_TENANT_ID, TenantIdConstants.DEFAULT_TENANT_ID);
         EsbResp<EsbPublicKeyDTO> resp = restTemplate.exchange(
             url,
             HttpMethod.GET,

diff --git a/...nage/service-job-manage/src/main/java/com/tencent/bk/job/manage/task/UserSyncService.java b/...nage/service-job-manage/src/main/java/com/tencent/bk/job/manage/task/UserSyncService.java
@@ -135,8 +135,12 @@ private boolean syncUsersByTenant(String tenantId) {
             Set<BkUserDTO> remoteUserSet = CollectionUtils.isEmpty(remoteUserList) ?
                 Collections.emptySet(): new HashSet<>(remoteUserList);
 
-            // 2.计算差异数据
-            Set<BkUserDTO> localUserSet = new HashSet<>(userCacheService.listTenantUsers(tenantId));
+            // 2.获取本地缓存的租户下的所有用户
+            List<BkUserDTO> localUserList = userCacheService.listTenantUsers(tenantId);
+            Set<BkUserDTO> localUserSet = CollectionUtils.isEmpty(localUserList) ?
+                Collections.emptySet(): new HashSet<>(localUserList);
+
+            // 3.计算差异数据
             Set<BkUserDTO> addUsers = remoteUserSet.stream()
                 .filter(user -> !localUserSet.contains(user)).collect(Collectors.toSet());
             log.info("[{}] New users : {}",
@@ -148,7 +152,7 @@ private boolean syncUsersByTenant(String tenantId) {
                 tenantId,
                 deleteUsers.stream().map(BkUserDTO::getFullName).collect(Collectors.joining(",")));
 
-            // 3.保存
+            // 4.保存
             userCacheService.batchPatchUsers(deleteUsers, addUsers);
         } catch (Throwable t) {
             log.error("Sync user fail", t);

diff --git a/support-files/sql/job-execute/0026_job_execute_20241115-1000_V3.11.2_mysql.sql b/support-files/sql/job-execute/0026_job_execute_20241115-1000_V3.11.2_mysql.sql
@@ -29,7 +29,6 @@ BEGIN
                   AND INDEX_NAME = 'idx_app_id_task_instance_id') THEN
       ALTER TABLE task_instance_host ADD INDEX `idx_app_id_task_instance_id` (`app_id`,`task_instance_id`);
   END IF;
-
   -- step_instance_script
   IF NOT EXISTS(SELECT 1
                   FROM information_schema.COLUMNS