feat: Job 支持多租户 TencentBlueKing#3369

wangyu096 · Jan 6, 2025 · d087529 · d087529
1 parent cbb392e
commit d087529
Show file tree

Hide file tree

Showing 61 changed files with 1,214 additions and 362 deletions.
diff --git a/...nd/commons/cmdb-sdk/src/main/java/com/tencent/bk/job/common/cc/sdk/BaseCmdbApiClient.java b/...nd/commons/cmdb-sdk/src/main/java/com/tencent/bk/job/common/cc/sdk/BaseCmdbApiClient.java
@@ -37,7 +37,7 @@
 import com.tencent.bk.job.common.esb.model.EsbReq;
 import com.tencent.bk.job.common.esb.model.EsbResp;
 import com.tencent.bk.job.common.esb.model.OpenApiRequestInfo;
-import com.tencent.bk.job.common.esb.sdk.BkApiClient;
+import com.tencent.bk.job.common.esb.sdk.BkApiV1Client;
 import com.tencent.bk.job.common.exception.InternalCmdbException;
 import com.tencent.bk.job.common.exception.InternalException;
 import com.tencent.bk.job.common.metrics.CommonMetricNames;
@@ -101,11 +101,11 @@ public class BaseCmdbApiClient {
     /**
      * CMDB ESB API 客户端
      */
-    protected BkApiClient esbCmdbApiClient;
+    protected BkApiV1Client esbCmdbApiClient;
     /**
      * CMDB 蓝鲸网关 API 客户端
      */
-    protected BkApiClient apiGwCmdbApiClient;
+    protected BkApiV1Client apiGwCmdbApiClient;
 
     static {
         interfaceNameMap.put(SEARCH_BIZ_INST_TOPO, "search_biz_inst_topo");
@@ -136,14 +136,14 @@ protected BaseCmdbApiClient(FlowController flowController,
                                 MeterRegistry meterRegistry,
                                 String lang) {
         WatchableHttpHelper httpHelper = HttpHelperFactory.getRetryableHttpHelper();
-        this.esbCmdbApiClient = new BkApiClient(meterRegistry,
+        this.esbCmdbApiClient = new BkApiV1Client(meterRegistry,
             CmdbMetricNames.CMDB_API_PREFIX,
             esbProperties.getService().getUrl(),
             httpHelper,
             lang
         );
         this.esbCmdbApiClient.setLogger(LoggerFactory.getLogger(this.getClass()));
-        this.apiGwCmdbApiClient = new BkApiClient(meterRegistry,
+        this.apiGwCmdbApiClient = new BkApiV1Client(meterRegistry,
             CmdbMetricNames.CMDB_API_PREFIX,
             bkApiGatewayProperties.getCmdb().getUrl(),
             httpHelper,
@@ -218,7 +218,7 @@ protected <R> EsbResp<R> requestCmdbApi(ApiGwType apiGwType,
         }
     }
 
-    private BkApiClient getApiClientByApiGwType(ApiGwType apiGwType) {
+    private BkApiV1Client getApiClientByApiGwType(ApiGwType apiGwType) {
         switch (apiGwType) {
             case ESB:
                 return esbCmdbApiClient;

diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message.properties
@@ -63,9 +63,10 @@
 1211003=根据动态分组 ID 查找主机失败，动态分组 ID ：{0}，原因：{1}，请确认指定的动态分组在业务下是否存在
 1211004=根据业务ID查找动态分组失败，业务 ID ：{0}，原因：{1}，请确认指定的业务是否存在动态分组
 1213001=CMSI 接口访问异常
-1213002=用户管理接口访问异常
 1213003=调用 CMSI 接口获取通知渠道数据异常
 1213004=调用 CMSI 接口发送通知失败，错误码：{0}，错误信息：{1}
+1219001=蓝鲸登录接口访问异常
+1220001=用户管理接口访问异常
 
 1214001=ARTIFACTORY API 返回数据异常
 1214002=制品库中找不到节点：{0}，请到制品库核实

diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en.properties
@@ -63,9 +63,10 @@
 1211003=Fail to find host by dynamic group, id:{0}, reason:{1}, please confirm the specified dynamic group in business
 1211004=Fail to find dynamic group by biz, id:{0}, reason:{1}, please confirm dynamic group in the specified business
 1213001=Fail to request CMSI API
-1213002=Fail to request UserManage API
 1213003=CMSI exception when get notify channels
 1213004=CMSI exception when send notify, error_code={0}, error_msg={1}
+1219001=Fail to request bk-login API
+1220001=Fail to request bk-user-manage API
 
 1214001=ARTIFACTORY API returned data exception
 1214002=Cannot find node in bkrepo:{0}, please check in bkrepo

diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_en_US.properties
@@ -63,9 +63,9 @@
 1211003=Fail to find host by dynamic group, id:{0}, reason:{1}, please confirm the specified dynamic group in business
 1211004=Fail to find dynamic group by biz, id:{0}, reason:{1}, please confirm dynamic group in the specified business
 1213001=Fail to request CMSI API
-1213002=Fail to request UserManage API
 1213003=CMSI exception when get notify channels
 1213004=CMSI exception when send notify, error_code={0}, error_msg={1}
+1220001=Fail to request bk-user-manage API
 
 1214001=ARTIFACTORY API returned data exception
 1214002=Cannot find node in bkrepo:{0}, please check in bkrepo

diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh.properties
@@ -63,9 +63,10 @@
 1211003=根据动态分组 ID 查找主机失败，动态分组 ID ：{0}，原因：{1}，请确认指定的动态分组在业务下是否存在
 1211004=根据业务ID查找动态分组失败，业务 ID ：{0}，原因：{1}，请确认指定的业务是否存在动态分组
 1213001=CMSI 接口访问异常
-1213002=用户管理接口访问异常
 1213003=调用 CMSI 接口获取通知渠道数据异常
 1213004=调用 CMSI 接口发送通知失败，错误码：{0}，错误信息：{1}
+1219001=蓝鲸登录接口访问异常
+1220001=用户管理接口访问异常
 
 1214001=ARTIFACTORY API 返回数据异常
 1214002=制品库中找不到节点：{0}，请到制品库核实

diff --git a/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh_CN.properties b/src/backend/commons/common-i18n/src/main/resources/i18n/exception/message_zh_CN.properties
@@ -63,9 +63,10 @@
 1211003=根据动态分组 ID 查找主机失败，动态分组 ID ：{0}，原因：{1}，请确认指定的动态分组在业务下是否存在
 1211004=根据业务ID查找动态分组失败，业务 ID ：{0}，原因：{1}，请确认指定的业务是否存在动态分组
 1213001=CMSI 接口访问异常
-1213002=用户管理接口访问异常
 1213003=调用 CMSI 接口获取通知渠道数据异常
 1213004=调用 CMSI 接口发送通知失败，错误码：{0}，错误信息：{1}
+1219001=蓝鲸登录接口访问异常
+1220001=用户管理接口访问异常
 
 1214001=ARTIFACTORY API 返回数据异常
 1214002=制品库中找不到节点：{0}，请到制品库核实

diff --git a/...k/job/common/iam/client/EsbIamClient.java → ...job/common/iam/client/EsbIamV1Client.java b/...k/job/common/iam/client/EsbIamClient.java → ...job/common/iam/client/EsbIamV1Client.java
@@ -33,7 +33,7 @@
 import com.tencent.bk.job.common.esb.model.EsbReq;
 import com.tencent.bk.job.common.esb.model.EsbResp;
 import com.tencent.bk.job.common.esb.model.OpenApiRequestInfo;
-import com.tencent.bk.job.common.esb.sdk.BkApiClient;
+import com.tencent.bk.job.common.esb.sdk.BkApiV1Client;
 import com.tencent.bk.job.common.exception.InternalIamException;
 import com.tencent.bk.job.common.iam.dto.AuthByPathReq;
 import com.tencent.bk.job.common.iam.dto.BatchAuthByPathReq;
@@ -64,7 +64,7 @@
  * IAM API 调用客户端
  */
 @Slf4j
-public class EsbIamClient extends BkApiClient implements IIamClient {
+public class EsbIamV1Client extends BkApiV1Client implements IIamClient {
 
     private static final String API_GET_APPLY_URL = "/api/c/compapi/v2/iam/application/";
     private static final String API_REGISTER_RESOURCE_URL =
@@ -76,9 +76,9 @@ public class EsbIamClient extends BkApiClient implements IIamClient {
 
     private final BkApiAuthorization authorization;
 
-    public EsbIamClient(MeterRegistry meterRegistry,
-                        AppProperties appProperties,
-                        EsbProperties esbProperties) {
+    public EsbIamV1Client(MeterRegistry meterRegistry,
+                          AppProperties appProperties,
+                          EsbProperties esbProperties) {
         super(
             meterRegistry,
             IAM_API,

diff --git a/...mmon-iam/src/main/java/com/tencent/bk/job/common/iam/service/impl/AppAuthServiceImpl.java b/...mmon-iam/src/main/java/com/tencent/bk/job/common/iam/service/impl/AppAuthServiceImpl.java
@@ -27,7 +27,7 @@
 import com.tencent.bk.job.common.constant.ResourceScopeTypeEnum;
 import com.tencent.bk.job.common.esb.config.AppProperties;
 import com.tencent.bk.job.common.esb.config.EsbProperties;
-import com.tencent.bk.job.common.iam.client.EsbIamClient;
+import com.tencent.bk.job.common.iam.client.EsbIamV1Client;
 import com.tencent.bk.job.common.iam.config.JobIamProperties;
 import com.tencent.bk.job.common.iam.constant.ActionId;
 import com.tencent.bk.job.common.iam.constant.ResourceTypeEnum;
@@ -68,7 +68,7 @@ public class AppAuthServiceImpl extends BasicAuthService implements AppAuthServi
     private final BusinessAuthHelper businessAuthHelper;
     private final PolicyService policyService;
     private final JobIamProperties jobIamProperties;
-    private final EsbIamClient iamClient;
+    private final EsbIamV1Client iamClient;
     private ResourceNameQueryService resourceNameQueryService;
 
     public AppAuthServiceImpl(AuthHelper authHelper,
@@ -82,7 +82,7 @@ public AppAuthServiceImpl(AuthHelper authHelper,
         this.businessAuthHelper = businessAuthHelper;
         this.policyService = policyService;
         this.jobIamProperties = jobIamProperties;
-        this.iamClient = new EsbIamClient(
+        this.iamClient = new EsbIamV1Client(
             meterRegistry,
             new AppProperties(iamConfiguration.getAppCode(), iamConfiguration.getAppSecret()),
             esbProperties);

diff --git a/.../common-iam/src/main/java/com/tencent/bk/job/common/iam/service/impl/AuthServiceImpl.java b/.../common-iam/src/main/java/com/tencent/bk/job/common/iam/service/impl/AuthServiceImpl.java
@@ -29,12 +29,12 @@
 import com.tencent.bk.job.common.esb.config.EsbProperties;
 import com.tencent.bk.job.common.esb.model.EsbResp;
 import com.tencent.bk.job.common.esb.model.iam.EsbActionDTO;
-import com.tencent.bk.job.common.esb.model.iam.EsbApplyPermissionDTO;
+import com.tencent.bk.job.common.esb.model.iam.OpenApiApplyPermissionDTO;
 import com.tencent.bk.job.common.esb.model.iam.EsbInstanceDTO;
 import com.tencent.bk.job.common.esb.model.iam.EsbRelatedResourceTypeDTO;
 import com.tencent.bk.job.common.exception.InternalException;
 import com.tencent.bk.job.common.i18n.service.MessageI18nService;
-import com.tencent.bk.job.common.iam.client.EsbIamClient;
+import com.tencent.bk.job.common.iam.client.EsbIamV1Client;
 import com.tencent.bk.job.common.iam.constant.ActionInfo;
 import com.tencent.bk.job.common.iam.constant.Actions;
 import com.tencent.bk.job.common.iam.constant.ResourceTypeEnum;
@@ -70,7 +70,7 @@
 @Slf4j
 public class AuthServiceImpl extends BasicAuthService implements AuthService {
     private final AuthHelper authHelper;
-    private final EsbIamClient iamClient;
+    private final EsbIamV1Client iamClient;
     private final MessageI18nService i18nService;
     private ResourceNameQueryService resourceNameQueryService;
 
@@ -81,7 +81,7 @@ public AuthServiceImpl(AuthHelper authHelper,
                            MeterRegistry meterRegistry) {
         this.authHelper = authHelper;
         this.i18nService = i18nService;
-        this.iamClient = new EsbIamClient(
+        this.iamClient = new EsbIamV1Client(
             meterRegistry,
             new AppProperties(iamConfiguration.getAppCode(), iamConfiguration.getAppSecret()),
             esbProperties);
@@ -313,7 +313,7 @@ private Map<String, Map<String, List<PermissionResource>>> groupResourcesByActio
     @Override
     public <T> EsbResp<T> buildEsbAuthFailResp(List<PermissionActionResource> permissionActionResources) {
         List<ActionDTO> actions = buildApplyActions(permissionActionResources);
-        EsbApplyPermissionDTO applyPermission = new EsbApplyPermissionDTO();
+        OpenApiApplyPermissionDTO applyPermission = new OpenApiApplyPermissionDTO();
         applyPermission.setSystemId(SystemId.JOB);
         applyPermission.setSystemName(i18nService.getI18n("system.bk_job"));
         applyPermission.setActions(actions.stream().map(this::convertToEsbAction).collect(Collectors.toList()));

diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/constant/ErrorCode.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/constant/ErrorCode.java
@@ -58,11 +58,8 @@ public class ErrorCode {
     // 根据业务ID查找动态分组失败，业务ID：{0}，原因：{1}，请确认指定的业务是否存在动态分组
     public static final int FAIL_TO_FIND_DYNAMIC_GROUP_BY_BIZ = 1211004;
 
-    // PaaS异常
     // CMSI接口访问异常
     public static final int CMSI_API_ACCESS_ERROR = 1213001;
-    // 用户管理接口访问异常
-    public static final int USER_MANAGE_API_ACCESS_ERROR = 1213002;
     // 调用CMSI接口获取通知渠道数据异常
     public static final int CMSI_MSG_CHANNEL_DATA_ERROR = 1213003;
     // 调用CMSI接口发送通知失败，错误码：{0}，错误信息：{1}
@@ -96,6 +93,13 @@ public class ErrorCode {
     // 蓝鲸OpenAI接口数据超时
     public static final int BK_OPEN_AI_API_DATA_TIMEOUT = 1218003;
 
+    // bk-login（蓝鲸登录） 接口调用异常
+    public static final int BK_LOGIN_API_ERROR = 1219001;
+
+    // bk-user-manage（用户管理） 接口调用异常
+    public static final int BK_USER_MANAGE_API_ERROR = 1220001;
+
+
     // ======== 系统错误-权限错误 ==================//
     // 用户({0})权限不足，请前往权限中心确认并申请补充后重试
     public static final int PERMISSION_DENIED = 1238001;

diff --git a/...end/commons/common/src/main/java/com/tencent/bk/job/common/constant/JobCommonHeaders.java b/...end/commons/common/src/main/java/com/tencent/bk/job/common/constant/JobCommonHeaders.java
@@ -47,4 +47,9 @@ public interface JobCommonHeaders {
      * 蓝鲸网关-从网关来的请求，与ESB请求区分
      */
     String BK_GATEWAY_FROM = "X-Bkapi-From";
+
+    /**
+     * 租户 ID
+     */
+    String BK_TENANT_ID = "X-Bk-Tenant-Id";
 }
diff --git a/...nd/commons/common/src/main/java/com/tencent/bk/job/common/constant/TenantIdConstants.java b/...nd/commons/common/src/main/java/com/tencent/bk/job/common/constant/TenantIdConstants.java
@@ -0,0 +1,17 @@
+package com.tencent.bk.job.common.constant;
+
+/**
+ * 租户 ID 常量
+ */
+public interface TenantIdConstants {
+
+    /**
+     * 单租户环境默认租户 ID
+     */
+    String SINGLE_TENANT_ENV_DEFAULT_TENANT_ID = "default";
+
+    /**
+     * 多租户环境默认租户 ID
+     */
+    String MULTI_TENANT_ENV_DEFAULT_TENANT_ID = "system";
+}
diff --git a/...end/commons/common/src/main/java/com/tencent/bk/job/common/metrics/CommonMetricNames.java b/...end/commons/common/src/main/java/com/tencent/bk/job/common/metrics/CommonMetricNames.java
@@ -31,19 +31,19 @@ public class CommonMetricNames {
     /**
      * 仅统计调用ESB BK-LOGIN API的HTTP请求过程
      */
-    public static final String ESB_BK_LOGIN_API_HTTP = "job.client.bk.login.api.http";
+    public static final String BK_LOGIN_API_HTTP = "job.client.bk.login.api.http";
     /**
      * 仅统计调用ESB BK-LOGIN API的整个过程，含反序列化
      */
-    public static final String ESB_BK_LOGIN_API = "job.client.bk.login.api";
+    public static final String BK_LOGIN_API = "job.client.bk.login.api";
     /**
      * 仅统计调用ESB USER-MANAGE API的HTTP请求过程
      */
-    public static final String ESB_USER_MANAGE_API_HTTP = "job.client.user.manage.api.http";
+    public static final String USER_MANAGE_API_HTTP = "job.client.user.manage.api.http";
     /**
      * 统计调用ESB 用户管理 API的整个过程，含反序列化
      */
-    public static final String ESB_USER_MANAGE_API = "job.client.user.manage.api";
+    public static final String USER_MANAGE_API = "job.client.user.manage.api";
     /**
      * 仅统计调用ESB CMSI API的HTTP请求过程
      */

diff --git a/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/dto/BkUserDTO.java b/src/backend/commons/common/src/main/java/com/tencent/bk/job/common/model/dto/BkUserDTO.java
@@ -24,6 +24,7 @@
 
 package com.tencent.bk.job.common.model.dto;
 
+import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.ToString;
@@ -72,4 +73,14 @@ public class BkUserDTO {
      * 用户微信
      */
     private String wxUserId;
+
+    /**
+     * 用户所属租户 ID
+     */
+    private String tenantId;
+
+    /**
+     * 用户语言，枚举值：zh-cn / en
+     */
+    private String language;
 }
diff --git a/...ommons/common/src/main/java/com/tencent/bk/job/common/tenant/TenantAutoConfiguration.java b/...ommons/common/src/main/java/com/tencent/bk/job/common/tenant/TenantAutoConfiguration.java
@@ -0,0 +1,39 @@
+/*
+ * Tencent is pleased to support the open source community by making BK-JOB蓝鲸智云作业平台 available.
+ *
+ * Copyright (C) 2021 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-JOB蓝鲸智云作业平台 is licensed under the MIT License.
+ *
+ * License for BK-JOB蓝鲸智云作业平台:
+ * --------------------------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and
+ * to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
+ * THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+package com.tencent.bk.job.common.tenant;
+
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration(proxyBeanMethods = false)
+@EnableConfigurationProperties(TenantProperties.class)
+public class TenantAutoConfiguration {
+
+    @Bean
+    public TenantEnvService tenantEnvService(TenantProperties tenantProperties) {
+        return new TenantEnvService(tenantProperties);
+    }
+}
diff --git a/...ckend/commons/common/src/main/java/com/tencent/bk/job/common/tenant/TenantEnvService.java b/...ckend/commons/common/src/main/java/com/tencent/bk/job/common/tenant/TenantEnvService.java
@@ -0,0 +1,31 @@
+package com.tencent.bk.job.common.tenant;
+
+import com.tencent.bk.job.common.constant.TenantIdConstants;
+
+/**
+ * 租户环境信息 Service
+ */
+public class TenantEnvService {
+
+    private final TenantProperties tenantProperties;
+
+    public TenantEnvService(TenantProperties tenantProperties) {
+        this.tenantProperties = tenantProperties;
+    }
+
+
+    /**
+     * 该环境是否支持多租户
+     */
+    public boolean isTenantEnabled() {
+        return tenantProperties.isEnabled();
+    }
+
+    /**
+     * 获取默认的租户 ID
+     */
+    public String getDefaultTenantId() {
+        return isTenantEnabled() ? TenantIdConstants.MULTI_TENANT_ENV_DEFAULT_TENANT_ID :
+            TenantIdConstants.SINGLE_TENANT_ENV_DEFAULT_TENANT_ID;
+    }
+}