Develop (#306)

* feat(web api): query subject group details (#303) * feat(web api): query subject group details * Fix model api doc (#304) * fix(apidoc): model api path change to `/api/v1/model` prefix --------- Co-authored-by: kingofzihua <[email protected]> * docs: update 1.12.15 version log (#305) --------- Co-authored-by: kingofzihua <[email protected]>
TencentBlueKing · Aug 14, 2024 · 11aa05e · 11aa05e
1 parent 3a4635a
commit 11aa05e
Show file tree

Hide file tree

Showing 17 changed files with 294 additions and 20 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.12.14
+1.12.15
diff --git a/pkg/abac/pap/group.go b/pkg/abac/pap/group.go
@@ -45,6 +45,7 @@ type GroupController interface {
 		_type, id, systemID string, beforeExpiredAt, limit, offset int64,
 	) ([]SubjectGroup, error)
 	ListGroupSubjectBeforeExpiredAtBySubjects(subjects []Subject, expiredAt int64) ([]GroupSubject, error)
+	ListSubjectGroupDetails(_type, id string, groupIDs []string) ([]SubjectGroup, error)
 	CheckSubjectEffectGroups(_type, id string, groupIDs []string) (map[string]map[string]interface{}, error)
 
 	GetGroupMemberCount(_type, id string) (int64, error)
@@ -169,6 +170,73 @@ func (c *groupController) ListGroupSubjectBeforeExpiredAtBySubjects(
 	return relations, nil
 }
 
+func (c *groupController) ListSubjectGroupDetails(_type, id string, groupIDs []string) ([]SubjectGroup, error) {
+	errorWrapf := errorx.NewLayerFunctionErrorWrapf(GroupCTL, "ListSubjectGroupDetails")
+
+	// subject Type+ID to PK
+	subjectPK, err := cacheimpls.GetLocalSubjectPK(_type, id)
+	if err != nil {
+		return nil, errorWrapf(err, "cacheimpls.GetLocalSubjectPK _type=`%s`, id=`%s` fail", _type, id)
+	}
+
+	groupPKToID := make(map[int64]string, len(groupIDs))
+	groupPKs := make([]int64, 0, len(groupIDs))
+	for _, groupID := range groupIDs {
+		// if groupID is empty, skip
+		if groupID == "" {
+			continue
+		}
+
+		// get the groupPK via groupID
+		groupPK, err := cacheimpls.GetLocalSubjectPK(types.GroupType, groupID)
+		if err != nil {
+			if errors.Is(err, sql.ErrNoRows) {
+				log.WithError(err).Debugf("cacheimpls.GetSubjectPK type=`group`, id=`%s` fail", groupID)
+				continue
+			}
+
+			return nil, errorWrapf(
+				err,
+				"cacheimpls.GetSubjectPK _type=`%s`, id=`%s` fail",
+				types.GroupType,
+				groupID,
+			)
+		}
+
+		groupPKs = append(groupPKs, groupPK)
+		groupPKToID[groupPK] = groupID
+	}
+
+	// NOTE: if the performance is a problem, change this to a local cache, key: subjectPK, value int64Set
+	svcSubjectGroups, err := c.service.ListSubjectGroupsBySubjectPKGroupPKs(subjectPK, groupPKs)
+	if err != nil {
+		return nil, errorWrapf(
+			err,
+			"service.ListSubjectGroupsBySubjectPKGroupPKs subjectPKs=`%d`, groupPKs=`%+v` fail",
+			subjectPK,
+			groupPKs,
+		)
+	}
+
+	groups := make([]SubjectGroup, 0, len(svcSubjectGroups))
+	for _, m := range svcSubjectGroups {
+		groupID, ok := groupPKToID[m.GroupPK]
+		if !ok {
+			continue
+		}
+
+		groups = append(groups, SubjectGroup{
+			PK:        m.PK,
+			Type:      types.GroupType,
+			ID:        groupID,
+			ExpiredAt: m.ExpiredAt,
+			CreatedAt: m.CreatedAt,
+		})
+	}
+
+	return groups, nil
+}
+
 func (c *groupController) CheckSubjectEffectGroups(
 	_type, id string,
 	groupIDs []string,

diff --git a/pkg/abac/pap/group_test.go b/pkg/abac/pap/group_test.go
@@ -354,6 +354,95 @@ var _ = Describe("GroupController", func() {
 		})
 	})
 
+	Describe("ListSubjectGroupDetails", func() {
+		var ctl *gomock.Controller
+		var patches *gomonkey.Patches
+		BeforeEach(func() {
+			ctl = gomock.NewController(GinkgoT())
+
+			patches = gomonkey.ApplyFunc(cacheimpls.GetLocalSubjectPK, func(_type, id string) (pk int64, err error) {
+				if _type == "user" && id == "1" {
+					return int64(1), nil
+				}
+				if _type == "user" && id == "2" {
+					return int64(2), nil
+				}
+				if _type == "group" && id == "10" {
+					return int64(10), nil
+				}
+
+				if _type == "group" && id == "20" {
+					return int64(20), nil
+				}
+
+				return 0, sql.ErrNoRows
+			})
+
+			patches.ApplyFunc(cacheimpls.GetSubjectDepartmentPKs, func(subjectPK int64) ([]int64, error) {
+				return []int64{10, 20, 30}, nil
+			})
+		})
+		AfterEach(func() {
+			ctl.Finish()
+			patches.Reset()
+		})
+
+		It("get user subject PK fail", func() {
+			c := &groupController{
+				service: mock.NewMockGroupService(ctl),
+			}
+
+			_, err := c.ListSubjectGroupDetails("user", "notexist", []string{"10", "20"})
+			assert.Error(GinkgoT(), err)
+			assert.Contains(GinkgoT(), err.Error(), "cacheimpls.GetLocalSubjectPK")
+		})
+		It("get subject all group pks fail", func() {
+			mockGroupService := mock.NewMockGroupService(ctl)
+			mockGroupService.EXPECT().ListSubjectGroupsBySubjectPKGroupPKs(gomock.Any(), gomock.Any()).Return(
+				nil, errors.New("error"),
+			).AnyTimes()
+
+			c := &groupController{
+				service: mockGroupService,
+			}
+
+			_, err := c.ListSubjectGroupDetails("user", "1", []string{"10", "20"})
+
+			assert.Error(GinkgoT(), err)
+			assert.Contains(GinkgoT(), err.Error(), "ListSubjectGroupsBySubjectPKGroupPKs")
+		})
+
+		It("ok, all groupID valid", func() {
+			mockGroupService := mock.NewMockGroupService(ctl)
+			mockGroupService.EXPECT().ListSubjectGroupsBySubjectPKGroupPKs(gomock.Any(), gomock.Any()).Return(
+				[]types.SubjectGroup{{
+					PK:        1,
+					GroupPK:   10,
+					ExpiredAt: 1,
+					CreatedAt: time.Time{},
+				}, {
+					PK:        2,
+					GroupPK:   20,
+					ExpiredAt: 1,
+					CreatedAt: time.Time{},
+				}}, nil,
+			).AnyTimes()
+
+			c := &groupController{
+				service: mockGroupService,
+			}
+
+			groups, err := c.ListSubjectGroupDetails("user", "1", []string{"10", "20"})
+			assert.NoError(GinkgoT(), err)
+			assert.Len(GinkgoT(), groups, 2)
+			assert.Equal(GinkgoT(), groups[0].PK, int64(1))
+			assert.Equal(GinkgoT(), groups[0].ID, "10")
+			assert.Equal(GinkgoT(), groups[1].PK, int64(2))
+			assert.Equal(GinkgoT(), groups[1].ID, "20")
+
+		})
+	})
+
 	Describe("CheckSubjectExistGroups", func() {
 		var ctl *gomock.Controller
 		var patches *gomonkey.Patches

diff --git a/pkg/abac/pap/mock/group.go b/pkg/abac/pap/mock/group.go
diff --git a/pkg/api/model/handler/action.go b/pkg/api/model/handler/action.go
@@ -36,7 +36,7 @@ import (
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/actions [post]
+// @Router /api/v1/model/systems/{system_id}/actions [post]
 func BatchCreateActions(c *gin.Context) {
 	var body []actionSerializer
 	if err := c.ShouldBindJSON(&body); err != nil {
@@ -123,7 +123,7 @@ func BatchCreateActions(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/actions/{action_id} [put]
+// @Router /api/v1/model/systems/{system_id}/actions/{action_id} [put]
 func UpdateAction(c *gin.Context) {
 	systemID := c.Param("system_id")
 
@@ -256,7 +256,7 @@ func UpdateAction(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/actions/{action_id} [delete]
+// @Router /api/v1/model/systems/{system_id}/actions/{action_id} [delete]
 func DeleteAction(c *gin.Context) {
 	systemID := c.Param("system_id")
 	actionID := c.Param("action_id")
@@ -280,7 +280,7 @@ func DeleteAction(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/actions [delete]
+// @Router /api/v1/model/systems/{system_id}/actions [delete]
 func BatchDeleteActions(c *gin.Context) {
 	systemID := c.Param("system_id")
 

diff --git a/pkg/api/model/handler/instance_selection.go b/pkg/api/model/handler/instance_selection.go
@@ -38,7 +38,7 @@ import (
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/instance-selections [post]
+// @Router /api/v1/model/systems/{system_id}/instance-selections [post]
 func BatchCreateInstanceSelections(c *gin.Context) {
 	var body []instanceSelectionSerializer
 	if err := c.ShouldBindJSON(&body); err != nil {
@@ -114,7 +114,7 @@ func BatchCreateInstanceSelections(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/instance-selections/{instance_selection_id} [put]
+// @Router /api/v1/model/systems/{system_id}/instance-selections/{instance_selection_id} [put]
 func UpdateInstanceSelection(c *gin.Context) {
 	systemID := c.Param("system_id")
 
@@ -197,7 +197,7 @@ func UpdateInstanceSelection(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/instance-selections/{instance_selection_id} [delete]
+// @Router /api/v1/model/systems/{system_id}/instance-selections/{instance_selection_id} [delete]
 func DeleteInstanceSelection(c *gin.Context) {
 	systemID := c.Param("system_id")
 	instanceSelectionID := c.Param("instance_selection_id")

diff --git a/pkg/api/model/handler/query.go b/pkg/api/model/handler/query.go
@@ -45,8 +45,7 @@ const (
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/query [get]
-//
+// @Router /api/v1/model/systems/{system_id}/query [get]
 //nolint:gocognit
 func SystemInfoQuery(c *gin.Context) {
 	var query querySerializer

diff --git a/pkg/api/model/handler/resource_type.go b/pkg/api/model/handler/resource_type.go
@@ -38,7 +38,7 @@ import (
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/resource-types [post]
+// @Router /api/v1/model/systems/{system_id}/resource-types [post]
 func BatchCreateResourceTypes(c *gin.Context) {
 	var body []resourceTypeSerializer
 	if err := c.ShouldBindJSON(&body); err != nil {
@@ -117,7 +117,7 @@ func BatchCreateResourceTypes(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/resource-types/{resource_type_id} [put]
+// @Router /api/v1/model/systems/{system_id}/resource-types/{resource_type_id} [put]
 func UpdateResourceType(c *gin.Context) {
 	systemID := c.Param("system_id")
 
@@ -219,7 +219,7 @@ func UpdateResourceType(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/resource-types/{resource_type_id} [delete]
+// @Router /api/v1/model/systems/{system_id}/resource-types/{resource_type_id} [delete]
 func DeleteResourceType(c *gin.Context) {
 	systemID := c.Param("system_id")
 	resourceTypeID := c.Param("resource_type_id")
@@ -242,7 +242,7 @@ func DeleteResourceType(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/resource-types [delete]
+// @Router /api/v1/model/systems/{system_id}/resource-types [delete]
 func BatchDeleteResourceTypes(c *gin.Context) {
 	systemID := c.Param("system_id")
 

diff --git a/pkg/api/model/handler/system.go b/pkg/api/model/handler/system.go
@@ -50,7 +50,7 @@ func defaultValidClients(c *gin.Context, originClients string) string {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems [post]
+// @Router /api/v1/model/systems [post]
 func CreateSystem(c *gin.Context) {
 	// validate the body
 	var body systemSerializer
@@ -122,7 +122,7 @@ func CreateSystem(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id} [put]
+// @Router /api/v1/model/systems/{system_id} [put]
 func UpdateSystem(c *gin.Context) {
 	systemID := c.Param("system_id")
 
@@ -210,7 +210,7 @@ func UpdateSystem(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id} [get]
+// @Router /api/v1/model/systems/{system_id} [get]
 func GetSystem(c *gin.Context) {
 	// validate the body
 	systemID := c.Param("system_id")
@@ -253,7 +253,7 @@ func GetSystem(c *gin.Context) {
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/clients [get]
+// @Router /api/v1/model/systems/{system_id}/clients [get]
 func GetSystemClients(c *gin.Context) {
 	// validate the body
 	systemID := c.Param("system_id")

diff --git a/pkg/api/model/handler/system_config.go b/pkg/api/model/handler/system_config.go
@@ -49,7 +49,7 @@ const (
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/configs/{name} [POST]
+// @Router /api/v1/model/systems/{system_id}/configs/{name} [POST]
 func CreateOrUpdateConfigDispatch(c *gin.Context) {
 	systemID := c.Param("system_id")
 

diff --git a/pkg/api/model/handler/token.go b/pkg/api/model/handler/token.go
@@ -32,7 +32,7 @@ import (
 // @Header 200 {string} X-Request-Id "the request id"
 // @Security AppCode
 // @Security AppSecret
-// @Router /api/v1/systems/{system_id}/token [get]
+// @Router /api/v1/model/systems/{system_id}/token [get]
 func GetToken(c *gin.Context) {
 	// validate the body
 	systemID := c.Param("system_id")