diff --git a/src/main/java/neatlogic/module/deploy/api/job/batch/AddBatchDeployJobFromPipelineApi.java b/src/main/java/neatlogic/module/deploy/api/job/batch/AddBatchDeployJobFromPipelineApi.java
index 0ff4a15fce6bc6da6fa26b373a79a3f87eeb7c47..2edf0446f79725879628daca43e87c878d5b135b 100644
--- a/src/main/java/neatlogic/module/deploy/api/job/batch/AddBatchDeployJobFromPipelineApi.java
+++ b/src/main/java/neatlogic/module/deploy/api/job/batch/AddBatchDeployJobFromPipelineApi.java
@@ -26,8 +26,8 @@ import neatlogic.framework.autoexec.constvalue.JobStatus;
import neatlogic.framework.autoexec.constvalue.JobTriggerType;
import neatlogic.framework.autoexec.constvalue.ReviewStatus;
import neatlogic.framework.common.constvalue.ApiParamType;
-import neatlogic.framework.deploy.auth.BATCHDEPLOY_MODIFY;
import neatlogic.framework.deploy.auth.BATCHDEPLOY_VERIFY;
+import neatlogic.framework.deploy.auth.DEPLOY_BASE;
import neatlogic.framework.deploy.constvalue.JobSource;
import neatlogic.framework.deploy.dto.job.DeployJobVo;
import neatlogic.framework.deploy.dto.pipeline.PipelineJobTemplateVo;
@@ -54,7 +54,7 @@ import javax.annotation.Resource;
import java.util.Objects;
@Service
-@AuthAction(action = BATCHDEPLOY_MODIFY.class)
+@AuthAction(action = DEPLOY_BASE.class)
@OperationType(type = OperationTypeEnum.UPDATE)
@Transactional
public class AddBatchDeployJobFromPipelineApi extends PrivateApiComponentBase {
diff --git a/src/main/java/neatlogic/module/deploy/auth/core/BatchDeployAuthChecker.java b/src/main/java/neatlogic/module/deploy/auth/core/BatchDeployAuthChecker.java
index 6b528139d035ea3895dfa42b9ff6543d09140035..aab8c5ffeeed947e3e8075c5313505a1e0973fc6 100644
--- a/src/main/java/neatlogic/module/deploy/auth/core/BatchDeployAuthChecker.java
+++ b/src/main/java/neatlogic/module/deploy/auth/core/BatchDeployAuthChecker.java
@@ -67,7 +67,7 @@ public class BatchDeployAuthChecker {
* @return 是|否
*/
public static boolean isCanAbort(DeployJobVo deployJobVo) {
- if (!Objects.equals(JobStatus.CHECKED.getValue(), deployJobVo.getStatus())) {
+ if (!Objects.equals(JobStatus.CHECKED.getValue(), deployJobVo.getStatus()) && Objects.equals(deployJobVo.getReviewStatus(), ReviewStatus.PASSED.getValue())) {
return UserContext.get().getUserUuid().equals(deployJobVo.getExecUser());
}
return false;
diff --git a/src/main/java/neatlogic/module/deploy/dao/mapper/DeployBatchJobMapper.xml b/src/main/java/neatlogic/module/deploy/dao/mapper/DeployBatchJobMapper.xml
index b27cf3529b59cd3c9622d1124bbc7da3a5bd5c9c..c9b6b343482dd6449d215c3d3b5aa51b9f075a93 100644
--- a/src/main/java/neatlogic/module/deploy/dao/mapper/DeployBatchJobMapper.xml
+++ b/src/main/java/neatlogic/module/deploy/dao/mapper/DeployBatchJobMapper.xml
@@ -88,7 +88,8 @@ along with this program. If not, see .-->
e.start_time as startTime,
e.end_time as endTime,
e.source as source,
- e.config_hash as configHash
+ e.config_hash as configHash,
+ e.parent_id as parentId
from deploy_job_lane_group_job AS d
LEFT JOIN autoexec_job AS e ON d.job_id = e.id
where d.group_id = #{groupId}
diff --git a/src/main/java/neatlogic/module/deploy/job/source/type/DeployJobSourceTypeHandler.java b/src/main/java/neatlogic/module/deploy/job/source/type/DeployJobSourceTypeHandler.java
index 54f32fa3e9632b58ef75c3b22392e0c2afbf520b..39f613d40a50059384314de41ba1267525dfb374 100644
--- a/src/main/java/neatlogic/module/deploy/job/source/type/DeployJobSourceTypeHandler.java
+++ b/src/main/java/neatlogic/module/deploy/job/source/type/DeployJobSourceTypeHandler.java
@@ -33,26 +33,30 @@ import neatlogic.framework.autoexec.exception.AutoexecJobNotFoundException;
import neatlogic.framework.autoexec.exception.AutoexecJobPhaseNotFoundException;
import neatlogic.framework.autoexec.job.source.type.AutoexecJobSourceTypeHandlerBase;
import neatlogic.framework.autoexec.util.AutoexecUtil;
+import neatlogic.framework.cmdb.crossover.IAppSystemMapper;
import neatlogic.framework.cmdb.crossover.ICiEntityCrossoverMapper;
import neatlogic.framework.cmdb.crossover.IResourceCrossoverMapper;
import neatlogic.framework.cmdb.dto.cientity.CiEntityVo;
import neatlogic.framework.cmdb.dto.resourcecenter.ResourceVo;
+import neatlogic.framework.cmdb.dto.resourcecenter.entity.AppSystemVo;
import neatlogic.framework.cmdb.exception.cientity.CiEntityNotFoundException;
import neatlogic.framework.cmdb.exception.resourcecenter.AppEnvNotFoundException;
+import neatlogic.framework.cmdb.exception.resourcecenter.AppSystemNotFoundException;
import neatlogic.framework.common.constvalue.systemuser.SystemUser;
import neatlogic.framework.crossover.CrossoverServiceFactory;
import neatlogic.framework.dao.mapper.runner.RunnerMapper;
import neatlogic.framework.deploy.auth.BATCHDEPLOY_MODIFY;
import neatlogic.framework.deploy.auth.DEPLOY_MODIFY;
import neatlogic.framework.deploy.auth.core.DeployAppAuthChecker;
-import neatlogic.framework.deploy.constvalue.*;
import neatlogic.framework.deploy.constvalue.JobSource;
import neatlogic.framework.deploy.constvalue.JobSourceType;
+import neatlogic.framework.deploy.constvalue.*;
import neatlogic.framework.deploy.dto.app.*;
import neatlogic.framework.deploy.dto.instance.DeployInstanceVersionVo;
import neatlogic.framework.deploy.dto.job.DeployJobContentVo;
import neatlogic.framework.deploy.dto.job.DeployJobVo;
import neatlogic.framework.deploy.dto.pipeline.PipelineJobTemplateVo;
+import neatlogic.framework.deploy.dto.pipeline.PipelineVo;
import neatlogic.framework.deploy.dto.sql.DeploySqlJobPhaseVo;
import neatlogic.framework.deploy.dto.sql.DeploySqlNodeDetailVo;
import neatlogic.framework.deploy.dto.version.DeployVersionBuildNoVo;
@@ -117,6 +121,9 @@ public class DeployJobSourceTypeHandler extends AutoexecJobSourceTypeHandlerBase
@Resource
DeployBlueGreenMapper deployBlueGreenMapper;
+ @Resource
+ DeployPipelineMapper deployPipelineMapper;
+
@Override
public String getName() {
return JobSourceType.DEPLOY.getValue();
@@ -553,8 +560,8 @@ public class DeployJobSourceTypeHandler extends AutoexecJobSourceTypeHandlerBase
}
@Override
- public List getPhaseSqlStatusList(AutoexecJobPhaseVo jobPhaseVo,Long runnerMapId, List needCountStatusList) {
- return deploySqlMapper.getDeployJobSqlStatusList(jobPhaseVo.getJobId(), jobPhaseVo.getName(),runnerMapId, needCountStatusList);
+ public List getPhaseSqlStatusList(AutoexecJobPhaseVo jobPhaseVo, Long runnerMapId, List needCountStatusList) {
+ return deploySqlMapper.getDeployJobSqlStatusList(jobPhaseVo.getJobId(), jobPhaseVo.getName(), runnerMapId, needCountStatusList);
}
@Override
@@ -603,7 +610,8 @@ public class DeployJobSourceTypeHandler extends AutoexecJobSourceTypeHandlerBase
@Override
public void myExecuteAuthCheck(AutoexecJobVo jobVo) {
- if (AuthActionChecker.checkByUserUuid(UserContext.get().getUserUuid(true), BATCHDEPLOY_MODIFY.class.getSimpleName()) || Objects.equals(UserContext.get().getUserUuid(), SystemUser.SYSTEM.getUserUuid())) {
+ //包含BATCHJOB_MODIFY 或 系统用户 则拥有所有应用的执行权限
+ if (Boolean.TRUE.equals(AuthActionChecker.checkByUserUuid(UserContext.get().getUserUuid(true), BATCHDEPLOY_MODIFY.class.getSimpleName())) || Objects.equals(UserContext.get().getUserUuid(), SystemUser.SYSTEM.getUserUuid())) {
return;
}
DeployJobVo deployJobVo;
@@ -616,10 +624,41 @@ public class DeployJobSourceTypeHandler extends AutoexecJobSourceTypeHandlerBase
}
deployJobVo = deployJobTmp;
}
- //包含BATCHJOB_MODIFY 则拥有所有应用的执行权限
- if (!AuthActionChecker.checkByUserUuid(UserContext.get().getUserUuid(true), BATCHDEPLOY_MODIFY.class.getSimpleName()) && !Objects.equals(UserContext.get().getUserUuid(), SystemUser.SYSTEM.getUserUuid())) {
- Set authSet = DeployAppAuthChecker.builder(deployJobVo.getAppSystemId()).addEnvAction(deployJobVo.getEnvId()).addScenarioAction(deployJobVo.getScenarioId()).check();
- if (!authSet.containsAll(Arrays.asList(deployJobVo.getEnvId().toString(), deployJobVo.getScenarioId().toString()))) {
+ //如果作业来源于批量发布则应该判断是否有对应超级流水线的执行权限
+ if (JobSource.isBatch(jobVo.getSource()) && jobVo.getParentId() != null) {
+ AutoexecJobVo parentJob = autoexecJobMapper.getJobInfoWithInvoke(jobVo.getParentId());
+ if (parentJob != null) {
+ PipelineVo pipelineVo = deployPipelineMapper.getPipelineById(parentJob.getInvokeId());
+ if (pipelineVo != null) {
+ List pipelineIdList = deployPipelineMapper.checkHasAuthPipelineIdList(Collections.singletonList(pipelineVo.getId()), UserContext.get().getUserUuid(true));
+ //“应用流水线” 需要 应用配置中的“流水线权限”或对应超级流水线里面的授权
+ if (Objects.equals(pipelineVo.getType(), PipelineType.APPSYSTEM.getValue())) {
+ IAppSystemMapper appSystemMapper = CrossoverServiceFactory.getApi(IAppSystemMapper.class);
+ AppSystemVo appSystemVo = appSystemMapper.getAppSystemById(pipelineVo.getAppSystemId());
+ if (appSystemVo == null) {
+ throw new AppSystemNotFoundException(pipelineVo.getAppSystemId());
+ }
+ if (!pipelineIdList.contains(pipelineVo.getId())) {
+ Set actionSet = DeployAppAuthChecker.builder(pipelineVo.getAppSystemId())
+ .addOperationAction(DeployAppConfigAction.PIPELINE.getValue())
+ .check();
+ if (!actionSet.contains(DeployAppConfigAction.PIPELINE.getValue())) {
+ throw new DeployAppPipelineAuthException(appSystemVo, pipelineVo);
+ }
+ }
+ //“全局流水线” 需要 对应超级流水线里面的授权
+ } else if (Objects.equals(pipelineVo.getType(), PipelineType.GLOBAL.getValue()) && !pipelineIdList.contains(pipelineVo.getId())) {
+ throw new DeployAppPipelineAuthException(pipelineVo);
+ }
+ }
+ }
+ } else {
+ Set authSet = DeployAppAuthChecker.builder(deployJobVo.getAppSystemId())
+ .addEnvAction(deployJobVo.getEnvId())
+ .addScenarioAction(deployJobVo.getScenarioId())
+ .addOperationAction(DeployAppConfigAction.EXECUTE.getValue())
+ .check();
+ if (!authSet.containsAll(Arrays.asList(deployJobVo.getEnvId().toString(), deployJobVo.getScenarioId().toString(), DeployAppConfigAction.EXECUTE.getValue()))) {
throw new DeployJobCannotExecuteException(deployJobVo);
}
}
@@ -634,14 +673,14 @@ public class DeployJobSourceTypeHandler extends AutoexecJobSourceTypeHandlerBase
public void getJobActionAuth(AutoexecJobVo jobVo) {
boolean isHasAuth = false;
//包含BATCHJOB_MODIFY 则拥有所有应用的执行权限
- if (AuthActionChecker.checkByUserUuid(UserContext.get().getUserUuid(true), BATCHDEPLOY_MODIFY.class.getSimpleName())) {
+ if (Boolean.TRUE.equals(AuthActionChecker.checkByUserUuid(UserContext.get().getUserUuid(true), BATCHDEPLOY_MODIFY.class.getSimpleName()))) {
isHasAuth = true;
} else {
if (!Objects.equals(jobVo.getSource(), JobSource.BATCHDEPLOY.getValue())) {
DeployJobVo deployJobVo = deployJobMapper.getDeployJobByJobId(jobVo.getId());
if (deployJobVo != null) {
- Set authSet = DeployAppAuthChecker.builder(deployJobVo.getAppSystemId()).addEnvAction(deployJobVo.getEnvId()).addScenarioAction(deployJobVo.getScenarioId()).check();
- if (authSet.containsAll(Arrays.asList(deployJobVo.getEnvId().toString(), deployJobVo.getScenarioId().toString()))) {
+ Set authSet = DeployAppAuthChecker.builder(deployJobVo.getAppSystemId()).addEnvAction(deployJobVo.getEnvId()).addScenarioAction(deployJobVo.getScenarioId()).addOperationAction(DeployAppConfigAction.EXECUTE.getValue()).check();
+ if (authSet.containsAll(Arrays.asList(deployJobVo.getEnvId().toString(), deployJobVo.getScenarioId().toString(), DeployAppConfigAction.EXECUTE.getValue()))) {
isHasAuth = true;
}
}
@@ -885,4 +924,13 @@ public class DeployJobSourceTypeHandler extends AutoexecJobSourceTypeHandlerBase
public void handleDeleteJobPhaseNodeEvent(Long jobPhaseId, Long updateTag) {
//deployBlueGreenMapper.deleteJobPhaseNodeBlueGreenByJobPhaseIdAndUpdateTag(jobPhaseId, updateTag);
}
+
+ @Override
+ public void autoexecTakeOver(AutoexecJobVo jobVo) {
+ //如果是批量作业则需要自动接管作业
+ if(JobSource.isBatch(jobVo.getSource())) {
+ autoexecJobMapper.updateJobExecUser(jobVo.getId(), UserContext.get().getUserUuid(true));
+ jobVo.setExecUser(UserContext.get().getUserUuid(true));
+ }
+ }
}
diff --git a/src/main/java/neatlogic/module/deploy/schedule/plugin/DeployJobScheduleJob.java b/src/main/java/neatlogic/module/deploy/schedule/plugin/DeployJobScheduleJob.java
index 428a2efcc2737988dfbb4b4e15fe9201612b99f4..85fc1c35d7bd2eba9dd19cdd772d70b77cc04483 100644
--- a/src/main/java/neatlogic/module/deploy/schedule/plugin/DeployJobScheduleJob.java
+++ b/src/main/java/neatlogic/module/deploy/schedule/plugin/DeployJobScheduleJob.java
@@ -43,6 +43,7 @@ import neatlogic.module.deploy.dao.mapper.DeployScheduleMapper;
import neatlogic.module.deploy.service.DeployBatchJobService;
import neatlogic.module.deploy.service.DeployJobService;
import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
import org.quartz.DisallowConcurrentExecution;
import org.quartz.JobExecutionContext;
import org.slf4j.Logger;
@@ -137,10 +138,14 @@ public class DeployJobScheduleJob extends JobBase {
schedulerManager.unloadJob(jobObject);
return;
}
- UserVo execUser = userMapper.getUserBaseInfoByUuid(scheduleVo.getLcu());
+ String execUserUuid = scheduleVo.getLcu();
+ if(jobObject.isTest() == 1 && StringUtils.isNotBlank(jobObject.getTestUserUuid())){
+ execUserUuid = jobObject.getTestUserUuid();
+ }
+ UserVo execUser = userMapper.getUserBaseInfoByUuid(execUserUuid);
if (execUser == null) {
schedulerManager.unloadJob(jobObject);
- logger.error("execUser: {} not exist!", scheduleVo.getLcu());
+ logger.error("execUser: {} not exist!", execUserUuid);
return;
}
AuthenticationInfoVo authenticationInfo = authenticationInfoService.getAuthenticationInfo(execUser.getUuid());
diff --git a/src/main/java/neatlogic/module/deploy/service/DeployBatchJobServiceImpl.java b/src/main/java/neatlogic/module/deploy/service/DeployBatchJobServiceImpl.java
index fe57ebf4c162220b5066820e4fb40bd6173c7ba0..3bf5c1921d62f2607de032fb83298f71a51626c4 100644
--- a/src/main/java/neatlogic/module/deploy/service/DeployBatchJobServiceImpl.java
+++ b/src/main/java/neatlogic/module/deploy/service/DeployBatchJobServiceImpl.java
@@ -78,6 +78,7 @@ public class DeployBatchJobServiceImpl implements DeployBatchJobService, IDeploy
// parentId为-1时,代表该作业是父作业
deployJobVo.setParentId(-1L);
deployJobMapper.insertAutoExecJob(deployJobVo);
+ deployJobMapper.insertJobInvoke(deployJobVo.getId(), deployJobVo.getInvokeId(), deployJobVo.getSource(), deployJobVo.getRouteId());
if (CollectionUtils.isNotEmpty(pipelineVo.getAuthList())) {
for (PipelineAuthVo authVo : pipelineVo.getAuthList()) {
DeployJobAuthVo deployAuthVo = new DeployJobAuthVo();
@@ -154,8 +155,6 @@ public class DeployBatchJobServiceImpl implements DeployBatchJobService, IDeploy
}
}
}
-
- deployJobMapper.insertJobInvoke(deployJobVo.getId(), deployJobVo.getInvokeId(), deployJobVo.getSource(), deployJobVo.getRouteId());
}
private DeploySystemModuleVersionVo getVersionId(List appSystemModuleVersionList, PipelineJobTemplateVo jobTemplateVo) {
@@ -304,9 +303,11 @@ public class DeployBatchJobServiceImpl implements DeployBatchJobService, IDeploy
jobVo.setAction(groupVo.getJobAction());
IAutoexecJobActionHandler refireAction = AutoexecJobActionHandlerFactory.getAction(JobAction.REFIRE.getValue());
jobVo.setPassThroughEnv(passThroughEnv);
- jobVo.setIsTakeOver(1);
jobVo.setExecUser(UserContext.get().getUserUuid(true));
refireAction.doService(jobVo);
+ } catch (ApiRuntimeException e) {
+ deployBatchJobMapper.updateGroupStatus(new LaneGroupVo(groupId, JobStatus.FAILED.getValue()));
+ throw new ApiRuntimeException(e.getMessage(),e);
} catch (Exception ex) {
deployBatchJobMapper.updateGroupStatus(new LaneGroupVo(groupId, JobStatus.FAILED.getValue()));
logger.error("Fire job by batch failed," + ex.getMessage(), ex);
diff --git a/src/main/java/neatlogic/module/deploy/service/DeployCiServiceImpl.java b/src/main/java/neatlogic/module/deploy/service/DeployCiServiceImpl.java
index 877dca8429c292a83bae729b356291cd14f9e34d..ab16a2b2c5445da8880b9fc5e0afd1bb92221d77 100644
--- a/src/main/java/neatlogic/module/deploy/service/DeployCiServiceImpl.java
+++ b/src/main/java/neatlogic/module/deploy/service/DeployCiServiceImpl.java
@@ -252,7 +252,7 @@ public class DeployCiServiceImpl implements DeployCiService {
}
deployJobVo.setAppSystemModuleVersionList(Collections.singletonList(new DeploySystemModuleVersionVo(ci.getAppSystemId(), ci.getAppModuleId(), deployVersionId)));
deployJobVo.setReviewStatus(ReviewStatus.PASSED.getValue());
- deployJobVo.setSource(JobSource.DEPLOY_CI.getValue());// 可能是
+ deployJobVo.setSource(JobSource.DEPLOY_CI_PIPELINE.getValue());// 可能是
deployJobVo.setExecUser(UserContext.get().getUserUuid());
return deployJobVo;
}