feat: 蓝鲸7.2版本的改动 #10558

helm-charts/core/ci/build_chart.py

@@ -78,7 +78,7 @@
                             else:
                                 camelize_set.add(camelize_key)
                                 if line.replace(key, "").strip().endswith(":"):
-                                    line = line.replace(key, '{{ .Values.config.'+camelize_key+' | default "" | quote }}')
+                                    line = line.replace(key, '{{ .Values.config.'+camelize_key+' | quote }}')
                                 else:
                                     line = line.replace(key, '{{ .Values.config.'+camelize_key+' }}')
                         new_file.write(line)
@@ -106,7 +106,7 @@
                             gateway_config_file.write(env+": "+include_dict[camelize_key]+"\n")
                         else:
                             camelize_set.add(camelize_key)
-                            gateway_config_file.write(env+": "+'{{ .Values.config.'+camelize_key+' | default "" | quote }}\n')
+                            gateway_config_file.write(env+": "+'{{ .Values.config.'+camelize_key+" | quote }}\n")
     # 前端文件
     for root, dirs, files in os.walk(frontend_path):
         for frontend_file in files:
@@ -125,7 +125,7 @@
                                 gateway_config_file.write(env+": "+include_dict[camelize_key]+"\n")
                             else:
                                 camelize_set.add(camelize_key)
-                                gateway_config_file.write(env+": "+'{{ .Values.config.'+camelize_key+' | default "" | quote }}\n')
+                                gateway_config_file.write(env+": "+'{{ .Values.config.'+camelize_key+" | quote }}\n")
     gateway_config_file.write('NAMESPACE: {{ .Release.Namespace }}\n')
     gateway_config_file.write('CHART_NAME: {{ include "bkci.names.fullname" . }}\n')
     gateway_config_file.write('{{ end }}')

helm-charts/core/ci/templates/init/init.iam-rbac.yaml

@@ -50,6 +50,19 @@ spec:
               sed -i 's/bk-ci.service.consul/{{ include "bkci.names.fullname" . }}-gateway.{{ .Release.Namespace }}/g' ../ms-init/auth/iam-callback-resource-registere.conf
               iam_json_file="../ms-init/auth/iam-callback-resource-registere.conf"
               curl -X POST -H "Content-Type:application/json" -d "@$iam_json_file" "http://{{ include "bkci.names.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local/api/op/auth/iam/callback/" 
+
+              # 迁移所有项目的特定资源类型资源
+              curl -X 'POST' \
+                'http://{{ include "bkci.names.fullname" . }}-auth.{{ .Release.Namespace }}.svc.cluster.local/api/op/auth/migrate/migrateSpecificResourceOfAllProject' \
+                -H 'accept: application/json' \
+                -H 'Content-Type: application/json' \
+                -d '{
+                "resourceType": "pipeline",
+                "includeNullRouterTag": true,
+                "migrateProjectResource": true,
+                "migrateProjectDefaultGroup": true,
+                "migrateOtherResource": true
+              }'
       restartPolicy: OnFailure
 {{- end -}}
 {{- end -}}

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/MigrateResourceDTO.kt

@@ -8,6 +8,8 @@ data class MigrateResourceDTO(
     val resourceType: String? = null,
     @get:Schema(title = "项目ID列表")
     val projectCodes: List<String>? = null,
+    @get:Schema(title = "是否包含router_tag为null的项目")
+    val includeNullRouterTag: Boolean? = false,
     @get:Schema(title = "是否迁移项目级资源")
     val migrateProjectResource: Boolean? = false,
     @get:Schema(title = "是否迁移项目级默认用户组")

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/provider/rbac/service/migrate/RbacPermissionMigrateService.kt

@@ -57,12 +57,12 @@ import com.tencent.devops.project.api.service.ServiceProjectResource
 import com.tencent.devops.project.api.service.ServiceProjectTagResource
 import com.tencent.devops.project.pojo.ProjectProperties
 import com.tencent.devops.project.pojo.ProjectVO
+import java.util.concurrent.CompletionException
+import java.util.concurrent.Executors
 import org.jooq.DSLContext
 import org.slf4j.LoggerFactory
 import org.slf4j.MDC
 import org.springframework.beans.factory.annotation.Value
-import java.util.concurrent.CompletionException
-import java.util.concurrent.Executors
 
 /**
  * rbac迁移服务
@@ -206,11 +206,15 @@ class RbacPermissionMigrateService constructor(
         val resourceType = migrateResourceDTO.resourceType
         val isMigrateProjectResource = migrateResourceDTO.migrateProjectResource == true
         val isMigrateOtherResource = migrateResourceDTO.migrateOtherResource == true &&
-            resourceType != null
+                resourceType != null
         val projectInfoList = client.get(ServiceProjectResource::class).listByProjectCode(projectCodes.toSet())
             .data!!.filter {
-                it.routerTag != null && (
-                    it.routerTag!!.contains(AuthSystemType.RBAC_AUTH_TYPE.value) || it.routerTag!!.contains("devx"))
+                val r = it.routerTag
+                if (migrateResourceDTO.includeNullRouterTag == true) {
+                    r == null || r.contains(AuthSystemType.RBAC_AUTH_TYPE.value) || r.contains("devx")
+                } else {
+                    r != null && (r.contains(AuthSystemType.RBAC_AUTH_TYPE.value) || r.contains("devx"))
+                }
             }
         val traceId = MDC.get(TraceTag.BIZID)
         projectInfoList.forEach {
@@ -273,7 +277,8 @@ class RbacPermissionMigrateService constructor(
                 val migrateProjects = client.get(ServiceProjectResource::class).listProjectsByCondition(
                     projectConditionDTO = ProjectConditionDTO(
                         routerTag = AuthSystemType.RBAC_AUTH_TYPE,
-                        enabled = true
+                        enabled = true,
+                        includeNullRouterTag = migrateResourceDTO.includeNullRouterTag
                     ),
                     limit = limit,
                     offset = offset
@@ -449,6 +454,7 @@ class RbacPermissionMigrateService constructor(
                         watcher = watcher
                     )
                 }
+
                 AuthSystemType.V3_AUTH_TYPE -> {
                     migrateV3Auth(
                         projectCode = projectCode,
@@ -585,12 +591,15 @@ class RbacPermissionMigrateService constructor(
             is IamException -> {
                 exception.errorMsg
             }
+
             is ErrorCodeException -> {
                 exception.defaultMessage
             }
+
             is CompletionException -> {
                 exception.cause?.message ?: exception.message
             }
+
             else -> {
                 exception.toString()
             }

src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/api/pojo/ProjectConditionDTO.kt

@@ -23,6 +23,8 @@ data class ProjectConditionDTO(
     val resourceType: String? = null,
     @get:Schema(title = "路由tag")
     val routerTag: AuthSystemType? = null,
+    @get:Schema(title = "是否包含router_tag为null")
+    val includeNullRouterTag: Boolean? = false,
     @get:Schema(title = "是否关联产品")
     val relatedProduct: Boolean? = null,
     @get:Schema(title = "排除创建时间大于该值的项目")

src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/dao/ProjectDao.kt

@@ -50,6 +50,7 @@ import com.tencent.devops.project.pojo.user.UserDeptDetail
 import com.tencent.devops.project.util.ProjectUtils
 import java.net.URLDecoder
 import java.time.LocalDateTime
+import java.util.Locale
 import org.jooq.Condition
 import org.jooq.DSLContext
 import org.jooq.Record
@@ -60,7 +61,6 @@ import org.jooq.Result
 import org.jooq.impl.DSL
 import org.jooq.impl.DSL.lower
 import org.springframework.stereotype.Repository
-import java.util.Locale
 
 @Suppress("ALL")
 @Repository
@@ -188,6 +188,7 @@ class ProjectDao {
                         conditions.add(
                             ROUTER_TAG.like("%${projectConditionDTO.routerTag!!.value}%")
                                 .or(ROUTER_TAG.like("%devx%"))
+                                .let { if (includeNullRouterTag == true) it.or(ROUTER_TAG.isNull()) else it }
                         )
                     } else {
                         conditions.add(
@@ -621,13 +622,15 @@ class ProjectDao {
                                     it.orderBy(DSL.field("CONVERT({0} USING GBK)", PROJECT_NAME).desc())
                                 }
                             }
+
                             ProjectSortType.ENGLISH_NAME -> {
                                 if (collation == ProjectCollation.DEFAULT || collation == ProjectCollation.ASC) {
                                     it.orderBy(ENGLISH_NAME.asc())
                                 } else {
                                     it.orderBy(ENGLISH_NAME.desc())
                                 }
                             }
+
                             else -> {
                                 it
                             }