bug：用户组续期相关逻辑优化 TencentBlueKing#11305

fcfang123 · Dec 11, 2024 · 4bf1c93 · 4bf1c93
1 parent 4722043
commit 4bf1c93
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/...n/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt b/...n/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceGroupSyncService.kt
@@ -29,6 +29,7 @@ package com.tencent.devops.auth.provider.rbac.service
 
 import com.tencent.bk.sdk.iam.constants.ManagerScopesEnum
 import com.tencent.bk.sdk.iam.dto.V2PageInfoDTO
+import com.tencent.bk.sdk.iam.dto.manager.GroupMemberVerifyInfo
 import com.tencent.bk.sdk.iam.dto.manager.dto.SearchGroupDTO
 import com.tencent.bk.sdk.iam.exception.IamException
 import com.tencent.bk.sdk.iam.service.v2.V2ManagerService
@@ -160,10 +161,16 @@ class RbacPermissionResourceGroupSyncService @Autowired constructor(
                 if (deptService.isUserDeparted(memberId)) {
                     return@forEach
                 }
-                val verifyResults = iamV2ManagerService.verifyGroupValidMember(
-                    memberId,
-                    groupInfos.joinToString(",") { it.iamGroupId.toString() }
-                )
+                // 获取用户加入组的有效期
+                val groupIds = groupInfos.map { it.iamGroupId }
+                val verifyResults = mutableMapOf<Int, GroupMemberVerifyInfo>()
+                groupIds.chunked(20).forEach { batchGroupIds ->
+                    val batchVerifyGroupValidMember = iamV2ManagerService.verifyGroupValidMember(
+                        memberId,
+                        batchGroupIds.joinToString(",")
+                    )
+                    verifyResults.putAll(batchVerifyGroupValidMember)
+                }
                 verifyResults.forEach { (groupId, verifyResult) ->
                     if (verifyResult.belong == true && verifyResult.expiredAt > LocalDateTime.now().timestamp()) {
                         logger.info("The member of group needs to be renewed:$projectCode|$groupId|$memberId")

diff --git a/...tlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt b/...tlin/com/tencent/devops/auth/provider/rbac/service/RbacPermissionResourceMemberService.kt
@@ -635,7 +635,7 @@ class RbacPermissionResourceMemberService(
         groupId: Int,
         memberRenewalDTO: GroupMemberRenewalDTO
     ): Boolean {
-        logger.info("renewal group member|$userId|$projectCode|$resourceType|$groupId")
+        logger.info("renewal group member|$userId|$projectCode|$resourceType|$groupId|${memberRenewalDTO.expiredAt}")
         val managerMemberGroupDTO = GroupMemberRenewApplicationDTO.builder()
             .groupIds(listOf(groupId))
             .expiredAt(memberRenewalDTO.expiredAt)