<fix>[identity]: propagate ExternalTenantContext via TaskContext for cascade resources#3721
<fix>[identity]: propagate ExternalTenantContext via TaskContext for cascade resources#3721ZStack-Robot wants to merge 1 commit intofeature-zcf-v0.1from
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: http://open.zstack.ai:20001/code-reviews/zstack-cloud.yaml (via .coderabbit.yaml) Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
Walkthrough在 ExternalTenantResourceTracker 中加入基于 TaskContext 的外部租户上下文回退与同步,更新消息发送/接收拦截器以读写 TaskContext;在 ExternalTenantZQLExtension 的子查询中可选加入按 userId 的额外过滤条件。 Changes
Sequence Diagram(s)sequenceDiagram
participant Sender as "消息发送方\n(线程)"
participant TaskCtx as "TaskContext\n(任务范围存储)"
participant MsgBus as "消息总线\n(拦截器)"
participant Receiver as "消息接收方\n(线程 / Session)"
participant DB as "持久层\n(ExternalTenant refs)"
Sender->>TaskCtx: (可选) put TASK_CONTEXT_EXTERNAL_TENANT
Sender->>MsgBus: sendMessage(msg)
MsgBus->>TaskCtx: 若 ThreadLocal 缺失 -> 读取 TASK_CONTEXT_EXTERNAL_TENANT
MsgBus->>MsgBus: 附加 'external-tenant-context' header(如存在)
MsgBus->>Receiver: 投递消息
Receiver->>Receiver: beforeDeliveryMessage: 读取 header 或 session
Receiver->>TaskCtx: 写入或移除 TASK_CONTEXT_EXTERNAL_TENANT
Receiver->>Receiver: 设置/清除 ThreadLocal ExternalTenantContext
Receiver->>DB: notifyResourceOwnershipCreated(读取 TaskContext/ThreadLocal)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 error, 1 warning)
✅ Passed checks (1 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
MatheMatrix
force-pushed
the
sync/hanyu.liang/fix-1147
branch
from
f039a47 to
7d1148a
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@identity/src/main/java/org/zstack/identity/ExternalTenantResourceTracker.java`:
- Around line 114-117: The code assumes session.getExternalTenantContext() is
non-null after session.hasExternalTenant(), but getExternalTenantContext() can
return null; avoid calling TaskContext.putTaskContextItem with a null value.
After retrieving ExternalTenantContext ctx in ExternalTenantResourceTracker,
check if ctx == null and if so execute the existing "clear" behavior (clear
current ExternalTenantContext and remove the TASK_CONTEXT_EXTERNAL_TENANT entry)
instead of calling TaskContext.putTaskContextItem; otherwise proceed to
ExternalTenantContext.setCurrent(ctx) and
TaskContext.putTaskContextItem(TASK_CONTEXT_EXTERNAL_TENANT, ctx).
In `@identity/src/main/java/org/zstack/identity/ExternalTenantZQLExtension.java`:
- Around line 77-78: The code currently throws SkipThisRestrictExprException
when SAFE_TENANT_VALUE.matcher(userId).matches() is false, which incorrectly
skips the entire external-tenant restriction; change this to a hard failure
instead of skipping: in ExternalTenantZQLExtension replace the throw of
SkipThisRestrictExprException for invalid userId with an explicit validation
failure (e.g., throw new IllegalArgumentException or a similar
BadRequest/Validation exception) including a clear message about the bad userId,
or alternatively if you prefer to ignore only the userId clause, remove the
SkipThisRestrictExprException and simply do not add the userId sub-clause while
still retaining the source + tenantId filters so the restriction is not dropped
entirely.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: http://open.zstack.ai:20001/code-reviews/zstack-cloud.yaml (via .coderabbit.yaml)
Review profile: CHILL
Plan: Pro
Run ID: c6eefadd-9332-409d-8e29-a7b5dd488142
📒 Files selected for processing (2)
identity/src/main/java/org/zstack/identity/ExternalTenantResourceTracker.javaidentity/src/main/java/org/zstack/identity/ExternalTenantZQLExtension.java
identity/src/main/java/org/zstack/identity/ExternalTenantResourceTracker.java
Outdated
Show resolved
Hide resolved
identity/src/main/java/org/zstack/identity/ExternalTenantZQLExtension.java
Outdated
Show resolved
Hide resolved
|
Comment from yaohua.wu: Review: MR !9588 — ZCF-1147概述:本 MR 修复了两个问题:(1) 级联资源(Volume/NIC/CdRom)在 整体方案方向正确,TaskContext fallback 的思路与 ZStack 现有的 🔴 Critical —
|
| 严重级别 | 数量 | 说明 |
|---|---|---|
| 🔴 Critical | 1 | SkipThisRestrictExprException 导致租户过滤完全失效 |
| 🟡 Warning | 2 | NPE 风险 + 代码重复 |
| 🟢 Suggestion | 2 | header 数组兼容性 + 注释 |
结论:🔴 Critical 问题是安全漏洞,建议修复后再合入。其余问题可视情况在后续迭代中处理。
🤖 Robot Reviewer
1. ExternalTenantResourceTracker: add TaskContext fallback in both receive-side (notifyResourceOwnershipCreated) and send-side (beforeSendMessage) interceptors to recover ExternalTenantContext when ThreadLocal is lost across thdf.chainSubmit thread-pool handoff. 2. ExternalTenantResourceTracker: store tenant context in TaskContext alongside ThreadLocal in beforeDeliveryMessage interceptor so FlowChain workers inherit it via HasThreadContextAspect. 3. ExternalTenantZQLExtension: add optional userId filter to the generated SQL subquery for user-level resource isolation within a tenant. Resolves: ZCF-1147 Change-Id: I4dc60e51251fbc97841edd999a53fb7495bd63d1
MatheMatrix
force-pushed
the
sync/hanyu.liang/fix-1147
branch
from
7d1148a to
cb3ba66
Compare
2 participants
Problem
ExternalTenantResourceTracker fails to track cascade resources (Volume, NIC, CdRom) created during VM creation. Only the top-level VM gets an ExternalTenantResourceRefVO record.
Root cause:
VmInstanceBase.handle(InstantiateNewCreatedVmInstanceMsg)usesthdf.chainSubmit()which executes the FlowChain in a thread-pool worker thread. The ThreadLocalExternalTenantContextis lost during this thread handoff, so when cascade resources are persisted andnotifyResourceOwnershipCreated()is called,ExternalTenantContext.getCurrent()returns null.Fix
Piggyback on ZStack's existing
TaskContextpropagation infrastructure:Write side (BeforeDeliveryMessageInterceptor): When restoring ExternalTenantContext to ThreadLocal, also store it in
TaskContextviaputTaskContextItem().Read side (notifyResourceOwnershipCreated): If ThreadLocal is null, fallback to
TaskContext.getTaskContextItem()which is automatically propagated across thread boundaries byHasThreadContextAspect/SetThreadContextAspect.This works because:
HasThreadContextAspect.ajauto-captures TaskContext snapshot when anyHasThreadContextobject (ChainTask, Completion, etc.) is constructedSetThreadContextAspect.ajauto-restores TaskContext beforeChainTask.run(),Completion.success/fail(), etc.Changes
ExternalTenantResourceTracker.java: ~30 lines added/changed in 1 fileResolves
ZSTAC-1147
sync from gitlab !9588