Skip to content

<feature>[zcenter]: add APICreateSessionForZCenterAccountMsg#4190

Closed
ZStack-Robot wants to merge 1 commit into
feature-zsv-5.1.0-license-clientfrom
sync/wenhao.zhang/zsv-ldap-4
Closed

<feature>[zcenter]: add APICreateSessionForZCenterAccountMsg#4190
ZStack-Robot wants to merge 1 commit into
feature-zsv-5.1.0-license-clientfrom
sync/wenhao.zhang/zsv-ldap-4

Conversation

@ZStack-Robot

@ZStack-Robot ZStack-Robot commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

Resolves: ZSV-12403
Related: ZSV-12257

APIImpact

Change-Id: I67627861787a617663746f667a6b76726c696a78

sync from gitlab !10147

@coderabbitai

coderabbitai Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ddb84403-16b9-4c8c-ae4b-d8424924a4f3

📥 Commits

Reviewing files that changed from the base of the PR and between 627f4df and 9cb1fde.

⛔ Files ignored due to path filters (6)
  • build/pom.xml is excluded by !**/*.xml
  • conf/serviceConfig/zcenterAccount.xml is excluded by !**/*.xml
  • conf/springConfigXml/agents/ZCenterAccount.xml is excluded by !**/*.xml
  • conf/zstack.xml is excluded by !**/*.xml
  • test/pom.xml is excluded by !**/*.xml
  • testlib/pom.xml is excluded by !**/*.xml
📒 Files selected for processing (13)
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountConstant.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEventDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java
  • header/src/main/java/org/zstack/header/identity/SessionInventory.java
  • header/src/main/java/org/zstack/header/message/DocUtils.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountAction.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountResult.java
  • testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy
🚧 Files skipped from review as they are similar to previous changes (13)
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountConstant.java
  • testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEventDoc_zh_cn.groovy
  • header/src/main/java/org/zstack/header/message/DocUtils.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountResult.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java
  • header/src/main/java/org/zstack/header/identity/SessionInventory.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountAction.java

Walkthrough

新增 ZCenter 会话创建 REST API 与消息事件、示例/文档、参数拦截、错误码、云总线服务实现(按 UUID 或 name+source 查找账户并调用 Session.login)以及对应 SDK 与测试 helper。

变更内容

ZCenter 账号会话创建

Layer / File(s) Summary
文档工具和示例基础设施
header/src/main/java/org/zstack/header/message/DocUtils.java, header/src/main/java/org/zstack/header/identity/SessionInventory.java		 新增 DocUtils.timestampAndAddDays() 方法以及 SessionInventory.__example__(),用于生成示例时间与示例会话对象。
API 消息和事件契约
agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java, agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java, agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy, agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEventDoc_zh_cn.groovy		 新增请求类 APICreateSessionForZCenterAccountMsg(参数 accountUuid/accountName/source)与响应事件 APICreateSessionForZCenterAccountEvent(承载 SessionInventory),并补充中文请求与结果文档与示例。
错误码定义
agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java		 添加账户解析相关错误码:ACCOUNT_RELATED_ERROR(2000)ACCOUNT_NOT_FOUND(2001)ACCOUNT_DISABLED(2002)
API 参数验证拦截器
agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java		 实现 ApiMessageInterceptor,校验 APICreateSessionForZCenterAccountMsgaccountUuidaccountName 互斥且至少一个存在;当仅提供 accountName 时默认为 AccountSource.Local
云总线会话管理服务
agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountConstant.java, agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java		 将常量 SERVICE_ID 设为 public;新增 ZCenterAccountManager 服务,分发消息、按 accountUuidaccountName+source 查找账号、处理不存在/禁用情形并在成功时调用 Session.login 创建会话并发布事件。
SDK 与测试 helper
sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountAction.java, sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountResult.java, testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy		 新增 SDK Action/Result 用于调用 /zcenter/accounts/sessions,并在测试库新增 createSessionForZCenterAccount helper 用于测试调用与 API 路径记录。

Sequence Diagram

sequenceDiagram
  participant Client
  participant ApiInterceptor
  participant ZCenterAccountManager
  participant AccountDAO
  participant Session
  participant EventBus

  Client->>ApiInterceptor: APICreateSessionForZCenterAccountMsg
  ApiInterceptor->>ZCenterAccountManager: forward APIMessage
  ZCenterAccountManager->>AccountDAO: query by accountUuid or (accountName + source)
  AccountDAO-->>ZCenterAccountManager: AccountVO or null
  alt account exists and enabled
    ZCenterAccountManager->>Session: Session.login(account.getUuid())
    Session-->>ZCenterAccountManager: SessionInventory
    ZCenterAccountManager->>EventBus: publish APICreateSessionForZCenterAccountEvent(inventory)
  else not found or disabled
    ZCenterAccountManager->>EventBus: publish APICreateSessionForZCenterAccountEvent with error
  end
Loading

代码审查工作量评估

🎯 3 (中等) | ⏱️ ~20 分钟

兔子来报喜,新会话起,
云总线轻叩,账号复核意,
查找有道,错误分明,
会话生成,测试亦齐! 🐰✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed 标题清晰准确地总结了PR的主要变更——添加APICreateSessionForZCenterAccountMsg API消息类。
Description check ✅ Passed PR描述与变更集相关,包含与ZCenter账号会话相关的问题号和标准变更说明信息。
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch sync/wenhao.zhang/zsv-ldap-4

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Jun 8, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (3)
agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java (1)

10-15: ⚡ Quick win

REST 路径建议使用复数形式以符合编码规范。

根据编码规范第 1 条 API 设计要求:"针对资源使用复数形式"。当前路径为 /zcenter/account/session,建议考虑修改为 /zcenter/accounts/sessions 以符合规范。

不过,考虑到这是 ZCenter 的特殊端点,如果团队有意使用单数形式来表示"为(该)账号创建会话"的语义,可以保持现状。

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java`
around lines 10 - 15, 当前 RestRequest 注解的 path 值使用了单数形式
"/zcenter/account/session",请在 APICreateSessionForZCenterAccountMsg 类上将
RestRequest 的 path 修改为复数规范形式 "/zcenter/accounts/sessions"(即资源与子资源均用复数),确保相应的 API
文档和任何硬编码的客户端调用也一并更新;如果团队决定保留单数形式,请在注释中明确说明并记录该例外以便审查。

Source: Coding guidelines

agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java (1)

14-15: ⚡ Quick win

移除未使用的依赖字段。

CloudBus bus 字段被 @Autowired 注入但从未使用,应当移除以减少不必要的依赖和提高代码清晰度。

♻️ 建议的清理 
-@Autowired
-private CloudBus bus;
-
 `@Override`

同时移除对应的 import:

-import org.springframework.beans.factory.annotation.Autowired;
-import org.zstack.core.cloudbus.CloudBus;
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java`
around lines 14 - 15, 在类 ZCenterAccountApiInterceptor 中移除未使用的注入字段 CloudBus
bus:删除 private CloudBus bus; 以及关联的 `@Autowired` 注解和对应的 import(例如
org.zstack.core.cloudbus.CloudBus 和若因此不再使用则移除
org.springframework.beans.factory.annotation.Autowired 的 import),同时确认没有其他代码引用
CloudBus bus 后保存编译通过即可。
agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java (1)

7-7: 确认 ACCOUNT_RELATED_ERROR(2000) 未被使用,建议处理冗余

ACCOUNT_RELATED_ERROR(2000) 仅在 agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java(第 7 行)定义,仓库内未发现任何引用;当前 ZCenterAccountsErrors 仅用于 ACCOUNT_NOT_FOUNDACCOUNT_DISABLED。若该错误码无明确规划用途,可移除;否则建议补充注释说明其预留/分类意图。

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java`
at line 7, ACCOUNT_RELATED_ERROR(2000) in enum ZCenterAccountsErrors is defined
but unused; either remove the enum constant or annotate it as reserved with a
clear Javadoc explaining its intended future use. Locate the enum
ZCenterAccountsErrors and either delete the ACCOUNT_RELATED_ERROR(2000) entry
(and run project build/tests) or replace it with a documented placeholder
comment/Javadoc (e.g., "Reserved for future account-related errors") so its
purpose is explicit; ensure the enum's numeric ordering/uniqueness remains
correct after change.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java`:
- Around line 36-38: Validate the incoming msg.getSource before using
AccountSource.valueOf to avoid IllegalArgumentException: in
ZCenterAccountApiInterceptor, when msg.getSource() != null, check it against
AccountSource.values() (e.g. Arrays.stream(AccountSource.values()).anyMatch(a ->
a.name().equals(msg.getSource()))), and if it's invalid throw a clear exception
(or convert to a controlled API exception) rather than letting valueOf throw;
add the required import java.util.Arrays and keep the existing fallback that
sets msg.setSource(AccountSource.Local.name()) only when source is null.

In `@header/src/main/java/org/zstack/header/identity/SessionInventory.java`:
- Around line 101-108: The example builder __example__() fails to initialize
deprecated userUuid which causes NPEs in isAccountSession() and isUserSession()
(they call equals on userUuid); modify __example__() to set
session.setUserUuid(...) following the pattern in valueOf() so that for account
sessions userUuid is set to the same value as accountUuid (use
DocUtils.createFixedUuid(AccountVO.class) or reuse session.getAccountUuid())
ensuring userUuid is non-null in the sample instance.

---

Nitpick comments:
In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java`:
- Around line 10-15: 当前 RestRequest 注解的 path 值使用了单数形式
"/zcenter/account/session",请在 APICreateSessionForZCenterAccountMsg 类上将
RestRequest 的 path 修改为复数规范形式 "/zcenter/accounts/sessions"(即资源与子资源均用复数),确保相应的 API
文档和任何硬编码的客户端调用也一并更新;如果团队决定保留单数形式,请在注释中明确说明并记录该例外以便审查。

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java`:
- Around line 14-15: 在类 ZCenterAccountApiInterceptor 中移除未使用的注入字段 CloudBus bus:删除
private CloudBus bus; 以及关联的 `@Autowired` 注解和对应的 import(例如
org.zstack.core.cloudbus.CloudBus 和若因此不再使用则移除
org.springframework.beans.factory.annotation.Autowired 的 import),同时确认没有其他代码引用
CloudBus bus 后保存编译通过即可。

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java`:
- Line 7: ACCOUNT_RELATED_ERROR(2000) in enum ZCenterAccountsErrors is defined
but unused; either remove the enum constant or annotate it as reserved with a
clear Javadoc explaining its intended future use. Locate the enum
ZCenterAccountsErrors and either delete the ACCOUNT_RELATED_ERROR(2000) entry
(and run project build/tests) or replace it with a documented placeholder
comment/Javadoc (e.g., "Reserved for future account-related errors") so its
purpose is explicit; ensure the enum's numeric ordering/uniqueness remains
correct after change.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 30c90993-ba3b-4cec-8ceb-ccc28f1db355

📥 Commits

Reviewing files that changed from the base of the PR and between e0a485c and 55998c6.

⛔ Files ignored due to path filters (3)
  • conf/serviceConfig/zcenterAccount.xml is excluded by !**/*.xml
  • conf/springConfigXml/agents/ZCenterAccount.xml is excluded by !**/*.xml
  • conf/zstack.xml is excluded by !**/*.xml
📒 Files selected for processing (8)
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountConstant.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java
  • header/src/main/java/org/zstack/header/identity/SessionInventory.java
  • header/src/main/java/org/zstack/header/message/DocUtils.java

Comment thread ...accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java
Comment on lines +36 to +38
if (msg.getAccountName() != null && msg.getSource() == null) {
msg.setSource(AccountSource.Local.name());
}

@coderabbitai coderabbitai Bot Jun 8, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

验证 source 参数的有效性。

当用户提供了 source 参数时,应当验证其是否为有效的 AccountSource 枚举值。否则在 ZCenterAccountManager.findAccount() 方法(第 83 行)调用 AccountSource.valueOf(msg.getSource()) 时会抛出 IllegalArgumentException,导致未预期的运行时异常。

🛡️ 建议的验证逻辑 
     if (msg.getAccountName() != null && msg.getSource() == null) {
         msg.setSource(AccountSource.Local.name());
     }
+
+    if (msg.getSource() != null) {
+        try {
+            AccountSource.valueOf(msg.getSource());
+        } catch (IllegalArgumentException e) {
+            throw new ApiMessageInterceptionException(argerr(
+                    "invalid source[%s], must be one of %s",
+                    msg.getSource(), Arrays.toString(AccountSource.values())));
+        }
+    }
 }

注:需要在文件顶部添加 import java.util.Arrays;

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java`
around lines 36 - 38, Validate the incoming msg.getSource before using
AccountSource.valueOf to avoid IllegalArgumentException: in
ZCenterAccountApiInterceptor, when msg.getSource() != null, check it against
AccountSource.values() (e.g. Arrays.stream(AccountSource.values()).anyMatch(a ->
a.name().equals(msg.getSource()))), and if it's invalid throw a clear exception
(or convert to a controlled API exception) rather than letting valueOf throw;
add the required import java.util.Arrays and keep the existing fallback that
sets msg.setSource(AccountSource.Local.name()) only when source is null.

Comment thread header/src/main/java/org/zstack/header/identity/SessionInventory.java
Comment on lines +101 to +108
public static SessionInventory __example__() {
SessionInventory session = new SessionInventory();
session.setUuid(DocUtils.createFixedUuid(SessionVO.class));
session.setAccountUuid(DocUtils.createFixedUuid(AccountVO.class));
session.setCreateDate(DocUtils.timestamp());
session.setExpiredDate(DocUtils.timestampAndAddDays(1));
return session;
}

@coderabbitai coderabbitai Bot Jun 8, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

需要初始化 userUuid 字段以避免 NPE。

虽然 userUuid 已标记为 @Deprecated,但 isAccountSession()isUserSession() 方法(第 33-39 行)仍在使用该字段进行 equals 比较。如果 userUuid 为 null,这些方法将抛出 NullPointerException

参考 valueOf() 方法(第 23-31 行)的实现模式,示例对象也应该设置 userUuid。对于账号会话,通常 userUuidaccountUuid 相同。

🔧 建议修复方案 
     public static SessionInventory __example__() {
         SessionInventory session = new SessionInventory();
         session.setUuid(DocUtils.createFixedUuid(SessionVO.class));
         session.setAccountUuid(DocUtils.createFixedUuid(AccountVO.class));
+        session.setUserUuid(DocUtils.createFixedUuid(AccountVO.class));
         session.setCreateDate(DocUtils.timestamp());
         session.setExpiredDate(DocUtils.timestampAndAddDays(1));
         return session;
     }
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@header/src/main/java/org/zstack/header/identity/SessionInventory.java` around
lines 101 - 108, The example builder __example__() fails to initialize
deprecated userUuid which causes NPEs in isAccountSession() and isUserSession()
(they call equals on userUuid); modify __example__() to set
session.setUserUuid(...) following the pattern in valueOf() so that for account
sessions userUuid is set to the same value as accountUuid (use
DocUtils.createFixedUuid(AccountVO.class) or reuse session.getAccountUuid())
ensuring userUuid is non-null in the sample instance.

@MatheMatrix MatheMatrix force-pushed the sync/wenhao.zhang/zsv-ldap-4 branch from 55998c6 to 3bab10e Compare June 8, 2026 11:24
@MatheMatrix

MatheMatrix commented Jun 8, 2026

Copy link
Copy Markdown
Owner

Comment from wenhao.zhang:

@APIParam(required = false, validEnums = AccountSource.class)

相当于已经做了检查,不需要额外在检查一遍

coderabbitai[bot]
coderabbitai Bot reviewed Jun 8, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy`:
- Around line 24-51: Update the parameter documentation for the
APICreateSessionForZCenterAccountMsgDoc (the column blocks for "accountUuid" and
"accountName") to state the mutual-exclusion and at-least-one constraint:
explicitly note that callers must provide either accountUuid or accountName but
not both; also add to the "accountName" column or the "source" column text that
when accountName is used and source is omitted it defaults to "Local" (and that
providing accountName with a non-Local source is allowed if supported). Ensure
the descriptions for the "accountUuid", "accountName", and "source" column
entries reference this combined constraint so the doc prevents constructing
invalid requests.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 75d641c0-3664-4110-bcfd-545c4e8e7d02

📥 Commits

Reviewing files that changed from the base of the PR and between 55998c6 and 3bab10e.

⛔ Files ignored due to path filters (6)
  • build/pom.xml is excluded by !**/*.xml
  • conf/serviceConfig/zcenterAccount.xml is excluded by !**/*.xml
  • conf/springConfigXml/agents/ZCenterAccount.xml is excluded by !**/*.xml
  • conf/zstack.xml is excluded by !**/*.xml
  • test/pom.xml is excluded by !**/*.xml
  • testlib/pom.xml is excluded by !**/*.xml
📒 Files selected for processing (13)
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountConstant.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEventDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java
  • header/src/main/java/org/zstack/header/identity/SessionInventory.java
  • header/src/main/java/org/zstack/header/message/DocUtils.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountAction.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountResult.java
  • testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy
✅ Files skipped from review due to trivial changes (3)
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountConstant.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEventDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java
🚧 Files skipped from review as they are similar to previous changes (6)
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java
  • header/src/main/java/org/zstack/header/identity/SessionInventory.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java
  • header/src/main/java/org/zstack/header/message/DocUtils.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java

Comment thread ...in/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy
Comment on lines +24 to +51
column {
name "accountUuid"
enclosedIn "params"
desc "账户UUID"
location "body"
type "String"
optional true
since "5.1.0"
}
column {
name "accountName"
enclosedIn "params"
desc "账户名称"
location "body"
type "String"
optional true
since "5.1.0"
}
column {
name "source"
enclosedIn "params"
desc "账户来源"
location "body"
type "String"
optional true
since "5.1.0"
values ("Local","OpenLdap","WindowsAD","CAS","OAuth2","ZCenter")
}

@coderabbitai coderabbitai Bot Jun 8, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

文档缺少 accountUuid/accountName 的互斥与二选一约束说明。

当前文档把 accountUuidaccountName 都标记为可选,但运行时拦截器实际要求“至少提供一个且不能同时提供”。建议在参数描述中明确该组合约束,并补充 accountName 场景下 source 默认 Local 的行为,避免调用方按文档构造出无效请求。

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy`
around lines 24 - 51, Update the parameter documentation for the
APICreateSessionForZCenterAccountMsgDoc (the column blocks for "accountUuid" and
"accountName") to state the mutual-exclusion and at-least-one constraint:
explicitly note that callers must provide either accountUuid or accountName but
not both; also add to the "accountName" column or the "source" column text that
when accountName is used and source is omitted it defaults to "Local" (and that
providing accountName with a non-Local source is allowed if supported). Ensure
the descriptions for the "accountUuid", "accountName", and "source" column
entries reference this combined constraint so the doc prevents constructing
invalid requests.

@ZStack-Robot

ZStack-Robot commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator Author

Comment from yaohua.wu:

Review: MR !10147 — ZSV-12403

Background (preserved across rounds)

  • Jira: ZSV-12403 — 【ZCenterAccount】为 ZCenter 补充交换 Session 的 API(父任务 ZSV-12257 ZCenter Account 支持)
  • 需求 summary: 新增 REST API POST /zcenter/account/session,供 ZCenter 用 account 标识(accountUuid,或 accountName + source)换取一个有效的 SessionInventory;命中账号则创建 session 返回,未命中返回 ACCOUNT_NOT_FOUND、禁用返回 ACCOUNT_DISABLED。本期不做调用方证书校验(ZCenter 部署阶段再补充),权限由 RBAC adminOnly 控制。
  • Intent & scope: 独立 agent 模块(agents/zcenter-accounts)新增 API msg/event + ZCenterAccountManager + interceptor + 错误码 + Spring/serviceConfig/SDK/doc 接线;不改动既有 identity/login 流程,session 复用 Session.login。Scope ≈ 19 文件,逻辑代码集中在 ZCenterAccountManager / ZCenterAccountApiInterceptor,外加 headerSessionInventory.__example__ / DocUtils.timestampAndAddDays)。
  • Round 1 initial findings: 0 × P0, 2 × P1(Session 池交互、(name, source) 唯一性假设),3 × P2/P3(interceptor 无用字段、审计日志级别、REST 复数规范)。
  • Suggested fix direction: 确认 Session.login 在「单点登录 / 并发 session 上限」配置下、为 ZCenter 取 session 对真实用户既有会话的副作用;复核 (AccountVO.name, source) 在本 epic 改动后仍唯一;清理 interceptor 中未使用的 CloudBus

整体实现与 Jira 设计稿高度一致(消息分发、findAccount、禁用校验、错误码、service 路由 <id>zcenter-accounts</id>intercept 返回 msg),授权链路也已核验正确。下面按严重度给出 review 结论。

🟡 P1 — Warning

# File:Line Issue 建议
1 ZCenterAccountManager.javahandle / Session.login (~L65) ZCenter 取 session 与账号正常会话共用同一 session 池。 Session.login(account.getUuid()) 会遵循「单点登录 / 并发 session 上限」等全局配置(设计稿亦明确这点)。副作用:① 若开启唯一会话,ZCenter 每次后台取 session 都会踢掉该账号真实用户的既有会话;② ZCenter session 与账号交互登录互相挤占配额,撞上限时 Session.login 可能抛异常,此时 API 只会经 @MessageSafe 回一个通用框架错误,而非语义化的 ZCenterAccountsErrors 确认该交互对 ZCenter「代账号操作」场景可接受;如不希望影响真实用户会话,考虑为 ZCenter session 引入独立类型/标记,豁免唯一会话与配额,并对取 session 失败补一个明确错误码。
2 ZCenterAccountManager.javafindAccount (~L84-87) (name, source) 唯一性假设值得复核。 Q.New(AccountVO.class).eq(name).eq(source).find() 在命中多行时会静默返回任意一条。设计稿断言 (name, source) 唯一,但本 epic(ZSV-12257)正在改动命名语义(ZSV-12379「移除用户名唯一约束」已 Resolved、ZSV-12290「同名用户绑定」)。 复核在这些改动后 (AccountVO.name, AccountVO.source) 是否仍保证唯一(注意 Account 与 User 名是两套语义)。若不再唯一,则此处会为一个有歧义/错误的账号签发 session,属安全相关的正确性缺陷;建议命中多行时显式报错而非 .find() 取首条。

🟢 P2 / P3 — Suggestion

# File:Line Issue 建议
3 ZCenterAccountApiInterceptor.java:14-15 @Autowired private CloudBus bus; 为新文件中的死字段,从未使用。 删除该字段及 CloudBus / @Autowired import(CodeRabbit 亦指出,确属有效清理)。
4 ZCenterAccountManager.javahandle (~L66) 签发 session 是由外部系统(ZCenter)触发的身份代办(impersonation)敏感操作,当前仅 logger.debug,审计/取证可能不足。 考虑提升到 info 级或接入审计框架,记录调用方与目标账号(uuid/name/source)。
5 APICreateSessionForZCenterAccountMsg.java:10-15 REST 路径 /zcenter/account/session 为单数,编码规范建议资源用复数(/zcenter/accounts/sessions)。 这是新 API、尚无外部兼容包袱,现在改成本最低;若团队有意保留单数语义,建议记录例外。属团队取舍(CodeRabbit 亦提及)。

✅ 已核验 / 对既有机器评论的更正

  • 授权正确(非缺陷)agents/zcenter-accounts/.../RBACInfo.java 已声明 adminOnlyForAll()permissionName="zcenter-accounts"@SDKPackage="org.zstack.sdk.agents.zcenter.accounts" 覆盖本 API 的 SDK 包),该 session 签发 API 仅管理员可调用。配合设计稿「本期不做证书校验」,授权位足够;证书交换请作为后续项跟踪(ZCenter 部署阶段)。
  • CodeRabbit 的 NPE 提示是误报SessionInventory.isAccountSession() 实现为 accountUuid.equals(userUuid),对非 null 的 accountUuid 调用 equals,故 __example__()userUuid 为 null 时返回 false非抛 NPE。作者已 resolve,正确。(可选:为示例补 setUserUuid 仅为语义对齐,无功能必要。)
  • ACCOUNT_RELATED_ERROR(2000) 是有意保留:按项目《错误码规范》(千位为大类、每类首码为基础错误码),2000 是「account 解析」大类的基础码。CodeRabbit「删除未使用」的建议应予以拒绝
  • 测试:本次为设计稿明确的「无 case 轮」;请确保后续 case 轮覆盖 uuid 路径、name+source 路径、未命中、禁用、以及 accountUuid/accountName 必填且互斥的校验。
  • 合并顺序 / 新鲜度merge_status=can_be_merged、无冲突、绝大多数为新增文件,rebase 风险低;按作者备注,premium !14272 需先于本 MR 合入。
  • 次要:build/test/testlib 三个 pom 同时新增了 account-importzcenter-accounts 依赖,请确认 account-import 确为 zcenter-accounts 模块编译所必需(本 diff 中未直接引用)。

Verdict: APPROVED(无 P0;2 项 P1 为「请确认」性质,非阻塞)

实现质量良好、与设计稿一致、授权链路正确。建议合并前就 #1 Session 池副作用#2 (name, source) 唯一性 给出确认即可;P2/P3 可按需采纳。

🤖 Robot Reviewer

@MatheMatrix MatheMatrix force-pushed the sync/wenhao.zhang/zsv-ldap-4 branch 2 times, most recently from f3deced to 627f4df Compare June 8, 2026 13:12
coderabbitai[bot]
coderabbitai Bot reviewed Jun 8, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy (1)

24-51: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

补充参数组合约束说明(与运行时校验保持一致)

accountUuidaccountName 当前都标为可选,但文档未明确“必须二选一且不能同时传”。同时建议在 accountName/source 描述中补充:当仅传 accountName 且未传 source 时,默认 Local。否则调用方会按文档构造出会被拦截器拒绝的请求。

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy`
around lines 24 - 51, The documentation currently marks accountUuid and
accountName as optional but omits their runtime combination constraint; update
the APICreateSessionForZCenterAccountMsgDoc to state that accountUuid and
accountName are mutually exclusive and exactly one must be provided (must supply
one of accountUuid or accountName, not both), and augment the accountName and
source field descriptions to note that if only accountName is provided and
source is omitted, source defaults to "Local" (aligning docs with the runtime
interceptor/validation logic).
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In
`@agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy`:
- Around line 24-51: The documentation currently marks accountUuid and
accountName as optional but omits their runtime combination constraint; update
the APICreateSessionForZCenterAccountMsgDoc to state that accountUuid and
accountName are mutually exclusive and exactly one must be provided (must supply
one of accountUuid or accountName, not both), and augment the accountName and
source field descriptions to note that if only accountName is provided and
source is omitted, source defaults to "Local" (aligning docs with the runtime
interceptor/validation logic).
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 11ceaa60-e309-40ce-970c-7236940b977b

📥 Commits

Reviewing files that changed from the base of the PR and between 3bab10e and f3deced.

⛔ Files ignored due to path filters (6)
  • build/pom.xml is excluded by !**/*.xml
  • conf/serviceConfig/zcenterAccount.xml is excluded by !**/*.xml
  • conf/springConfigXml/agents/ZCenterAccount.xml is excluded by !**/*.xml
  • conf/zstack.xml is excluded by !**/*.xml
  • test/pom.xml is excluded by !**/*.xml
  • testlib/pom.xml is excluded by !**/*.xml
📒 Files selected for processing (13)
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountConstant.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEventDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsgDoc_zh_cn.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/compute/ZCenterAccountApiInterceptor.java
  • header/src/main/java/org/zstack/header/identity/SessionInventory.java
  • header/src/main/java/org/zstack/header/message/DocUtils.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountAction.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountResult.java
  • testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy
🚧 Files skipped from review as they are similar to previous changes (9)
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountResult.java
  • header/src/main/java/org/zstack/header/identity/SessionInventory.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountsErrors.java
  • header/src/main/java/org/zstack/header/message/DocUtils.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountEvent.java
  • testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/ZCenterAccountManager.java
  • agents/zcenter-accounts/src/main/java/org/zstack/zcenter/accounts/api/APICreateSessionForZCenterAccountMsg.java
  • sdk/src/main/java/org/zstack/sdk/agents/zcenter/accounts/api/CreateSessionForZCenterAccountAction.java

<feature>[zcenter]: add APICreateSessionForZCenterAccountMsg
9cb1fde 
Resolves: ZSV-12403
Related: ZSV-12257

APIImpact

Change-Id: I67627861787a617663746f667a6b76726c696a78
@MatheMatrix MatheMatrix force-pushed the sync/wenhao.zhang/zsv-ldap-4 branch from 627f4df to 9cb1fde Compare June 8, 2026 15:21
@MatheMatrix

MatheMatrix commented Jun 8, 2026

Copy link
Copy Markdown
Owner

Comment from wenhao.zhang:

http://dev.zstack.io:9080/zstackio/zstack/-/merge_requests/10149

@MatheMatrix MatheMatrix closed this Jun 8, 2026
@MatheMatrix MatheMatrix deleted the sync/wenhao.zhang/zsv-ldap-4 branch June 8, 2026 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ZStack-Robot @MatheMatrix