def get_or_create_private_repo(user, project): # 通过harbor api创建一次项目账号,然后存储在auth中 project_id = project.project_id project_code = project.project_code private_repos = Repository.objects.filter(name=project_code, project_id=project_id) repo = private_repos.first() if repo: return repo account = get_jfrog_account(user.token.access_token, project_code, project_id) repo_auth = { "type": "basic", "role": "admin", "credentials": { "username": account.get("user"), "password": account.get("password") }, } url = f"{settings.HELM_MERELY_REPO_URL}/chartrepo/{project_code}/" private_repo = add_plain_repo(target_project_id=project_id, name=project_code, url=url, repo_auth=repo_auth) return private_repo
def create_private_repo_without_chart(self, user, project_id, project_code): # 通过harbor api创建一次项目账号,然后存储在auth中 private_repos = Repository.objects.filter(name=project_code, project_id=project_id) if private_repos.exists(): return private_repos[0] account = get_jfrog_account(self.access_token, project_code, project_id) repo_auth = { "type": "basic", "role": "admin", "credentials": { # "username": settings.HELM_MERELY_REPO_USERNAME, # "password": settings.HELM_MERELY_REPO_PASSWORD, "username": account.get("user"), "password": account.get("password") } } url = '%s/chartrepo/%s/' % (settings.HELM_MERELY_REPO_URL, project_code) private_repo = add_plain_repo(target_project_id=project_id, name=project_code, url=url, repo_auth=repo_auth) return private_repo
def create_imagepullsecret(access_token, project_id, project_code, cluster_id, namespace): # get dept domain dept_domain = paas_cc.get_jfrog_domain(access_token, project_id, cluster_id) # 判断是否为研发仓库,正式环境分为:研发仓库、生产仓库,这2个仓库的账号要分开申请 is_bk_dept = True if dept_domain.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN) else False dept_account = get_jfrog_account(access_token, project_code, project_id, is_bk_dept) # get user or pwd by dept account user = dept_account.get('user', '') pwd = dept_account.get('password', '') # compose config secret_config = { "kind": "secret", "metadata": { "name": MESOS_IMAGE_SECRET, "namespace": namespace }, "datas": { "user": { "content": base64.b64encode(user.encode(encoding="utf-8")).decode() }, "pwd": { "content": base64.b64encode(pwd.encode(encoding="utf-8")).decode() } }, "apiVersion": "v4" } client = MesosClient(access_token, project_id, cluster_id, env=None) resp = client.create_secret(namespace, secret_config) if (resp.get('code') != ErrorCode.NoError) and ('already exists' not in resp.get('message', '')): raise error_codes.APIError(f'create secret error, result.get("message")')
def init_mesos_ns_by_bcs(self, access_token, project_id, project_code, cluster_id, ns_name): """新建包含仓库账号信息的sercret配置文件并下发""" # 获取镜像仓库地址 jfrog_domain = paas_cc.get_jfrog_domain(access_token, project_id, cluster_id) # 按项目申请仓库的账号信息 # 判断是否为研发仓库,正式环境分为:研发仓库、生产仓库,这2个仓库的账号要分开申请 if jfrog_domain.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN): is_bk_jfrog = True else: is_bk_jfrog = False jfrog_account = get_jfrog_account(access_token, project_code, project_id, is_bk_jfrog) _user = jfrog_account.get('user', '') _pwd = jfrog_account.get('password', '') jfrog_config = { "kind": "secret", "metadata": {"name": MESOS_IMAGE_SECRET, "namespace": ns_name}, "datas": { "user": {"content": base64.b64encode(_user.encode(encoding="utf-8")).decode()}, "pwd": {"content": base64.b64encode(_pwd.encode(encoding="utf-8")).decode()}, }, "apiVersion": "v4", } # 下发secret配置文件 client = MesosClient(access_token, project_id, cluster_id, env=None) result = client.create_secret(ns_name, jfrog_config) if result.get('code') != 0: client.delete_secret(ns_name, MESOS_IMAGE_SECRET) raise error_codes.ComponentError.f(_("创建registry secret失败,{}").format(result.get('message')))
def create_jforg_secret(self, client, access_token, project_id, project_code, data): try: domain_list = paas_cc.get_jfrog_domain_list( access_token, project_id, data['cluster_id']) domain_list = set(domain_list) # 获取项目的用户信息 jfrog_account = get_jfrog_account(access_token, project_code, project_id) user_pwd = "%s:%s" % (jfrog_account.get('user'), jfrog_account.get('password')) user_auth = { "auth": base64.b64encode(user_pwd.encode(encoding="utf-8")).decode() } auth_dict = {} for _d in domain_list: if _d.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN): _bk_auth = get_bk_jfrog_auth(access_token, project_code, project_id) auth_dict[_d] = _bk_auth else: auth_dict[_d] = user_auth jfrog_auth = {"auths": auth_dict} jfrog_auth_bytes = bytes(json.dumps(jfrog_auth), "utf-8") jfrog_config = { "apiVersion": "v1", "kind": "Secret", "metadata": { "name": "%s%s" % (K8S_IMAGE_SECRET_PRFIX, data['name']), "namespace": data['name'] }, "data": { ".dockerconfigjson": base64.b64encode(jfrog_auth_bytes).decode() }, "type": "kubernetes.io/dockerconfigjson" } result = client.create_secret(data['name'], jfrog_config) except Exception as e: self.delete_ns_by_bcs(client, data['name']) logger.exception(u"获取项目仓库账号信息失败:%s" % e) raise ValidationError(_("获取项目仓库账号信息失败,请联系管理员解决")) # 通过错误消息判断 包含仓库信息的secret 是否已经存在,已经存在则直接进行下一步 res_msg = result.get('message') or '' is_already_exists = res_msg.endswith("already exists") if result.get('code') != 0 and not is_already_exists: self.delete_ns_by_bcs(client, data['name']) raise error_codes.ComponentError.f( _("创建registry secret失败,{}, 请联系管理员解决").format( result.get('message')))
def create_dept_account(access_token, project_id, project_code, cluster_id): domain_list = paas_cc.get_jfrog_domain_list(access_token, project_id, cluster_id) if not domain_list: raise error_codes.APIError('get dept domain error, domain is empty') domain_list = set(domain_list) # get user auth by project dept_account = get_jfrog_account(access_token, project_code, project_id) user_pwd = f'{dept_account.get("user")}:{dept_account.get("password")}' user_auth = { 'auth': base64.b64encode(user_pwd.encode(encoding='utf-8')).decode() } # compose many dept account auth auth_dict = {} for _d in domain_list: if _d.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN): _bk_auth = get_bk_jfrog_auth(access_token, project_code, project_id) auth_dict[_d] = _bk_auth else: auth_dict[_d] = user_auth return auth_dict