def __handle_service_ports(self, tenant, service, ports):
"""处理创建应用的端口。对于打开了对内或对外端口的应用,需由业务端手动打开"""
for port in ports:
if port.is_outer_service:
code, msg, data = port_service.manage_port(tenant, service, port.container_port, "open_outer",
port.protocol,
port.port_alias)
if code != 200:
logger.error("create service manage port error : {0}".format(msg))
if port.is_inner_service:
code, msg, data = port_service.manage_port(tenant, service, port.container_port, "open_inner",
port.protocol,
port.port_alias)
if code != 200:
logger.error("create service manage port error : {0}".format(msg))
def put(self, request, *args, **kwargs):
"""
修改组件的某个端口(打开|关闭|修改协议|修改环境变量)
---
parameters:
- name: tenantName
description: 租户名
required: true
type: string
paramType: path
- name: serviceAlias
description: 组件别名
required: true
type: string
paramType: path
- name: port
description: 端口号
required: true
type: string
paramType: path
- name: action
description: 操作类型(open_outer|close_outer|open_inner|close_inner|change_protocol|change_port_alias)
required: true
type: string
paramType: form
- name: port_alias
description: 端口别名(修改端口别名时必须)
required: false
type: string
paramType:
- name: protocol
description: 端口协议(修改端口协议时必须)
required: false
type: string
paramType: path
"""
container_port = kwargs.get("port", None)
action = request.data.get("action", None)
port_alias = request.data.get("port_alias", None)
protocol = request.data.get("protocol", None)
k8s_service_name = parse_item(request, "k8s_service_name", default="")
if not container_port:
raise AbortRequest("container_port not specify", u"端口变量名未指定")
if self.service.service_source == "third_party" and ("outer" in action):
msg, msg_show, code = port_service.check_domain_thirdpart(self.tenant, self.service)
if code != 200:
logger.exception(msg, msg_show)
return Response(general_message(code, msg, msg_show), status=code)
code, msg, data = port_service.manage_port(self.tenant, self.service, self.response_region, int(container_port), action,
protocol, port_alias, k8s_service_name)
if code != 200:
return Response(general_message(code, "change port fail", msg), status=code)
result = general_message(200, "success", "操作成功", bean=model_to_dict(data))
return Response(result, status=result["code"])
def post(self, request, app_id, *args, **kwargs):
ads = PostHTTPGatewayRuleSerializer(data=request.data)
ads.is_valid(raise_exception=True)
app = group_service.get_app_by_id(self.team, self.region_name, app_id)
if not app:
raise ErrAppNotFound
httpdomain = ads.data
# Compatible history code
httpdomain["domain_heander"] = httpdomain.get("domain_header", None)
httpdomain["domain_type"] = DomainType.WWW
protocol = "http"
if httpdomain.get("certificate_id", None):
protocol = "https"
httpdomain["protocol"] = protocol
service = service_repo.get_service_by_tenant_and_id(
self.team.tenant_id, httpdomain["service_id"])
if not service:
rst = {"msg": "组件不存在"}
return Response(rst, status=status.HTTP_400_BAD_REQUEST)
if domain_service.check_domain_exist(
httpdomain["service_id"], httpdomain["container_port"],
httpdomain["domain_name"], protocol,
httpdomain.get("domain_path"),
httpdomain.get("rule_extensions")):
rst = {"msg": "策略已存在"}
return Response(rst, status=status.HTTP_400_BAD_REQUEST)
if service.service_source == "third_party":
msg, msg_show, code = port_service.check_domain_thirdpart(
self.team, service)
if code != 200:
logger.exception(msg, msg_show)
return Response({
"msg": msg,
"msg_show": msg_show
},
status=code)
if httpdomain.get("whether_open", True):
tenant_service_port = port_service.get_service_port_by_port(
service, httpdomain["container_port"])
# 仅开启对外端口
code, msg, data = port_service.manage_port(
self.team, service, service.service_region,
int(tenant_service_port.container_port), "only_open_outer",
tenant_service_port.protocol, tenant_service_port.port_alias)
if code != 200:
return Response({"msg": "change port fail"}, status=code)
tenant_service_port = port_service.get_service_port_by_port(
service, httpdomain["container_port"])
if not tenant_service_port.is_outer_service:
return Response({"msg": "没有开启对外端口"},
status=status.HTTP_400_BAD_REQUEST)
data = domain_service.bind_httpdomain(self.team, self.request.user,
service, httpdomain, True)
serializer = HTTPGatewayRuleSerializer(data=data.to_dict())
serializer.is_valid()
return Response(serializer.data, status=status.HTTP_201_CREATED)
def put(self, request, *args, **kwargs):
"""
修改应用的某个端口(打开|关闭|修改协议|修改环境变量)
---
parameters:
- name: tenantName
description: 租户名
required: true
type: string
paramType: path
- name: serviceAlias
description: 服务别名
required: true
type: string
paramType: path
- name: port
description: 端口号
required: true
type: string
paramType: path
- name: action
description: 操作类型(open_outer|close_outer|open_inner|close_inner|change_protocol|change_port_alias)
required: true
type: string
paramType: form
- name: port_alias
description: 端口别名(修改端口别名时必须)
required: false
type: string
paramType:
- name: protocol
description: 端口协议(修改端口协议时必须)
required: false
type: string
paramType: path
"""
container_port = kwargs.get("port", None)
action = request.data.get("action", None)
port_alias = request.data.get("port_alias", None)
protocol = request.data.get("protocol", None)
if not container_port:
return Response(general_message(400, "container_port not specify", u"端口变量名未指定"), status=400)
try:
code, msg, data = port_service.manage_port(self.tenant, self.service, int(container_port), action,
protocol, port_alias)
if code != 200:
return Response(general_message(code, "change port fail", msg), status=code)
result = general_message(200, "success", "操作成功,重启生效", bean=model_to_dict(data))
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=result["code"])
def post(self, request, *args, **kwargs):
try:
container_port = request.data.get("container_port", None)
service_id = request.data.get("service_id", None)
end_point = request.data.get("end_point", None)
whether_open = request.data.get("whether_open", False)
rule_extensions = request.data.get("rule_extensions", None)
default_port = request.data.get("default_port", None)
default_ip = request.data.get("default_ip", None)
if not container_port or not service_id or not end_point:
return Response(general_message(400, "parameters are missing", "参数缺失"), status=400)
service = service_repo.get_service_by_service_id(service_id)
if not service:
return Response(general_message(400, "not service", "服务不存在"), status=400)
# 判断策略是否存在
service_tcpdomain = tcp_domain.get_tcpdomain_by_name_and_port(service.service_id, container_port, end_point)
if service_tcpdomain:
result = general_message(400, "faild", "策略已存在")
return Response(result)
if whether_open:
try:
tenant_service_port = port_service.get_service_port_by_port(service, container_port)
# 仅打开对外端口
code, msg, data = port_service.manage_port(self.tenant, service, service.service_region,
int(tenant_service_port.container_port), "only_open_outer",
tenant_service_port.protocol,
tenant_service_port.port_alias)
if code != 200:
return Response(general_message(code, "change port fail", msg), status=code)
except Exception:
raise
tenant_service_port = port_service.get_service_port_by_port(service, container_port)
if not tenant_service_port.is_outer_service:
return Response(general_message(200, "not outer port", "没有开启对外端口", bean={"is_outer_service": False}),
status=200)
# 添加tcp策略
code, msg, data = domain_service.bind_tcpdomain(self.tenant, self.user, service, end_point, container_port,
default_port, rule_extensions, default_ip)
if code != 200:
return Response(general_message(code, "bind domain error", msg), status=code)
result = general_message(200, "success", "tcp策略添加成功", bean=data)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=result["code"])
def put(self, request, *args, **kwargs):
"""
组件拓扑图打开(关闭)对外端口
:param request:
:param args:
:param kwargs:
:return:
"""
open_outer = request.data.get("open_outer", False)
close_outer = request.data.get("close_outer", False)
container_port = request.data.get("container_port", None)
# 开启对外端口
if open_outer:
tenant_service_port = port_service.get_service_port_by_port(
self.service, int(container_port))
if self.service.service_source == "third_party":
msg, msg_show, code = port_service.check_domain_thirdpart(
self.tenant, self.service)
if code != 200:
logger.exception(msg, msg_show)
return Response(general_message(code, msg, msg_show),
status=code)
code, msg, data = port_service.manage_port(
self.tenant, self.service, self.response_region,
int(container_port), "open_outer",
tenant_service_port.protocol, tenant_service_port.port_alias)
if code != 200:
return Response(general_message(412, "open outer fail",
"打开对外端口失败"),
status=412)
return Response(general_message(200, "open outer success", "开启成功"),
status=200)
# 关闭该组件所有对外端口
if close_outer:
tenant_service_ports = port_service.get_service_ports(self.service)
for tenant_service_port in tenant_service_ports:
code, msg, data = port_service.manage_port(
self.tenant, self.service, self.response_region,
tenant_service_port.container_port, "close_outer",
tenant_service_port.protocol,
tenant_service_port.port_alias)
if code != 200:
return Response(general_message(412, "open outer fail",
"关闭对外端口失败"),
status=412)
return Response(general_message(200, "close outer success",
"关闭对外端口成功"),
status=200)
# 校验要依赖的组件是否开启了对外端口
open_outer_services = port_repo.get_service_ports(
self.tenant.tenant_id,
self.service.service_id).filter(is_outer_service=True)
if not open_outer_services:
if self.service.service_source == "third_party":
msg, msg_show, code = port_service.check_domain_thirdpart(
self.tenant, self.service)
if code != 200:
logger.exception(msg, msg_show)
return Response(general_message(code, msg, msg_show),
status=code)
service_ports = port_repo.get_service_ports(
self.tenant.tenant_id, self.service.service_id)
port_list = [
service_port.container_port for service_port in service_ports
]
if len(port_list) == 1:
# 一个端口直接开启
tenant_service_port = port_service.get_service_port_by_port(
self.service, int(port_list[0]))
code, msg, data = port_service.manage_port(
self.tenant, self.service, self.response_region,
int(port_list[0]), "open_outer",
tenant_service_port.protocol,
tenant_service_port.port_alias)
if code != 200:
return Response(general_message(412, "open outer fail",
"打开对外端口失败"),
status=412)
return Response(general_message(200, "open outer success",
"开启成功"),
status=200)
else:
# 多个端口需要用户选择后开启
return Response(general_message(
201,
"the service does not open an external port",
"该组件未开启对外端口",
list=port_list),
status=201)
else:
return Response(general_message(
202, "the service has an external port open", "该组件已开启对外端口"),
status=200)
def post(self, request, app_id, *args, **kwargs):
ads = PostGatewayRuleSerializer(data=request.data)
ads.is_valid(raise_exception=True)
if ads.data.get("protocol") == "tcp":
tcpdomain = ads.data.get("tcp")
if not tcpdomain:
raise ServiceHandleException(msg="Missing parameters: tcp", msg_show="缺少参数: tcp")
container_port = tcpdomain.get("container_port", None)
service_id = tcpdomain.get("service_id", None)
end_point = tcpdomain.get("end_point", None)
rule_extensions = tcpdomain.get("rule_extensions", None)
default_port = tcpdomain.get("default_port", None)
default_ip = tcpdomain.get("default_ip", None)
service = service_repo.get_service_by_service_id(service_id)
if not service:
raise ServiceHandleException(msg="not service", msg_show="组件不存在")
# Check if the given endpoint exists.
service_tcpdomain = tcp_domain.get_tcpdomain_by_end_point(self.region.region_id, end_point)
if service_tcpdomain:
raise ServiceHandleException(msg="exist", msg_show="策略已存在")
if service.service_source == "third_party":
msg, msg_show, code = port_service.check_domain_thirdpart(self.team, service)
if code != 200:
raise ServiceHandleException(msg=msg, msg_show=msg_show)
try:
tenant_service_port = port_service.get_service_port_by_port(service, container_port)
# 仅打开对外端口
code, msg, data = port_service.manage_port(self.team, service, service.service_region,
int(tenant_service_port.container_port), "only_open_outer",
tenant_service_port.protocol, tenant_service_port.port_alias)
if code != 200:
raise ServiceHandleException(status_code=code, msg="change port fail", msg_show=msg)
except Exception as e:
logger.exception(e)
raise ServiceHandleException(status_code=code, msg="change port fail", msg_show="open port failure")
# 添加tcp策略
domain_service.bind_tcpdomain(self.team, self.user, service, end_point, container_port, default_port,
rule_extensions, default_ip)
elif ads.data.get("protocol") == "http":
httpdomain = ads.data.get("http")
if not httpdomain:
raise ServiceHandleException(msg="Missing parameters: tcp", msg_show="缺少参数: http")
httpdomain["domain_heander"] = httpdomain.get("domain_header", None)
httpdomain["domain_type"] = DomainType.WWW
protocol = "http"
if httpdomain.get("certificate_id", None):
protocol = "https"
httpdomain["protocol"] = protocol
service = service_repo.get_service_by_tenant_and_id(self.team.tenant_id, httpdomain["service_id"])
if not service:
rst = {"msg": "组件不存在"}
return Response(rst, status=status.HTTP_400_BAD_REQUEST)
if domain_service.check_domain_exist(httpdomain["service_id"], httpdomain["container_port"],
httpdomain["domain_name"], protocol, httpdomain.get("domain_path"),
httpdomain.get("rule_extensions")):
rst = {"msg": "策略已存在"}
return Response(rst, status=status.HTTP_400_BAD_REQUEST)
if service.service_source == "third_party":
msg, msg_show, code = port_service.check_domain_thirdpart(self.team, service)
if code != 200:
logger.exception(msg, msg_show)
return Response({"msg": msg, "msg_show": msg_show}, status=code)
if httpdomain.get("whether_open", True):
tenant_service_port = port_service.get_service_port_by_port(service, httpdomain["container_port"])
# 仅开启对外端口
code, msg, data = port_service.manage_port(self.team, service, service.service_region,
int(tenant_service_port.container_port), "only_open_outer",
tenant_service_port.protocol, tenant_service_port.port_alias)
if code != 200:
return Response({"msg": "change port fail"}, status=code)
tenant_service_port = port_service.get_service_port_by_port(service, httpdomain["container_port"])
if not tenant_service_port:
raise ServiceHandleException("port not found", "端口不存在", 404, 404)
if not tenant_service_port.is_outer_service:
return Response({"msg": "没有开启对外端口"}, status=status.HTTP_400_BAD_REQUEST)
domain_service.bind_httpdomain(self.team, self.request.user, service, httpdomain, True)
else:
raise ServiceHandleException(msg="error parameters: protocol", msg_show="错误参数: protocol")
data = {}
http_rules = domain_service.get_http_rules_by_app_id(app_id)
tcp_rules = domain_service.get_tcp_rules_by_app_id(app_id)
data["http"] = http_rules
data["tcp"] = tcp_rules
re = GatewayRuleSerializer(data)
return Response(re.data, status=status.HTTP_200_OK)
def put(self, request, *args, **kwargs):
"""
应用拓扑图打开(关闭)对外端口
:param request:
:param args:
:param kwargs:
:return:
"""
try:
open_outer = request.data.get("open_outer", False)
close_outer = request.data.get("close_outer", False)
container_port = request.data.get("container_port", None)
# 开启对外端口
if open_outer:
tenant_service_port = port_service.get_service_port_by_port(
self.service, int(container_port))
code, msg, data = port_service.manage_port(
self.tenant, self.service, self.response_region,
int(container_port), "open_outer",
tenant_service_port.protocol,
tenant_service_port.port_alias)
if code != 200:
return Response(general_message(412, "open outer fail",
u"打开对外端口失败"),
status=412)
return Response(general_message(200, "open outer success",
u"开启成功"),
status=200)
# 关闭改服务所有对外端口
if close_outer:
tenant_service_ports = port_service.get_service_ports(
self.service)
for tenant_service_port in tenant_service_ports:
code, msg, data = port_service.manage_port(
self.tenant, self.service, self.response_region,
tenant_service_port.container_port, "close_outer",
tenant_service_port.protocol,
tenant_service_port.port_alias)
if code != 200:
return Response(general_message(
412, "open outer fail", u"关闭对外端口失败"),
status=412)
return Response(general_message(200, "close outer success",
u"关闭对外端口成功"),
status=200)
# 校验要依赖的服务是否开启了对外端口
open_outer_services = port_repo.get_service_ports(
self.tenant.tenant_id,
self.service.service_id).filter(is_outer_service=True)
if not open_outer_services:
service_ports = port_repo.get_service_ports(
self.tenant.tenant_id, self.service.service_id)
port_list = [
service_port.container_port
for service_port in service_ports
]
return Response(general_message(
201,
"the service does not open an external port",
u"该服务未开启对外端口",
list=port_list),
status=201)
else:
return Response(general_message(
202, "the service has an external port open",
u"该服务已开启对外端口"),
status=200)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=result["code"])
def post(self, request, *args, **kwargs):
"""
添加http策略
"""
try:
container_port = request.data.get("container_port", None)
domain_name = request.data.get("domain_name", None)
certificate_id = request.data.get("certificate_id", None)
service_id = request.data.get("service_id", None)
domain_path = request.data.get("domain_path", None)
domain_cookie = request.data.get("domain_cookie", None)
domain_heander = request.data.get("domain_heander", None)
rule_extensions = request.data.get("rule_extensions", None)
whether_open = request.data.get("whether_open", False)
the_weight = request.data.get("the_weight", 100)
# 判断参数
if not container_port or not domain_name or not service_id:
return Response(general_message(400, "parameters are missing", "参数缺失"), status=400)
service = service_repo.get_service_by_service_id(service_id)
if not service:
return Response(general_message(400, "not service", "服务不存在"), status=400)
# 判断域名格式(如果用户添加的域名与默认域名后缀一致,那么他后缀必须是 "租户别名.默认后缀"
#
# 比如默认域名后缀是:37e53f.grapps.cn 这个值来自于region_info http_domain
# 那么如果它绑定 xxx.37e53f.grapps.cn是不允许的,只能绑定:
# xxx.yaufe6r5.37e53f.grapps.cn
#
# 此限制是防止租户之间盗用域名。)
region = region_repo.get_region_by_region_name(service.service_region)
if domain_name.endswith(region.httpdomain):
domain_name_spt = domain_name.split(region.httpdomain)
if self.tenant.tenant_name != domain_name_spt[0].split('.')[len(domain_name_spt[0].split('.'))-2]:
return Response(general_message(400, "the domain name format is incorrect", "域名格式不正确"), status=400)
protocol = "http"
if certificate_id:
protocol = "https"
# 判断策略是否存在
service_domain = domain_repo.get_domain_by_name_and_port_and_protocol(service.service_id, container_port, domain_name, protocol)
if service_domain:
result = general_message(400, "faild", "策略已存在")
return Response(result, status=400)
if whether_open:
try:
tenant_service_port = port_service.get_service_port_by_port(service, container_port)
# 仅开启对外端口
code, msg, data = port_service.manage_port(self.tenant, service, service.service_region, int(tenant_service_port.container_port), "only_open_outer",
tenant_service_port.protocol, tenant_service_port.port_alias)
if code != 200:
return Response(general_message(code, "change port fail", msg), status=code)
except Exception:
raise
tenant_service_port = port_service.get_service_port_by_port(service, container_port)
if not tenant_service_port.is_outer_service:
return Response(general_message(200, "not outer port", "没有开启对外端口", bean={"is_outer_service": False}),
status=200)
# 绑定端口(添加策略)
code, msg, data = domain_service.bind_httpdomain(self.tenant, self.user, service, domain_name, container_port, protocol,
certificate_id, DomainType.WWW, domain_path,
domain_cookie, domain_heander, the_weight, rule_extensions)
if code != 200:
return Response(general_message(code, "bind domain error", msg), status=code)
result = general_message(200, "success", "策略添加成功", bean=data)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result, status=result["code"])
def post(self, request, *args, **kwargs):
try:
serializers = APPHttpDomainSerializer(data=request.data)
serializers.is_valid(raise_exception=True)
except ValidationError as e:
logger.debug(e)
rst = {"msg": u"参数错误"}
return Response(rst, status.HTTP_400_BAD_REQUEST)
group_id = serializers.data.get("app_id", None)
container_port = serializers.data.get("container_port", None)
domain_name = serializers.data.get("domain_name", None)
certificate_id = serializers.data.get("certificate_id", None)
service_key = serializers.data.get("service_key", None)
domain_path = serializers.data.get("domain_path", None)
domain_cookie = serializers.data.get("domain_cookie", None)
domain_heander = serializers.data.get("domain_header", None)
rule_extensions = serializers.data.get("rule_extensions", None)
whether_open = serializers.data.get("whether_open", False)
the_weight = serializers.data.get("the_weight", 100)
service = app_service.get_service_by_service_key_and_group_id(
service_key, group_id)
tenant = app_service.get_tenant_by_group_id(group_id)
if not service:
rst = {"msg": u"应用组件不存在"}
return Response(rst, status=status.HTTP_404_NOT_FOUND)
if not tenant:
rst = {"msg": u"未找到应用所属团队"}
return Response(rst, status=status.HTTP_404_NOT_FOUND)
protocol = "http"
if certificate_id:
protocol = "https"
strategy_status = app_service.check_strategy_exist(
service, container_port, domain_name, protocol, domain_path,
rule_extensions)
if strategy_status:
rst = {"msg": "策略已存在"}
return Response(rst, status=status.HTTP_400_BAD_REQUEST)
if service.service_source == "third_party":
msg, msg_show, code = port_service.check_domain_thirdpart(
tenant, service)
if code != 200:
logger.exception(msg, msg_show)
return Response({"msg": msg_show}, status=code)
if whether_open:
try:
tenant_service_port = port_service.get_service_port_by_port(
service, container_port)
# 仅开启对外端口
code, msg, data = port_service.manage_port(
tenant, service, service.service_region,
int(tenant_service_port.container_port), "only_open_outer",
tenant_service_port.protocol,
tenant_service_port.port_alias)
if code != 200:
return Response({"msg": "change port fail"}, status=code)
except Exception as e:
logger.debug(e)
return Response({"msg": e}, status=status.HTTP_400_BAD_REQUEST)
tenant_service_port = port_service.get_service_port_by_port(
service, container_port)
if not tenant_service_port.is_outer_service:
return Response({"msg": "没有开启对外端口"},
status=status.HTTP_400_BAD_REQUEST)
# 绑定端口(添加策略)
code, msg, data = domain_service.bind_httpdomain(
tenant, self.request.user, service, domain_name, container_port,
protocol, certificate_id, DomainType.WWW, domain_path,
domain_cookie, domain_heander, the_weight, rule_extensions)
if code != 200:
return Response({"msg": "bind domain error"},
status=status.HTTP_400_BAD_REQUEST)
try:
rst_serializer = APPHttpDomainRspSerializer(data=data)
rst_serializer.is_valid(raise_exception=True)
except Exception as e:
logger.debug(e)
return Response({"msg": "返回数据验证错误"}, status=status.HTTP_200_OK)
return Response(rst_serializer.data, status=status.HTTP_200_OK)
