def manage_port(self, tenant, service, region_name, container_port, action, protocol, port_alias):
if port_alias:
port_alias = str(port_alias).strip()
region = region_repo.get_region_by_region_name(region_name)
code, msg = self.__check_params(action, protocol, port_alias, service.service_id)
if code != 200:
return code, msg, None
deal_port = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, container_port)
if action == "open_outer":
code, msg = self.__open_outer(tenant, service, region, deal_port)
elif action == "only_open_outer":
code, msg = self.__only_open_outer(tenant, service, region, deal_port)
elif action == "close_outer":
code, msg = self.__close_outer(tenant, service, deal_port)
elif action == "open_inner":
code, msg = self.__open_inner(tenant, service, deal_port)
elif action == "close_inner":
code, msg = self.__close_inner(tenant, service, deal_port)
elif action == "change_protocol":
code, msg = self.__change_protocol(tenant, service, deal_port, protocol)
elif action == "change_port_alias":
code, msg = self.__change_port_alias(tenant, service, deal_port, port_alias)
new_port = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, container_port)
if code != 200:
return code, msg, None
return 200, u"操作成功", new_port
def manage_port(self,
tenant,
service,
region_name,
container_port,
action,
protocol,
port_alias,
k8s_service_name="",
user_name=''):
if port_alias:
port_alias = str(port_alias).strip()
region = region_repo.get_region_by_region_name(region_name)
code, msg = self.__check_params(action, container_port, protocol,
port_alias, service.service_id)
if code != 200:
return code, msg, None
# Compatible with methods that do not return code, such as __change_port_alias
code = 200
deal_port = port_repo.get_service_port_by_port(tenant.tenant_id,
service.service_id,
container_port)
if action == "open_outer":
code, msg = self.__open_outer(tenant, service, region, deal_port,
user_name)
elif action == "only_open_outer":
code, msg = self.__only_open_outer(tenant, service, region,
deal_port, user_name)
elif action == "close_outer":
code, msg = self.__close_outer(tenant, service, deal_port,
user_name)
elif action == "open_inner":
code, msg = self.__open_inner(tenant, service, deal_port,
user_name)
elif action == "close_inner":
code, msg = self.__close_inner(tenant, service, deal_port,
user_name)
elif action == "change_protocol":
code, msg = self.__change_protocol(tenant, service, deal_port,
protocol, user_name)
elif action == "change_port_alias":
self.change_port_alias(tenant, service, deal_port, port_alias,
k8s_service_name, user_name)
new_port = port_repo.get_service_port_by_port(tenant.tenant_id,
service.service_id,
container_port)
if code != 200:
return code, msg, None
return 200, "操作成功", new_port
def bind_tcpdomain(self, tenant, user, service, end_point, container_port,
default_port, rule_extensions, default_ip):
tcp_rule_id = make_uuid(tenant.tenant_name)
ip = str(end_point.split(":")[0])
ip = ip.replace(' ', '')
port = end_point.split(":")[1]
data = dict()
data["service_id"] = service.service_id
data["container_port"] = int(container_port)
data["ip"] = ip
data["port"] = int(port)
data["tcp_rule_id"] = tcp_rule_id
if rule_extensions:
data["rule_extensions"] = rule_extensions
try:
# 给数据中心传送数据添加策略
region_api.bindTcpDomain(service.service_region,
tenant.tenant_name, data)
except region_api.CallApiError as e:
if e.status != 404:
raise e
region = region_repo.get_region_by_region_name(service.service_region)
domain_info = dict()
domain_info["tcp_rule_id"] = tcp_rule_id
domain_info["service_id"] = service.service_id
domain_info["service_name"] = service.service_alias
domain_info["service_alias"] = service.service_cname
domain_info["create_time"] = self.get_time_now()
domain_info["container_port"] = int(container_port)
domain_info["tenant_id"] = tenant.tenant_id
# 查询端口协议
tenant_service_port = port_repo.get_service_port_by_port(
service.tenant_id, service.service_id, container_port)
if tenant_service_port:
protocol = tenant_service_port.protocol
else:
protocol = ''
if protocol:
domain_info["protocol"] = protocol
else:
domain_info["protocol"] = 'tcp'
domain_info["end_point"] = end_point
domain_info["region_id"] = region.region_id
rule_extensions_str = ""
if rule_extensions:
# 拼接字符串,存入数据库
for rule in rule_extensions:
last_index = len(rule_extensions) - 1
if last_index == rule_extensions.index(rule):
rule_extensions_str += rule["key"] + ":" + rule["value"]
continue
rule_extensions_str += rule["key"] + ":" + rule["value"] + ","
domain_info["rule_extensions"] = rule_extensions_str
if int(end_point.split(":")[1]) != default_port:
domain_info["type"] = 1
tcp_domain.add_service_tcpdomain(**domain_info)
domain_info.update({"rule_extensions": rule_extensions})
return domain_info
def check_port(self, service, container_port):
port = port_repo.get_service_port_by_port(service.tenant_id, service.service_id, container_port)
if port:
return 400, u"端口{0}已存在".format(container_port)
if not (1 <= container_port <= 65535):
return 412, u"端口必须为1到65535的整数"
return 200, "success"
def delete_port_by_container_port(self, tenant, service, container_port):
service_domain = domain_repo.get_service_domain_by_container_port(service.service_id, container_port)
if len(service_domain) > 1 or len(service_domain) == 1 and service_domain[0].type != 0:
return 412, u"该端口有自定义域名,请先解绑域名", None
port_info = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, container_port)
if not port_info:
return 404, u"端口{0}不存在".format(container_port), None
if port_info.is_inner_service:
return 409, u"请关闭对内服务", None
if port_info.is_outer_service:
return 409, u"请关闭外部服务", None
if service.create_status == "complete":
# 删除数据中心端口
region_api.delete_service_port(service.service_region, tenant.tenant_name, service.service_alias, container_port,
tenant.enterprise_id)
# 删除端口时禁用相关服务
self.disable_service_when_delete_port(tenant, service, container_port)
# 删除env
env_var_service.delete_env_by_container_port(tenant, service, container_port)
# 删除端口
port_repo.delete_serivce_port_by_port(tenant.tenant_id, service.service_id, container_port)
# 删除端口绑定的域名
domain_repo.delete_service_domain_by_port(service.service_id, container_port)
return 200, u"删除成功", port_info
def update_kubernetes_services(self, tenant, region_name, app_id,
k8s_services):
from console.services.app_config import port_service
service_ids = group_service_relation_repo.list_serivce_ids_by_app_id(
tenant.tenant_id, region_name, app_id)
for k8s_service in k8s_services:
port_service.check_k8s_service_name(
tenant.tenant_id, k8s_service.get("k8s_service_name"),
k8s_service["service_id"], k8s_service["port"])
# check if the given k8s_services belong to the app based on app_id
if k8s_service["service_id"] not in service_ids:
raise AbortRequest("service({}) not belong to app({})".format(
k8s_service["service_id"], app_id))
# bulk_update is only available after django 2.2
for k8s_service in k8s_services:
service = service_repo.get_service_by_service_id(
k8s_service["service_id"])
port = port_repo.get_service_port_by_port(tenant.tenant_id,
service.service_id,
k8s_service["port"])
port_service.change_port_alias(
tenant,
service,
port,
k8s_service["port_alias"],
k8s_service["k8s_service_name"],
)
def delete_port_by_container_port(self, tenant, service, container_port):
service_domain = domain_repo.get_service_domain_by_container_port(
service.service_id, container_port)
if service_domain:
return 412, u"请先解绑该端口绑定的域名", None
port_info = port_repo.get_service_port_by_port(tenant.tenant_id,
service.service_id,
container_port)
if not port_info:
return 404, u"端口{0}不存在".format(container_port), None
if port_info.is_inner_service:
return 409, u"请关闭对外服务", None
if port_info.is_outer_service:
return 409, u"请关闭外部服务", None
if service.create_status == "complete":
# 删除数据中心端口
region_api.delete_service_port(service.service_region,
tenant.tenant_name,
service.service_alias,
container_port,
tenant.enterprise_id)
# 删除env
env_var_service.delete_env_by_container_port(tenant, service,
container_port)
# 删除端口
port_repo.delete_serivce_port_by_port(tenant.tenant_id,
service.service_id,
container_port)
# 删除端口绑定的域名
domain_repo.delete_service_domain_by_port(service.service_id,
container_port)
return 200, u"删除成功", port_info
def check_port(self, service, container_port):
port = port_repo.get_service_port_by_port(service.tenant_id, service.service_id, container_port)
if port:
return 400, u"端口{0}已存在".format(container_port)
if not (1 <= container_port <= 65535):
return 412, u"端口必须为1到65535的整数"
if service.service_source == AppConstants.SOURCE_CODE:
if service.language in ("dockerfile", "docker"):
if container_port <= 1024:
return 400, u"源码应用非Dockerfile构建的应用端口不能小于1024"
return 200, "success"
def check_port(service, container_port):
port = port_repo.get_service_port_by_port(service.tenant_id,
service.service_id,
container_port)
if port:
raise ErrComponentPortExists
if not (1 <= container_port <= 65535):
raise AbortRequest("component port out of range",
msg_show="端口必须为1到65535的整数",
status_code=412,
error_code=412)
def change_lb_mapping_port(self, tenant, service, container_port, new_lb_mapping_port, mapping_service_id):
data = {"change_port": new_lb_mapping_port}
body = region_api.change_service_lb_mapping_port(service.service_region, tenant.tenant_name,
service.service_alias,
container_port, data)
current_port = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, container_port)
exchange_port_info = port_repo.get_service_port_by_lb_mapping_port(mapping_service_id, new_lb_mapping_port)
if not current_port:
404, "应用端口{0}不存在".format(container_port)
if not exchange_port_info:
s = service_repo.get_service_by_service_id(mapping_service_id)
404, "应用{0}的端口{1}不存在".format(s.service_cname, new_lb_mapping_port)
exchange_port_info.lb_mapping_port = current_port.lb_mapping_port
exchange_port_info.save()
current_port.lb_mapping_port = new_lb_mapping_port
current_port.save()
return 200, "success"
def create_internal_port(self,
tenant,
component,
container_port,
user_name=''):
try:
self.add_service_port(tenant,
component,
container_port,
protocol="http",
is_inner_service=True,
user_name=user_name)
except ErrComponentPortExists:
# make sure port is internal
port = port_repo.get_service_port_by_port(tenant.tenant_id,
component.service_id,
container_port)
code, msg = self.__open_inner(tenant, component, port, user_name)
if code == 200:
return
raise AbortRequest(msg, error_code=code)
def get_service_port_by_port(self, service, port):
if service:
return port_repo.get_service_port_by_port(service.tenant_id, service.service_id, port)
class DomainService(object):
HTTP = "http"
def get_certificate(self, tenant, page, page_size):
end = page_size * page - 1 # 一页数据的开始索引
start = end - page_size + 1 # 一页数据的结束索引
print(start, end)
certificate, nums = domain_repo.get_tenant_certificate_page(tenant.tenant_id, start, end)
c_list = []
for c in certificate:
cert = base64.b64decode(c.certificate)
data = dict()
data["alias"] = c.alias
data["certificate_type"] = c.certificate_type
data["id"] = c.ID
data.update(analyze_cert(cert))
c_list.append(data)
return c_list, nums
def __check_certificate_alias(self, tenant, alias):
# r = re.compile("^[A-Za-z0-9]+$")
# if not r.match(alias):
# return 400, u"证书别名只能是数字和字母的组合"
if domain_repo.get_certificate_by_alias(tenant.tenant_id, alias):
return 412, u"证书别名已存在"
return 200, "success"
def add_certificate(self, tenant, alias, certificate_id, certificate, private_key, certificate_type):
code, msg = self.__check_certificate_alias(tenant, alias)
if code != 200:
return code, msg, None
if cert_is_effective(certificate):
certificate = base64.b64encode(certificate)
certificate = domain_repo.add_certificate(tenant.tenant_id, alias, certificate_id, certificate, private_key,
certificate_type)
return 200, "success", certificate
return 400, u'证书无效', certificate
def delete_certificate_by_alias(self, tenant, alias):
certificate = domain_repo.get_certificate_by_alias(tenant.tenant_id, alias)
if certificate:
certificate.delete()
return 200, "success"
else:
return 404, u"证书不存在"
def get_certificate_by_pk(self, pk):
certificate = domain_repo.get_certificate_by_pk(pk)
if not certificate:
return 404, u"证书不存在", None
data = dict()
data["alias"] = certificate.alias
data["certificate_type"] = certificate.certificate_type
data["id"] = certificate.ID
data["tenant_id"] = certificate.tenant_id
data["certificate"] = base64.b64decode(certificate.certificate)
data["private_key"] = certificate.private_key
return 200, u"success", data
def delete_certificate_by_pk(self, pk):
certificate = domain_repo.get_certificate_by_pk(pk)
if certificate:
certificate.delete()
return 200, u"success"
else:
return 404, u"证书不存在"
def update_certificate(self, tenant, certificate_id, new_alias, certificate, private_key, certificate_type):
if not cert_is_effective(certificate):
return 400, u'证书无效'
certif = domain_repo.get_certificate_by_pk(certificate_id)
if certif.alias != new_alias:
code, msg = self.__check_certificate_alias(tenant, new_alias)
if code != 200:
return code, msg
certif.alias = new_alias
if certif:
certif.certificate = base64.b64encode(certificate)
if certif.certificate_type != certificate_type:
certif.certificate_type = certificate_type
if private_key:
certif.private_key = private_key
certif.save()
return 200, "success"
def __check_domain_name(self, team_name, domain_name, domain_type, certificate_id):
if not domain_name:
return 400, u"域名不能为空"
zhPattern = re.compile(u'[\u4e00-\u9fa5]+')
match = zhPattern.search(domain_name.decode('utf-8'))
if match:
return 400, u"域名不能包含中文"
# a租户绑定了域名manage.com,b租户就不可以在绑定该域名,只有a租户下可以绑定
s_domain = domain_repo.get_domain_by_domain_name(domain_name)
if s_domain:
team = team_services.get_tenant_by_tenant_name(team_name)
if team:
if s_domain.tenant_id != team.tenant_id:
return 400, u"该域名已被其他团队使用"
# re_exp = "^(?=^.{3,255}$)[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+$"
# if not re.match(re_exp, domain_name):
# return 400, u"域名不规范(示例:www.example.com 域名不应包含协议头)"
if len(domain_name) > 256:
return 400, u"域名过长"
if certificate_id:
certificate_info = domain_repo.get_certificate_by_pk(int(certificate_id))
cert = base64.b64decode(certificate_info.certificate)
data = analyze_cert(cert)
certificat_domain_name = data["issued_to"]
if certificat_domain_name.startswith('*'):
domain_suffix = certificat_domain_name[2:]
else:
domain_suffix = certificat_domain_name
logger.debug('---------domain_suffix-------->{0}'.format(domain_suffix))
domain_str = domain_name.encode('utf-8')
if not domain_str.endswith(domain_suffix):
return 400, u"域名和证书不匹配"
return 200, u"success"
def __is_domain_conflict(self, domain_name, team_name):
regions = region_repo.get_usable_regions()
conflict_domains = ["{0}.{1}".format(team_name, region.httpdomain) for region in regions]
for d in conflict_domains:
if d in domain_name:
return True, d
return False, None
def get_port_bind_domains(self, service, container_port):
return domain_repo.get_service_domain_by_container_port(service.service_id, container_port)
def get_tcp_port_bind_domains(self, service, container_port):
return tcp_domain.get_service_tcp_domains_by_service_id_and_port(service.service_id, container_port)
def get_sld_domains(self, service, container_port):
return domain_repo.get_service_domain_by_container_port(service.service_id,
container_port).filter(domain_type=DomainType.SLD_DOMAIN)
def is_domain_exist(self, domain_name):
domain = domain_repo.get_domain_by_domain_name(domain_name)
return True if domain else False
def bind_domain(self, tenant, user, service, domain_name, container_port, protocol, certificate_id, domain_type,
rule_extensions):
code, msg = self.__check_domain_name(tenant.tenant_name, domain_name, domain_type, certificate_id)
if code != 200:
return code, msg
certificate_info = None
http_rule_id = make_uuid(domain_name)
if certificate_id:
certificate_info = domain_repo.get_certificate_by_pk(int(certificate_id))
data = dict()
data["domain"] = domain_name
data["service_id"] = service.service_id
data["tenant_id"] = tenant.tenant_id
data["container_port"] = int(container_port)
data["protocol"] = protocol
data["http_rule_id"] = http_rule_id
# 证书信息
data["certificate"] = ""
data["private_key"] = ""
data["certificate_name"] = ""
if rule_extensions:
data["rule_extensions"] = rule_extensions
if certificate_info:
data["certificate"] = base64.b64decode(certificate_info.certificate)
data["private_key"] = certificate_info.private_key
data["certificate_name"] = certificate_info.alias
data["certificate_id"] = certificate_info.certificate_id
region_api.bind_http_domain(service.service_region, tenant.tenant_name, data)
domain_info = dict()
region = region_repo.get_region_by_region_name(service.service_region)
domain_info["service_id"] = service.service_id
domain_info["service_name"] = service.service_alias
domain_info["domain_name"] = domain_name
domain_info["domain_type"] = domain_type
domain_info["service_alias"] = service.service_cname
domain_info["create_time"] = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
domain_info["container_port"] = int(container_port)
domain_info["protocol"] = "http"
if certificate_id:
domain_info["protocol"] = "https"
if rule_extensions:
domain_info["rule_extensions"] = rule_extensions
domain_info["certificate_id"] = certificate_info.ID if certificate_info else 0
domain_info["http_rule_id"] = http_rule_id
domain_info["type"] = 1
domain_info["service_alias"] = service.service_cname
domain_info["tenant_id"] = tenant.tenant_id
domain_info["region_id"] = region.region_id
domain_repo.add_service_domain(**domain_info)
return 200, u"success"
def unbind_domain(self, tenant, service, container_port, domain_name, is_tcp=False):
if not is_tcp:
servicerDomain = domain_repo.get_domain_by_name_and_port(service.service_id, container_port, domain_name)
if not servicerDomain:
return 404, u"域名不存在"
for servicer_domain in servicerDomain:
data = dict()
data["service_id"] = servicer_domain.service_id
data["domain"] = servicer_domain.domain_name
data["container_port"] = int(container_port)
data["http_rule_id"] = servicer_domain.http_rule_id
try:
region_api.delete_http_domain(service.service_region, tenant.tenant_name, data)
servicer_domain.delete()
return 200, u"success"
except region_api.CallApiError as e:
if e.status != 404:
raise e
else:
servicer_tcp_domain = tcp_domain.get_service_tcp_domain_by_service_id_and_port(
service.service_id, container_port, domain_name)
if not servicer_tcp_domain:
return 404, u"域名不存在"
data = dict()
data["tcp_rule_id"] = servicer_tcp_domain.tcp_rule_id
try:
region_api.unbindTcpDomain(service.service_region, tenant.tenant_name, data)
servicer_tcp_domain.delete()
return 200, u"success"
except region_api.CallApiError as e:
if e.status != 404:
raise e
def unbind_domian_by_domain(self, tenant, service, domain_id):
domain = domain_repo.get_domain_by_id(domain_id)
if domain and domain.service_id == service.service_id and tenant.tenant_id == domain.tenant_id:
data = dict()
data["service_id"] = domain.service_id
data["domain"] = domain.domain_name
data["container_port"] = int(domain.container_port)
data["http_rule_id"] = domain.http_rule_id
try:
region_api.delete_http_domain(service.service_region, tenant.tenant_name, data)
except region_api.CallApiError as e:
if e.status != 404:
raise e
domain_repo.delete_service_domain_by_id(domain_id)
return True, u"success"
else:
return False, u"do not delete this domain id {0} service_id {1}".format(domain_id, service.service_id)
def bind_siample_http_domain(self, tenant, user, service, domain_name, container_port):
res, msg = self.bind_domain(tenant, user, service, domain_name, container_port, "http", None, DomainType.WWW, None)
if res == 200:
return domain_repo.get_domain_by_domain_name(domain_name)
return None
def bind_httpdomain(self, tenant, user, service, domain_name, container_port, protocol, certificate_id, domain_type,
domain_path, domain_cookie, domain_heander, the_weight, rule_extensions):
# 校验域名格式
code, msg = self.__check_domain_name(tenant.tenant_name, domain_name, domain_type, certificate_id)
http_rule_id = make_uuid(domain_name)
domain_info = dict()
if code != 200:
return code, msg, domain_info
certificate_info = None
if certificate_id:
certificate_info = domain_repo.get_certificate_by_pk(int(certificate_id))
data = dict()
data["uuid"] = make_uuid(domain_name)
data["domain"] = domain_name
data["service_id"] = service.service_id
data["tenant_id"] = tenant.tenant_id
data["tenant_name"] = tenant.tenant_name
data["protocol"] = protocol
data["container_port"] = int(container_port)
data["add_time"] = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
data["add_user"] = user.nick_name if user else ""
data["enterprise_id"] = tenant.enterprise_id
data["http_rule_id"] = http_rule_id
data["path"] = domain_path if domain_path else None
data["cookie"] = domain_cookie if domain_cookie else None
data["header"] = domain_heander if domain_heander else None
data["weight"] = int(the_weight)
if rule_extensions:
data["rule_extensions"] = rule_extensions
# 证书信息
data["certificate"] = ""
data["private_key"] = ""
data["certificate_name"] = ""
data["certificate_id"] = ""
if certificate_info:
data["certificate"] = base64.b64decode(certificate_info.certificate)
data["private_key"] = certificate_info.private_key
data["certificate_name"] = certificate_info.alias
data["certificate_id"] = certificate_info.certificate_id
try:
# 给数据中心传送数据绑定域名
logger.debug('---------------------------->{0}'.format(data))
region_api.bind_http_domain(service.service_region, tenant.tenant_name, data)
except region_api.CallApiError as e:
if e.status != 404:
raise e
region = region_repo.get_region_by_region_name(service.service_region)
if domain_path and domain_path != "/" or domain_cookie or domain_heander:
domain_info["is_senior"] = True
if protocol:
domain_info["protocol"] = protocol
else:
domain_info["protocol"] = "http"
if certificate_id:
domain_info["protocol"] = "https"
domain_info["http_rule_id"] = http_rule_id
domain_info["service_id"] = service.service_id
domain_info["service_name"] = service.service_alias
domain_info["domain_name"] = domain_name
domain_info["domain_type"] = domain_type
domain_info["service_alias"] = service.service_cname
domain_info["create_time"] = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
domain_info["container_port"] = int(container_port)
domain_info["certificate_id"] = certificate_info.ID if certificate_info else 0
domain_info["domain_path"] = domain_path if domain_path else '/'
domain_info["domain_cookie"] = domain_cookie if domain_cookie else ""
domain_info["domain_heander"] = domain_heander if domain_heander else ""
domain_info["the_weight"] = the_weight
domain_info["tenant_id"] = tenant.tenant_id
rule_extensions_str = ""
if rule_extensions:
# 拼接字符串,存入数据库
for rule in rule_extensions:
last_index = len(rule_extensions) - 1
if last_index == rule_extensions.index(rule):
rule_extensions_str += rule["key"] + ":" + rule["value"]
continue
rule_extensions_str += rule["key"] + ":" + rule["value"] + ","
domain_info["rule_extensions"] = rule_extensions_str
domain_info["region_id"] = region.region_id
region = region_repo.get_region_by_region_name(service.service_region)
# 判断类型(默认or自定义)
if domain_name != str(container_port) + "." + str(service.service_alias) + "." + str(tenant.tenant_name) + "." + str(
region.httpdomain):
domain_info["type"] = 1
# 高级路由
domain_repo.add_service_domain(**domain_info)
domain_info.update({"rule_extensions": rule_extensions})
if certificate_info:
domain_info.update({"certificate_name": certificate_info.alias})
return 200, u"success", domain_info
def update_httpdomain(self, tenant, user, service, domain_name, container_port, certificate_id, domain_type, domain_path,
domain_cookie, domain_heander, http_rule_id, the_weight, rule_extensions):
# 校验域名格式
code, msg = self.__check_domain_name(tenant.tenant_name, domain_name, domain_type, certificate_id)
domain_info = dict()
if code != 200:
return code, msg, domain_info
certificate_info = None
if certificate_id:
certificate_info = domain_repo.get_certificate_by_pk(int(certificate_id))
data = dict()
data["domain"] = domain_name
data["service_id"] = service.service_id
data["tenant_id"] = tenant.tenant_id
data["tenant_name"] = tenant.tenant_name
data["container_port"] = int(container_port)
data["enterprise_id"] = tenant.enterprise_id
data["http_rule_id"] = http_rule_id
data["path"] = domain_path if domain_path else None
data["cookie"] = domain_cookie if domain_cookie else None
data["header"] = domain_heander if domain_heander else None
data["weight"] = int(the_weight)
if rule_extensions:
data["rule_extensions"] = rule_extensions
# 证书信息
data["certificate"] = ""
data["private_key"] = ""
data["certificate_name"] = ""
data["certificate_id"] = ""
if certificate_info:
data["certificate"] = base64.b64decode(certificate_info.certificate)
data["private_key"] = certificate_info.private_key
data["certificate_name"] = certificate_info.alias
data["certificate_id"] = certificate_info.certificate_id
try:
# 给数据中心传送数据更新域名
region_api.update_http_domain(service.service_region, tenant.tenant_name, data)
except region_api.CallApiError as e:
if e.status != 404:
raise e
service_domain = domain_repo.get_service_domain_by_http_rule_id(http_rule_id)
service_domain.delete()
region = region_repo.get_region_by_region_name(service.service_region)
# 高级路由
if domain_path and domain_path != "/" or domain_cookie or domain_heander:
domain_info["is_senior"] = True
domain_info["protocol"] = "http"
if certificate_id:
domain_info["protocol"] = "https"
domain_info["http_rule_id"] = http_rule_id
domain_info["service_id"] = service.service_id
domain_info["service_name"] = service.service_alias
domain_info["domain_name"] = domain_name
domain_info["domain_type"] = domain_type
domain_info["service_alias"] = service.service_cname
domain_info["create_time"] = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
domain_info["container_port"] = int(container_port)
domain_info["certificate_id"] = certificate_info.ID if certificate_info else 0
domain_info["domain_path"] = domain_path if domain_path else '/'
domain_info["domain_cookie"] = domain_cookie if domain_cookie else ""
domain_info["domain_heander"] = domain_heander if domain_heander else ""
domain_info["the_weight"] = the_weight
domain_info["tenant_id"] = tenant.tenant_id
rule_extensions_str = ""
if rule_extensions:
# 拼接字符串,存入数据库
for rule in rule_extensions:
last_index = len(rule_extensions) - 1
if last_index == rule_extensions.index(rule):
rule_extensions_str += rule["key"] + ":" + rule["value"]
continue
rule_extensions_str += rule["key"] + ":" + rule["value"] + ","
domain_info["rule_extensions"] = rule_extensions_str
domain_info["region_id"] = region.region_id
region = region_repo.get_region_by_region_name(service.service_region)
# 判断类型(默认or自定义)
if domain_name != str(container_port) + "." + str(service.service_alias) + "." + str(tenant.tenant_name) + "." + str(
region.httpdomain):
domain_info["type"] = 1
domain_repo.add_service_domain(**domain_info)
domain_info.update({"rule_extensions": rule_extensions})
if certificate_info:
domain_info.update({"certificate_name": certificate_info.alias})
return 200, u"success", domain_info
def unbind_httpdomain(self, tenant, region, http_rule_id):
servicer_http_omain = domain_repo.get_service_domain_by_http_rule_id(http_rule_id)
if not servicer_http_omain:
return 404, u"域名不存在"
data = dict()
data["service_id"] = servicer_http_omain.service_id
data["domain"] = servicer_http_omain.domain_name
data["http_rule_id"] = http_rule_id
try:
region_api.delete_http_domain(region, tenant.tenant_name, data)
except region_api.CallApiError as e:
if e.status != 404:
raise e
servicer_http_omain.delete()
return 200, u"success"
def bind_tcpdomain(self, tenant, user, service, end_point, container_port, default_port, rule_extensions, default_ip):
tcp_rule_id = make_uuid(tenant.tenant_name)
ip = str(end_point.split(":")[0])
ip.replace(' ', '')
port = end_point.split(":")[1]
data = dict()
data["service_id"] = service.service_id
data["container_port"] = int(container_port)
if default_ip != ip:
data["ip"] = ip
data["port"] = int(port)
data["tcp_rule_id"] = tcp_rule_id
if rule_extensions:
data["rule_extensions"] = rule_extensions
try:
# 给数据中心传送数据添加策略
region_api.bindTcpDomain(service.service_region, tenant.tenant_name, data)
except region_api.CallApiError as e:
if e.status != 404:
raise e
region = region_repo.get_region_by_region_name(service.service_region)
domain_info = dict()
domain_info["tcp_rule_id"] = tcp_rule_id
domain_info["service_id"] = service.service_id
domain_info["service_name"] = service.service_alias
domain_info["service_alias"] = service.service_cname
domain_info["create_time"] = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
domain_info["container_port"] = int(container_port)
domain_info["tenant_id"] = tenant.tenant_id
# 查询端口协议
tenant_service_port = port_repo.get_service_port_by_port(service.tenant_id, service.service_id, container_port)
if tenant_service_port:
protocol = tenant_service_port.protocol
else:
protocol = ''
if protocol:
domain_info["protocol"] = protocol
else:
domain_info["protocol"] = 'tcp'
domain_info["end_point"] = end_point
domain_info["region_id"] = region.region_id
rule_extensions_str = ""
if rule_extensions:
# 拼接字符串,存入数据库
for rule in rule_extensions:
last_index = len(rule_extensions) - 1
if last_index == rule_extensions.index(rule):
rule_extensions_str += rule["key"] + ":" + rule["value"]
continue
rule_extensions_str += rule["key"] + ":" + rule["value"] + ","
domain_info["rule_extensions"] = rule_extensions_str
if int(end_point.split(":")[1]) != default_port:
domain_info["type"] = 1
tcp_domain.add_service_tcpdomain(**domain_info)
domain_info.update({"rule_extensions": rule_extensions})
return 200, u"success", domain_info
