def post(self, request, project_id, pk): self.request = request self.project_id = project_id self.pk = pk template = validate_template_id(project_id, pk, is_return_tempalte=True) # 验证用户是否有编辑权限 perm = bcs_perm.Templates(request, project_id, pk, template.name) perm.can_edit(raise_exception=True) self.perm = perm # 检查模板集是否可操作(即未被加锁) check_tempalte_available(template, request.user.username) # 验证模板名是否已经存在 new_template_name = request.data.get('name') is_exist = Template.default_objects.exclude(id=pk).filter( name=new_template_name, project_id=project_id).exists() if is_exist: detail = {'field': [_('模板集名称[{}]已经存在').format(new_template_name)]} raise ValidationError(detail=detail) self.slz = serializers_new.UpdateTemplateSLZ(data=request.data) self.slz.is_valid(raise_exception=True) return super(SingleTempalteView, self).update(self.slz)
def get(self, request, project_id): serializer = SearchTemplateSLZ(data=request.query_params) serializer.is_valid(raise_exception=True) data = serializer.validated_data templates = self.filter_queryset_with_params(project_id, data['search']) num_of_templates = templates.count() # 获取项目类型 backend.utils.permissions做了处理 kind = request.project.kind # 添加分页信息 limit, offset = data['limit'], data['offset'] templates = templates[offset:limit + offset] serializer = ListTemplateSLZ(templates, many=True, context={'kind': kind}) template_list = serializer.data # 初始化模板权限模板 perm = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES) # 过滤有使用权限的模板集 template_list = perm.hook_perms(template_list, data['perm_can_use']) return Response({ 'code': 0, 'message': 'OK', 'data': { 'count': num_of_templates, 'has_previous': True if offset != 0 else False, 'has_next': True if (offset + limit) < num_of_templates else False, 'results': template_list }, 'permissions': {'create': perm.can_create(raise_exception=False)} })
def put(self, request, project_id, pk): """复制模板 """ self.request = request # 验证用户是否使用权限 template = validate_template_id(project_id, pk, is_return_tempalte=True) perm = bcs_perm.Templates(request, project_id, pk, template.name) perm.can_edit(raise_exception=True) self.project_id = project_id self.pk = pk data = request.data data['project_id'] = project_id self.slz = TemplateCreateSLZ(data=data) self.slz.is_valid(raise_exception=True) new_template_name = self.slz.data['name'] # 验证模板名是否已经存在 is_exist = Template.default_objects.filter( name=new_template_name, project_id=project_id).exists() if is_exist: detail = { 'field': ['{prefix_msg}[{tmpl_name}]{suffix_msg}'.format( prefix_msg=_("模板集名称"), tmpl_name=new_template_name, suffix_msg=_("已经存在") )] } raise ValidationError(detail=detail) # 验证 old模板集id 是否正确 old_tems = self.get_queryset() if not old_tems.exists(): detail = { 'field': [_("要复制的模板集不存在")] } raise ValidationError(detail=detail) old_tem = old_tems.first() username = request.user.username template_id, version_id, show_version_id = old_tem.copy_tempalte( project_id, new_template_name, username) # 注册资源到权限中心 perm.register(template_id, new_template_name) # 记录操作日志 client.ContextActivityLogClient( project_id=project_id, user=request.user.username, resource_type="template", resource=new_template_name, resource_id=template_id, description=_("复制模板集") ).log_add() return Response({ "code": 0, "message": "OK", "data": { "template_id": template_id, "version_id": version_id, "show_version_id": show_version_id, } })
def can_edit_template(self, request, template): # 验证模板是否被其他用户加锁 validate_template_locked(template, request.user.username) # 验证用户是否有编辑权限 perm = bcs_perm.Templates(request, template.project_id, template.id, template.name) perm.can_edit(raise_exception=True)
def get_permissions(self, obj): request = self.context.get('request') perm = bcs_perm.Templates(request, obj.project_id, obj.id, obj.name) data = {'id': obj.id, 'name': obj.name} data_list = perm.hook_perms([data]) permissions = data_list[0].get('permissions') return permissions
def update_template_with_perm_check(request, template, tpl_args): validate_template_locked(template, request.user.username) # 验证用户是否有编辑权限 perm = bcs_perm.Templates(request, template.project_id, template.id, template.name) perm.can_edit(raise_exception=True) template = update_template(request.user.username, template, tpl_args) if template.name != tpl_args.get('name'): perm.update_name(template.name) return template
def create_template_with_perm_check(request, project_id, tpl_args): # 验证用户是否有创建的权限 perm = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES) # 如果没有权限,会抛出异常 perm.can_create(raise_exception=True) template = create_template(request.user.username, project_id, tpl_args) # 注册资源到权限中心 perm.register(template.id, tpl_args['name']) return template
def get_quote_info(self, request, project_id, pk): qs = Variable.objects.filter( (Q(project_id=project_id) | Q(project_id=0)), id=pk) if not qs: raise ValidationError(u"not found") qs = qs.first() quote_list = [] all_template_info = get_all_template_info_by_project(project_id) for tem in all_template_info: config = tem.get('config') or '' key_pattern = re.compile(r'"([^"]+)":\s*"([^"]*{{%s}}[^"]*)"' % qs.key) search_list = key_pattern.findall(config) for _q in search_list: quote_key = _q[0] context = _q[1] quote_list.append({ "context": context, "quote_location": "%s/%s/%s/%s/%s" % ( tem['template_name'], tem['show_version_name'], tem['category_name'], tem['resource_name'], quote_key, ), "key": qs.key, 'template_id': tem['template_id'], 'template_name': tem['template_name'], 'show_version_id': tem['show_version_id'], 'category': tem['category'], 'resource_id': tem['resource_id'], }) # 添加模板集的权限信息 if quote_list: perm = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES) quote_list = perm.hook_perms(quote_list, id_flag='template_id') return Response({ "code": 0, "message": "OK", "data": { 'quote_list': quote_list, 'project_kind': request.project.kind, 'project_id': request.project.project_id, 'project_code': request.project.english_name, }, })
def preview_config(self, request, project_id): project_kind = request.project.kind serializer = PreviewInstanceSLZ(data=request.data, context={'project_kind': project_kind}) serializer.is_valid(raise_exception=True) slz_data = serializer.data # 验证 version_id 是否属于该项目 version_id = slz_data['version_id'] show_version_id = slz_data['show_version_id'] template, version_entity = validate_version_id( project_id, version_id, is_return_all=True, show_version_id=show_version_id ) # 验证用户是否有使用权限 perm = bcs_perm.Templates(request, project_id, template.id, template.name) perm.can_use(raise_exception=True) template_id = version_entity.template_id version = version_entity.version tem_instance_entity = version_entity.get_version_instance_resource_ids # 验证前端传过了的预览资源是否在该版本的资源 req_instance_entity = slz_data.get('instance_entity') or {} instance_entity = validate_instance_entity(req_instance_entity, tem_instance_entity) access_token = self.request.user.token.access_token username = self.request.user.username namespace = slz_data['namespace'] lb_info = slz_data.get('lb_info', {}) # 验证关联lb情况下,lb 是否都已经选中 service_id_list = instance_entity.get('service') or [] v_res, err_list, err_msg = validate_lb_info_by_version_id( access_token, project_id, version_entity, [namespace], lb_info, service_id_list ) if not v_res: return Response({"code": 400, "message": err_msg, "data": err_list}) # 查询当前命名空间的变量信息 variable_dict = slz_data.get('variable_info', {}).get(namespace) or {} params = { "instance_id": "instanceID", "version_id": version_id, "show_version_id": show_version_id, "template_id": template_id, "version": version, "project_id": project_id, "access_token": access_token, "username": username, "lb_info": lb_info, "variable_dict": variable_dict, "is_preview": True, } data = preview_config_json(namespace, instance_entity, **params) return Response({"code": 0, "message": "OK", "data": data})
def bcs_perm_handler( self, request, project_id, data, filter_use=False, ns_id_flag="namespace_id", ns_name_flag='namespace', tmpl_view=True, ): # noqa """列表权限处理""" ns_perm_client = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) ns_ret_instance_list = ns_perm_client.hook_perms( data, ns_id_flag=ns_id_flag, filter_use=filter_use, ns_name_flag=ns_name_flag ) ns_ret_data_map = {info["id"]: info["permissions"] for info in ns_ret_instance_list} if not tmpl_view: for info in data: if info['id'] in ns_ret_data_map: info['permissions'] = info['permissions'] else: info["permissions"] = { "create": False, "delete": False, "view": False, "edit": False, "use": False, } # noqa return data # ns_ret_data_map = {(info["namespace"], info["name"]): info["permissions"] for info in ns_ret_instance_list} tmpl_perm_client = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES) tmpl_ret_instance_list = tmpl_perm_client.hook_perms(data, id_flag="muster_id", filter_use=filter_use) # map handle ret_data = [] for info in tmpl_ret_instance_list: # item_key = (info["namespace"], info["name"]) if info["id"] in ns_ret_data_map: curr_permissions = ns_ret_data_map[info["id"]] insert_set = set(curr_permissions.keys()) & set(info["permissions"].keys()) diff_set = (set(info["permissions"].keys()) | set(curr_permissions.keys())) - insert_set for key in insert_set: info["permissions"][key] = info["permissions"][key] and curr_permissions[key] for key in diff_set: info["permissions"][key] = False else: info["permissions"] = {"create": False, "delete": False, "view": False, "edit": False, "use": False} if filter_use: if info["permissions"].get("use"): ret_data.append(info) continue ret_data.append(info) return ret_data
def bcs_single_app_perm_handler(self, request, project_id, muster_id, ns_id, source_type="模板集"): """针对具体资源的权限处理""" # 继承命名空间的权限 ns_perm = bcs_perm.Namespace(request, project_id, ns_id) ns_perm.can_use(raise_exception=True) if source_type == "模板集": muster_info = Template.objects.filter(id=muster_id, is_deleted=False).first() if not muster_info: raise error_codes.CheckFailed(_("没有查询到模板集信息")) # 继承模板集的权限 tmpl_perm = bcs_perm.Templates(request, project_id, muster_id, resource_name=muster_info.name) tmpl_perm.can_use(raise_exception=True)
def _delete_old_init_templates(template_qsets, project_id, project_code, access_token, username): request = RequestClass(username=username, access_token=access_token, project_code=project_code) for template in template_qsets: template_id = template.id perm = bcs_perm.Templates(request, project_id, template_id, template.name) perm.can_delete(raise_exception=True) perm.delete() VersionedEntity.objects.filter(template_id=template_id).delete() ShowVersion.objects.filter(template_id=template_id, name='init_version').delete() template.name = f'[deleted_{int(time.time())}]{template.name}' template.is_deleted = True template.deleted_time = timezone.now() template.save(update_fields=['name', 'is_deleted', 'deleted_time'])
def put(self, request, project_id, pk): """复制模板""" self.request = request # 验证用户是否使用权限 template = validate_template_id(project_id, pk, is_return_tempalte=True) perm = bcs_perm.Templates(request, project_id, pk, template.name) perm.can_edit(raise_exception=True) self.project_id = project_id self.pk = pk data = request.data data["project_id"] = project_id self.slz = TemplateCreateSLZ(data=data) self.slz.is_valid(raise_exception=True) new_template_name = self.slz.data["name"] # 验证模板名是否已经存在 is_exist = Template.default_objects.filter( name=new_template_name, project_id=project_id).exists() if is_exist: detail = {"field": [_("模板集名称[{}]已经存在").format(new_template_name)]} raise ValidationError(detail=detail) # 验证 old模板集id 是否正确 old_tems = self.get_queryset() if not old_tems.exists(): detail = {"field": [_("要复制的模板集不存在")]} raise ValidationError(detail=detail) old_tem = old_tems.first() username = request.user.username template_id, version_id, show_version_id = old_tem.copy_tempalte( project_id, new_template_name, username) # 注册资源到权限中心 perm.register(template_id, new_template_name) # 记录操作日志 request.audit_ctx.update_fields(resource=new_template_name, resource_id=template_id, description=_("复制模板集")) return Response({ "code": 0, "message": "OK", "data": { "template_id": template_id, "version_id": version_id, "show_version_id": show_version_id }, })
def delete(self, request, project_id, pk): self.request = request self.project_id = project_id self.pk = pk # 验证用户是否删除权限 template = validate_template_id(project_id, pk, is_return_tempalte=True) perm = bcs_perm.Templates(request, project_id, pk, template.name) perm.can_delete(raise_exception=True) # 检查模板集是否可操作(即未被加锁) check_tempalte_available(template, request.user.username) # 已经实例化过的版本,不能被删除 exist_version = is_tempalte_instance(pk) if exist_version: return Response({ "code": 400, "message": "模板集已经被实例化过,不能被删除", "data": {} }) instance = self.get_queryset().first() with client.ContextActivityLogClient( project_id=project_id, user=request.user.username, resource_type="template", resource=instance.name, resource_id=instance.id, description=u"删除模板集" ).log_delete(): # 删除后名称添加 [deleted]前缀 _del_prefix = '[deleted_%s]' % int(time.time()) del_tem_name = "%s%s" % (_del_prefix, instance.name) self.get_queryset().update(name=del_tem_name, is_deleted=True, deleted_time=timezone.now()) # 直接调用delete删除权限中心的资源 perm.delete() return Response({ "code": 0, "message": "OK", "data": { "id": pk } })
def get(self, request, project_id, pk): self.request = request self.project_id = project_id self.pk = pk template = validate_template_id(project_id, pk, is_return_tempalte=True) # 获取项目类型 kind = request.project.kind tems = self.get_queryset() if tems: tem = tems.first() data = get_tempate_info(tem, kind) else: data = {} perm = bcs_perm.Templates(request, project_id, pk, template.name) data_list = perm.hook_perms([data]) return Response({"code": 0, "message": "OK", "data": data_list[0]})
def can_use_instance(cls, request, project_id, ns_id, tmpl_set_id=None, source_type=SourceType.TEMPLATE): # 继承命名空间的权限 ns_perm = bcs_perm.Namespace(request, project_id, ns_id) ns_perm.can_use(raise_exception=True) if source_type == SourceType.TEMPLATE: tmpl_set_info = Template.objects.filter(id=tmpl_set_id).first() if not tmpl_set_info: raise error_codes.CheckFailed( f"template:{tmpl_set_id} not found") # 继承模板集的权限 tmpl_perm = bcs_perm.Templates(request, project_id, tmpl_set_id, resource_name=tmpl_set_info.name) tmpl_perm.can_use(raise_exception=True)
def get(self, request, project_id): serializer = serializers_new.SearchTemplateSLZ( data=request.query_params) serializer.is_valid(raise_exception=True) data = serializer.validated_data templates = self.filter_queryset_with_params(project_id, data["search"]) num_of_templates = templates.count() # 获取项目类型 backend.utils.permissions做了处理 kind = request.project.kind # 添加分页信息 limit, offset = data["limit"], data["offset"] templates = templates[offset:limit + offset] serializer = serializers_new.ListTemplateSLZ(templates, many=True, context={"kind": kind}) template_list = serializer.data # 初始化模板权限模板 perm = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES) # 过滤有使用权限的模板集 template_list = perm.hook_perms(template_list, data["perm_can_use"]) return Response({ "code": 0, "message": "OK", "data": { "count": num_of_templates, "has_previous": True if offset != 0 else False, "has_next": True if (offset + limit) < num_of_templates else False, "results": template_list, }, "permissions": { "create": perm.can_create(raise_exception=False) }, })
def delete(self, request, project_id, pk): self.request = request self.project_id = project_id self.pk = pk # 验证用户是否删除权限 template = validate_template_id(project_id, pk, is_return_tempalte=True) perm = bcs_perm.Templates(request, project_id, pk, template.name) perm.can_delete(raise_exception=True) # 检查模板集是否可操作(即未被加锁) check_tempalte_available(template, request.user.username) # 已经实例化过的版本,不能被删除 exist_version = is_tempalte_instance(pk) if exist_version: return Response({ "code": 400, "message": _("模板集已经被实例化过,不能被删除"), "data": {} }) instance = self.get_queryset().first() request.audit_ctx.update_fields(resource=instance.name, resource_id=instance.id, description=_("删除模板集")) # 删除后名称添加 [deleted]前缀 _del_prefix = f"[deleted_{int(time.time())}]" del_tem_name = f"{_del_prefix}{instance.name}" self.get_queryset().update(name=del_tem_name, is_deleted=True, deleted_time=timezone.now()) # 直接调用delete删除权限中心的资源 perm.delete() return Response({"code": 0, "message": "OK", "data": {"id": pk}})
def post(self, request, project_id): """实例化模板 """ # 参数验证 self.project_id = project_id version_id = request.data.get('version_id') show_version_id = request.data.get('show_version_id') template, version_entity = validate_version_id( project_id, version_id, is_return_all=True, show_version_id=show_version_id) # 验证用户是否有使用权限 perm = bcs_perm.Templates(request, project_id, template.id, template.name) perm.can_use(raise_exception=True) self.template_id = version_entity.template_id tem_instance_entity = version_entity.get_version_instance_resource_ids project_kind = request.project.kind self.slz = VersionInstanceCreateOrUpdateSLZ( data=request.data, context={'project_kind': project_kind}) self.slz.is_valid(raise_exception=True) slz_data = self.slz.data # 验证前端传过了的预览资源是否在该版本的资源 req_instance_entity = slz_data.get('instance_entity') or {} self.instance_entity = validate_instance_entity( req_instance_entity, tem_instance_entity) namespaces = slz_data['namespaces'] ns_list = namespaces.split(',') if namespaces else [] access_token = self.request.user.token.access_token username = self.request.user.username # 验证关联lb情况下,lb 是否都已经选中 service_id_list = self.instance_entity.get('service') or [] v_res, err_list, err_msg = validate_lb_info_by_version_id( access_token, project_id, version_entity, ns_list, slz_data.get('lb_info', {}), service_id_list) if not v_res: return Response({ "code": 400, "message": err_msg, "data": err_list }) # 判断 template 下 前台传过来的 namespace 是否已经实例化过 res, ns_name_list, namespace_dict = validate_ns_by_tempalte_id( self.template_id, ns_list, access_token, project_id, req_instance_entity) if not res: return Response({ "code": 400, "message": "以下命名空间已经实例化过,不能再实例化\n%s" % "\n".join(ns_name_list), "data": ns_name_list }) # 在数据平台创建项目信息 cc_app_id = request.project.cc_app_id english_name = request.project.english_name create_data_project(request.user.username, project_id, cc_app_id, english_name) # 创建/启动标准日志采集任务 create_and_start_standard_data_flow(username, project_id, cc_app_id) slz_data['ns_list'] = ns_list slz_data['instance_entity'] = self.instance_entity slz_data['template_id'] = self.template_id slz_data['project_id'] = project_id slz_data['version_id'] = version_id slz_data['show_version_id'] = show_version_id result = handle_all_config(slz_data, access_token, username) instance_entity = slz_data.get("instance_entity") all_tmpl_name_dict = self.get_tmpl_name(instance_entity) # 添加操作记录 temp_name = version_entity.get_template_name() for i in result['success']: client.ContextActivityLogClient( project_id=project_id, user=username, resource_type="template", resource=temp_name, resource_id=self.template_id, extra=json.dumps(self.instance_entity), description=u"实例化模板集[%s]命名空间[%s]" % (temp_name, i['ns_name'])).log_add(activity_status="succeed") failed_ns_name_list = [] failed_msg = [] is_show_failed_msg = False # 针对createError的触发后台任务轮训 if result.get('failed'): check_instance_status.delay(request.user.token.access_token, project_id, request.project.get("kind"), all_tmpl_name_dict, result['failed']) for i in result['failed']: if i['res_type']: description = "实例化模板集[%s]命名空间[%s],在实例化%s时失败,错误消息:%s" % ( temp_name, i['ns_name'], i['res_type'], i['err_msg']) failed_ns_name_list.append("%s(实例化%s时)" % (i['ns_name'], i['res_type'])) else: description = "实例化模板集[%s]命名空间[%s]失败,错误消息:%s" % ( temp_name, i['ns_name'], i['err_msg']) failed_ns_name_list.append(i['ns_name']) if i.get('show_err_msg'): failed_msg.append(i['err_msg']) is_show_failed_msg = True client.ContextActivityLogClient( project_id=project_id, user=username, resource_type="template", resource=temp_name, resource_id=self.template_id, extra=json.dumps(self.instance_entity), description=description).log_add(activity_status="failed") if is_show_failed_msg: msg = '\n'.join(failed_msg) else: msg = "以下命名空间实例化失败,\n%s,请联系集群管理员解决" % "\n".join( failed_ns_name_list) if failed_ns_name_list: return Response({ "code": 400, "message": msg, "data": failed_ns_name_list }) return Response({ "code": 0, "message": "OK", "data": { "version_id": version_id, "template_id": self.template_id, } })
def post(self, request, project_id): """实例化模板""" # 参数验证 self.project_id = project_id version_id = request.data.get('version_id') show_version_id = request.data.get('show_version_id') template, version_entity = validate_version_id( project_id, version_id, is_return_all=True, show_version_id=show_version_id ) # 验证用户是否有使用权限 perm = bcs_perm.Templates(request, project_id, template.id, template.name) perm.can_use(raise_exception=True) self.template_id = version_entity.template_id tem_instance_entity = version_entity.get_version_instance_resource_ids project_kind = request.project.kind self.slz = VersionInstanceCreateOrUpdateSLZ(data=request.data, context={'project_kind': project_kind}) self.slz.is_valid(raise_exception=True) slz_data = self.slz.data # 验证前端传过了的预览资源是否在该版本的资源 req_instance_entity = slz_data.get('instance_entity') or {} self.instance_entity = validate_instance_entity(req_instance_entity, tem_instance_entity) namespaces = slz_data['namespaces'] ns_list = namespaces.split(',') if namespaces else [] access_token = self.request.user.token.access_token username = self.request.user.username # 验证关联lb情况下,lb 是否都已经选中 service_id_list = self.instance_entity.get('service') or [] # 判断 template 下 前台传过来的 namespace 是否已经实例化过 res, ns_name_list, namespace_dict = validate_ns_by_tempalte_id( self.template_id, ns_list, access_token, project_id, req_instance_entity ) if not res: return Response( { "code": 400, "message": _("以下命名空间已经实例化过,不能再实例化\n{}").format("\n".join(ns_name_list)), "data": ns_name_list, } ) slz_data['ns_list'] = ns_list slz_data['instance_entity'] = self.instance_entity slz_data['template_id'] = self.template_id slz_data['project_id'] = project_id slz_data['version_id'] = version_id slz_data['show_version_id'] = show_version_id result = handle_all_config(slz_data, access_token, username, project_kind=request.project.kind) instance_entity = slz_data.get("instance_entity") all_tmpl_name_dict = self.get_tmpl_name(instance_entity) # 添加操作记录 temp_name = version_entity.get_template_name() for i in result['success']: TemplatesetAuditor( audit_ctx=AuditContext( project_id=project_id, user=username, resource=temp_name, resource_id=self.template_id, extra=self.instance_entity, description=_("实例化模板集[{}]命名空间[{}]").format(temp_name, i['ns_name']), activity_type=ActivityType.Add, activity_status=ActivityStatus.Succeed, ) ).log_raw() failed_ns_name_list = [] failed_msg = [] is_show_failed_msg = False # 针对createError的触发后台任务轮训 if result.get('failed'): check_instance_status.delay( request.user.token.access_token, project_id, request.project.get("kind"), all_tmpl_name_dict, result['failed'], ) for i in result['failed']: if i['res_type']: description = _("实例化模板集[{}]命名空间[{}],在实例化{}时失败,错误消息:{}").format( temp_name, i['ns_name'], i['res_type'], i['err_msg'] ) failed_ns_name_list.append(_("{}(实例化{}时)").format(i['ns_name'], i['res_type'])) else: description = _("实例化模板集[{}]命名空间[{}]失败,错误消息:{}").format(temp_name, i['ns_name'], i['err_msg']) failed_ns_name_list.append(i['ns_name']) if i.get('show_err_msg'): failed_msg.append(i['err_msg']) is_show_failed_msg = True TemplatesetAuditor( audit_ctx=AuditContext( project_id=project_id, user=username, resource=temp_name, resource_id=self.template_id, extra=self.instance_entity, description=description, activity_type=ActivityType.Add, activity_status=ActivityStatus.Failed, ) ).log_raw() if is_show_failed_msg: msg = '\n'.join(failed_msg) else: msg = _("以下命名空间实例化失败,\n{},请联系集群管理员解决").format("\n".join(failed_ns_name_list)) if failed_ns_name_list: return Response({"code": 400, "message": msg, "data": failed_ns_name_list}) return Response( { "code": 0, "message": "OK", "data": { "version_id": version_id, "template_id": self.template_id, }, } )
def init_template(project_id, project_code, project_kind, access_token, username): """创建项目时,初始化示例模板集 request.project.english_name """ # 判断模板集是否已经创建, 如果已经创建, 删除旧模板 exit_templates = Template.objects.filter(project_id=project_id, name=TEMPLATE_NAME) if exit_templates.exists(): _delete_old_init_templates(exit_templates, project_id, project_code, access_token, username) template_data = {} if project_kind == K8S_KIND: template_data = K8S_TEMPLATE.get('data', {}) elif project_kind == MESOS_KIND: template_data = MESOS_TEMPLATE.get('data', {}) logger.info(f'init_template [begin] project_id: {project_id}, project_kind: {ClusterType.get(project_kind)}') # 新建模板集 init_template = Template.objects.create( project_id=project_id, name=TEMPLATE_NAME, desc=TEMPLATE_DESC, creator=username, updator=username, ) new_entity = {} for cate in template_data: new_item_id_list = [] data_list = template_data[cate] for _data in data_list: _save_data = {} for _d_key in _data: # 新建,忽略 id 字段 if _d_key == 'id': continue # 目前只有 dict、list这两类非字符格式 _d_value = _data[_d_key] if isinstance(_d_value, list) or isinstance(_d_value, dict): _save_data[_d_key] = json.dumps(_d_value) else: _save_data[_d_key] = _d_value _ins = MODULE_DICT.get(cate).objects.create(**_save_data) new_item_id_list.append(str(_ins.id)) new_entity[cate] = ','.join(new_item_id_list) # 新建version new_ver = VersionedEntity.objects.create( template_id=init_template.id, entity=json.dumps(new_entity), version=get_default_version(), creator=username, updator=username, ) # 新建可见版本 ShowVersion.objects.create( template_id=init_template.id, real_version_id=new_ver.id, name='init_version', ) # 将模板集注册到权限中心 request = RequestClass(username=username, access_token=access_token, project_code=project_code) perm = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES) perm.register(str(init_template.id), str(init_template.name)) logger.info(f'init_template [end] project_id: {project_id}, project_kind: {ClusterType.get(project_kind)}') return
def can_use_template(self, request, template): # 验证用户是否有使用权限 perm = bcs_perm.Templates(request, template.project_id, template.id, template.name) perm.can_use(raise_exception=True)