def list(self, request, project_id): """获取所有HPA数据 """ access_token = request.user.token.access_token cluster_dicts = self.get_project_cluster_info(request, project_id) cluster_data = cluster_dicts.get('results', {}) or {} k8s_hpa_list = [] namespace_res = paas_cc.get_namespace_list(access_token, project_id, limit=ALL_LIMIT) namespace_data = namespace_res.get('data', {}).get('results') or [] namespace_dict = {i['name']: i['id'] for i in namespace_data} for cluster_info in cluster_data: cluster_id = cluster_info['cluster_id'] cluster_env = cluster_info.get('environment') cluster_name = cluster_info['name'] hpa_list = utils.get_cluster_hpa_list(request, project_id, cluster_id, cluster_env, cluster_name) k8s_hpa_list.extend(hpa_list) for p in k8s_hpa_list: p['namespace_id'] = namespace_dict.get(p['namespace']) perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) k8s_hpa_list = perm.hook_perms(k8s_hpa_list, ns_id_flag='namespace_id') return Response(k8s_hpa_list)
def create_namespace(self, request, project_id_or_code, cluster_id): project_id = request.project.project_id slz = CreateNamespaceParamsSLZ(data=request.data, context={"project_id": project_id}) slz.is_valid(raise_exception=True) data = slz.data access_token = request.user.token.access_token username = request.user.username namespace = self._create_kubernetes_namespace(access_token, username, project_id, cluster_id, data["name"]) # 创建命名空间下的变量值 ns_id = namespace.get("namespace_id") or namespace.get("id") namespace["id"] = ns_id NameSpaceVariable.batch_save(ns_id, data["variables"]) namespace["variables"] = data["variables"] # 命名空间权限Client ns_perm_client = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES, cluster_id) ns_perm_client.register(namespace["id"], f"{namespace['name']}({cluster_id})") return Response(namespace)
def register_default_ns(access_token, username, project_id, project_code, cluster_id): """注册默认的命名空间(针对k8s集群) 1. 创建存储镜像账号的secret 2. 将 default 命名空间注册到paas_cc 上 project_code = request.project.english_name """ # 组装创建ns的数据 data = {'env_type': 'dev', 'name': 'default', 'cluster_id': cluster_id} ns_base = NamespaceBase() # 1. 创建存储镜像账号的secret client = K8SClient(access_token, project_id, data['cluster_id'], env=None) ns_base.create_jfrog_secret(client, access_token, project_id, project_code, data) # 2. 将 default 命名空间注册到paas_cc 上 result = paas_cc.create_namespace(access_token, project_id, data['cluster_id'], data['name'], None, username, data['env_type']) if result.get('code') != 0: if 'Duplicate entry' in result.get('message', ''): message = _("创建失败,namespace名称已经在其他项目存在") else: message = result.get('message', '') return False, message # 注册资源到权限中心 request = RequestClass(username=username, access_token=access_token, project_code=project_code) perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES, data['cluster_id']) perm.register(str(result['data']['id']), result['data']['name']) return True, _("命名空间[default]注册成功")
def get_queryset(self): result = paas_cc.get_namespace_list(self.access_token, self.project_id, desire_all_data=True) results = result["data"]["results"] if not results: return [] # 补充cluster_name字段 cluster_ids = [i['cluster_id'] for i in results] cluster_list = paas_cc.get_cluster_list( self.access_token, self.project_id, cluster_ids).get('data') or [] # cluster_list = bcs_perm.Cluster.hook_perms(request, project_id, cluster_list) cluster_dict = {i['cluster_id']: i for i in cluster_list} for i in results: # ns_vars = NameSpaceVariable.get_ns_vars(i['id'], project_id) i['ns_vars'] = [] if i['cluster_id'] in cluster_dict: i['cluster_name'] = cluster_dict[i['cluster_id']]['name'] i['environment'] = cluster_dict[i['cluster_id']]['environment'] else: i['cluster_name'] = i['cluster_id'] i['environment'] = None perm = bcs_perm.Namespace(self.request, self.project_id, bcs_perm.NO_RES) results = perm.hook_perms(results, True) return results
def filter_namespaces(self, filter_use_perm): result = paas_cc.get_namespace_list(self.access_token, self.project_id, desire_all_data=True) results = result["data"]["results"] if not results: return [] # 补充cluster_name字段 cluster_ids = [i['cluster_id'] for i in results] cluster_list = paas_cc.get_cluster_list( self.access_token, self.project_id, cluster_ids).get('data') or [] # cluster_list = bcs_perm.Cluster.hook_perms(request, project_id, cluster_list) cluster_dict = {i['cluster_id']: i for i in cluster_list} filter_ns_list = [] for i in results: # 过滤掉k8s系统和bcs平台使用的命名空间 if i["name"] in K8S_SYS_PLAT_NAMESPACES: continue # ns_vars = NameSpaceVariable.get_ns_vars(i['id'], project_id) i['ns_vars'] = [] if i['cluster_id'] in cluster_dict: i['cluster_name'] = cluster_dict[i['cluster_id']]['name'] i['environment'] = cluster_dict[i['cluster_id']]['environment'] else: i['cluster_name'] = i['cluster_id'] i['environment'] = None filter_ns_list.append(i) perm = bcs_perm.Namespace(self.request, self.project_id, bcs_perm.NO_RES) results = perm.hook_perms(filter_ns_list, filter_use=filter_use_perm) return results
def create(self, request, project_id, is_validate_perm=True): """新建命名空间 k8s 流程:新建namespace配置文件并下发 -> 新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册 mesos流程:新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册 """ serializer = slz.CreateNamespaceSLZ(data=request.data, context={ 'request': request, 'project_id': project_id }) serializer.is_valid(raise_exception=True) data = serializer.data # 判断权限 cluster_id = data['cluster_id'] perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES, cluster_id) perm.can_create(raise_exception=is_validate_perm) request.audit_ctx.update_fields( resource=data['name'], description=_('集群: {}, 创建命名空间: 命名空间[{}]').format( cluster_id, data["name"])) result = self.create_flow(request, project_id, data, perm) return response.Response(result)
def get_ns_list_by_user_perm(self, request, project_id): """获取用户所有有使用权限的命名空间""" access_token = request.user.token.access_token # 获取全部namespace,前台分页 result = paas_cc.get_namespace_list(access_token, project_id, with_lb=0, limit=LIMIT_FOR_ALL_DATA) if result.get('code') != 0: raise error_codes.APIError.f(result.get('message', '')) ns_list = result['data']['results'] or [] if not ns_list: return [] # 补充cluster_name字段 cluster_ids = [i['cluster_id'] for i in ns_list] cluster_list = paas_cc.get_cluster_list(access_token, project_id, cluster_ids).get('data') or [] cluster_dict = {i['cluster_id']: i for i in cluster_list} # 命名空间列表补充集群信息,过来权限时需要 for i in ns_list: i['namespace_id'] = i['id'] if i['cluster_id'] in cluster_dict: i['cluster_name'] = cluster_dict[i['cluster_id']]['name'] i['environment'] = cluster_dict[i['cluster_id']]['environment'] else: i['cluster_name'] = i['cluster_id'] i['environment'] = None perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) # 只过滤有编辑权限 filter_parms = {'is_filter': True, 'filter_type': 'edit'} ns_list = perm.hook_base_perms(ns_list, **filter_parms) return ns_list
def retrieve(self, request, project_id, pk): details = self.queryset.filter(id=pk, project_id=project_id, is_deleted=False).values() if not details: raise error_codes.CheckFailed(_("没有查询到实例信息,请联系管理员处理")) data = details[0] perm = bcs_perm.Namespace(request, project_id, data["namespace_id"]) perm.can_use(raise_exception=True) access_token = request.user.token.access_token cluster_id_name_map = self.get_cluster_id_name_map( access_token, project_id) data["cluster_name"] = cluster_id_name_map[data["cluster_id"]]["name"] ip_info = json.loads(data["ip_info"]) node_id_info_map = self.get_node_info(access_token, project_id, data["cluster_id"]) render_ip_info = [] for info in ip_info: item = { "id": info, "inner_ip": node_id_info_map[int(info)]["inner_ip"], "unshared": ip_info[info] } render_ip_info.append(item) data["ip_info"] = json.dumps(render_ip_info) return Response(data)
def create(self, request, project_id, is_validate_perm=True): """新建命名空间 k8s 流程:新建namespace配置文件并下发 -> 新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册 mesos流程:新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册 """ serializer = slz.CreateNamespaceSLZ(data=request.data, context={ 'request': request, 'project_id': project_id }) serializer.is_valid(raise_exception=True) data = serializer.data # 判断权限 cluster_id = data['cluster_id'] perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES, cluster_id) perm.can_create(raise_exception=is_validate_perm) description = _('集群: {}, 创建命名空间: 命名空间[{}]').format( cluster_id, data["name"]) with client.ContextActivityLogClient( project_id=project_id, user=request.user.username, resource_type='namespace', resource=data['name'], description=description, ).log_add(): result = self.create_flow(request, project_id, data, perm) return response.Response(result)
def list(self, request, project_id): """通过项目或集群拉取ingress """ cluster_id = request.query_params.get('cluster_id') project_clusters = self.get_clusters(request, project_id) project_namespaces = self.get_project_namespaces(request, project_id) cluster_id_list = [cluster_id ] if cluster_id else project_clusters.keys() # 通过集群拉取ingress数据 ingress_list = [] for cluster_id in cluster_id_list: data = network_utils.get_cluster_ingresses( request.user.token.access_token, project_id, cluster_id) for info in data: create_time = getitems(info, ['metadata', 'creationTimestamp']) if create_time: d_time = arrow.get(create_time).datetime create_time = timezone.localtime(d_time).strftime( '%Y-%m-%d %H:%M:%S') update_time = getitems( info, ['metadata', 'annotations', 'io.tencent.paas.updateTime']) namespace_name = getitems(info, ['metadata', 'namespace'], default='') namespace_id = project_namespaces.get( (cluster_id, namespace_name), {}).get('id', DEFAULT_NAMESPACE_ID) ingress_list.append({ 'name': getitems(info, ['metadata', 'name'], default=''), 'namespace': namespace_name, 'namespace_id': namespace_id, 'cluster_id': cluster_id, 'spec': info['spec'], 'config': info, 'cluster_name': project_clusters[cluster_id]['name'], 'environment': project_clusters[cluster_id]['environment'], 'create_time': create_time, 'update_time': update_time if update_time else create_time }) if ingress_list: # 检查是否用命名空间的使用权限 perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) ingress_list = perm.hook_perms(ingress_list, ns_id_flag='namespace_id', ns_name_flag='namespace') # 按照更新时间排序 ingress_list.sort(key=lambda info: info['update_time'], reverse=True) return response.Response(ingress_list)
def list(self, request, project_id, cluster_id=None): access_token = request.user.token.access_token cluster_map = self._get_cluster_map(project_id) namespace_map = self._get_cluster_map(project_id) data = [] if cluster_id: if cluster_id not in cluster_map: raise error_codes.APIError(_("cluster_id not valid")) client = k8s.K8SClient(access_token, project_id, cluster_id, env=None) items = self._handle_items(cluster_id, cluster_map, namespace_map, client.list_service_monitor()) data.extend(items) else: for cluster in cluster_map.values(): cluster_id = cluster["cluster_id"] cluster_env = cluster.get("environment") client = k8s.K8SClient(access_token, project_id, cluster_id, env=cluster_env) items = self._handle_items(cluster_id, cluster_map, namespace_map, client.list_service_monitor()) data.extend(items) perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) data = perm.hook_perms(data, ns_id_flag="namespace_id") self.filter_no_perm(data) return Response(data)
def delete_cc_ns(self, request, project_id, cluster_id, ns_id_list): """删除存储在CC中的namespace""" for ns_id in ns_id_list: perm = bcs_perm.Namespace(request, project_id, ns_id) perm.delete() ns_utils.delete_cc_namespace(request.user.token.access_token, project_id, cluster_id, ns_id)
def _validate_namespace_info(self, data): request = self.context["request"] namespace_info = data["namespace_info"] namespace_info["id"] = get_namespace_id( request.user.token.access_token, data["project_id"], namespace_info["cluster_id"], namespace_info["name"]) perm = bcs_perm.Namespace(request, data["project_id"], namespace_info["id"]) perm.can_use(raise_exception=True)
def add_cc_ns(self, request, project_id, cluster_id, ns_name_list): access_token = request.user.token.access_token creator = request.user.token.access_token perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES, cluster_id) for ns_name in ns_name_list: data = ns_utils.create_cc_namespace(access_token, project_id, cluster_id, ns_name, creator) perm.register(data["id"], f"{ns_name}({cluster_id})")
def update(self, request, project_id, pk): """ 更新LB配置,包含下面几种场景 1. 增加/减少LB协议类型 2. 增加/减少节点数量(标签+replica) """ req_data = dict(request.data) req_data.update({"id": pk, "updator": request.user.username}) serializer = NginxIngressUpdateSLZ(data=req_data) serializer.is_valid(raise_exception=True) data = serializer.data lb_conf, delete_node_id_list, add_node_id_list = self.get_update_node_info(request, data) perm = bcs_perm.Namespace(request, project_id, lb_conf.namespace_id) perm.can_use(raise_exception=True) # 判断调整的节点是否已经存在,并且是独享的 # self.update_check_node_id(lb_conf, data) # 删除节点配置 if delete_node_id_list: self.delete_node_label(request, delete_node_id_list, project_id, lb_conf) # 添加节点配置 if add_node_id_list: self.add_node_label(request, add_node_id_list, project_id, lb_conf) # 更新lb self.update_lb_conf(lb_conf, data["ip_info"], data["protocol_type"], request.user.username) app_instance = self.get_k8s_bcs_app(lb_conf.namespace_id, self.chart_info) if not app_instance: return APIResponse({"code": 400, "message": _("没有查询到应用信息")}) data["namespace_id"] = lb_conf.namespace_id namespace_info = self.get_ns_info(request, data["namespace_id"]) valuefile = self.render_yaml( request.user.token.access_token, project_id, lb_conf.cluster_id, data, namespace_info) user_log = log_client.ContextActivityLogClient( project_id=project_id, user=request.user.username, resource_type='lb', resource="%s:%s" % (lb_conf.cluster_id, lb_conf.namespace_id), resource_id=pk, extra=json.dumps(data) ) updated_instance = app_instance.upgrade_app( access_token=request.user.token.access_token, chart_version_id=self.chart_version.id, answers=[], customs=[], valuefile=valuefile, updator=request.user.username ) if updated_instance.transitioning_result: user_log.log_modify(activity_status="succeed") return APIResponse({"message": "更新成功!"}) user_log.log_modify(activity_status="failed") return APIResponse({"code": 400, "message": updated_instance.transitioning_message})
def _can_use_namespaces(self, request, project_id, data, ns_name_id_map): for info in data: # 通过集群id和namespace名称确认namespace id,判断是否有namespace权限 ns_id = ns_name_id_map.get((info["cluster_id"], info["namespace"])) if not ns_id: raise ValidationError( _("集群:{}下没有查询到namespace:{}").format( info["cluster_id"], info["namespace"])) ns_perm = bcs_perm.Namespace(request, project_id, ns_id) ns_perm.can_use(raise_exception=True)
def can_use_namespaces(request, project_id, namespaces): """ namespaces: [(cluster_id, ns_name)] """ namespace_data = get_project_namespaces(request.user.token.access_token, project_id) # format: {(cluster_id, ns_name): ns_id} namespace_dict = {(ns['cluster_id'], ns['name']): ns['id'] for ns in namespace_data} for ns in namespaces: ns_id = namespace_dict.get(ns) perm = bcs_perm.Namespace(request, project_id, ns_id) perm.can_use(raise_exception=True)
def _validate_namespace_use_perm(self, request, project_id, namespace_list): """检查是否有命名空间的使用权限""" namespace_map = self._get_namespace_map(project_id) for namespace in namespace_list: if namespace in self.NO_PERM_NS: raise error_codes.APIError(_("namespace operation is not allowed")) namespace_id = namespace_map.get(namespace) # 检查是否有命名空间的使用权限 perm = bcs_perm.Namespace(request, project_id, namespace_id) perm.can_use(raise_exception=True)
def _validate_namespace_use_perm(self, project_id: str, cluster_id: str, namespaces: List): """ 检查是否有命名空间的使用权限 """ namespace_map = self._get_namespace_map(project_id) for ns in namespaces: if ns in constants.SM_NO_PERM_NAMESPACE: raise error_codes.APIError(_('不允许操作命名空间 {}').format(ns)) namespace_id = namespace_map.get((cluster_id, ns)) # 检查是否有命名空间的使用权限 perm = bcs_perm.Namespace(self.request, project_id, namespace_id) perm.can_use(raise_exception=True)
def bcs_single_app_perm_handler(self, request, project_id, muster_id, ns_id, source_type="模板集"): """针对具体资源的权限处理""" # 继承命名空间的权限 ns_perm = bcs_perm.Namespace(request, project_id, ns_id) ns_perm.can_use(raise_exception=True) if source_type == "模板集": muster_info = Template.objects.filter(id=muster_id, is_deleted=False).first() if not muster_info: raise error_codes.CheckFailed(_("没有查询到模板集信息")) # 继承模板集的权限 tmpl_perm = bcs_perm.Templates(request, project_id, muster_id, resource_name=muster_info.name) tmpl_perm.can_use(raise_exception=True)
def bcs_perm_handler( self, request, project_id, data, filter_use=False, ns_id_flag="namespace_id", ns_name_flag='namespace', tmpl_view=True, ): # noqa """列表权限处理""" ns_perm_client = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) ns_ret_instance_list = ns_perm_client.hook_perms( data, ns_id_flag=ns_id_flag, filter_use=filter_use, ns_name_flag=ns_name_flag ) ns_ret_data_map = {info["id"]: info["permissions"] for info in ns_ret_instance_list} if not tmpl_view: for info in data: if info['id'] in ns_ret_data_map: info['permissions'] = info['permissions'] else: info["permissions"] = { "create": False, "delete": False, "view": False, "edit": False, "use": False, } # noqa return data # ns_ret_data_map = {(info["namespace"], info["name"]): info["permissions"] for info in ns_ret_instance_list} tmpl_perm_client = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES) tmpl_ret_instance_list = tmpl_perm_client.hook_perms(data, id_flag="muster_id", filter_use=filter_use) # map handle ret_data = [] for info in tmpl_ret_instance_list: # item_key = (info["namespace"], info["name"]) if info["id"] in ns_ret_data_map: curr_permissions = ns_ret_data_map[info["id"]] insert_set = set(curr_permissions.keys()) & set(info["permissions"].keys()) diff_set = (set(info["permissions"].keys()) | set(curr_permissions.keys())) - insert_set for key in insert_set: info["permissions"][key] = info["permissions"][key] and curr_permissions[key] for key in diff_set: info["permissions"][key] = False else: info["permissions"] = {"create": False, "delete": False, "view": False, "edit": False, "use": False} if filter_use: if info["permissions"].get("use"): ret_data.append(info) continue ret_data.append(info) return ret_data
def delete(self, request, project_id, namespace_id, is_validate_perm=True): access_token = request.user.token.access_token # perm perm = bcs_perm.Namespace(request, project_id, namespace_id) perm.can_delete(raise_exception=is_validate_perm) # start delete oper client = Namespace(access_token, project_id, request.project.kind) resp = client.delete(namespace_id) # delete ns registered perm perm.delete() return response.Response(resp)
def check_namespace_use_perm(self, request, project_id, namespace_list): """检查是否有命名空间的使用权限 """ access_token = request.user.token.access_token # 根据 namespace 查询 ns_id namespace_res = paas_cc.get_namespace_list( access_token, project_id, limit=constants.ALL_LIMIT) namespace_data = namespace_res.get('data', {}).get('results') or [] namespace_dict = {i['name']: i['id'] for i in namespace_data} for namespace in namespace_list: namespace_id = namespace_dict.get(namespace) # 检查是否有命名空间的使用权限 perm = bcs_perm.Namespace(request, project_id, namespace_id) perm.can_use(raise_exception=True) return namespace_dict
def list(self, request, project_id, cluster_id): """ 获取 ServiceMonitor 列表 """ cluster_map = self._get_cluster_map(project_id) namespace_map = self._get_namespace_map(project_id) if cluster_id not in cluster_map: raise error_codes.APIError(_('集群 ID {} 不合法').format(cluster_id)) client = K8SClient(request.user.token.access_token, project_id, cluster_id, env=None) manifest = client.list_service_monitor() response_data = self._handle_items(cluster_id, cluster_map, namespace_map, manifest) perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) response_data = perm.hook_perms(response_data, ns_id_flag='namespace_id') response_data = self._update_service_monitor_perm(response_data) return Response(response_data)
def list(self, request, project_id, cluster_id): cluster_map = self._get_cluster_map(project_id) namespace_map = self._get_namespace_map(project_id) data = [] if cluster_id not in cluster_map: raise error_codes.APIError(_("cluster_id not valid")) client = self._get_client(request, project_id, cluster_id) items = self._handle_items(cluster_id, cluster_map, namespace_map, client.list_service_monitor()) data.extend(items) perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES) data = perm.hook_perms(data, ns_id_flag="namespace_id") self.filter_no_perm(data) return Response(data)
def delete(self, request, project_id, namespace_id, is_validate_perm=True): """删除集群 """ access_token = request.user.token.access_token # 检查权限 perm = bcs_perm.Namespace(request, project_id, namespace_id) perm.can_delete(raise_exception=is_validate_perm) access_token = request.user.token.access_token ns_result = paas_cc.get_namespace(access_token, project_id, namespace_id) if ns_result.get('code') != 0: raise error_codes.APIError.f(ns_result.get('message', '')) ns_data = ns_result.get('data') cluster_id = ns_data.get('cluster_id') name = ns_data.get('name') project_kind = request.project.kind if project_kind == K8S_PROJECT_KIND: client = K8SClient(access_token, project_id, cluster_id, env=None) elif project_kind == MESOS_PROJECT_KIND: client = MesosClient(access_token, project_id, cluster_id, env=None) else: raise ValidationError("项目编排类型不正确") # 删除 namespace result = client.delete_namespace(name) if result.get('code') != 0: raise error_codes.ComponentError.f("删除Namespace失败,%s, 请联系管理员解决" % result.get('message')) result = paas_cc.delete_namespace(access_token, project_id, namespace_id) if result.get('code') != 0: raise error_codes.APIError.f(result.get('message')) # 删除资源 perm.delete() return response.Response(result)
def delete(self, request, project_id, namespace_id, is_validate_perm=True): # NOTE: open mesos delete namespace, when mesos api ready if request.project.kind == ProjectKind.MESOS.value: raise error_codes.NotOpen('mesos api not ready') access_token = request.user.token.access_token # perm perm = bcs_perm.Namespace(request, project_id, namespace_id) perm.can_delete(raise_exception=is_validate_perm) # start delete oper client = Namespace(access_token, project_id, request.project.kind) resp = client.delete(namespace_id) # delete ns registered perm perm.delete() return response.Response(resp)
def can_use_instance(cls, request, project_id, ns_id, tmpl_set_id=None, source_type=SourceType.TEMPLATE): # 继承命名空间的权限 ns_perm = bcs_perm.Namespace(request, project_id, ns_id) ns_perm.can_use(raise_exception=True) if source_type == SourceType.TEMPLATE: tmpl_set_info = Template.objects.filter(id=tmpl_set_id).first() if not tmpl_set_info: raise error_codes.CheckFailed( f"template:{tmpl_set_id} not found") # 继承模板集的权限 tmpl_perm = bcs_perm.Templates(request, project_id, tmpl_set_id, resource_name=tmpl_set_info.name) tmpl_perm.can_use(raise_exception=True)
def delete(self, request, project_id, namespace_id, is_validate_perm=True): access_token = request.user.token.access_token # 针对mesos,需要删除完对应的资源才允许操作 if request.project.kind == ProjectKind.MESOS.value: res_names = self._get_resources(request, project_id, namespace_id) if [name for name_list in res_names.values() for name in name_list]: raise error_codes.CheckFailed(_("请先删除命名空间下的资源")) # perm perm = bcs_perm.Namespace(request, project_id, namespace_id) perm.can_delete(raise_exception=is_validate_perm) # start delete oper client = Namespace(access_token, project_id, request.project.kind) resp = client.delete(namespace_id) # delete ns registered perm perm.delete() return response.Response(resp)
def _validate_namespace_use_perm( self, request, project_id: str, cluster_namespace_list: List[Tuple]) -> None: """ 检查是否有命名空间的使用权限 :param request: Django Request :param project_id: 项目 ID :param cluster_namespace_list: 集群-命名空间列表,格式:[(cluster_id, namespace)] :return: """ namespace_map = self._get_namespace_map(project_id) for cluster_id, namespace in cluster_namespace_list: if namespace in self.NO_PERM_NS: raise error_codes.APIError( _("namespace operation is not allowed")) namespace_id = namespace_map.get((cluster_id, namespace)) # 检查是否有命名空间的使用权限 perm = bcs_perm.Namespace(request, project_id, namespace_id) perm.can_use(raise_exception=True)