def list(self, request, project_id):
"""获取所有HPA数据
"""
access_token = request.user.token.access_token
cluster_dicts = self.get_project_cluster_info(request, project_id)
cluster_data = cluster_dicts.get('results', {}) or {}
k8s_hpa_list = []
namespace_res = paas_cc.get_namespace_list(access_token,
project_id,
limit=ALL_LIMIT)
namespace_data = namespace_res.get('data', {}).get('results') or []
namespace_dict = {i['name']: i['id'] for i in namespace_data}
for cluster_info in cluster_data:
cluster_id = cluster_info['cluster_id']
cluster_env = cluster_info.get('environment')
cluster_name = cluster_info['name']
hpa_list = utils.get_cluster_hpa_list(request, project_id,
cluster_id, cluster_env,
cluster_name)
k8s_hpa_list.extend(hpa_list)
for p in k8s_hpa_list:
p['namespace_id'] = namespace_dict.get(p['namespace'])
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES)
k8s_hpa_list = perm.hook_perms(k8s_hpa_list, ns_id_flag='namespace_id')
return Response(k8s_hpa_list)
def create_namespace(self, request, project_id_or_code, cluster_id):
project_id = request.project.project_id
slz = CreateNamespaceParamsSLZ(data=request.data,
context={"project_id": project_id})
slz.is_valid(raise_exception=True)
data = slz.data
access_token = request.user.token.access_token
username = request.user.username
namespace = self._create_kubernetes_namespace(access_token, username,
project_id, cluster_id,
data["name"])
# 创建命名空间下的变量值
ns_id = namespace.get("namespace_id") or namespace.get("id")
namespace["id"] = ns_id
NameSpaceVariable.batch_save(ns_id, data["variables"])
namespace["variables"] = data["variables"]
# 命名空间权限Client
ns_perm_client = bcs_perm.Namespace(request, project_id,
bcs_perm.NO_RES, cluster_id)
ns_perm_client.register(namespace["id"],
f"{namespace['name']}({cluster_id})")
return Response(namespace)
def register_default_ns(access_token, username, project_id, project_code,
cluster_id):
"""注册默认的命名空间(针对k8s集群)
1. 创建存储镜像账号的secret
2. 将 default 命名空间注册到paas_cc 上
project_code = request.project.english_name
"""
# 组装创建ns的数据
data = {'env_type': 'dev', 'name': 'default', 'cluster_id': cluster_id}
ns_base = NamespaceBase()
# 1. 创建存储镜像账号的secret
client = K8SClient(access_token, project_id, data['cluster_id'], env=None)
ns_base.create_jfrog_secret(client, access_token, project_id, project_code,
data)
# 2. 将 default 命名空间注册到paas_cc 上
result = paas_cc.create_namespace(access_token, project_id,
data['cluster_id'], data['name'], None,
username, data['env_type'])
if result.get('code') != 0:
if 'Duplicate entry' in result.get('message', ''):
message = _("创建失败,namespace名称已经在其他项目存在")
else:
message = result.get('message', '')
return False, message
# 注册资源到权限中心
request = RequestClass(username=username,
access_token=access_token,
project_code=project_code)
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES,
data['cluster_id'])
perm.register(str(result['data']['id']), result['data']['name'])
return True, _("命名空间[default]注册成功")
def get_queryset(self):
result = paas_cc.get_namespace_list(self.access_token,
self.project_id,
desire_all_data=True)
results = result["data"]["results"]
if not results:
return []
# 补充cluster_name字段
cluster_ids = [i['cluster_id'] for i in results]
cluster_list = paas_cc.get_cluster_list(
self.access_token, self.project_id, cluster_ids).get('data') or []
# cluster_list = bcs_perm.Cluster.hook_perms(request, project_id, cluster_list)
cluster_dict = {i['cluster_id']: i for i in cluster_list}
for i in results:
# ns_vars = NameSpaceVariable.get_ns_vars(i['id'], project_id)
i['ns_vars'] = []
if i['cluster_id'] in cluster_dict:
i['cluster_name'] = cluster_dict[i['cluster_id']]['name']
i['environment'] = cluster_dict[i['cluster_id']]['environment']
else:
i['cluster_name'] = i['cluster_id']
i['environment'] = None
perm = bcs_perm.Namespace(self.request, self.project_id,
bcs_perm.NO_RES)
results = perm.hook_perms(results, True)
return results
def filter_namespaces(self, filter_use_perm):
result = paas_cc.get_namespace_list(self.access_token,
self.project_id,
desire_all_data=True)
results = result["data"]["results"]
if not results:
return []
# 补充cluster_name字段
cluster_ids = [i['cluster_id'] for i in results]
cluster_list = paas_cc.get_cluster_list(
self.access_token, self.project_id, cluster_ids).get('data') or []
# cluster_list = bcs_perm.Cluster.hook_perms(request, project_id, cluster_list)
cluster_dict = {i['cluster_id']: i for i in cluster_list}
filter_ns_list = []
for i in results:
# 过滤掉k8s系统和bcs平台使用的命名空间
if i["name"] in K8S_SYS_PLAT_NAMESPACES:
continue
# ns_vars = NameSpaceVariable.get_ns_vars(i['id'], project_id)
i['ns_vars'] = []
if i['cluster_id'] in cluster_dict:
i['cluster_name'] = cluster_dict[i['cluster_id']]['name']
i['environment'] = cluster_dict[i['cluster_id']]['environment']
else:
i['cluster_name'] = i['cluster_id']
i['environment'] = None
filter_ns_list.append(i)
perm = bcs_perm.Namespace(self.request, self.project_id,
bcs_perm.NO_RES)
results = perm.hook_perms(filter_ns_list, filter_use=filter_use_perm)
return results
def create(self, request, project_id, is_validate_perm=True):
"""新建命名空间
k8s 流程:新建namespace配置文件并下发 -> 新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册
mesos流程:新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册
"""
serializer = slz.CreateNamespaceSLZ(data=request.data,
context={
'request': request,
'project_id': project_id
})
serializer.is_valid(raise_exception=True)
data = serializer.data
# 判断权限
cluster_id = data['cluster_id']
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES,
cluster_id)
perm.can_create(raise_exception=is_validate_perm)
request.audit_ctx.update_fields(
resource=data['name'],
description=_('集群: {}, 创建命名空间: 命名空间[{}]').format(
cluster_id, data["name"]))
result = self.create_flow(request, project_id, data, perm)
return response.Response(result)
def get_ns_list_by_user_perm(self, request, project_id):
"""获取用户所有有使用权限的命名空间"""
access_token = request.user.token.access_token
# 获取全部namespace,前台分页
result = paas_cc.get_namespace_list(access_token,
project_id,
with_lb=0,
limit=LIMIT_FOR_ALL_DATA)
if result.get('code') != 0:
raise error_codes.APIError.f(result.get('message', ''))
ns_list = result['data']['results'] or []
if not ns_list:
return []
# 补充cluster_name字段
cluster_ids = [i['cluster_id'] for i in ns_list]
cluster_list = paas_cc.get_cluster_list(access_token, project_id,
cluster_ids).get('data') or []
cluster_dict = {i['cluster_id']: i for i in cluster_list}
# 命名空间列表补充集群信息,过来权限时需要
for i in ns_list:
i['namespace_id'] = i['id']
if i['cluster_id'] in cluster_dict:
i['cluster_name'] = cluster_dict[i['cluster_id']]['name']
i['environment'] = cluster_dict[i['cluster_id']]['environment']
else:
i['cluster_name'] = i['cluster_id']
i['environment'] = None
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES)
# 只过滤有编辑权限
filter_parms = {'is_filter': True, 'filter_type': 'edit'}
ns_list = perm.hook_base_perms(ns_list, **filter_parms)
return ns_list
def retrieve(self, request, project_id, pk):
details = self.queryset.filter(id=pk,
project_id=project_id,
is_deleted=False).values()
if not details:
raise error_codes.CheckFailed(_("没有查询到实例信息,请联系管理员处理"))
data = details[0]
perm = bcs_perm.Namespace(request, project_id, data["namespace_id"])
perm.can_use(raise_exception=True)
access_token = request.user.token.access_token
cluster_id_name_map = self.get_cluster_id_name_map(
access_token, project_id)
data["cluster_name"] = cluster_id_name_map[data["cluster_id"]]["name"]
ip_info = json.loads(data["ip_info"])
node_id_info_map = self.get_node_info(access_token, project_id,
data["cluster_id"])
render_ip_info = []
for info in ip_info:
item = {
"id": info,
"inner_ip": node_id_info_map[int(info)]["inner_ip"],
"unshared": ip_info[info]
}
render_ip_info.append(item)
data["ip_info"] = json.dumps(render_ip_info)
return Response(data)
def create(self, request, project_id, is_validate_perm=True):
"""新建命名空间
k8s 流程:新建namespace配置文件并下发 -> 新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册
mesos流程:新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册
"""
serializer = slz.CreateNamespaceSLZ(data=request.data,
context={
'request': request,
'project_id': project_id
})
serializer.is_valid(raise_exception=True)
data = serializer.data
# 判断权限
cluster_id = data['cluster_id']
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES,
cluster_id)
perm.can_create(raise_exception=is_validate_perm)
description = _('集群: {}, 创建命名空间: 命名空间[{}]').format(
cluster_id, data["name"])
with client.ContextActivityLogClient(
project_id=project_id,
user=request.user.username,
resource_type='namespace',
resource=data['name'],
description=description,
).log_add():
result = self.create_flow(request, project_id, data, perm)
return response.Response(result)
def list(self, request, project_id):
"""通过项目或集群拉取ingress
"""
cluster_id = request.query_params.get('cluster_id')
project_clusters = self.get_clusters(request, project_id)
project_namespaces = self.get_project_namespaces(request, project_id)
cluster_id_list = [cluster_id
] if cluster_id else project_clusters.keys()
# 通过集群拉取ingress数据
ingress_list = []
for cluster_id in cluster_id_list:
data = network_utils.get_cluster_ingresses(
request.user.token.access_token, project_id, cluster_id)
for info in data:
create_time = getitems(info, ['metadata', 'creationTimestamp'])
if create_time:
d_time = arrow.get(create_time).datetime
create_time = timezone.localtime(d_time).strftime(
'%Y-%m-%d %H:%M:%S')
update_time = getitems(
info,
['metadata', 'annotations', 'io.tencent.paas.updateTime'])
namespace_name = getitems(info, ['metadata', 'namespace'],
default='')
namespace_id = project_namespaces.get(
(cluster_id, namespace_name),
{}).get('id', DEFAULT_NAMESPACE_ID)
ingress_list.append({
'name':
getitems(info, ['metadata', 'name'], default=''),
'namespace':
namespace_name,
'namespace_id':
namespace_id,
'cluster_id':
cluster_id,
'spec':
info['spec'],
'config':
info,
'cluster_name':
project_clusters[cluster_id]['name'],
'environment':
project_clusters[cluster_id]['environment'],
'create_time':
create_time,
'update_time':
update_time if update_time else create_time
})
if ingress_list:
# 检查是否用命名空间的使用权限
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES)
ingress_list = perm.hook_perms(ingress_list,
ns_id_flag='namespace_id',
ns_name_flag='namespace')
# 按照更新时间排序
ingress_list.sort(key=lambda info: info['update_time'],
reverse=True)
return response.Response(ingress_list)
def list(self, request, project_id, cluster_id=None):
access_token = request.user.token.access_token
cluster_map = self._get_cluster_map(project_id)
namespace_map = self._get_cluster_map(project_id)
data = []
if cluster_id:
if cluster_id not in cluster_map:
raise error_codes.APIError(_("cluster_id not valid"))
client = k8s.K8SClient(access_token,
project_id,
cluster_id,
env=None)
items = self._handle_items(cluster_id, cluster_map, namespace_map,
client.list_service_monitor())
data.extend(items)
else:
for cluster in cluster_map.values():
cluster_id = cluster["cluster_id"]
cluster_env = cluster.get("environment")
client = k8s.K8SClient(access_token,
project_id,
cluster_id,
env=cluster_env)
items = self._handle_items(cluster_id, cluster_map,
namespace_map,
client.list_service_monitor())
data.extend(items)
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES)
data = perm.hook_perms(data, ns_id_flag="namespace_id")
self.filter_no_perm(data)
return Response(data)
def delete_cc_ns(self, request, project_id, cluster_id, ns_id_list):
"""删除存储在CC中的namespace"""
for ns_id in ns_id_list:
perm = bcs_perm.Namespace(request, project_id, ns_id)
perm.delete()
ns_utils.delete_cc_namespace(request.user.token.access_token,
project_id, cluster_id, ns_id)
def _validate_namespace_info(self, data):
request = self.context["request"]
namespace_info = data["namespace_info"]
namespace_info["id"] = get_namespace_id(
request.user.token.access_token, data["project_id"],
namespace_info["cluster_id"], namespace_info["name"])
perm = bcs_perm.Namespace(request, data["project_id"],
namespace_info["id"])
perm.can_use(raise_exception=True)
def add_cc_ns(self, request, project_id, cluster_id, ns_name_list):
access_token = request.user.token.access_token
creator = request.user.token.access_token
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES,
cluster_id)
for ns_name in ns_name_list:
data = ns_utils.create_cc_namespace(access_token, project_id,
cluster_id, ns_name, creator)
perm.register(data["id"], f"{ns_name}({cluster_id})")
def update(self, request, project_id, pk):
"""
更新LB配置,包含下面几种场景
1. 增加/减少LB协议类型
2. 增加/减少节点数量(标签+replica)
"""
req_data = dict(request.data)
req_data.update({"id": pk, "updator": request.user.username})
serializer = NginxIngressUpdateSLZ(data=req_data)
serializer.is_valid(raise_exception=True)
data = serializer.data
lb_conf, delete_node_id_list, add_node_id_list = self.get_update_node_info(request, data)
perm = bcs_perm.Namespace(request, project_id, lb_conf.namespace_id)
perm.can_use(raise_exception=True)
# 判断调整的节点是否已经存在,并且是独享的
# self.update_check_node_id(lb_conf, data)
# 删除节点配置
if delete_node_id_list:
self.delete_node_label(request, delete_node_id_list, project_id, lb_conf)
# 添加节点配置
if add_node_id_list:
self.add_node_label(request, add_node_id_list, project_id, lb_conf)
# 更新lb
self.update_lb_conf(lb_conf, data["ip_info"], data["protocol_type"], request.user.username)
app_instance = self.get_k8s_bcs_app(lb_conf.namespace_id, self.chart_info)
if not app_instance:
return APIResponse({"code": 400, "message": _("没有查询到应用信息")})
data["namespace_id"] = lb_conf.namespace_id
namespace_info = self.get_ns_info(request, data["namespace_id"])
valuefile = self.render_yaml(
request.user.token.access_token, project_id, lb_conf.cluster_id, data, namespace_info)
user_log = log_client.ContextActivityLogClient(
project_id=project_id,
user=request.user.username,
resource_type='lb',
resource="%s:%s" % (lb_conf.cluster_id, lb_conf.namespace_id),
resource_id=pk,
extra=json.dumps(data)
)
updated_instance = app_instance.upgrade_app(
access_token=request.user.token.access_token,
chart_version_id=self.chart_version.id,
answers=[], customs=[],
valuefile=valuefile,
updator=request.user.username
)
if updated_instance.transitioning_result:
user_log.log_modify(activity_status="succeed")
return APIResponse({"message": "更新成功!"})
user_log.log_modify(activity_status="failed")
return APIResponse({"code": 400, "message": updated_instance.transitioning_message})
def _can_use_namespaces(self, request, project_id, data, ns_name_id_map):
for info in data:
# 通过集群id和namespace名称确认namespace id,判断是否有namespace权限
ns_id = ns_name_id_map.get((info["cluster_id"], info["namespace"]))
if not ns_id:
raise ValidationError(
_("集群:{}下没有查询到namespace:{}").format(
info["cluster_id"], info["namespace"]))
ns_perm = bcs_perm.Namespace(request, project_id, ns_id)
ns_perm.can_use(raise_exception=True)
def can_use_namespaces(request, project_id, namespaces):
"""
namespaces: [(cluster_id, ns_name)]
"""
namespace_data = get_project_namespaces(request.user.token.access_token, project_id)
# format: {(cluster_id, ns_name): ns_id}
namespace_dict = {(ns['cluster_id'], ns['name']): ns['id'] for ns in namespace_data}
for ns in namespaces:
ns_id = namespace_dict.get(ns)
perm = bcs_perm.Namespace(request, project_id, ns_id)
perm.can_use(raise_exception=True)
def _validate_namespace_use_perm(self, request, project_id, namespace_list):
"""检查是否有命名空间的使用权限"""
namespace_map = self._get_namespace_map(project_id)
for namespace in namespace_list:
if namespace in self.NO_PERM_NS:
raise error_codes.APIError(_("namespace operation is not allowed"))
namespace_id = namespace_map.get(namespace)
# 检查是否有命名空间的使用权限
perm = bcs_perm.Namespace(request, project_id, namespace_id)
perm.can_use(raise_exception=True)
def _validate_namespace_use_perm(self, project_id: str, cluster_id: str,
namespaces: List):
""" 检查是否有命名空间的使用权限 """
namespace_map = self._get_namespace_map(project_id)
for ns in namespaces:
if ns in constants.SM_NO_PERM_NAMESPACE:
raise error_codes.APIError(_('不允许操作命名空间 {}').format(ns))
namespace_id = namespace_map.get((cluster_id, ns))
# 检查是否有命名空间的使用权限
perm = bcs_perm.Namespace(self.request, project_id, namespace_id)
perm.can_use(raise_exception=True)
def bcs_single_app_perm_handler(self, request, project_id, muster_id, ns_id, source_type="模板集"):
"""针对具体资源的权限处理"""
# 继承命名空间的权限
ns_perm = bcs_perm.Namespace(request, project_id, ns_id)
ns_perm.can_use(raise_exception=True)
if source_type == "模板集":
muster_info = Template.objects.filter(id=muster_id, is_deleted=False).first()
if not muster_info:
raise error_codes.CheckFailed(_("没有查询到模板集信息"))
# 继承模板集的权限
tmpl_perm = bcs_perm.Templates(request, project_id, muster_id, resource_name=muster_info.name)
tmpl_perm.can_use(raise_exception=True)
def bcs_perm_handler(
self,
request,
project_id,
data,
filter_use=False,
ns_id_flag="namespace_id",
ns_name_flag='namespace',
tmpl_view=True,
): # noqa
"""列表权限处理"""
ns_perm_client = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES)
ns_ret_instance_list = ns_perm_client.hook_perms(
data, ns_id_flag=ns_id_flag, filter_use=filter_use, ns_name_flag=ns_name_flag
)
ns_ret_data_map = {info["id"]: info["permissions"] for info in ns_ret_instance_list}
if not tmpl_view:
for info in data:
if info['id'] in ns_ret_data_map:
info['permissions'] = info['permissions']
else:
info["permissions"] = {
"create": False,
"delete": False,
"view": False,
"edit": False,
"use": False,
} # noqa
return data
# ns_ret_data_map = {(info["namespace"], info["name"]): info["permissions"] for info in ns_ret_instance_list}
tmpl_perm_client = bcs_perm.Templates(request, project_id, bcs_perm.NO_RES)
tmpl_ret_instance_list = tmpl_perm_client.hook_perms(data, id_flag="muster_id", filter_use=filter_use)
# map handle
ret_data = []
for info in tmpl_ret_instance_list:
# item_key = (info["namespace"], info["name"])
if info["id"] in ns_ret_data_map:
curr_permissions = ns_ret_data_map[info["id"]]
insert_set = set(curr_permissions.keys()) & set(info["permissions"].keys())
diff_set = (set(info["permissions"].keys()) | set(curr_permissions.keys())) - insert_set
for key in insert_set:
info["permissions"][key] = info["permissions"][key] and curr_permissions[key]
for key in diff_set:
info["permissions"][key] = False
else:
info["permissions"] = {"create": False, "delete": False, "view": False, "edit": False, "use": False}
if filter_use:
if info["permissions"].get("use"):
ret_data.append(info)
continue
ret_data.append(info)
return ret_data
def delete(self, request, project_id, namespace_id, is_validate_perm=True):
access_token = request.user.token.access_token
# perm
perm = bcs_perm.Namespace(request, project_id, namespace_id)
perm.can_delete(raise_exception=is_validate_perm)
# start delete oper
client = Namespace(access_token, project_id, request.project.kind)
resp = client.delete(namespace_id)
# delete ns registered perm
perm.delete()
return response.Response(resp)
def check_namespace_use_perm(self, request, project_id, namespace_list):
"""检查是否有命名空间的使用权限
"""
access_token = request.user.token.access_token
# 根据 namespace 查询 ns_id
namespace_res = paas_cc.get_namespace_list(
access_token, project_id, limit=constants.ALL_LIMIT)
namespace_data = namespace_res.get('data', {}).get('results') or []
namespace_dict = {i['name']: i['id'] for i in namespace_data}
for namespace in namespace_list:
namespace_id = namespace_dict.get(namespace)
# 检查是否有命名空间的使用权限
perm = bcs_perm.Namespace(request, project_id, namespace_id)
perm.can_use(raise_exception=True)
return namespace_dict
def list(self, request, project_id, cluster_id):
""" 获取 ServiceMonitor 列表 """
cluster_map = self._get_cluster_map(project_id)
namespace_map = self._get_namespace_map(project_id)
if cluster_id not in cluster_map:
raise error_codes.APIError(_('集群 ID {} 不合法').format(cluster_id))
client = K8SClient(request.user.token.access_token, project_id, cluster_id, env=None)
manifest = client.list_service_monitor()
response_data = self._handle_items(cluster_id, cluster_map, namespace_map, manifest)
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES)
response_data = perm.hook_perms(response_data, ns_id_flag='namespace_id')
response_data = self._update_service_monitor_perm(response_data)
return Response(response_data)
def list(self, request, project_id, cluster_id):
cluster_map = self._get_cluster_map(project_id)
namespace_map = self._get_namespace_map(project_id)
data = []
if cluster_id not in cluster_map:
raise error_codes.APIError(_("cluster_id not valid"))
client = self._get_client(request, project_id, cluster_id)
items = self._handle_items(cluster_id, cluster_map, namespace_map, client.list_service_monitor())
data.extend(items)
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES)
data = perm.hook_perms(data, ns_id_flag="namespace_id")
self.filter_no_perm(data)
return Response(data)
def delete(self, request, project_id, namespace_id, is_validate_perm=True):
"""删除集群
"""
access_token = request.user.token.access_token
# 检查权限
perm = bcs_perm.Namespace(request, project_id, namespace_id)
perm.can_delete(raise_exception=is_validate_perm)
access_token = request.user.token.access_token
ns_result = paas_cc.get_namespace(access_token, project_id,
namespace_id)
if ns_result.get('code') != 0:
raise error_codes.APIError.f(ns_result.get('message', ''))
ns_data = ns_result.get('data')
cluster_id = ns_data.get('cluster_id')
name = ns_data.get('name')
project_kind = request.project.kind
if project_kind == K8S_PROJECT_KIND:
client = K8SClient(access_token, project_id, cluster_id, env=None)
elif project_kind == MESOS_PROJECT_KIND:
client = MesosClient(access_token,
project_id,
cluster_id,
env=None)
else:
raise ValidationError("项目编排类型不正确")
# 删除 namespace
result = client.delete_namespace(name)
if result.get('code') != 0:
raise error_codes.ComponentError.f("删除Namespace失败,%s, 请联系管理员解决" %
result.get('message'))
result = paas_cc.delete_namespace(access_token, project_id,
namespace_id)
if result.get('code') != 0:
raise error_codes.APIError.f(result.get('message'))
# 删除资源
perm.delete()
return response.Response(result)
def delete(self, request, project_id, namespace_id, is_validate_perm=True):
# NOTE: open mesos delete namespace, when mesos api ready
if request.project.kind == ProjectKind.MESOS.value:
raise error_codes.NotOpen('mesos api not ready')
access_token = request.user.token.access_token
# perm
perm = bcs_perm.Namespace(request, project_id, namespace_id)
perm.can_delete(raise_exception=is_validate_perm)
# start delete oper
client = Namespace(access_token, project_id, request.project.kind)
resp = client.delete(namespace_id)
# delete ns registered perm
perm.delete()
return response.Response(resp)
def can_use_instance(cls,
request,
project_id,
ns_id,
tmpl_set_id=None,
source_type=SourceType.TEMPLATE):
# 继承命名空间的权限
ns_perm = bcs_perm.Namespace(request, project_id, ns_id)
ns_perm.can_use(raise_exception=True)
if source_type == SourceType.TEMPLATE:
tmpl_set_info = Template.objects.filter(id=tmpl_set_id).first()
if not tmpl_set_info:
raise error_codes.CheckFailed(
f"template:{tmpl_set_id} not found")
# 继承模板集的权限
tmpl_perm = bcs_perm.Templates(request,
project_id,
tmpl_set_id,
resource_name=tmpl_set_info.name)
tmpl_perm.can_use(raise_exception=True)
def delete(self, request, project_id, namespace_id, is_validate_perm=True):
access_token = request.user.token.access_token
# 针对mesos,需要删除完对应的资源才允许操作
if request.project.kind == ProjectKind.MESOS.value:
res_names = self._get_resources(request, project_id, namespace_id)
if [name for name_list in res_names.values() for name in name_list]:
raise error_codes.CheckFailed(_("请先删除命名空间下的资源"))
# perm
perm = bcs_perm.Namespace(request, project_id, namespace_id)
perm.can_delete(raise_exception=is_validate_perm)
# start delete oper
client = Namespace(access_token, project_id, request.project.kind)
resp = client.delete(namespace_id)
# delete ns registered perm
perm.delete()
return response.Response(resp)
def _validate_namespace_use_perm(
self, request, project_id: str,
cluster_namespace_list: List[Tuple]) -> None:
"""
检查是否有命名空间的使用权限
:param request: Django Request
:param project_id: 项目 ID
:param cluster_namespace_list: 集群-命名空间列表,格式:[(cluster_id, namespace)]
:return:
"""
namespace_map = self._get_namespace_map(project_id)
for cluster_id, namespace in cluster_namespace_list:
if namespace in self.NO_PERM_NS:
raise error_codes.APIError(
_("namespace operation is not allowed"))
namespace_id = namespace_map.get((cluster_id, namespace))
# 检查是否有命名空间的使用权限
perm = bcs_perm.Namespace(request, project_id, namespace_id)
perm.can_use(raise_exception=True)
