def destroy(self, request, project_id, cluster_id, namespace, name):
# 操作类接口统一检查集群操作权限
validate_cluster_perm(request, project_id, cluster_id)
client = self.resource_client(request.ctx_cluster)
request.audit_ctx.update_fields(
resource_type=self.resource_client.kind.lower(), resource=f'{namespace}/{name}'
)
try:
response_data = client.delete(name=name, namespace=namespace).to_dict()
except DynamicApiError as e:
raise DeleteResourceError(_('删除资源失败: {}').format(e.summary()))
return Response(response_data)
def destroy(self, request, project_id, cluster_id, crd_name, custom_obj_name):
""" 删除自定义资源 """
validate_cluster_perm(request, project_id, cluster_id)
params = self.params_validate(slzs.DestroyCustomObjectSLZ)
namespace = params.get('namespace') or None
self._update_audit_ctx(request, namespace, crd_name, custom_obj_name)
client = get_cobj_client_by_crd(request.ctx_cluster, crd_name)
try:
response_data = client.delete(name=custom_obj_name, namespace=namespace).to_dict()
except DynamicApiError as e:
raise DeleteResourceError(_('删除资源失败: {}').format(e.summary()))
return Response(response_data)
def create(self, request, project_id, cluster_id, crd_name):
""" 创建自定义资源 """
validate_cluster_perm(request, project_id, cluster_id)
params = self.params_validate(slzs.CreateCustomObjectSLZ)
namespace = getitems(params, 'manifest.metadata.namespace')
cus_obj_name = getitems(params, 'manifest.metadata.name')
self._update_audit_ctx(request, namespace, crd_name, cus_obj_name)
client = get_cobj_client_by_crd(request.ctx_cluster, crd_name)
try:
response_data = client.create(namespace=namespace, body=params['manifest'], is_format=False).data.to_dict()
except DynamicApiError as e:
raise CreateResourceError(_('创建资源失败: {}').format(e.summary()))
except ValueError as e:
raise CreateResourceError(_('创建资源失败: {}').format(str(e)))
return Response(response_data)
def create(self, request, project_id, cluster_id, namespace=None):
# 操作类接口统一检查集群操作权限
validate_cluster_perm(request, project_id, cluster_id)
params = self.params_validate(CreateResourceSLZ)
client = self.resource_client(request.ctx_cluster)
namespace = namespace or getitems(params, 'manifest.metadata.namespace')
request.audit_ctx.update_fields(
resource_type=self.resource_client.kind.lower(),
resource=f"{namespace}/{getitems(params, 'manifest.metadata.name')}",
)
try:
response_data = client.create(namespace=namespace, body=params['manifest'], is_format=False).data.to_dict()
except DynamicApiError as e:
raise CreateResourceError(_('创建资源失败: {}').format(e.summary()))
except ValueError as e:
raise CreateResourceError(_('创建资源失败: {}').format(str(e)))
return Response(response_data)
def reschedule(self, request, project_id, cluster_id, namespace, name):
""" 重新调度 Pod(仅对有父级资源的 Pod 有效) """
# 操作类接口统一检查集群操作权限
validate_cluster_perm(request, project_id, cluster_id)
client = Pod(request.ctx_cluster)
request.audit_ctx.update_fields(
resource_type=self.resource_client.kind.lower(),
resource=f'{namespace}/{name}')
# 检查 Pod 配置,必须有父级资源才可以重新调度
pod_manifest = client.fetch_manifest(namespace, name)
if not getitems(pod_manifest, 'metadata.ownerReferences'):
raise OwnerReferencesNotExist(
_('Pod {}/{} 不存在父级资源,无法被重新调度').format(namespace, name))
# 重新调度的原理是直接删除 Pod,利用父级资源重新拉起服务
try:
response_data = client.delete(name=name,
namespace=namespace).to_dict()
except DynamicApiError as e:
raise DeleteResourceError(_('重新调度 Pod 失败: {}').format(e.summary()))
return Response(response_data)
def update(self, request, project_id, cluster_id, namespace, name):
# 操作类接口统一检查集群操作权限
validate_cluster_perm(request, project_id, cluster_id)
params = self.params_validate(UpdateResourceSLZ)
client = self.resource_client(request.ctx_cluster)
request.audit_ctx.update_fields(
resource_type=self.resource_client.kind.lower(), resource=f'{namespace}/{name}'
)
manifest = params['manifest']
# replace 模式下无需指定 resourceVersion
manifest['metadata'].pop('resourceVersion', None)
try:
response_data = client.replace(
body=manifest, namespace=namespace, name=name, is_format=False
).data.to_dict()
except DynamicApiError as e:
raise UpdateResourceError(_('更新资源失败: {}').format(e.summary()))
except ValueError as e:
raise UpdateResourceError(_('更新资源失败: {}').format(str(e)))
return Response(response_data)
def update(self, request, project_id, cluster_id, crd_name, custom_obj_name):
""" 更新自定义资源 """
validate_cluster_perm(request, project_id, cluster_id)
params = self.params_validate(slzs.UpdateCustomObjectSLZ)
namespace = getitems(params, 'manifest.metadata.namespace')
self._update_audit_ctx(request, namespace, crd_name, custom_obj_name)
client = get_cobj_client_by_crd(request.ctx_cluster, crd_name)
manifest = params['manifest']
# 自定义资源 Replace 也需要指定 resourceVersion
# 这里先 pop,通过在 replace 指定 auto_add_version=True 添加
manifest['metadata'].pop('resourceVersion', None)
try:
response_data = client.replace(
body=manifest, namespace=namespace, name=custom_obj_name, is_format=False, auto_add_version=True
).data.to_dict()
except DynamicApiError as e:
raise UpdateResourceError(_('更新资源失败: {}').format(e.summary()))
except ValueError as e:
raise UpdateResourceError(_('更新资源失败: {}').format(str(e)))
return Response(response_data)
def gen_base_web_annotations(request, project_id: str,
cluster_id: str) -> Dict:
""" 生成资源视图相关的页面控制信息,用于控制按钮展示等 """
has_cluster_perm = validate_cluster_perm(request,
project_id,
cluster_id,
raise_exception=False)
# 目前 创建 / 删除 / 更新 按钮权限 & 提示信息相同
tip = _('当前用户没有操作集群 {} 的权限').format(
cluster_id) if not has_cluster_perm else ''
btn_perm = {'clickable': has_cluster_perm, 'tip': tip}
return {
'perms': {
'page': {
'create_btn': btn_perm,
'update_btn': btn_perm,
'delete_btn': btn_perm,
'reschedule_pod_btn': btn_perm,
'web_console_btn': btn_perm,
}
}
}
