def has_bcs_service(self, access_token, project_id, request_namespace):
"""判断是否开启容器服务
开启后就不能关闭,所以缓存很久,默认30天
"""
cache_key = f"BK_DEVOPS_BCS:HAS_BCS_SERVICE:{project_id}"
project = region.get(cache_key, expiration_time=3600 * 24 * 30)
if not project or not isinstance(project, FancyDict):
result = paas_cc.get_project(access_token, project_id)
project = result.get("data") or {}
# coes: container orchestration engines
project['coes'] = project['kind']
try:
from backend.container_service.projects.utils import get_project_kind
# k8s类型包含kind为1(bcs k8s)或其它属于k8s的编排引擎
project['kind'] = get_project_kind(project['kind'])
except ImportError:
pass
project = FancyDict(project)
if request_namespace in SKIP_REQUEST_NAMESPACE:
# 如果是SKIP_REQUEST_NAMESPACE,有更新接口,不判断kind
if project.get("cc_app_id") != 0:
region.set(cache_key, project)
elif project.get("cc_app_id") != 0:
region.set(cache_key, project)
else:
# 其他抛出没有开启容器服务
raise error_codes.NoBCSService()
return project
def has_bcs_service(self, access_token, project_id, request_namespace):
"""判断是否开启容器服务
开启后就不能关闭,所以缓存很久,默认30天
"""
cache_key = f'BK_DEVOPS_BCS:HAS_BCS_SERVICE:{project_id}'
project = region.get(cache_key, expiration_time=3600 * 24 * 30)
if not project or not isinstance(project, FancyDict):
result = paas_cc.get_project(access_token, project_id)
project = result.get('data') or {}
project = FancyDict(project)
if request_namespace in SKIP_REQUEST_NAMESPACE:
# 如果是SKIP_REQUEST_NAMESPACE,有更新接口,不判断kind
if project.get('cc_app_id') != 0 and project.get(
'kind') in ClusterType:
region.set(cache_key, project)
elif project.get('kind') in ClusterType:
# 如果已经开启容器服务,判断是否cc_app_id再缓存
if project.get('cc_app_id') != 0:
region.set(cache_key, project)
else:
# 其他抛出没有开启容器服务
raise error_codes.NoBCSService()
return project
def _get_project_id(self, access_token, project_id_or_code: str) -> str:
cache_key = f'BK_DEVOPS_BCS:PROJECT_ID:{project_id_or_code}'
project_id = region.get(cache_key, expiration_time=EXPIRATION_TIME)
if not project_id:
paas_cc = PaaSCCClient(auth=ComponentAuth(access_token))
project_data = paas_cc.get_project(project_id_or_code)
project_id = project_data['project_id']
region.set(cache_key, project_id)
return project_id
def get_project_code(self, access_token, project_id):
"""获取project_code
缓存较长时间
"""
cache_key = f'BK_DEVOPS_BCS:PROJECT_CODE:{project_id}'
project_code = region.get(cache_key, expiration_time=3600 * 24 * 30)
if not project_code:
result = paas_cc.get_project(access_token, project_id)
if result.get('code') != 0:
return None
project_code = result['data']['english_name']
region.set(cache_key, project_code)
return project_code
def test_access_project_permission(self, bk_user, project_id):
request = factory.get('/1', format='json')
force_authenticate(request, user=bk_user)
p_view = AccessProjectView.as_view({'get': 'get'})
# 无权限的项目
response = p_view(request, project_id=project_id)
assert response.data.get('message') == "no project permissions"
# 有权限的项目
response = p_view(request, project_id=HAS_PERM_PROJECT_ID)
assert response.data.get('project_id') == HAS_PERM_PROJECT_ID
assert region.get(f'BK_DEVOPS_BCS:PROJECT_ID:{HAS_PERM_PROJECT_ID}'
) == HAS_PERM_PROJECT_ID
def get_project_code(self, access_token, project_id):
"""获取project_code
缓存较长时间
"""
cache_key = f"BK_DEVOPS_BCS:PROJECT_CODE:{project_id}"
project_code = region.get(cache_key, expiration_time=3600 * 24 * 30)
if not project_code:
# 这里的project_id对应实际的project_id或project_code, paas_cc接口兼容了两种类型的查询
result = paas_cc.get_project(access_token, project_id)
if result.get("code") != 0:
return None
project_code = result["data"]["english_name"]
region.set(cache_key, project_code)
return project_code
def get_access_token_by_credentials(bk_token):
"""Request a new request token by credentials"""
cache_key = f'BK_BCS:USER_ACCESS_TOKEN_INFO:{bk_token}'
# 每过【一小时】必定失效,需要重新获取
token_info = region.get(cache_key, expiration_time=60 * 60)
# 获取不到 access_token 信息 或 被标记为过期 都需要重新获取
if not token_info or token_info['expires_at'] < arrow.now():
resp = ssm.get_bk_login_access_token(bk_token)
token_info = {
'access_token': resp['access_token'],
'expires_at': arrow.now().shift(seconds=resp['expires_in']),
}
region.set(cache_key, token_info)
return token_info['access_token']
def test_project_has_bcs(self, bk_user):
request = factory.get('/1', format='json')
force_authenticate(request, user=bk_user)
p_view = ProjectEnableBCSView.as_view({'get': 'get'})
# 未启用BCS的项目
response = p_view(request, project_id=generate_random_string(32))
assert response.data.get('message') == "project does not enable bcs"
# 启用BCS的项目
response = p_view(request, project_id=HAS_PERM_PROJECT_ID)
assert response.data.get('project_id') == HAS_PERM_PROJECT_ID
assert region.get(
f'BK_DEVOPS_BCS:ENABLED_BCS_PROJECT:{HAS_PERM_PROJECT_ID}'
).project_id == HAS_PERM_PROJECT_ID
def get_project_id(self, access_token, project_id):
"""获取project_id
缓存较长时间
# TODO 临时使用
"""
cache_key = f"BK_DEVOPS_BCS:REAL_PROJECT_ID:{project_id}"
real_project_id = region.get(cache_key, expiration_time=3600 * 24 * 30)
if not real_project_id:
# 这里的project_id对应实际的project_id或project_code, paas_cc接口兼容了两种类型的查询
result = paas_cc.get_project(access_token, project_id)
if result.get("code") != 0:
return None
real_project_id = result["data"]["project_id"]
region.set(cache_key, real_project_id)
return real_project_id
def _get_enabled_project(self, access_token,
project_id_or_code: str) -> Optional[FancyDict]:
cache_key = f"BK_DEVOPS_BCS:ENABLED_BCS_PROJECT:{project_id_or_code}"
project = region.get(cache_key, expiration_time=EXPIRATION_TIME)
if project and isinstance(project, FancyDict):
return project
paas_cc = PaaSCCClient(auth=ComponentAuth(access_token))
project_data = paas_cc.get_project(project_id_or_code)
project = FancyDict(**project_data)
self._refine_project(project)
# 用户绑定了项目, 并且选择了编排类型
if project.cc_app_id != 0 and project.kind in ClusterType:
region.set(cache_key, project)
return project
return None
def _get_enabled_project(self, access_token,
project_id_or_code: str) -> Optional[FancyDict]:
cache_key = bcs_project_cache_key.format(
project_id_or_code=project_id_or_code)
project = region.get(cache_key, expiration_time=EXPIRATION_TIME)
if project and isinstance(project, FancyDict):
return project
paas_cc = PaaSCCClient(auth=ComponentAuth(access_token))
project_data = paas_cc.get_project(project_id_or_code)
project = FancyDict(**project_data)
self._refine_project(project)
# 项目绑定了业务,即开启容器服务
if project.cc_app_id != 0:
region.set(cache_key, project)
return project
return None
def _get_bcs_api_credentials(self, env_name: str) -> Dict[str, str]:
"""获取通过 bcs api 网关访问集群 apiserver的鉴权信息
:param env_name: 集群所属环境,包含正式环境和测试环境
"""
# TODO: 兼容逻辑,待 bcs api 新架构稳定后,废弃下面逻辑
# 因为bcs cluster id(带有后缀随机字符的cluster id)注册后,不会变动;因此,可以长期缓存
cache_key = f"BK_DEVOPS_BCS:CLUSTER_ID:{self.cluster.id}"
bcs_cluster_id = region.get(cache_key, expiration_time=BCS_CLUSTER_EXPIRATION_TIME)
if not bcs_cluster_id:
bcs_cluster_id = self.bcs_api.query_cluster_id(env_name, self.cluster.project_id, self.cluster.id)
region.set(cache_key, bcs_cluster_id)
# 获取对应的credentials信息
credentials = self.bcs_api.get_cluster_credentials(env_name, bcs_cluster_id)
return {
"host": f"{self._get_apiservers_host(env_name)}{credentials['server_address_path']}".rstrip("/"),
"user_token": credentials["user_token"],
}
