def list_auth_projects(access_token: str, username: str = '') -> Dict:
"""获取用户有权限(project_view)的所有项目"""
if not username:
authorization = ssm.get_authorization_by_access_token(access_token)
username = authorization['identity']['username']
perm_filter = ProjectFilter().make_view_perm_filter(username)
if not perm_filter:
return {'code': 0, 'data': []}
# 如果是 any, 表示所有项目
if ProjectFilter.op_is_any(perm_filter):
if settings.REGION != 'ce':
# 非 ce 版本可能项目很多, PaaSCCClient 接口拉取超时, 降级处理不返回
logger.error(f'{username} project filter match any!')
return {'code': 0, 'data': []}
client = PaaSCCClient(auth=ComponentAuth(access_token))
projects = client.list_all_projects()
else:
project_id_list = perm_filter.get('value')
if not project_id_list:
return {'code': 0, 'data': []}
client = PaaSCCClient(auth=ComponentAuth(access_token))
projects = client.list_projects_by_ids(project_id_list)
for p in projects:
p['project_code'] = p['english_name']
return {'code': 0, 'data': projects}
def test_update_node_list(self, project_id, cluster_id, requests_mock):
requests_mock.patch(
ANY,
json={
"code":
0,
"data": [{
"inner_ip": "127.0.0.1",
"cluster_id": cluster_id,
"project_id": project_id,
"status": "normal"
}],
},
)
client = PaaSCCClient(ComponentAuth('token'))
resp = client.update_node_list(
project_id, cluster_id,
[UpdateNodesData(inner_ip="127.0.0.1", status="normal")])
assert resp == [{
"inner_ip": "127.0.0.1",
"cluster_id": cluster_id,
"project_id": project_id,
"status": "normal"
}]
assert requests_mock.called
assert requests_mock.request_history[0].method == "PATCH"
def test_get_node_list(self, project_id, cluster_id, requests_mock):
requests_mock.get(ANY, json={"code": 0, "data": {"count": 1, "results": [{"inner_ip": "127.0.0.1"}]}})
client = PaaSCCClient(ComponentAuth("token"))
resp = client.get_node_list(project_id, cluster_id)
assert resp == {"count": 1, "results": [{"inner_ip": "127.0.0.1"}]}
assert "desire_all_data" in requests_mock.last_request.qs
def convert_ip_used_data(
access_token: str, project_id: str, cluster_id: str, ip_used_data: Dict[str, bool]
) -> Dict[str, bool]:
"""转换为ip信息
NOTE: 历史数据可能为{ip_id: 是否使用},需要把ip_id转换为ip
:param access_token: access_token
:param project_id: 项目ID
:param cluster_id: 集群ID
:param ip_used_data: IP信息,格式为{ip: True}
:return: 返回IP信息
"""
nodes = PaaSCCClient(auth=ComponentAuth(access_token)).get_node_list(project_id, cluster_id)
node_id_ip = {info["id"]: info["inner_ip"] for info in nodes["results"] or []}
# 通过ip id, 获取ip
_ip_used_data = {}
for ip, used in ip_used_data.items():
try:
# 临时数据中IP为节点ID,需要转换为对应的IP
ip_id = int(ip)
if node_id_ip.get(ip_id):
_ip_used_data[node_id_ip[ip_id]] = used
except ValueError:
_ip_used_data[ip] = used
return _ip_used_data
def test_list_all_projects(self, requests_mock):
requests_mock.get(
ANY,
json={
'code': 0,
'data': [
{
'description': 'asdfsdf',
'english_name': 'a1',
'project_id': 'e5e7c623798f41f18211c8b25895ef6f',
'project_name': 'asdfasdf',
},
{
'description': 'public scan',
'english_name': 'CODE_716498',
'project_id': '47ceebac77214c77b794f7a6bb63ba14',
'project_name': 'CODE_716498',
},
],
},
)
client = PaaSCCClient(ComponentAuth("token"))
data = client.list_all_projects()
assert len(data) == 2
assert "desire_all_data" in requests_mock.last_request.qs
def test_get_cluster_simple(self, project_id, cluster_id, requests_mock):
requests_mock.get(ANY, json={'foo': 'bar'})
client = PaaSCCClient(ComponentAuth('token'))
resp = client.get_cluster(project_id, cluster_id)
assert resp == {'foo': 'bar'}
assert requests_mock.called
def test_get_cluster_by_id(self, cluster_id, requests_mock):
requests_mock.get(ANY, json={'code': 0, 'data': {'cluster_id': cluster_id}})
client = PaaSCCClient(ComponentAuth('token'))
resp = client.get_cluster_by_id(cluster_id)
assert resp == {'cluster_id': cluster_id}
assert requests_mock.called
def test_delete_cluster(self, project_id, cluster_id, requests_mock):
requests_mock.delete(ANY, json={"code": 0, "data": None})
client = PaaSCCClient(ComponentAuth('token'))
resp = client.delete_cluster(project_id, cluster_id)
assert resp is None
assert requests_mock.called
assert requests_mock.request_history[0].method == "DELETE"
def test_update_cluster(self, project_id, cluster_id, requests_mock):
requests_mock.put(
ANY, json={"code": 0, "data": {"cluster_id": cluster_id, "project_id": project_id, "status": "normal"}}
)
client = PaaSCCClient(ComponentAuth('token'))
resp = client.update_cluster(project_id, cluster_id, {"status": "normal"})
assert resp == {"cluster_id": cluster_id, "project_id": project_id, "status": "normal"}
assert requests_mock.called
def get_cluster_namespaces(ctx_cluster: CtxCluster, namespace: str) -> Dict:
"""获取集群下的命名空间信息
:returns: 返回集群下的命名空间信息,格式: {"count": 1, "results": []}
"""
client = paas_cc.PaaSCCClient(
ComponentAuth(ctx_cluster.context.auth.access_token))
return client.get_cluster_namespace_list(project_id=ctx_cluster.project_id,
cluster_id=ctx_cluster.id)
def filter_namespaces(self, cluster_id: str):
paas_cc = PaaSCCClient(auth=ComponentAuth(self.access_token))
ns_data = paas_cc.get_cluster_namespace_list(
project_id=self.project_id, cluster_id=cluster_id)
ns_list = ns_data['results'] or []
# 过滤掉 k8s 系统和 bcs 平台使用的命名空间
return [ns for ns in ns_list if ns['name'] not in K8S_PLAT_NAMESPACE]
def _list_namespaces(self, cluster_id: str, shared_cluster_ids: List[str]) -> List[Dict]:
paas_cc = PaaSCCClient(auth=ComponentAuth(get_system_token()))
if cluster_id not in shared_cluster_ids:
cluster = paas_cc.get_cluster_by_id(cluster_id=cluster_id)
ns_data = paas_cc.get_cluster_namespace_list(project_id=cluster['project_id'], cluster_id=cluster_id)
return ns_data['results'] or []
# 共享集群获取
ns_data = paas_cc.list_namespaces_in_shared_cluster(cluster_id)
return ns_data['results'] or []
def query_bcs_cc_nodes(ctx_cluster: CtxCluster) -> List:
"""查询bcs cc中的节点数据"""
client = PaaSCCClient(
ComponentAuth(access_token=ctx_cluster.context.auth.access_token))
node_data = client.get_node_list(ctx_cluster.project_id, ctx_cluster.id)
return {
node["inner_ip"]: node
for node in (node_data.get("results") or [])
if node["status"] not in [NodeStatus.Removed]
}
def test_get_cluster_simple(self, project_id, cluster_id, requests_mock):
requests_mock.get(ANY, json={'id': 'foo-id'})
client = BcsApiClient(ComponentAuth('fake_token'))
result = client.query_cluster_id('stag', project_id, cluster_id)
assert result == 'foo-id'
req_history = requests_mock.request_history[0]
# Assert token was in request headers and access_token was in query string
assert req_history.headers.get('Authorization') == BCS_AUTH_TOKEN
assert 'access_token=fake_token' in req_history.url
def get_ns_id(access_token: str, project_id: str, cluster_id: str,
namespace: str) -> int:
"""获取命名空间ID"""
client = PaaSCCClient(ComponentAuth(access_token))
data = client.get_cluster_namespace_list(project_id, cluster_id)
# 匹配命名空间名称
for ns in data.get("results") or []:
if ns["name"] == namespace:
return ns["id"]
raise ValidationError(
_("集群:{}下没有查询到命名空间:{}").format(cluster_id, namespace))
def _get_project_id(self, access_token, project_id_or_code: str) -> str:
cache_key = f'BK_DEVOPS_BCS:PROJECT_ID:{project_id_or_code}'
project_id = region.get(cache_key, expiration_time=EXPIRATION_TIME)
if not project_id:
paas_cc = PaaSCCClient(auth=ComponentAuth(access_token))
project_data = paas_cc.get_project(project_id_or_code)
project_id = project_data['project_id']
region.set(cache_key, project_id)
return project_id
def cache_api_host(access_token, project_id, cluster_id, env):
"""cached api host
cache performance, importance, cluster id shoud be unique
"""
if cluster_id:
client = paas_cc.PaaSCCClient(auth=ComponentAuth(access_token))
cluster = client.get_cluster_by_id(cluster_id)
stag = settings.BCS_API_ENV[cluster['environment']]
else:
stag = env
return f"{BCS_API_PRE_URL}/{stag}"
def _get_namespace_id(self):
"""获取命名空间ID,用于权限相关验证"""
client = PaaSCCClient(
ComponentAuth(
access_token=self.ctx_cluster.context.auth.access_token))
namespaces = client.get_cluster_namespace_list(
project_id=self.ctx_cluster.project_id,
cluster_id=self.ctx_cluster.id)
for ns in namespaces["results"]:
if self.namespace != ns["name"]:
continue
return ns["id"]
return -1
def fetch_instance_info(self, filter_obj: FancyDict,
**options) -> ListResult:
"""
批量获取集群属性详情
:param filter_obj: 查询参数字典
:return: ListResult 类型的实例列表
"""
cluster_ids = filter_obj.ids
paas_cc = PaaSCCClient(auth=ComponentAuth(get_system_token()))
cluster_list = paas_cc.list_clusters(cluster_ids)
results = [{
'id': cluster['cluster_id'],
'display_name': cluster['name']
} for cluster in cluster_list]
return ListResult(results=results, count=len(results))
def _get_enabled_project(self, access_token,
project_id_or_code: str) -> Optional[FancyDict]:
cache_key = f"BK_DEVOPS_BCS:ENABLED_BCS_PROJECT:{project_id_or_code}"
project = region.get(cache_key, expiration_time=EXPIRATION_TIME)
if project and isinstance(project, FancyDict):
return project
paas_cc = PaaSCCClient(auth=ComponentAuth(access_token))
project_data = paas_cc.get_project(project_id_or_code)
project = FancyDict(**project_data)
self._refine_project(project)
# 用户绑定了项目, 并且选择了编排类型
if project.cc_app_id != 0 and project.kind in ClusterType:
region.set(cache_key, project)
return project
return None
def _get_enabled_project(self, access_token,
project_id_or_code: str) -> Optional[FancyDict]:
cache_key = bcs_project_cache_key.format(
project_id_or_code=project_id_or_code)
project = region.get(cache_key, expiration_time=EXPIRATION_TIME)
if project and isinstance(project, FancyDict):
return project
paas_cc = PaaSCCClient(auth=ComponentAuth(access_token))
project_data = paas_cc.get_project(project_id_or_code)
project = FancyDict(**project_data)
self._refine_project(project)
# 项目绑定了业务,即开启容器服务
if project.cc_app_id != 0:
region.set(cache_key, project)
return project
return None
def from_token(cls, access_token: str) -> 'ModelContext':
"""根据当前 token 生成 context 对象"""
auth = ComponentAuth(access_token)
return cls(auth)
def __init__(self, auth: ComponentAuth):
self._config = PaaSCCConfig(host=BCS_CC_API_PRE_URL)
self._client = BaseHttpClient(auth.to_header_api_auth())
def test_get_cluster_credentials(self, requests_mock):
requests_mock.get(ANY, json={'name': 'foo'})
client = BcsApiClient(ComponentAuth('fake_token'))
resp = client.get_cluster_credentials('stag', 'fake-bcs-cluster-foo')
assert resp == {'name': 'foo'}
def _list_namespaces(self, cluster_id: str) -> List[Dict]:
paas_cc = PaaSCCClient(auth=ComponentAuth(get_system_token()))
cluster = paas_cc.get_cluster_by_id(cluster_id=cluster_id)
ns_data = paas_cc.get_cluster_namespace_list(
project_id=cluster['project_id'], cluster_id=cluster_id)
return ns_data['results']