def process(self, request, *args, **kwargs):
if request.is_trust:
return
params = json.loads(request.body)
template_source = params.get("template_source", PROJECT)
template_id = kwargs["template_id"]
subject = Subject("user", request.user.username)
if template_source in NON_COMMON_TEMPLATE_TYPES:
action = Action(IAMMeta.FLOW_CREATE_TASK_ACTION)
resources = res_factory.resources_for_flow(template_id)
allow_or_raise_auth_failed(iam,
IAMMeta.SYSTEM_ID,
subject,
action,
resources,
cache=True)
else:
action = Action(IAMMeta.COMMON_FLOW_CREATE_TASK_ACTION)
resources = [
res_factory.resources_for_common_flow(template_id)[0],
res_factory.resources_for_project_obj(request.project)[0],
]
allow_or_raise_auth_failed(iam,
IAMMeta.SYSTEM_ID,
subject,
action,
resources,
cache=True)
def get_create_detail_resources(self, bundle):
from gcloud.core.resources import ProjectResource
try:
project = ProjectResource().get_via_uri(bundle.data.get("project"), request=bundle.request)
except NotFound:
raise BadRequest("project with uri(%s) does not exist" % bundle.data.get("project"))
return res_factory.resources_for_project_obj(project)
def process(self, request, *args, **kwargs):
if request.is_trust:
return
project = request.project
subject = Subject("user", request.user.username)
action = Action(IAMMeta.PROJECT_VIEW_ACTION)
resources = res_factory.resources_for_project_obj(project)
allow_or_raise_auth_failed(iam,
IAMMeta.SYSTEM_ID,
subject,
action,
resources,
cache=True)
def process(self, request, *args, **kwargs):
if request.is_trust:
return
project = request.project
subject = Subject("user", request.user.username)
action = Action(IAMMeta.PROJECT_FAST_CREATE_TASK_ACTION)
resources = res_factory.resources_for_project_obj(project)
allow_or_raise_auth_failed(iam,
IAMMeta.SYSTEM_ID,
subject,
action,
resources,
cache=True)
params = request.params_json
has_common_subprocess = params.get("has_common_subprocess", False)
templates_in_task = set()
pipeline_tree = params["pipeline_tree"]
for activity in pipeline_tree["activities"].values():
if "template_id" in activity:
templates_in_task.add(activity["template_id"])
if not has_common_subprocess:
action = Action(IAMMeta.FLOW_VIEW_ACTION)
resources_list = res_factory.resources_list_for_flows(
list(templates_in_task))
else:
action = Action(IAMMeta.COMMON_FLOW_VIEW_ACTION)
resources_list = res_factory.resources_list_for_common_flows(
list(templates_in_task))
allow_or_raise_immediate_response_for_resources_list(
iam=iam,
system=IAMMeta.SYSTEM_ID,
subject=subject,
action=action,
resources_list=resources_list,
)
def obj_create(self, bundle, **kwargs):
model = bundle.obj.__class__
try:
template_id = bundle.data["template_id"]
template_source = bundle.data.get("template_source", PROJECT)
creator = bundle.request.user.username
pipeline_instance_kwargs = {
"name": bundle.data.pop("name"),
"creator": creator,
"pipeline_tree": json.loads(bundle.data.pop("pipeline_tree")),
}
if "description" in bundle.data:
pipeline_instance_kwargs["description"] = bundle.data.pop("description")
except (KeyError, ValueError) as e:
raise BadRequest(str(e))
try:
project = ProjectResource().get_via_uri(bundle.data.get("project"), request=bundle.request)
except NotFound:
raise BadRequest("project with uri(%s) does not exist" % bundle.data.get("project"))
# perms validate
if template_source == PROJECT:
try:
template = TaskTemplate.objects.get(pk=template_id, project=project, is_deleted=False)
except TaskTemplate.DoesNotExist:
raise BadRequest("template[pk=%s] does not exist" % template_id)
create_method = bundle.data["create_method"]
# mini app create task perm
if create_method == "app_maker":
app_maker_id = bundle.data["create_info"]
try:
app_maker = AppMaker.objects.get(id=app_maker_id)
except AppMaker.DoesNotExist:
raise BadRequest("app_maker[pk=%s] does not exist" % app_maker_id)
allow_or_raise_immediate_response(
iam=iam,
system=IAMMeta.SYSTEM_ID,
subject=Subject("user", bundle.request.user.username),
action=Action(IAMMeta.MINI_APP_CREATE_TASK_ACTION),
resources=res_factory.resources_for_mini_app_obj(app_maker),
)
# flow create task perm
else:
allow_or_raise_immediate_response(
iam=iam,
system=IAMMeta.SYSTEM_ID,
subject=Subject("user", bundle.request.user.username),
action=Action(IAMMeta.FLOW_CREATE_TASK_ACTION),
resources=res_factory.resources_for_flow_obj(template),
)
else:
try:
template = CommonTemplate.objects.get(pk=template_id, is_deleted=False)
except CommonTemplate.DoesNotExist:
raise BadRequest("common template[pk=%s] does not exist" % template_id)
allow_or_raise_immediate_response(
iam=iam,
system=IAMMeta.SYSTEM_ID,
subject=Subject("user", bundle.request.user.username),
action=Action(IAMMeta.COMMON_FLOW_CREATE_TASK_ACTION),
resources=[
res_factory.resources_for_project_obj(project)[0],
res_factory.resources_for_common_flow_obj(template)[0],
],
)
# XSS handle
self.handle_task_name_attr(pipeline_instance_kwargs)
# validate pipeline tree
try:
validate_web_pipeline_tree(pipeline_instance_kwargs["pipeline_tree"])
except PipelineException as e:
raise BadRequest(str(e))
try:
pipeline_instance = model.objects.create_pipeline_instance(template, **pipeline_instance_kwargs)
except PipelineException as e:
raise BadRequest(str(e))
kwargs["category"] = template.category
if bundle.data["flow_type"] == "common_func":
kwargs["current_flow"] = "func_claim"
else:
kwargs["current_flow"] = "execute_task"
kwargs["pipeline_instance_id"] = pipeline_instance.id
# set engine type
kwargs["engine_ver"] = EngineConfig.objects.get_engine_ver(
project_id=project.id, template_id=template.id, template_source=template_source
)
super(TaskFlowInstanceResource, self).obj_create(bundle, **kwargs)
# crete auto retry strategy
arn_creator = AutoRetryNodeStrategyCreator(
taskflow_id=bundle.obj.id, root_pipeline_id=pipeline_instance.instance_id
)
arn_creator.batch_create_strategy(pipeline_instance.execution_data)
# create timeout config
TimeoutNodeConfig.objects.batch_create_node_timeout_config(
taskflow_id=bundle.obj.id,
root_pipeline_id=pipeline_instance.instance_id,
pipeline_tree=pipeline_instance.execution_data,
)
return bundle
def alter_list_data_to_serialize(self, request, data):
data = super().alter_list_data_to_serialize(request, data)
# 项目流程任务
templates_id = {
bundle.obj.template_id
for bundle in data["objects"]
if bundle.obj.template_id and bundle.obj.template_source == "project"
}
templates_allowed_actions = get_flow_allowed_actions_for_user(
request.user.username, [IAMMeta.FLOW_VIEW_ACTION, IAMMeta.FLOW_CREATE_TASK_ACTION], templates_id
)
template_info = TaskTemplate.objects.filter(id__in=templates_id).values(
"id", "pipeline_template__name", "is_deleted"
)
template_info_map = {
str(t["id"]): {"name": t["pipeline_template__name"], "is_deleted": t["is_deleted"]} for t in template_info
}
# 公共流程任务
common_templates_id = {
bundle.obj.template_id
for bundle in data["objects"]
if bundle.obj.template_id and bundle.obj.template_source == "common"
}
common_templates_allowed_actions = get_common_flow_allowed_actions_for_user(
request.user.username, [IAMMeta.COMMON_FLOW_VIEW_ACTION], common_templates_id,
)
common_template_info = CommonTemplate.objects.filter(id__in=common_templates_id).values(
"id", "pipeline_template__name", "is_deleted"
)
common_template_info_map = {
str(t["id"]): {"name": t["pipeline_template__name"], "is_deleted": t["is_deleted"]}
for t in common_template_info
}
for bundle in data["objects"]:
if bundle.obj.template_source == "project":
bundle.data["template_name"] = template_info_map.get(bundle.obj.template_id, {}).get("name")
bundle.data["template_deleted"] = template_info_map.get(bundle.obj.template_id, {}).get(
"is_deleted", True
)
for act, allowed in templates_allowed_actions.get(str(bundle.obj.template_id), {}).items():
if allowed:
bundle.data["auth_actions"].append(act)
elif bundle.obj.template_source == "common":
bundle.data["template_name"] = common_template_info_map.get(bundle.obj.template_id, {}).get("name")
bundle.data["template_deleted"] = common_template_info_map.get(bundle.obj.template_id, {}).get(
"is_deleted", True
)
for act, allowed in common_templates_allowed_actions.get(str(bundle.obj.template_id), {}).items():
if allowed:
bundle.data["auth_actions"].append(act)
action = IAMMeta.COMMON_FLOW_CREATE_TASK_ACTION
action_request = Request(
system=IAMMeta.SYSTEM_ID,
subject=Subject("user", request.user.username),
action=Action(action),
resources=[
res_factory.resources_for_project_obj(bundle.obj.project)[0],
res_factory.resources_for_common_flow(bundle.obj.template_id)[0],
],
environment=None,
)
allowed = iam.is_allowed(action_request)
if allowed:
bundle.data["auth_actions"].append(action)
return data
def get_update_detail_resources(self, bundle):
return res_factory.resources_for_project_obj(bundle.obj)
def obj_create(self, bundle, **kwargs):
try:
template_id = bundle.data.pop("template_id")
template_source = bundle.data.get("template_source", PROJECT)
name = bundle.data.pop("name")
cron = bundle.data.pop("cron")
pipeline_tree = json.loads(bundle.data.pop("pipeline_tree"))
except (KeyError, ValueError) as e:
message = "create periodic_task params error: %s" % e.message
logger.error(message)
raise BadRequest(message)
if not isinstance(cron, dict):
raise BadRequest("cron must be a object json string")
try:
project = ProjectResource().get_via_uri(bundle.data.get("project"),
request=bundle.request)
except NotFound:
raise BadRequest("project [uri=%s] does not exist" %
bundle.data.get("project"))
# check if the periodic task of the project reach the limit
periodic_task_limit = env.PERIODIC_TASK_PROJECT_MAX_NUMBER
project_config = ProjectConfig.objects.filter(
project_id=project.id).only("max_periodic_task_num").first()
if project_config and project_config.max_periodic_task_num > 0:
periodic_task_limit = project_config.max_periodic_task_num
if PeriodicTask.objects.filter(
project__id=project.id).count() >= periodic_task_limit:
raise BadRequest("Periodic task number reaches limit: {}".format(
periodic_task_limit))
if template_source == PROJECT:
try:
template = TaskTemplate.objects.get(id=template_id,
project=project,
is_deleted=False)
except TaskTemplate.DoesNotExist:
raise BadRequest(
"template[id={template_id}] of project[{project_id}] does not exist"
.format(template_id=template_id, project_id=project.id))
allow_or_raise_immediate_response(
iam=iam,
system=IAMMeta.SYSTEM_ID,
subject=Subject("user", bundle.request.user.username),
action=Action(IAMMeta.FLOW_CREATE_PERIODIC_TASK_ACTION),
resources=res_factory.resources_for_flow_obj(template),
)
try:
replace_template_id(TaskTemplate, pipeline_tree)
except TaskTemplate.DoesNotExist:
raise BadRequest(
"invalid subprocess, check subprocess node please")
elif template_source == COMMON:
try:
template = CommonTemplate.objects.get(id=template_id,
is_deleted=False)
except CommonTemplate.DoesNotExist:
raise BadRequest("common template[id=%s] does not exist" %
template_id)
allow_or_raise_immediate_response(
iam=iam,
system=IAMMeta.SYSTEM_ID,
subject=Subject("user", bundle.request.user.username),
action=Action(IAMMeta.COMMON_FLOW_CREATE_PERIODIC_TASK_ACTION),
resources=[
res_factory.resources_for_project_obj(project)[0],
res_factory.resources_for_common_flow_obj(template)[0],
],
)
try:
replace_template_id(CommonTemplate, pipeline_tree)
except TaskTemplate.DoesNotExist:
raise BadRequest(
"invalid subprocess, check subprocess node please")
else:
raise BadRequest("invalid template_source[%s]" % template_source)
# XSS handle
name = standardize_name(name, PERIOD_TASK_NAME_MAX_LENGTH)
creator = bundle.request.user.username
# validate pipeline tree
try:
validate_web_pipeline_tree(pipeline_tree)
except PipelineException as e:
raise BadRequest(str(e))
kwargs["template_id"] = template_id
kwargs["template_source"] = template_source
try:
kwargs["task"] = PeriodicTask.objects.create_pipeline_task(
project=project,
template=template,
name=name,
cron=cron,
pipeline_tree=pipeline_tree,
creator=creator,
template_source=template_source,
)
except Exception as e:
logger.warning(traceback.format_exc())
raise BadRequest(str(e))
response = super(PeriodicTaskResource,
self).obj_create(bundle, **kwargs)
response.obj.set_enabled(True)
return response
