def register_default_ns(access_token, username, project_id, project_code,
cluster_id):
"""注册默认的命名空间(针对k8s集群)
1. 创建存储镜像账号的secret
2. 将 default 命名空间注册到paas_cc 上
project_code = request.project.english_name
"""
# 组装创建ns的数据
data = {'env_type': 'dev', 'name': 'default', 'cluster_id': cluster_id}
ns_base = NamespaceBase()
# 1. 创建存储镜像账号的secret
client = K8SClient(access_token, project_id, data['cluster_id'], env=None)
ns_base.create_jfrog_secret(client, access_token, project_id, project_code,
data)
# 2. 将 default 命名空间注册到paas_cc 上
result = paas_cc.create_namespace(access_token, project_id,
data['cluster_id'], data['name'], None,
username, data['env_type'])
if result.get('code') != 0:
if 'Duplicate entry' in result.get('message', ''):
message = _("创建失败,namespace名称已经在其他项目存在")
else:
message = result.get('message', '')
return False, message
# 注册资源到权限中心
request = RequestClass(username=username,
access_token=access_token,
project_code=project_code)
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES,
data['cluster_id'])
perm.register(str(result['data']['id']), result['data']['name'])
return True, _("命名空间[default]注册成功")
def create_flow(self, request, project_id, data, perm):
access_token = request.user.token.access_token
project_kind = request.project.kind
project_code = request.project.english_name
ns_name = data['name']
cluster_id = data['cluster_id']
if ClusterType.get(project_kind) == 'Kubernetes':
# k8s 集群需要调用 bcs api 初始化数据
self.init_namespace_by_bcs(access_token, project_id, project_code,
data)
has_image_secret = None
else:
self.init_mesos_ns_by_bcs(access_token, project_id, project_code,
cluster_id, ns_name)
has_image_secret = True
result = paas_cc.create_namespace(
access_token,
project_id,
cluster_id,
ns_name,
None, # description 现在没有用到
request.user.username,
data['env_type'],
has_image_secret,
)
if result.get('code') != 0:
if ClusterType.get(project_kind) != 'Kubernetes':
self.delete_secret_for_mesos(access_token, project_id,
cluster_id, ns_name)
if 'Duplicate entry' in result.get('message', ''):
message = _("创建失败,namespace名称已经在其他项目存在")
else:
message = result.get('message', '')
return response.Response({
'code': result['code'],
'data': None,
'message': message
})
else:
# 注册资源到权限中心
perm.register(result['data']['id'], f'{ns_name}({cluster_id})')
# 创建成功后需要保存变量信息
result_data = result.get('data')
if data.get('ns_vars') and result_data:
ns_id = result_data.get('id')
res, not_exist_vars = NameSpaceVariable.batch_save(
ns_id, data['ns_vars'])
if not_exist_vars:
not_exist_show_msg = [
f'{i["key"]}[id:{i["id"]}]' for i in not_exist_vars
]
result['message'] = _("以下变量不存在:{}").format(
';'.join(not_exist_show_msg))
result['data']['ns_vars'] = NameSpaceVariable.get_ns_vars(
ns_id, project_id)
return result
def create_cc_namespace(access_token, project_id, cluster_id, namespace,
creator):
resp = paas_cc.create_namespace(access_token, project_id, cluster_id,
namespace, None, creator, 'prod', True)
if resp.get('code') != ErrorCode.NoError:
raise error_codes.APIError(
f'create namespace error, {resp.get("message")}')
return resp['data']
def create_cc_namespace(access_token, project_id, cluster_id, namespace,
creator):
resp = paas_cc.create_namespace(access_token, project_id, cluster_id,
namespace, None, creator, "prod", False)
if resp.get("code") != ErrorCode.NoError:
raise error_codes.APIError(
f"create cc namespace error, {resp.get('message')}")
return resp["data"]
def create_flow(self, request, project_id, data):
access_token = request.user.token.access_token
project_code = request.project.english_name
ns_name = data['name']
cluster_id = data['cluster_id']
# k8s 集群需要调用 bcs api 初始化数据
self.init_namespace_by_bcs(access_token, project_id, project_code,
data)
has_image_secret = None
result = paas_cc.create_namespace(
access_token,
project_id,
cluster_id,
ns_name,
None, # description 现在没有用到
request.user.username,
data['env_type'],
has_image_secret,
)
if result.get('code') != 0:
if 'Duplicate entry' in result.get('message', ''):
message = _("创建失败,namespace名称已经在其他项目存在")
else:
message = result.get('message', '')
return response.Response({
'code': result['code'],
'data': None,
'message': message
})
else:
self.iam_perm.grant_resource_creator_actions(
NamespaceCreatorAction(project_id=project_id,
cluster_id=cluster_id,
creator=request.user.username,
name=ns_name), )
# 创建成功后需要保存变量信息
result_data = result.get('data')
if data.get('ns_vars') and result_data:
ns_id = result_data.get('id')
res, not_exist_vars = NameSpaceVariable.batch_save(
ns_id, data['ns_vars'])
if not_exist_vars:
not_exist_show_msg = [
f'{i["key"]}[id:{i["id"]}]' for i in not_exist_vars
]
result['message'] = _("以下变量不存在:{}").format(
';'.join(not_exist_show_msg))
result['data']['ns_vars'] = NameSpaceVariable.get_ns_vars(
ns_id, project_id)
return result
def create_cc_namespace(access_token, project_id, cluster_id, namespace,
creator):
return paas_cc.create_namespace(access_token, project_id, cluster_id,
namespace, None, creator, "prod", False)
def create(self, request, project_id, is_validate_perm=True):
"""新建命名空间
k8s 流程:新建namespace配置文件并下发 -> 新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册
mesos流程:新建包含仓库账号信息的sercret配置文件并下发 -> 在paas-cc上注册
"""
serializer = NamespaceSLZ(data=request.data,
context={
'request': request,
'project_id': project_id
})
serializer.is_valid(raise_exception=True)
data = serializer.data
# 判断权限
perm = bcs_perm.Namespace(request, project_id, bcs_perm.NO_RES,
data['cluster_id'])
perm.can_create(raise_exception=is_validate_perm)
data = serializer.data
access_token = request.user.token.access_token
project_kind = request.project.kind
project_code = request.project.english_name
if ClusterType.get(project_kind) == 'Kubernetes':
# k8s 集群需要调用 bcs api 初始化数据
self.init_namespace_by_bcs(access_token, project_id, project_code,
data)
has_image_secret = None
else:
ns_name = data['name']
cluster_id = data['cluster_id']
self.init_mesos_ns_by_bcs(access_token, project_id, project_code,
cluster_id, ns_name)
has_image_secret = True
result = paas_cc.create_namespace(
access_token,
project_id,
data['cluster_id'],
data['name'],
None, # description 现在没有用到
request.user.username,
data['env_type'],
has_image_secret)
if result.get('code') != 0:
if ClusterType.get(project_kind) != 'Kubernetes':
self.delete_secret_for_mesos(access_token, project_id,
cluster_id, ns_name)
if 'Duplicate entry' in result.get('message', ''):
message = "创建失败,namespace名称已经在其他项目存在"
else:
message = result.get('message', '')
return response.Response({
'code': result['code'],
'data': None,
'message': message
})
else:
# 注册资源到权限中心
perm.register(result['data']['id'], result['data']['name'])
# 创建成功后需要保存变量信息
result_data = result.get('data')
if data.get('ns_vars') and result_data:
ns_id = result_data.get('id')
res, not_exist_vars = NameSpaceVariable.batch_save(
ns_id, data['ns_vars'])
if not_exist_vars:
not_exist_show_msg = [
'%s[id:%s]' % (i['key'], i['id']) for i in not_exist_vars
]
result['message'] = u"以下变量不存在:%s" % ";".join(
not_exist_show_msg)
result['data']['ns_vars'] = NameSpaceVariable.get_ns_vars(
ns_id, project_id)
return response.Response(result)
