def get_or_create_private_repo(user, project):
# 通过harbor api创建一次项目账号,然后存储在auth中
project_id = project.project_id
project_code = project.project_code
private_repos = Repository.objects.filter(name=project_code,
project_id=project_id)
repo = private_repos.first()
if repo:
return repo
account = get_jfrog_account(user.token.access_token, project_code,
project_id)
repo_auth = {
"type": "basic",
"role": "admin",
"credentials": {
"username": account.get("user"),
"password": account.get("password")
},
}
url = f"{settings.HELM_MERELY_REPO_URL}/chartrepo/{project_code}/"
private_repo = add_plain_repo(target_project_id=project_id,
name=project_code,
url=url,
repo_auth=repo_auth)
return private_repo
def create_private_repo_without_chart(self, user, project_id,
project_code):
# 通过harbor api创建一次项目账号,然后存储在auth中
private_repos = Repository.objects.filter(name=project_code,
project_id=project_id)
if private_repos.exists():
return private_repos[0]
account = get_jfrog_account(self.access_token, project_code,
project_id)
repo_auth = {
"type": "basic",
"role": "admin",
"credentials": {
# "username": settings.HELM_MERELY_REPO_USERNAME,
# "password": settings.HELM_MERELY_REPO_PASSWORD,
"username": account.get("user"),
"password": account.get("password")
}
}
url = '%s/chartrepo/%s/' % (settings.HELM_MERELY_REPO_URL,
project_code)
private_repo = add_plain_repo(target_project_id=project_id,
name=project_code,
url=url,
repo_auth=repo_auth)
return private_repo
def create_imagepullsecret(access_token, project_id, project_code, cluster_id, namespace):
# get dept domain
dept_domain = paas_cc.get_jfrog_domain(access_token, project_id, cluster_id)
# 判断是否为研发仓库,正式环境分为:研发仓库、生产仓库,这2个仓库的账号要分开申请
is_bk_dept = True if dept_domain.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN) else False
dept_account = get_jfrog_account(access_token, project_code, project_id, is_bk_dept)
# get user or pwd by dept account
user = dept_account.get('user', '')
pwd = dept_account.get('password', '')
# compose config
secret_config = {
"kind": "secret",
"metadata": {
"name": MESOS_IMAGE_SECRET,
"namespace": namespace
},
"datas": {
"user": {
"content": base64.b64encode(user.encode(encoding="utf-8")).decode()
},
"pwd": {
"content": base64.b64encode(pwd.encode(encoding="utf-8")).decode()
}
},
"apiVersion": "v4"
}
client = MesosClient(access_token, project_id, cluster_id, env=None)
resp = client.create_secret(namespace, secret_config)
if (resp.get('code') != ErrorCode.NoError) and ('already exists' not in resp.get('message', '')):
raise error_codes.APIError(f'create secret error, result.get("message")')
def init_mesos_ns_by_bcs(self, access_token, project_id, project_code, cluster_id, ns_name):
"""新建包含仓库账号信息的sercret配置文件并下发"""
# 获取镜像仓库地址
jfrog_domain = paas_cc.get_jfrog_domain(access_token, project_id, cluster_id)
# 按项目申请仓库的账号信息
# 判断是否为研发仓库,正式环境分为:研发仓库、生产仓库,这2个仓库的账号要分开申请
if jfrog_domain.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN):
is_bk_jfrog = True
else:
is_bk_jfrog = False
jfrog_account = get_jfrog_account(access_token, project_code, project_id, is_bk_jfrog)
_user = jfrog_account.get('user', '')
_pwd = jfrog_account.get('password', '')
jfrog_config = {
"kind": "secret",
"metadata": {"name": MESOS_IMAGE_SECRET, "namespace": ns_name},
"datas": {
"user": {"content": base64.b64encode(_user.encode(encoding="utf-8")).decode()},
"pwd": {"content": base64.b64encode(_pwd.encode(encoding="utf-8")).decode()},
},
"apiVersion": "v4",
}
# 下发secret配置文件
client = MesosClient(access_token, project_id, cluster_id, env=None)
result = client.create_secret(ns_name, jfrog_config)
if result.get('code') != 0:
client.delete_secret(ns_name, MESOS_IMAGE_SECRET)
raise error_codes.ComponentError.f(_("创建registry secret失败,{}").format(result.get('message')))
def create_jforg_secret(self, client, access_token, project_id,
project_code, data):
try:
domain_list = paas_cc.get_jfrog_domain_list(
access_token, project_id, data['cluster_id'])
domain_list = set(domain_list)
# 获取项目的用户信息
jfrog_account = get_jfrog_account(access_token, project_code,
project_id)
user_pwd = "%s:%s" % (jfrog_account.get('user'),
jfrog_account.get('password'))
user_auth = {
"auth":
base64.b64encode(user_pwd.encode(encoding="utf-8")).decode()
}
auth_dict = {}
for _d in domain_list:
if _d.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN):
_bk_auth = get_bk_jfrog_auth(access_token, project_code,
project_id)
auth_dict[_d] = _bk_auth
else:
auth_dict[_d] = user_auth
jfrog_auth = {"auths": auth_dict}
jfrog_auth_bytes = bytes(json.dumps(jfrog_auth), "utf-8")
jfrog_config = {
"apiVersion": "v1",
"kind": "Secret",
"metadata": {
"name": "%s%s" % (K8S_IMAGE_SECRET_PRFIX, data['name']),
"namespace": data['name']
},
"data": {
".dockerconfigjson":
base64.b64encode(jfrog_auth_bytes).decode()
},
"type": "kubernetes.io/dockerconfigjson"
}
result = client.create_secret(data['name'], jfrog_config)
except Exception as e:
self.delete_ns_by_bcs(client, data['name'])
logger.exception(u"获取项目仓库账号信息失败:%s" % e)
raise ValidationError(_("获取项目仓库账号信息失败,请联系管理员解决"))
# 通过错误消息判断 包含仓库信息的secret 是否已经存在,已经存在则直接进行下一步
res_msg = result.get('message') or ''
is_already_exists = res_msg.endswith("already exists")
if result.get('code') != 0 and not is_already_exists:
self.delete_ns_by_bcs(client, data['name'])
raise error_codes.ComponentError.f(
_("创建registry secret失败,{}, 请联系管理员解决").format(
result.get('message')))
def create_dept_account(access_token, project_id, project_code, cluster_id):
domain_list = paas_cc.get_jfrog_domain_list(access_token, project_id,
cluster_id)
if not domain_list:
raise error_codes.APIError('get dept domain error, domain is empty')
domain_list = set(domain_list)
# get user auth by project
dept_account = get_jfrog_account(access_token, project_code, project_id)
user_pwd = f'{dept_account.get("user")}:{dept_account.get("password")}'
user_auth = {
'auth': base64.b64encode(user_pwd.encode(encoding='utf-8')).decode()
}
# compose many dept account auth
auth_dict = {}
for _d in domain_list:
if _d.startswith(settings.BK_JFROG_ACCOUNT_DOMAIN):
_bk_auth = get_bk_jfrog_auth(access_token, project_code,
project_id)
auth_dict[_d] = _bk_auth
else:
auth_dict[_d] = user_auth
return auth_dict
