def has_bcs_service(self, access_token, project_id, request_namespace): """判断是否开启容器服务 开启后就不能关闭,所以缓存很久,默认30天 """ cache_key = f"BK_DEVOPS_BCS:HAS_BCS_SERVICE:{project_id}" project = region.get(cache_key, expiration_time=3600 * 24 * 30) if not project or not isinstance(project, FancyDict): result = paas_cc.get_project(access_token, project_id) project = result.get("data") or {} # coes: container orchestration engines project['coes'] = project['kind'] try: from backend.container_service.projects.utils import get_project_kind # k8s类型包含kind为1(bcs k8s)或其它属于k8s的编排引擎 project['kind'] = get_project_kind(project['kind']) except ImportError: pass project = FancyDict(project) if request_namespace in SKIP_REQUEST_NAMESPACE: # 如果是SKIP_REQUEST_NAMESPACE,有更新接口,不判断kind if project.get("cc_app_id") != 0: region.set(cache_key, project) elif project.get("cc_app_id") != 0: region.set(cache_key, project) else: # 其他抛出没有开启容器服务 raise error_codes.NoBCSService() return project
def has_bcs_service(self, access_token, project_id, request_namespace): """判断是否开启容器服务 开启后就不能关闭,所以缓存很久,默认30天 """ cache_key = f'BK_DEVOPS_BCS:HAS_BCS_SERVICE:{project_id}' project = region.get(cache_key, expiration_time=3600 * 24 * 30) if not project or not isinstance(project, FancyDict): result = paas_cc.get_project(access_token, project_id) project = result.get('data') or {} project = FancyDict(project) if request_namespace in SKIP_REQUEST_NAMESPACE: # 如果是SKIP_REQUEST_NAMESPACE,有更新接口,不判断kind if project.get('cc_app_id') != 0 and project.get( 'kind') in ClusterType: region.set(cache_key, project) elif project.get('kind') in ClusterType: # 如果已经开启容器服务,判断是否cc_app_id再缓存 if project.get('cc_app_id') != 0: region.set(cache_key, project) else: # 其他抛出没有开启容器服务 raise error_codes.NoBCSService() return project
def _get_project_id(self, access_token, project_id_or_code: str) -> str: cache_key = f'BK_DEVOPS_BCS:PROJECT_ID:{project_id_or_code}' project_id = region.get(cache_key, expiration_time=EXPIRATION_TIME) if not project_id: paas_cc = PaaSCCClient(auth=ComponentAuth(access_token)) project_data = paas_cc.get_project(project_id_or_code) project_id = project_data['project_id'] region.set(cache_key, project_id) return project_id
def get_project_code(self, access_token, project_id): """获取project_code 缓存较长时间 """ cache_key = f'BK_DEVOPS_BCS:PROJECT_CODE:{project_id}' project_code = region.get(cache_key, expiration_time=3600 * 24 * 30) if not project_code: result = paas_cc.get_project(access_token, project_id) if result.get('code') != 0: return None project_code = result['data']['english_name'] region.set(cache_key, project_code) return project_code
def get_project_code(self, access_token, project_id): """获取project_code 缓存较长时间 """ cache_key = f"BK_DEVOPS_BCS:PROJECT_CODE:{project_id}" project_code = region.get(cache_key, expiration_time=3600 * 24 * 30) if not project_code: # 这里的project_id对应实际的project_id或project_code, paas_cc接口兼容了两种类型的查询 result = paas_cc.get_project(access_token, project_id) if result.get("code") != 0: return None project_code = result["data"]["english_name"] region.set(cache_key, project_code) return project_code
def get_access_token_by_credentials(bk_token): """Request a new request token by credentials""" cache_key = f'BK_BCS:USER_ACCESS_TOKEN_INFO:{bk_token}' # 每过【一小时】必定失效,需要重新获取 token_info = region.get(cache_key, expiration_time=60 * 60) # 获取不到 access_token 信息 或 被标记为过期 都需要重新获取 if not token_info or token_info['expires_at'] < arrow.now(): resp = ssm.get_bk_login_access_token(bk_token) token_info = { 'access_token': resp['access_token'], 'expires_at': arrow.now().shift(seconds=resp['expires_in']), } region.set(cache_key, token_info) return token_info['access_token']
def get_project_id(self, access_token, project_id): """获取project_id 缓存较长时间 # TODO 临时使用 """ cache_key = f"BK_DEVOPS_BCS:REAL_PROJECT_ID:{project_id}" real_project_id = region.get(cache_key, expiration_time=3600 * 24 * 30) if not real_project_id: # 这里的project_id对应实际的project_id或project_code, paas_cc接口兼容了两种类型的查询 result = paas_cc.get_project(access_token, project_id) if result.get("code") != 0: return None real_project_id = result["data"]["project_id"] region.set(cache_key, real_project_id) return real_project_id
def _get_enabled_project(self, access_token, project_id_or_code: str) -> Optional[FancyDict]: cache_key = f"BK_DEVOPS_BCS:ENABLED_BCS_PROJECT:{project_id_or_code}" project = region.get(cache_key, expiration_time=EXPIRATION_TIME) if project and isinstance(project, FancyDict): return project paas_cc = PaaSCCClient(auth=ComponentAuth(access_token)) project_data = paas_cc.get_project(project_id_or_code) project = FancyDict(**project_data) self._refine_project(project) # 用户绑定了项目, 并且选择了编排类型 if project.cc_app_id != 0 and project.kind in ClusterType: region.set(cache_key, project) return project return None
def _get_enabled_project(self, access_token, project_id_or_code: str) -> Optional[FancyDict]: cache_key = bcs_project_cache_key.format( project_id_or_code=project_id_or_code) project = region.get(cache_key, expiration_time=EXPIRATION_TIME) if project and isinstance(project, FancyDict): return project paas_cc = PaaSCCClient(auth=ComponentAuth(access_token)) project_data = paas_cc.get_project(project_id_or_code) project = FancyDict(**project_data) self._refine_project(project) # 项目绑定了业务,即开启容器服务 if project.cc_app_id != 0: region.set(cache_key, project) return project return None
def _get_bcs_api_credentials(self, env_name: str) -> Dict[str, str]: """获取通过 bcs api 网关访问集群 apiserver的鉴权信息 :param env_name: 集群所属环境,包含正式环境和测试环境 """ # TODO: 兼容逻辑,待 bcs api 新架构稳定后,废弃下面逻辑 # 因为bcs cluster id(带有后缀随机字符的cluster id)注册后,不会变动;因此,可以长期缓存 cache_key = f"BK_DEVOPS_BCS:CLUSTER_ID:{self.cluster.id}" bcs_cluster_id = region.get(cache_key, expiration_time=BCS_CLUSTER_EXPIRATION_TIME) if not bcs_cluster_id: bcs_cluster_id = self.bcs_api.query_cluster_id(env_name, self.cluster.project_id, self.cluster.id) region.set(cache_key, bcs_cluster_id) # 获取对应的credentials信息 credentials = self.bcs_api.get_cluster_credentials(env_name, bcs_cluster_id) return { "host": f"{self._get_apiservers_host(env_name)}{credentials['server_address_path']}".rstrip("/"), "user_token": credentials["user_token"], }