devops project api & devops members api
Signed-off-by: runzexia <runzexia@yunify.com>
This commit is contained in:
runzexia
@@ -1,7 +1,12 @@
|
||||
package devops
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/fatih/structs"
|
||||
"kubesphere.io/kubesphere/pkg/db"
|
||||
"kubesphere.io/kubesphere/pkg/gojenkins"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
|
||||
"kubesphere.io/kubesphere/pkg/utils/reflectutils"
|
||||
"kubesphere.io/kubesphere/pkg/utils/stringutils"
|
||||
)
|
||||
|
||||
@@ -59,3 +64,252 @@ const (
|
||||
const (
|
||||
JenkinsAllUserRoleName = "kubesphere-user"
|
||||
)
|
||||
|
||||
type Role struct {
|
||||
Name string `json:"name"`
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
var DefaultRoles = []*Role{
|
||||
{
|
||||
Name: ProjectOwner,
|
||||
Description: "Owner have access to do all the operations of a DevOps project and own the highest permissions as well.",
|
||||
},
|
||||
{
|
||||
Name: ProjectMaintainer,
|
||||
Description: "Maintainer have access to manage pipeline and credential configuration in a DevOps project.",
|
||||
},
|
||||
{
|
||||
Name: ProjectDeveloper,
|
||||
Description: "Developer is able to view and trigger the pipeline.",
|
||||
},
|
||||
{
|
||||
Name: ProjectReporter,
|
||||
Description: "Reporter is only allowed to view the status of the pipeline.",
|
||||
},
|
||||
}
|
||||
|
||||
var AllRoleSlice = []string{ProjectDeveloper, ProjectReporter, ProjectMaintainer, ProjectOwner}
|
||||
|
||||
var JenkinsOwnerProjectPermissionIds = &gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
}
|
||||
|
||||
var JenkinsProjectPermissionMap = map[string]gojenkins.ProjectPermissionIds{
|
||||
ProjectOwner: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectMaintainer: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: true,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectDeveloper: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: false,
|
||||
},
|
||||
ProjectReporter: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: false,
|
||||
ItemCancel: false,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: false,
|
||||
RunDelete: false,
|
||||
RunReplay: false,
|
||||
RunUpdate: false,
|
||||
SCMTag: false,
|
||||
},
|
||||
}
|
||||
|
||||
var JenkinsPipelinePermissionMap = map[string]gojenkins.ProjectPermissionIds{
|
||||
ProjectOwner: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectMaintainer: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectDeveloper: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: false,
|
||||
},
|
||||
ProjectReporter: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: false,
|
||||
ItemCancel: false,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: false,
|
||||
RunDelete: false,
|
||||
RunReplay: false,
|
||||
RunUpdate: false,
|
||||
SCMTag: false,
|
||||
},
|
||||
}
|
||||
|
||||
func GetProjectRoleName(projectId, role string) string {
|
||||
return fmt.Sprintf("%s-%s-project", projectId, role)
|
||||
}
|
||||
|
||||
func GetPipelineRoleName(projectId, role string) string {
|
||||
return fmt.Sprintf("%s-%s-pipeline", projectId, role)
|
||||
}
|
||||
|
||||
func GetProjectRolePattern(projectId string) string {
|
||||
return fmt.Sprintf("^%s$", projectId)
|
||||
}
|
||||
|
||||
func GetPipelineRolePattern(projectId string) string {
|
||||
return fmt.Sprintf("^%s/.*", projectId)
|
||||
}
|
||||
|
||||
func CheckProjectUserInRole(username, projectId string, roles []string) error {
|
||||
if username == KS_ADMIN {
|
||||
return nil
|
||||
}
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
membership := &DevOpsProjectMembership{}
|
||||
err := dbconn.Select(DevOpsProjectMembershipColumns...).
|
||||
From(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, username),
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId))).LoadOne(membership)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !reflectutils.In(membership.Role, roles) {
|
||||
return fmt.Errorf("user [%s] in project [%s] role is not in %s", username, projectId, roles)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
64
pkg/models/devops/project_handler.go
Normal file
64
pkg/models/devops/project_handler.go
Normal file
@@ -0,0 +1,64 @@
|
||||
package devops
|
||||
|
||||
import (
|
||||
"github.com/asaskevich/govalidator"
|
||||
"github.com/emicklei/go-restful"
|
||||
"github.com/gocraft/dbr"
|
||||
"k8s.io/klog/glog"
|
||||
"kubesphere.io/kubesphere/pkg/db"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func GetProject(projectId string) (*DevOpsProject, error) {
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
project := &DevOpsProject{}
|
||||
err := dbconn.Select(DevOpsProjectColumns...).
|
||||
From(DevOpsProjectTableName).
|
||||
Where(db.Eq(DevOpsProjectIdColumn, projectId)).
|
||||
LoadOne(project)
|
||||
if err != nil && err != dbr.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
if err == dbr.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
|
||||
return nil, restful.NewError(http.StatusNotFound, err.Error())
|
||||
}
|
||||
return project, nil
|
||||
}
|
||||
|
||||
func UpdateProject(project *DevOpsProject) (*DevOpsProject, error) {
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
query := dbconn.Update(DevOpsProjectTableName)
|
||||
if !govalidator.IsNull(project.Description) {
|
||||
query.Set(DevOpsProjectDescriptionColumn, project.Description)
|
||||
}
|
||||
if !govalidator.IsNull(project.Extra) {
|
||||
query.Set(DevOpsProjectExtraColumn, project.Extra)
|
||||
}
|
||||
if !govalidator.IsNull(project.Name) {
|
||||
query.Set(DevOpsProjectNameColumn, project.Extra)
|
||||
}
|
||||
if len(query.UpdateStmt.Value) > 0 {
|
||||
_, err := query.
|
||||
Where(db.Eq(DevOpsProjectIdColumn, project.ProjectId)).Exec()
|
||||
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
}
|
||||
newProject := &DevOpsProject{}
|
||||
err := dbconn.Select(DevOpsProjectColumns...).
|
||||
From(DevOpsProjectTableName).
|
||||
Where(db.Eq(DevOpsProjectIdColumn, project.ProjectId)).
|
||||
LoadOne(newProject)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return newProject, nil
|
||||
}
|
||||
318
pkg/models/devops/project_member_handler.go
Normal file
318
pkg/models/devops/project_member_handler.go
Normal file
@@ -0,0 +1,318 @@
|
||||
package devops
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/emicklei/go-restful"
|
||||
"github.com/gocraft/dbr"
|
||||
"github.com/golang/glog"
|
||||
"kubesphere.io/devops/pkg/utils/stringutils"
|
||||
"kubesphere.io/kubesphere/pkg/db"
|
||||
"kubesphere.io/kubesphere/pkg/gojenkins"
|
||||
"kubesphere.io/kubesphere/pkg/gojenkins/utils"
|
||||
"kubesphere.io/kubesphere/pkg/models"
|
||||
"kubesphere.io/kubesphere/pkg/params"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/admin_jenkins"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
|
||||
)
|
||||
|
||||
/*
|
||||
Copyright 2018 The KubeSphere Authors.
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
func GetProjectMembers(projectId string, conditions *params.Conditions, orderBy string, reverse bool, limit int, offset int) (*models.PageableResponse, error) {
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
memberships := make([]*DevOpsProjectMembership, 0)
|
||||
var sqconditions []dbr.Builder
|
||||
sqconditions = append(sqconditions, db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId))
|
||||
if keyword := conditions.Match["keyword"]; keyword != "" {
|
||||
sqconditions = append(sqconditions, db.Like(DevOpsProjectMembershipUsernameColumn, keyword))
|
||||
}
|
||||
query := dbconn.Select(DevOpsProjectMembershipColumns...).
|
||||
From(DevOpsProjectMembershipTableName)
|
||||
switch orderBy {
|
||||
case "name":
|
||||
if reverse {
|
||||
query.OrderDesc(DevOpsProjectMembershipUsernameColumn)
|
||||
} else {
|
||||
query.OrderAsc(DevOpsProjectMembershipUsernameColumn)
|
||||
}
|
||||
default:
|
||||
if reverse {
|
||||
query.OrderDesc(DevOpsProjectMembershipRoleColumn)
|
||||
} else {
|
||||
query.OrderAsc(DevOpsProjectMembershipRoleColumn)
|
||||
}
|
||||
}
|
||||
query.Limit(uint64(limit))
|
||||
query.Offset(uint64(offset))
|
||||
if len(sqconditions) > 1 {
|
||||
query.Where(db.And(sqconditions...))
|
||||
} else {
|
||||
query.Where(sqconditions[0])
|
||||
}
|
||||
_, err := query.Load(&memberships)
|
||||
if err != nil && err != dbr.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
count, err := query.Count()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
result := make([]interface{}, 0)
|
||||
for _, v := range memberships {
|
||||
result = append(result, v)
|
||||
}
|
||||
|
||||
return &models.PageableResponse{Items: result, TotalCount: int(count)}, nil
|
||||
}
|
||||
|
||||
func GetProjectMember(projectId, username string) (*DevOpsProjectMembership, error) {
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
member := &DevOpsProjectMembership{}
|
||||
err := dbconn.Select(DevOpsProjectMembershipColumns...).
|
||||
From(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId),
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, username))).
|
||||
LoadOne(&member)
|
||||
if err != nil && err != dbr.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
if err == dbr.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusNotFound, err.Error())
|
||||
}
|
||||
return member, nil
|
||||
}
|
||||
|
||||
func AddProjectMember(projectId, operator string, member *DevOpsProjectMembership) (*DevOpsProjectMembership, error) {
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
jenkinsClinet := admin_jenkins.Client()
|
||||
|
||||
membership := &DevOpsProjectMembership{}
|
||||
err := dbconn.Select(DevOpsProjectMembershipColumns...).
|
||||
From(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, member.Username),
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId))).LoadOne(membership)
|
||||
if err != nil && err != db.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
if err != db.ErrNotFound {
|
||||
err = fmt.Errorf("user [%s] have been added to project", member.Username)
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
|
||||
globalRole, err := jenkinsClinet.GetGlobalRole(JenkinsAllUserRoleName)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
if globalRole == nil {
|
||||
_, err := jenkinsClinet.AddGlobalRole(JenkinsAllUserRoleName, gojenkins.GlobalPermissionIds{
|
||||
GlobalRead: true,
|
||||
}, true)
|
||||
if err != nil {
|
||||
glog.Errorf("failed to create jenkins global role %+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
}
|
||||
err = globalRole.AssignRole(member.Username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
projectRole, err := jenkinsClinet.GetProjectRole(GetProjectRoleName(projectId, member.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = projectRole.AssignRole(member.Username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
pipelineRole, err := jenkinsClinet.GetProjectRole(GetPipelineRoleName(projectId, member.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = pipelineRole.AssignRole(member.Username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
projectMembership := NewDevOpsProjectMemberShip(member.Username, projectId, member.Role, operator)
|
||||
_, err = dbconn.
|
||||
InsertInto(DevOpsProjectMembershipTableName).
|
||||
Columns(DevOpsProjectMembershipColumns...).
|
||||
Record(projectMembership).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return projectMembership, nil
|
||||
}
|
||||
|
||||
func UpdateProjectMember(projectId, operator string, member *DevOpsProjectMembership) (*DevOpsProjectMembership, error) {
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
jenkinsClinet := admin_jenkins.Client()
|
||||
oldMembership := &DevOpsProjectMembership{}
|
||||
err := dbconn.Select(DevOpsProjectMembershipColumns...).
|
||||
From(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, member.Username),
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId),
|
||||
)).LoadOne(oldMembership)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
|
||||
oldProjectRole, err := jenkinsClinet.GetProjectRole(GetProjectRoleName(projectId, oldMembership.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = oldProjectRole.UnAssignRole(member.Username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
oldPipelineRole, err := jenkinsClinet.GetProjectRole(GetPipelineRoleName(projectId, oldMembership.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = oldPipelineRole.UnAssignRole(member.Username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
projectRole, err := jenkinsClinet.GetProjectRole(GetProjectRoleName(projectId, member.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = projectRole.AssignRole(member.Username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
pipelineRole, err := jenkinsClinet.GetProjectRole(GetPipelineRoleName(projectId, member.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = pipelineRole.AssignRole(member.Username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(stringutils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
_, err = dbconn.Update(DevOpsProjectMembershipTableName).
|
||||
Set(DevOpsProjectMembershipRoleColumn, member.Role).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId),
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, member.Username),
|
||||
)).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
responseMembership := &DevOpsProjectMembership{}
|
||||
err = dbconn.Select(DevOpsProjectMembershipColumns...).
|
||||
From(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, member.Username),
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId),
|
||||
)).LoadOne(responseMembership)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return responseMembership, nil
|
||||
}
|
||||
|
||||
func DeleteProjectMember(projectId, username string) (string, error) {
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
oldMembership := &DevOpsProjectMembership{}
|
||||
err := dbconn.Select(DevOpsProjectMembershipColumns...).
|
||||
From(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, username),
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId),
|
||||
)).LoadOne(oldMembership)
|
||||
if err != nil && err != db.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
if err == db.ErrNotFound {
|
||||
glog.Warningf("user [%s] not found in project", username)
|
||||
return username, nil
|
||||
}
|
||||
if oldMembership.Role == ProjectOwner {
|
||||
count, err := dbconn.Select(DevOpsProjectMembershipProjectIdColumn).
|
||||
From(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId),
|
||||
db.Eq(DevOpsProjectMembershipRoleColumn, ProjectOwner))).Count()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
if count == 1 {
|
||||
err = fmt.Errorf("project must has at least one admin")
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
}
|
||||
oldProjectRole, err := jenkinsClient.GetProjectRole(GetProjectRoleName(projectId, oldMembership.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = oldProjectRole.UnAssignRole(username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
oldPipelineRole, err := jenkinsClient.GetProjectRole(GetPipelineRoleName(projectId, oldMembership.Role))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = oldPipelineRole.UnAssignRole(username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
_, err = dbconn.DeleteFrom(DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId),
|
||||
db.Eq(DevOpsProjectMembershipUsernameColumn, username),
|
||||
)).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return username, nil
|
||||
}
|
||||
@@ -19,6 +19,7 @@ package tenant
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/emicklei/go-restful"
|
||||
"github.com/gocraft/dbr"
|
||||
"github.com/golang/glog"
|
||||
"kubesphere.io/kubesphere/pkg/db"
|
||||
@@ -29,248 +30,15 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/params"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/admin_jenkins"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
|
||||
"kubesphere.io/kubesphere/pkg/utils/reflectutils"
|
||||
"net/http"
|
||||
"sync"
|
||||
)
|
||||
|
||||
const (
|
||||
ProjectOwner = "owner"
|
||||
ProjectMaintainer = "maintainer"
|
||||
ProjectDeveloper = "developer"
|
||||
ProjectReporter = "reporter"
|
||||
)
|
||||
|
||||
var AllRoleSlice = []string{ProjectDeveloper, ProjectReporter, ProjectMaintainer, ProjectOwner}
|
||||
|
||||
var JenkinsOwnerProjectPermissionIds = &gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
}
|
||||
|
||||
var JenkinsProjectPermissionMap = map[string]gojenkins.ProjectPermissionIds{
|
||||
ProjectOwner: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectMaintainer: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: true,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectDeveloper: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: false,
|
||||
},
|
||||
ProjectReporter: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: false,
|
||||
ItemCancel: false,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: false,
|
||||
RunDelete: false,
|
||||
RunReplay: false,
|
||||
RunUpdate: false,
|
||||
SCMTag: false,
|
||||
},
|
||||
}
|
||||
|
||||
var JenkinsPipelinePermissionMap = map[string]gojenkins.ProjectPermissionIds{
|
||||
ProjectOwner: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectMaintainer: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: true,
|
||||
CredentialDelete: true,
|
||||
CredentialManageDomains: true,
|
||||
CredentialUpdate: true,
|
||||
CredentialView: true,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: true,
|
||||
ItemCreate: true,
|
||||
ItemDelete: true,
|
||||
ItemDiscover: true,
|
||||
ItemMove: true,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: true,
|
||||
},
|
||||
ProjectDeveloper: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: true,
|
||||
ItemCancel: true,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: true,
|
||||
RunDelete: true,
|
||||
RunReplay: true,
|
||||
RunUpdate: true,
|
||||
SCMTag: false,
|
||||
},
|
||||
ProjectReporter: gojenkins.ProjectPermissionIds{
|
||||
CredentialCreate: false,
|
||||
CredentialDelete: false,
|
||||
CredentialManageDomains: false,
|
||||
CredentialUpdate: false,
|
||||
CredentialView: false,
|
||||
ItemBuild: false,
|
||||
ItemCancel: false,
|
||||
ItemConfigure: false,
|
||||
ItemCreate: false,
|
||||
ItemDelete: false,
|
||||
ItemDiscover: true,
|
||||
ItemMove: false,
|
||||
ItemRead: true,
|
||||
ItemWorkspace: false,
|
||||
RunDelete: false,
|
||||
RunReplay: false,
|
||||
RunUpdate: false,
|
||||
SCMTag: false,
|
||||
},
|
||||
}
|
||||
|
||||
func GetProjectRoleName(projectId, role string) string {
|
||||
return fmt.Sprintf("%s-%s-project", projectId, role)
|
||||
}
|
||||
|
||||
func GetPipelineRoleName(projectId, role string) string {
|
||||
return fmt.Sprintf("%s-%s-pipeline", projectId, role)
|
||||
}
|
||||
|
||||
func GetProjectRolePattern(projectId string) string {
|
||||
return fmt.Sprintf("^%s$", projectId)
|
||||
}
|
||||
|
||||
func GetPipelineRolePattern(projectId string) string {
|
||||
return fmt.Sprintf("^%s/.*", projectId)
|
||||
}
|
||||
|
||||
type DevOpsProjectRoleResponse struct {
|
||||
ProjectRole *gojenkins.ProjectRole
|
||||
Err error
|
||||
}
|
||||
|
||||
func CheckProjectUserInRole(username, projectId string, roles []string) error {
|
||||
if username == devops.KS_ADMIN {
|
||||
return nil
|
||||
}
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
membership := &devops.DevOpsProjectMembership{}
|
||||
err := dbconn.Select(devops.DevOpsProjectMembershipColumns...).
|
||||
From(devops.DevOpsProjectMembershipTableName).
|
||||
Where(db.And(
|
||||
db.Eq(devops.DevOpsProjectMembershipUsernameColumn, username),
|
||||
db.Eq(devops.DevOpsProjectMembershipProjectIdColumn, projectId))).LoadOne(membership)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !reflectutils.In(membership.Role, roles) {
|
||||
return fmt.Errorf("user [%s] in project [%s] role is not in %s", username, projectId, roles)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ListDevopsProjects(workspace, username string, conditions *params.Conditions, orderBy string, reverse bool, limit int, offset int) (*models.PageableResponse, error) {
|
||||
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
@@ -321,12 +89,12 @@ func ListDevopsProjects(workspace, username string, conditions *params.Condition
|
||||
_, err := query.Load(&projects)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
count, err := query.Count()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
|
||||
result := make([]interface{}, 0)
|
||||
@@ -337,11 +105,11 @@ func ListDevopsProjects(workspace, username string, conditions *params.Condition
|
||||
return &models.PageableResponse{Items: result, TotalCount: int(count)}, nil
|
||||
}
|
||||
|
||||
func DeleteDevOpsProject(projectId, username string) (error, int) {
|
||||
err := CheckProjectUserInRole(username, projectId, []string{ProjectOwner})
|
||||
func DeleteDevOpsProject(projectId, username string) error {
|
||||
err := devops.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner})
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return err, http.StatusForbidden
|
||||
return restful.NewError(http.StatusForbidden, err.Error())
|
||||
}
|
||||
gojenkins := admin_jenkins.Client()
|
||||
devopsdb := devops_mysql.OpenDatabase()
|
||||
@@ -349,31 +117,31 @@ func DeleteDevOpsProject(projectId, username string) (error, int) {
|
||||
|
||||
if err != nil && utils.GetJenkinsStatusCode(err) != http.StatusNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return err, utils.GetJenkinsStatusCode(err)
|
||||
return restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
roleNames := make([]string, 0)
|
||||
for role := range JenkinsProjectPermissionMap {
|
||||
roleNames = append(roleNames, GetProjectRoleName(projectId, role))
|
||||
roleNames = append(roleNames, GetPipelineRoleName(projectId, role))
|
||||
for role := range devops.JenkinsProjectPermissionMap {
|
||||
roleNames = append(roleNames, devops.GetProjectRoleName(projectId, role))
|
||||
roleNames = append(roleNames, devops.GetPipelineRoleName(projectId, role))
|
||||
}
|
||||
err = gojenkins.DeleteProjectRoles(roleNames...)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return err, utils.GetJenkinsStatusCode(err)
|
||||
return restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
_, err = devopsdb.DeleteFrom(devops.DevOpsProjectMembershipTableName).
|
||||
Where(db.Eq(devops.DevOpsProjectMembershipProjectIdColumn, projectId)).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return err, http.StatusInternalServerError
|
||||
return restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
_, err = devopsdb.Update(devops.DevOpsProjectTableName).
|
||||
Set(devops.StatusColumn, devops.StatusDeleted).
|
||||
Where(db.Eq(devops.DevOpsProjectIdColumn, projectId)).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return err, http.StatusInternalServerError
|
||||
return restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
project := &devops.DevOpsProject{}
|
||||
err = devopsdb.Select(devops.DevOpsProjectColumns...).
|
||||
@@ -382,12 +150,12 @@ func DeleteDevOpsProject(projectId, username string) (error, int) {
|
||||
LoadOne(project)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return err, http.StatusInternalServerError
|
||||
return restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
return nil, http.StatusOK
|
||||
return nil
|
||||
}
|
||||
|
||||
func CreateDevopsProject(username string, workspace string, req *devops.DevOpsProject) (*devops.DevOpsProject, error, int) {
|
||||
func CreateDevopsProject(username string, workspace string, req *devops.DevOpsProject) (*devops.DevOpsProject, error) {
|
||||
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
devopsdb := devops_mysql.OpenDatabase()
|
||||
@@ -395,25 +163,25 @@ func CreateDevopsProject(username string, workspace string, req *devops.DevOpsPr
|
||||
_, err := jenkinsClient.CreateFolder(project.ProjectId, project.Description)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
var addRoleCh = make(chan *DevOpsProjectRoleResponse, 8)
|
||||
var addRoleWg sync.WaitGroup
|
||||
for role, permission := range JenkinsProjectPermissionMap {
|
||||
for role, permission := range devops.JenkinsProjectPermissionMap {
|
||||
addRoleWg.Add(1)
|
||||
go func(role string, permission gojenkins.ProjectPermissionIds) {
|
||||
_, err := jenkinsClient.AddProjectRole(GetProjectRoleName(project.ProjectId, role),
|
||||
GetProjectRolePattern(project.ProjectId), permission, true)
|
||||
_, err := jenkinsClient.AddProjectRole(devops.GetProjectRoleName(project.ProjectId, role),
|
||||
devops.GetProjectRolePattern(project.ProjectId), permission, true)
|
||||
addRoleCh <- &DevOpsProjectRoleResponse{nil, err}
|
||||
addRoleWg.Done()
|
||||
}(role, permission)
|
||||
}
|
||||
for role, permission := range JenkinsPipelinePermissionMap {
|
||||
for role, permission := range devops.JenkinsPipelinePermissionMap {
|
||||
addRoleWg.Add(1)
|
||||
go func(role string, permission gojenkins.ProjectPermissionIds) {
|
||||
_, err := jenkinsClient.AddProjectRole(GetPipelineRoleName(project.ProjectId, role),
|
||||
GetPipelineRolePattern(project.ProjectId), permission, true)
|
||||
_, err := jenkinsClient.AddProjectRole(devops.GetPipelineRoleName(project.ProjectId, role),
|
||||
devops.GetPipelineRolePattern(project.ProjectId), permission, true)
|
||||
addRoleCh <- &DevOpsProjectRoleResponse{nil, err}
|
||||
addRoleWg.Done()
|
||||
}(role, permission)
|
||||
@@ -423,14 +191,14 @@ func CreateDevopsProject(username string, workspace string, req *devops.DevOpsPr
|
||||
for addRoleResponse := range addRoleCh {
|
||||
if addRoleResponse.Err != nil {
|
||||
glog.Errorf("%+v", addRoleResponse.Err)
|
||||
return nil, addRoleResponse.Err, utils.GetJenkinsStatusCode(addRoleResponse.Err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(addRoleResponse.Err), addRoleResponse.Err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
globalRole, err := jenkinsClient.GetGlobalRole(devops.JenkinsAllUserRoleName)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
if globalRole == nil {
|
||||
_, err := jenkinsClient.AddGlobalRole(devops.JenkinsAllUserRoleName, gojenkins.GlobalPermissionIds{
|
||||
@@ -438,58 +206,58 @@ func CreateDevopsProject(username string, workspace string, req *devops.DevOpsPr
|
||||
}, true)
|
||||
if err != nil {
|
||||
glog.Error("failed to create jenkins global role")
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
}
|
||||
err = globalRole.AssignRole(username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
projectRole, err := jenkinsClient.GetProjectRole(GetProjectRoleName(project.ProjectId, ProjectOwner))
|
||||
projectRole, err := jenkinsClient.GetProjectRole(devops.GetProjectRoleName(project.ProjectId, devops.ProjectOwner))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = projectRole.AssignRole(username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
pipelineRole, err := jenkinsClient.GetProjectRole(GetPipelineRoleName(project.ProjectId, ProjectOwner))
|
||||
pipelineRole, err := jenkinsClient.GetProjectRole(devops.GetPipelineRoleName(project.ProjectId, devops.ProjectOwner))
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = pipelineRole.AssignRole(username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, utils.GetJenkinsStatusCode(err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
_, err = devopsdb.InsertInto(devops.DevOpsProjectTableName).
|
||||
Columns(devops.DevOpsProjectColumns...).Record(project).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, http.StatusInternalServerError
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
|
||||
projectMembership := devops.NewDevOpsProjectMemberShip(username, project.ProjectId, ProjectOwner, username)
|
||||
projectMembership := devops.NewDevOpsProjectMemberShip(username, project.ProjectId, devops.ProjectOwner, username)
|
||||
_, err = devopsdb.InsertInto(devops.DevOpsProjectMembershipTableName).
|
||||
Columns(devops.DevOpsProjectMembershipColumns...).Record(projectMembership).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, http.StatusInternalServerError
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return project, nil, http.StatusOK
|
||||
return project, nil
|
||||
}
|
||||
|
||||
func GetUserDevopsSimpleRules(username, projectId string) ([]models.SimpleRule, error, int) {
|
||||
err := CheckProjectUserInRole(username, projectId, AllRoleSlice)
|
||||
func GetUserDevopsSimpleRules(username, projectId string) ([]models.SimpleRule, error) {
|
||||
err := devops.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, err, http.StatusForbidden
|
||||
return nil, restful.NewError(http.StatusForbidden, err.Error())
|
||||
}
|
||||
dbconn := devops_mysql.OpenDatabase()
|
||||
memberships := &devops.DevOpsProjectMembership{}
|
||||
@@ -502,10 +270,10 @@ func GetUserDevopsSimpleRules(username, projectId string) ([]models.SimpleRule,
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
|
||||
return nil, err, http.StatusInternalServerError
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
|
||||
return GetDevopsRoleSimpleRules(memberships.Role), nil, http.StatusOK
|
||||
return GetDevopsRoleSimpleRules(memberships.Role), nil
|
||||
}
|
||||
|
||||
func GetDevopsRoleSimpleRules(role string) []models.SimpleRule {
|
||||
|
||||
Reference in New Issue
Block a user