add credential api & fix api docs
This commit is contained in:
runzexia
@@ -48,32 +48,32 @@ func addWebService(c *restful.Container) error {
|
||||
Doc("get devops project").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Returns(http.StatusOK, "success", &devops.DevOpsProject{}).
|
||||
Writes(&devops.DevOpsProject{}))
|
||||
Returns(http.StatusOK, "success", devops.DevOpsProject{}).
|
||||
Writes(devops.DevOpsProject{}))
|
||||
|
||||
webservice.Route(webservice.PATCH("/devops/{devops}").
|
||||
To(devopsapi.UpdateProjectHandler).
|
||||
Doc("get devops project").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Returns(http.StatusOK, "success", &devops.DevOpsProject{}).
|
||||
Writes(&devops.DevOpsProject{}))
|
||||
Returns(http.StatusOK, "success", devops.DevOpsProject{}).
|
||||
Writes(devops.DevOpsProject{}))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/defaultroles").
|
||||
To(devopsapi.GetDevOpsProjectDefaultRoles).
|
||||
Doc("get devops project defaultroles").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Returns(http.StatusOK, "success", &devops.DefaultRoles).
|
||||
Writes(&devops.DefaultRoles))
|
||||
Returns(http.StatusOK, "success", []devops.Role{}).
|
||||
Writes([]devops.Role{}))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/members").
|
||||
To(devopsapi.GetDevOpsProjectMembersHandler).
|
||||
Doc("get devops project members").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Returns(http.StatusOK, "success", []*devops.DevOpsProjectMembership{}).
|
||||
Writes([]*devops.DevOpsProjectMembership{}))
|
||||
Returns(http.StatusOK, "success", []devops.DevOpsProjectMembership{}).
|
||||
Writes([]devops.DevOpsProjectMembership{}))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/members/{members}").
|
||||
To(devopsapi.GetDevOpsProjectMemberHandler).
|
||||
@@ -81,32 +81,53 @@ func addWebService(c *restful.Container) error {
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("members", "username")).
|
||||
Returns(http.StatusOK, "success", []*devops.DevOpsProjectMembership{}).
|
||||
Writes(&devops.DevOpsProjectMembership{}))
|
||||
Returns(http.StatusOK, "success", devops.DevOpsProjectMembership{}).
|
||||
Writes(devops.DevOpsProjectMembership{}))
|
||||
|
||||
webservice.Route(webservice.POST("/devops/{devops}/members").
|
||||
To(devopsapi.AddDevOpsProjectMemberHandler).
|
||||
Doc("add devops project members").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Returns(http.StatusOK, "success", &devops.DevOpsProjectMembership{}).
|
||||
Writes(&devops.DevOpsProjectMembership{}))
|
||||
Returns(http.StatusOK, "success", devops.DevOpsProjectMembership{}).
|
||||
Writes(devops.DevOpsProjectMembership{}))
|
||||
|
||||
webservice.Route(webservice.PATCH("/devops/{devops}/members/{members}").
|
||||
To(devopsapi.UpdateDevOpsProjectMemberHandler).
|
||||
Doc("update devops project members").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("members", "username")).
|
||||
Reads(devops.DevOpsProjectMembership{}).
|
||||
Writes(devops.DevOpsProjectMembership{}))
|
||||
|
||||
webservice.Route(webservice.DELETE("/devops/{devops}/members/{members}").
|
||||
To(devopsapi.DeleteDevOpsProjectMemberHandler).
|
||||
Doc("delete devops project members").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("members", "username")).
|
||||
Writes(devops.DevOpsProjectMembership{}))
|
||||
|
||||
webservice.Route(webservice.POST("/devops/{devops}/pipelines").
|
||||
To(devopsapi.CreateDevOpsProjectPipelineHandler).
|
||||
Doc("add devops project pipeline").
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Returns(http.StatusOK, "success", &devops.ProjectPipeline{}).
|
||||
Writes(&devops.ProjectPipeline{}).
|
||||
Reads(&devops.ProjectPipeline{}))
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Returns(http.StatusOK, "success", devops.ProjectPipeline{}).
|
||||
Writes(devops.ProjectPipeline{}).
|
||||
Reads(devops.ProjectPipeline{}))
|
||||
|
||||
webservice.Route(webservice.PUT("/devops/{devops}/pipelines/{pipelines}").
|
||||
To(devopsapi.UpdateDevOpsProjectPipelineHandler).
|
||||
Doc("update devops project pipeline").
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("pipelines", "pipelineId")).
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Returns(http.StatusOK, "success", &devops.ProjectPipeline{}).
|
||||
Writes(&devops.ProjectPipeline{}).
|
||||
Reads(&devops.ProjectPipeline{}))
|
||||
Returns(http.StatusOK, "success", devops.ProjectPipeline{}).
|
||||
Writes(devops.ProjectPipeline{}).
|
||||
Reads(devops.ProjectPipeline{}))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/pipelines/{pipelines}/config").
|
||||
To(devopsapi.GetDevOpsProjectPipelineHandler).
|
||||
Doc("get devops project pipeline config").
|
||||
@@ -115,6 +136,7 @@ func addWebService(c *restful.Container) error {
|
||||
Param(webservice.PathParameter("pipelines", "pipelineId")).
|
||||
Returns(http.StatusOK, "ok", devops.ProjectPipeline{}).
|
||||
Writes(devops.ProjectPipeline{}))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/pipelines/{pipelines}/sonarStatus").
|
||||
To(devopsapi.GetPipelineSonarStatusHandler).
|
||||
Doc("get devops project pipeline sonarStatus").
|
||||
@@ -123,6 +145,7 @@ func addWebService(c *restful.Container) error {
|
||||
Param(webservice.PathParameter("pipelines", "pipelineId")).
|
||||
Returns(http.StatusOK, "ok", []devops.SonarStatus{}).
|
||||
Writes([]devops.SonarStatus{}))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/pipelines/{pipelines}/branches/{branches}/sonarStatus").
|
||||
To(devopsapi.GetMultiBranchesPipelineSonarStatusHandler).
|
||||
Doc("get devops project pipeline sonarStatus").
|
||||
@@ -132,26 +155,63 @@ func addWebService(c *restful.Container) error {
|
||||
Param(webservice.PathParameter("branches", "branchName")).
|
||||
Returns(http.StatusOK, "ok", []devops.SonarStatus{}).
|
||||
Writes([]devops.SonarStatus{}))
|
||||
|
||||
webservice.Route(webservice.DELETE("/devops/{devops}/pipelines/{pipelines}").
|
||||
To(devopsapi.DeleteDevOpsProjectPipelineHandler).
|
||||
Doc("delete devops project pipeline").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags))
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("pipelines", "pipelineId")))
|
||||
|
||||
webservice.Route(webservice.PUT("/devops/{devops}/pipelines").
|
||||
To(devopsapi.CreateDevOpsProjectPipelineHandler).
|
||||
Doc("add devops project pipeline").
|
||||
Doc("update devops project pipeline").
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Reads(devops.ProjectPipeline{}))
|
||||
|
||||
webservice.Route(webservice.PATCH("/devops/{devops}/members/{members}").
|
||||
To(devopsapi.UpdateDevOpsProjectMemberHandler).
|
||||
Doc("update devops project members").
|
||||
webservice.Route(webservice.POST("/devops/{devops}/credentials").
|
||||
To(devopsapi.CreateDevOpsProjectCredentialHandler).
|
||||
Doc("add project credential pipeline").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Writes(&devops.DevOpsProjectMembership{}))
|
||||
webservice.Route(webservice.DELETE("/devops/{devops}/members/{members}").
|
||||
To(devopsapi.DeleteDevOpsProjectMemberHandler).
|
||||
Doc("delete devops project members").
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Reads(devops.JenkinsCredential{}))
|
||||
|
||||
webservice.Route(webservice.PUT("/devops/{devops}/credentials/{credentials}").
|
||||
To(devopsapi.UpdateDevOpsProjectCredentialHandler).
|
||||
Doc("update project credential pipeline").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Writes(&devops.DevOpsProjectMembership{}))
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("credentials", "credentialId")).
|
||||
Reads(devops.JenkinsCredential{}))
|
||||
|
||||
webservice.Route(webservice.DELETE("/devops/{devops}/credentials/{credentials}").
|
||||
To(devopsapi.DeleteDevOpsProjectCredentialHandler).
|
||||
Doc("delete project credential pipeline").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("credentials", "credentialId")))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/credentials/{credentials}").
|
||||
To(devopsapi.GetDevOpsProjectCredentialHandler).
|
||||
Doc("get project credential pipeline").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("credentials", "credentialId")).
|
||||
Param(webservice.QueryParameter("content", "getContent")).
|
||||
Param(webservice.QueryParameter("domain", "credentialDomain")).
|
||||
Returns(http.StatusOK, "success", devops.JenkinsCredential{}).
|
||||
Reads(devops.JenkinsCredential{}))
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/credentials").
|
||||
To(devopsapi.GetDevOpsProjectCredentialsHandler).
|
||||
Doc("get project credential pipeline").
|
||||
Metadata(restfulspec.KeyOpenAPITags, tags).
|
||||
Param(webservice.PathParameter("devops", "projectId")).
|
||||
Param(webservice.PathParameter("credentials", "credentialId")).
|
||||
Param(webservice.QueryParameter("domain", "credentialDomain")).
|
||||
Returns(http.StatusOK, "success", []devops.JenkinsCredential{}).
|
||||
Reads([]devops.JenkinsCredential{}))
|
||||
|
||||
// match Jenkisn api "/blue/rest/organizations/jenkins/pipelines/{projectName}/{pipelineName}"
|
||||
webservice.Route(webservice.GET("/devops/{projectName}/pipelines/{pipelineName}").
|
||||
|
||||
152
pkg/apiserver/devops/project_credential.go
Normal file
152
pkg/apiserver/devops/project_credential.go
Normal file
@@ -0,0 +1,152 @@
|
||||
package devops
|
||||
|
||||
import (
|
||||
"github.com/emicklei/go-restful"
|
||||
"github.com/golang/glog"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/errors"
|
||||
"kubesphere.io/kubesphere/pkg/models/devops"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func CreateDevOpsProjectCredentialHandler(request *restful.Request, resp *restful.Response) {
|
||||
|
||||
projectId := request.PathParameter("devops")
|
||||
username := request.HeaderParameter(constants.UserNameHeader)
|
||||
var credential *devops.JenkinsCredential
|
||||
err := request.ReadEntity(&credential)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
err = devops.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
credentialId, err := devops.CreateProjectCredential(projectId, username, credential)
|
||||
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
return
|
||||
}
|
||||
|
||||
resp.WriteAsJson(struct {
|
||||
Name string `json:"name"`
|
||||
}{Name: credentialId})
|
||||
return
|
||||
}
|
||||
|
||||
func UpdateDevOpsProjectCredentialHandler(request *restful.Request, resp *restful.Response) {
|
||||
|
||||
projectId := request.PathParameter("devops")
|
||||
username := request.HeaderParameter(constants.UserNameHeader)
|
||||
credentialId := request.PathParameter("credentials")
|
||||
var credential *devops.JenkinsCredential
|
||||
err := request.ReadEntity(&credential)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
err = devops.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
credentialId, err = devops.UpdateProjectCredential(projectId, credentialId, credential)
|
||||
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
return
|
||||
}
|
||||
|
||||
resp.WriteAsJson(struct {
|
||||
Name string `json:"name"`
|
||||
}{Name: credentialId})
|
||||
return
|
||||
}
|
||||
|
||||
func DeleteDevOpsProjectCredentialHandler(request *restful.Request, resp *restful.Response) {
|
||||
|
||||
projectId := request.PathParameter("devops")
|
||||
username := request.HeaderParameter(constants.UserNameHeader)
|
||||
credentialId := request.PathParameter("credentials")
|
||||
var credential *devops.JenkinsCredential
|
||||
err := request.ReadEntity(&credential)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
err = devops.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
credentialId, err = devops.DeleteProjectCredential(projectId, credentialId, credential)
|
||||
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
return
|
||||
}
|
||||
|
||||
resp.WriteAsJson(struct {
|
||||
Name string `json:"name"`
|
||||
}{Name: credentialId})
|
||||
return
|
||||
}
|
||||
|
||||
func GetDevOpsProjectCredentialHandler(request *restful.Request, resp *restful.Response) {
|
||||
|
||||
projectId := request.PathParameter("devops")
|
||||
username := request.HeaderParameter(constants.UserNameHeader)
|
||||
credentialId := request.PathParameter("credentials")
|
||||
getContent := request.QueryParameter("content")
|
||||
domain := request.QueryParameter("domain")
|
||||
|
||||
err := devops.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
response, err := devops.GetProjectCredential(projectId, credentialId, domain, getContent)
|
||||
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
return
|
||||
}
|
||||
|
||||
resp.WriteAsJson(response)
|
||||
return
|
||||
}
|
||||
|
||||
func GetDevOpsProjectCredentialsHandler(request *restful.Request, resp *restful.Response) {
|
||||
projectId := request.PathParameter("devops")
|
||||
username := request.HeaderParameter(constants.UserNameHeader)
|
||||
domain := request.QueryParameter("domain")
|
||||
|
||||
err := devops.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
return
|
||||
}
|
||||
jenkinsCredentials, err := devops.GetProjectCredentials(projectId, domain)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
return
|
||||
}
|
||||
resp.WriteAsJson(jenkinsCredentials)
|
||||
return
|
||||
}
|
||||
112
pkg/models/devops/project_credential.go
Normal file
112
pkg/models/devops/project_credential.go
Normal file
@@ -0,0 +1,112 @@
|
||||
package devops
|
||||
|
||||
import (
|
||||
"github.com/asaskevich/govalidator"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
CredentialTypeUsernamePassword = "username_password"
|
||||
CredentialTypeSsh = "ssh"
|
||||
CredentialTypeSecretText = "secret_text"
|
||||
CredentialTypeKubeConfig = "kubeconfig"
|
||||
)
|
||||
|
||||
type JenkinsCredential struct {
|
||||
Id string `json:"id"`
|
||||
Type string `json:"type"`
|
||||
DisplayName string `json:"display_name"`
|
||||
Fingerprint *struct {
|
||||
FileName string `json:"file_name,omitempty"`
|
||||
Hash string `json:"hash,omitempty"`
|
||||
Usage []*struct {
|
||||
Name string `json:"name,omitempty"`
|
||||
Ranges struct {
|
||||
Ranges []*struct {
|
||||
Start int `json:"start"`
|
||||
End int `json:"end"`
|
||||
} `json:"ranges"`
|
||||
} `json:"ranges"`
|
||||
} `json:"usage,omitempty"`
|
||||
} `json:"fingerprint,omitempty"`
|
||||
Description string `json:"description"`
|
||||
Domain string `json:"domain"`
|
||||
CreateTime *time.Time `json:"create_time,omitempty"`
|
||||
Creator string `json:"creator,omitempty"`
|
||||
UsernamePasswordCredential *UsernamePasswordCredential `json:"username_password"`
|
||||
SshCredential *SshCredential `json:"ssh"`
|
||||
SecretTextCredential *SecretTextCredential `json:"secret_text"`
|
||||
KubeconfigCredential *KubeconfigCredential `json:"kubeconfig"`
|
||||
}
|
||||
|
||||
type UsernamePasswordCredential struct {
|
||||
Id string `json:"id"`
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password,omitempty"`
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type SshCredential struct {
|
||||
Id string `json:"id"`
|
||||
Username string `json:"username"`
|
||||
Passphrase string `json:"passphrase"`
|
||||
PrivateKey string `json:"private_key" mapstructure:"private_key"`
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type SecretTextCredential struct {
|
||||
Id string `json:"id"`
|
||||
Secret string `json:"secret"`
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type KubeconfigCredential struct {
|
||||
Id string `json:"id"`
|
||||
Content string `json:"content"`
|
||||
Description string `json:"description"`
|
||||
}
|
||||
|
||||
type DeleteCredentialRequest struct {
|
||||
Domain string `json:"domain"`
|
||||
}
|
||||
|
||||
type CopySshCredentialRequest struct {
|
||||
Id string `json:"id"`
|
||||
}
|
||||
|
||||
const (
|
||||
ProjectCredentialTableName = "project_credential"
|
||||
ProjectCredentialIdColumn = "credential_id"
|
||||
ProjectCredentialDomainColumn = "domain"
|
||||
ProjectCredentialProjectIdColumn = "project_id"
|
||||
)
|
||||
|
||||
var CredentialTypeMap = map[string]string{
|
||||
"SSH Username with private key": CredentialTypeSsh,
|
||||
"Username with password": CredentialTypeUsernamePassword,
|
||||
"Secret text": CredentialTypeSecretText,
|
||||
"Kubernetes configuration (kubeconfig)": CredentialTypeKubeConfig,
|
||||
}
|
||||
|
||||
type ProjectCredential struct {
|
||||
ProjectId string `json:"project_id"`
|
||||
CredentialId string `json:"credential_id"`
|
||||
Domain string `json:"domain"`
|
||||
Creator string `json:"creator"`
|
||||
CreateTime time.Time `json:"create_time"`
|
||||
}
|
||||
|
||||
var ProjectCredentialColumns = GetColumnsFromStruct(&ProjectCredential{})
|
||||
|
||||
func NewProjectCredential(projectId, credentialId, domain, creator string) *ProjectCredential {
|
||||
if govalidator.IsNull(domain) {
|
||||
domain = "_"
|
||||
}
|
||||
return &ProjectCredential{
|
||||
ProjectId: projectId,
|
||||
CredentialId: credentialId,
|
||||
Domain: domain,
|
||||
Creator: creator,
|
||||
CreateTime: time.Now(),
|
||||
}
|
||||
}
|
||||
468
pkg/models/devops/project_credential_handler.go
Normal file
468
pkg/models/devops/project_credential_handler.go
Normal file
@@ -0,0 +1,468 @@
|
||||
package devops
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/PuerkitoBio/goquery"
|
||||
"github.com/asaskevich/govalidator"
|
||||
"github.com/emicklei/go-restful"
|
||||
"github.com/gocraft/dbr"
|
||||
"github.com/golang/glog"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/db"
|
||||
"kubesphere.io/kubesphere/pkg/gojenkins"
|
||||
"kubesphere.io/kubesphere/pkg/gojenkins/utils"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/admin_jenkins"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func CreateProjectCredential(projectId, username string, credentialRequest *JenkinsCredential) (string, error) {
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
switch credentialRequest.Type {
|
||||
case CredentialTypeUsernamePassword:
|
||||
err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.UsernamePasswordCredential.Id)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", err
|
||||
}
|
||||
if credentialRequest.UsernamePasswordCredential == nil {
|
||||
err := fmt.Errorf("usename_password should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
credentialId, err := jenkinsClient.CreateUsernamePasswordCredentialInFolder(credentialRequest.Domain,
|
||||
credentialRequest.UsernamePasswordCredential.Id,
|
||||
credentialRequest.UsernamePasswordCredential.Username,
|
||||
credentialRequest.UsernamePasswordCredential.Password,
|
||||
credentialRequest.UsernamePasswordCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", err
|
||||
}
|
||||
return *credentialId, nil
|
||||
case CredentialTypeSsh:
|
||||
err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.SshCredential.Id)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", err
|
||||
}
|
||||
if credentialRequest.SshCredential == nil {
|
||||
err := fmt.Errorf("ssh should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
credentialId, err := jenkinsClient.CreateSshCredentialInFolder(credentialRequest.Domain,
|
||||
credentialRequest.SshCredential.Id,
|
||||
credentialRequest.SshCredential.Username,
|
||||
credentialRequest.SshCredential.Passphrase,
|
||||
credentialRequest.SshCredential.PrivateKey,
|
||||
credentialRequest.SshCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return *credentialId, nil
|
||||
case CredentialTypeSecretText:
|
||||
err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.SecretTextCredential.Id)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", err
|
||||
}
|
||||
if credentialRequest.SecretTextCredential == nil {
|
||||
err := fmt.Errorf("secret_text should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
|
||||
credentialId, err := jenkinsClient.CreateSecretTextCredentialInFolder(credentialRequest.Domain,
|
||||
credentialRequest.SecretTextCredential.Id,
|
||||
credentialRequest.SecretTextCredential.Secret,
|
||||
credentialRequest.SecretTextCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return *credentialId, nil
|
||||
case CredentialTypeKubeConfig:
|
||||
err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.KubeconfigCredential.Id)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", err
|
||||
}
|
||||
if credentialRequest.KubeconfigCredential == nil {
|
||||
err := fmt.Errorf("kubeconfig should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
credentialId, err := jenkinsClient.CreateKubeconfigCredentialInFolder(credentialRequest.Domain,
|
||||
credentialRequest.KubeconfigCredential.Id,
|
||||
credentialRequest.KubeconfigCredential.Content,
|
||||
credentialRequest.KubeconfigCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return *credentialId, nil
|
||||
default:
|
||||
err := fmt.Errorf("error unsupport credential type")
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func UpdateProjectCredential(projectId, credentialId string, credentialRequest *JenkinsCredential) (string, error) {
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
jenkinsCredential, err := jenkinsClient.GetCredentialInFolder(credentialRequest.Domain,
|
||||
credentialId,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
credentialType := CredentialTypeMap[jenkinsCredential.TypeName]
|
||||
switch credentialType {
|
||||
case CredentialTypeUsernamePassword:
|
||||
if credentialRequest.UsernamePasswordCredential == nil {
|
||||
err := fmt.Errorf("usename_password should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
credentialId, err := jenkinsClient.UpdateUsernamePasswordCredentialInFolder(credentialRequest.Domain,
|
||||
credentialId,
|
||||
credentialRequest.UsernamePasswordCredential.Username,
|
||||
credentialRequest.UsernamePasswordCredential.Password,
|
||||
credentialRequest.UsernamePasswordCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
return *credentialId, nil
|
||||
case CredentialTypeSsh:
|
||||
if credentialRequest.SshCredential == nil {
|
||||
err := fmt.Errorf("ssh should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
credentialId, err := jenkinsClient.UpdateSshCredentialInFolder(credentialRequest.Domain,
|
||||
credentialId,
|
||||
credentialRequest.SshCredential.Username,
|
||||
credentialRequest.SshCredential.Passphrase,
|
||||
credentialRequest.SshCredential.PrivateKey,
|
||||
credentialRequest.SshCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
return *credentialId, nil
|
||||
case CredentialTypeSecretText:
|
||||
if credentialRequest.SecretTextCredential == nil {
|
||||
err := fmt.Errorf("secret_text should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
credentialId, err := jenkinsClient.UpdateSecretTextCredentialInFolder(credentialRequest.Domain,
|
||||
credentialId,
|
||||
credentialRequest.SecretTextCredential.Secret,
|
||||
credentialRequest.SecretTextCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
return *credentialId, nil
|
||||
case CredentialTypeKubeConfig:
|
||||
if credentialRequest.KubeconfigCredential == nil {
|
||||
err := fmt.Errorf("kubeconfig should not be nil")
|
||||
glog.Error(err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
credentialId, err := jenkinsClient.UpdateKubeconfigCredentialInFolder(credentialRequest.Domain,
|
||||
credentialId,
|
||||
credentialRequest.KubeconfigCredential.Content,
|
||||
credentialRequest.KubeconfigCredential.Description,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
return *credentialId, nil
|
||||
default:
|
||||
err := fmt.Errorf("error unsupport credential type")
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusBadRequest, err.Error())
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func DeleteProjectCredential(projectId, credentialId string, credentialRequest *JenkinsCredential) (string, error) {
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
dbClient := devops_mysql.OpenDatabase()
|
||||
_, err := jenkinsClient.GetCredentialInFolder(credentialRequest.Domain,
|
||||
credentialId,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
id, err := jenkinsClient.DeleteCredentialInFolder(credentialRequest.Domain, credentialId, projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
deleteConditions := append(make([]dbr.Builder, 0), db.Eq(ProjectCredentialProjectIdColumn, projectId))
|
||||
deleteConditions = append(deleteConditions, db.Eq(ProjectCredentialIdColumn, credentialId))
|
||||
if !govalidator.IsNull(credentialRequest.Domain) {
|
||||
deleteConditions = append(deleteConditions, db.Eq(ProjectCredentialDomainColumn, credentialRequest.Domain))
|
||||
} else {
|
||||
deleteConditions = append(deleteConditions, db.Eq(ProjectCredentialDomainColumn, "_"))
|
||||
}
|
||||
|
||||
_, err = dbClient.DeleteFrom(ProjectCredentialTableName).
|
||||
Where(db.And(deleteConditions...)).Exec()
|
||||
if err != nil && err != db.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return "", restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return *id, nil
|
||||
|
||||
}
|
||||
|
||||
func GetProjectCredential(projectId, credentialId, domain, getContent string) (*JenkinsCredential, error) {
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
dbClient := devops_mysql.OpenDatabase()
|
||||
jenkinsResponse, err := jenkinsClient.GetCredentialInFolder(domain,
|
||||
credentialId,
|
||||
projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
|
||||
projectCredential := &ProjectCredential{}
|
||||
err = dbClient.Select(ProjectCredentialColumns...).
|
||||
From(ProjectCredentialTableName).Where(
|
||||
db.And(db.Eq(ProjectCredentialProjectIdColumn, projectId),
|
||||
db.Eq(ProjectCredentialIdColumn, credentialId),
|
||||
db.Eq(ProjectCredentialDomainColumn, jenkinsResponse.Domain))).LoadOne(projectCredential)
|
||||
|
||||
if err != nil && err != db.ErrNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
|
||||
response := formatCredentialResponse(jenkinsResponse, projectCredential)
|
||||
if getContent != "" {
|
||||
stringBody, err := jenkinsClient.GetCredentialContentInFolder(jenkinsResponse.Domain, credentialId, projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
stringReader := strings.NewReader(stringBody)
|
||||
doc, err := goquery.NewDocumentFromReader(stringReader)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
switch response.Type {
|
||||
case CredentialTypeKubeConfig:
|
||||
content := &KubeconfigCredential{}
|
||||
doc.Find("textarea[name*=content]").Each(func(i int, selection *goquery.Selection) {
|
||||
value := selection.Text()
|
||||
content.Content = value
|
||||
})
|
||||
|
||||
doc.Find("input[name*=id][type=text]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Id = value
|
||||
})
|
||||
doc.Find("input[name*=description]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Description = value
|
||||
})
|
||||
response.KubeconfigCredential = content
|
||||
case CredentialTypeUsernamePassword:
|
||||
content := &UsernamePasswordCredential{}
|
||||
doc.Find("input[name*=username]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Username = value
|
||||
})
|
||||
|
||||
doc.Find("input[name*=id][type=text]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Id = value
|
||||
})
|
||||
doc.Find("input[name*=description]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Description = value
|
||||
})
|
||||
response.UsernamePasswordCredential = content
|
||||
case CredentialTypeSsh:
|
||||
content := &SshCredential{}
|
||||
doc.Find("input[name*=username]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Username = value
|
||||
})
|
||||
|
||||
doc.Find("input[name*=id][type=text]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Id = value
|
||||
})
|
||||
doc.Find("input[name*=description]").Each(func(i int, selection *goquery.Selection) {
|
||||
value, _ := selection.Attr("value")
|
||||
content.Description = value
|
||||
})
|
||||
doc.Find("textarea[name*=privateKey]").Each(func(i int, selection *goquery.Selection) {
|
||||
value := selection.Text()
|
||||
content.PrivateKey = value
|
||||
})
|
||||
response.SshCredential = content
|
||||
}
|
||||
}
|
||||
return response, nil
|
||||
|
||||
}
|
||||
|
||||
func GetProjectCredentials(projectId, domain string) ([]*JenkinsCredential, error) {
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
dbClient := devops_mysql.OpenDatabase()
|
||||
jenkinsCredentialResponses, err := jenkinsClient.GetCredentialsInFolder(domain, projectId)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
|
||||
}
|
||||
selectCondition := db.Eq(ProjectCredentialProjectIdColumn, projectId)
|
||||
if !govalidator.IsNull(domain) {
|
||||
selectCondition = db.And(selectCondition, db.Eq(ProjectCredentialDomainColumn, domain))
|
||||
}
|
||||
projectCredentials := make([]*ProjectCredential, 0)
|
||||
_, err = dbClient.Select(ProjectCredentialColumns...).
|
||||
From(ProjectCredentialTableName).Where(selectCondition).Load(&projectCredentials)
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return nil, restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
response := formatCredentialsResponse(jenkinsCredentialResponses, projectCredentials)
|
||||
return response, nil
|
||||
}
|
||||
|
||||
func insertCredentialToDb(projectId, credentialId, domain, username string) error {
|
||||
dbClient := devops_mysql.OpenDatabase()
|
||||
projectCredential := NewProjectCredential(projectId, credentialId, domain, username)
|
||||
_, err := dbClient.InsertInto(ProjectCredentialTableName).Columns(ProjectCredentialColumns...).
|
||||
Record(projectCredential).Exec()
|
||||
if err != nil {
|
||||
glog.Errorf("%+v", err)
|
||||
return restful.NewError(http.StatusInternalServerError, err.Error())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkJenkinsCredentialExists(projectId, domain, credentialId string) error {
|
||||
jenkinsClient := admin_jenkins.Client()
|
||||
credential, err := jenkinsClient.GetCredentialInFolder(domain, credentialId, projectId)
|
||||
if credential != nil {
|
||||
err := fmt.Errorf("credential id [%s] has been used", credential.Id)
|
||||
glog.Warning(err.Error())
|
||||
return restful.NewError(http.StatusConflict, err.Error())
|
||||
}
|
||||
if err != nil && utils.GetJenkinsStatusCode(err) != http.StatusNotFound {
|
||||
glog.Errorf("%+v", err)
|
||||
|
||||
return restful.NewError(http.StatusBadRequest, err.Error())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func formatCredentialResponse(
|
||||
jenkinsCredentialResponse *gojenkins.CredentialResponse,
|
||||
dbCredentialResponse *ProjectCredential) *JenkinsCredential {
|
||||
response := &JenkinsCredential{}
|
||||
response.Id = jenkinsCredentialResponse.Id
|
||||
response.Description = jenkinsCredentialResponse.Description
|
||||
response.DisplayName = jenkinsCredentialResponse.DisplayName
|
||||
if jenkinsCredentialResponse.Fingerprint != nil && jenkinsCredentialResponse.Fingerprint.Hash != "" {
|
||||
response.Fingerprint = &struct {
|
||||
FileName string `json:"file_name,omitempty"`
|
||||
Hash string `json:"hash,omitempty"`
|
||||
Usage []*struct {
|
||||
Name string `json:"name,omitempty"`
|
||||
Ranges struct {
|
||||
Ranges []*struct {
|
||||
Start int `json:"start"`
|
||||
End int `json:"end"`
|
||||
} `json:"ranges"`
|
||||
} `json:"ranges"`
|
||||
} `json:"usage,omitempty"`
|
||||
}{}
|
||||
response.Fingerprint.FileName = jenkinsCredentialResponse.Fingerprint.FileName
|
||||
response.Fingerprint.Hash = jenkinsCredentialResponse.Fingerprint.Hash
|
||||
for _, usage := range jenkinsCredentialResponse.Fingerprint.Usage {
|
||||
response.Fingerprint.Usage = append(response.Fingerprint.Usage, usage)
|
||||
}
|
||||
}
|
||||
response.Domain = jenkinsCredentialResponse.Domain
|
||||
|
||||
if dbCredentialResponse != nil {
|
||||
response.CreateTime = &dbCredentialResponse.CreateTime
|
||||
response.Creator = dbCredentialResponse.Creator
|
||||
}
|
||||
|
||||
credentialType, ok := CredentialTypeMap[jenkinsCredentialResponse.TypeName]
|
||||
if ok {
|
||||
response.Type = credentialType
|
||||
return response
|
||||
}
|
||||
response.Type = jenkinsCredentialResponse.TypeName
|
||||
return response
|
||||
}
|
||||
|
||||
func formatCredentialsResponse(jenkinsCredentialsResponse []*gojenkins.CredentialResponse,
|
||||
projectCredentials []*ProjectCredential) []*JenkinsCredential {
|
||||
responseSlice := make([]*JenkinsCredential, 0)
|
||||
for _, jenkinsCredential := range jenkinsCredentialsResponse {
|
||||
var dbCredential *ProjectCredential = nil
|
||||
for _, projectCredential := range projectCredentials {
|
||||
if projectCredential.CredentialId == jenkinsCredential.Id &&
|
||||
projectCredential.Domain == jenkinsCredential.Domain {
|
||||
dbCredential = projectCredential
|
||||
}
|
||||
}
|
||||
responseSlice = append(responseSlice, formatCredentialResponse(jenkinsCredential, dbCredential))
|
||||
}
|
||||
return responseSlice
|
||||
}
|
||||
Reference in New Issue
Block a user