add credential api & fix api docs

2019-04-26 16:41:12 +08:00
parent 1317843110
commit 2fc4160448
4 changed files with 820 additions and 28 deletions
--- a/pkg/models/devops/project_credential.go
+++ b/pkg/models/devops/project_credential.go
@@ -0,0 +1,112 @@
+package devops
+
+import (
+	"github.com/asaskevich/govalidator"
+	"time"
+)
+
+const (
+	CredentialTypeUsernamePassword = "username_password"
+	CredentialTypeSsh              = "ssh"
+	CredentialTypeSecretText       = "secret_text"
+	CredentialTypeKubeConfig       = "kubeconfig"
+)
+
+type JenkinsCredential struct {
+	Id          string `json:"id"`
+	Type        string `json:"type"`
+	DisplayName string `json:"display_name"`
+	Fingerprint *struct {
+		FileName string `json:"file_name,omitempty"`
+		Hash     string `json:"hash,omitempty"`
+		Usage    []*struct {
+			Name   string `json:"name,omitempty"`
+			Ranges struct {
+				Ranges []*struct {
+					Start int `json:"start"`
+					End   int `json:"end"`
+				} `json:"ranges"`
+			} `json:"ranges"`
+		} `json:"usage,omitempty"`
+	} `json:"fingerprint,omitempty"`
+	Description                string                      `json:"description"`
+	Domain                     string                      `json:"domain"`
+	CreateTime                 *time.Time                  `json:"create_time,omitempty"`
+	Creator                    string                      `json:"creator,omitempty"`
+	UsernamePasswordCredential *UsernamePasswordCredential `json:"username_password"`
+	SshCredential              *SshCredential              `json:"ssh"`
+	SecretTextCredential       *SecretTextCredential       `json:"secret_text"`
+	KubeconfigCredential       *KubeconfigCredential       `json:"kubeconfig"`
+}
+
+type UsernamePasswordCredential struct {
+	Id          string `json:"id"`
+	Username    string `json:"username"`
+	Password    string `json:"password,omitempty"`
+	Description string `json:"description"`
+}
+
+type SshCredential struct {
+	Id          string `json:"id"`
+	Username    string `json:"username"`
+	Passphrase  string `json:"passphrase"`
+	PrivateKey  string `json:"private_key" mapstructure:"private_key"`
+	Description string `json:"description"`
+}
+
+type SecretTextCredential struct {
+	Id          string `json:"id"`
+	Secret      string `json:"secret"`
+	Description string `json:"description"`
+}
+
+type KubeconfigCredential struct {
+	Id          string `json:"id"`
+	Content     string `json:"content"`
+	Description string `json:"description"`
+}
+
+type DeleteCredentialRequest struct {
+	Domain string `json:"domain"`
+}
+
+type CopySshCredentialRequest struct {
+	Id string `json:"id"`
+}
+
+const (
+	ProjectCredentialTableName       = "project_credential"
+	ProjectCredentialIdColumn        = "credential_id"
+	ProjectCredentialDomainColumn    = "domain"
+	ProjectCredentialProjectIdColumn = "project_id"
+)
+
+var CredentialTypeMap = map[string]string{
+	"SSH Username with private key":         CredentialTypeSsh,
+	"Username with password":                CredentialTypeUsernamePassword,
+	"Secret text":                           CredentialTypeSecretText,
+	"Kubernetes configuration (kubeconfig)": CredentialTypeKubeConfig,
+}
+
+type ProjectCredential struct {
+	ProjectId    string    `json:"project_id"`
+	CredentialId string    `json:"credential_id"`
+	Domain       string    `json:"domain"`
+	Creator      string    `json:"creator"`
+	CreateTime   time.Time `json:"create_time"`
+}
+
+var ProjectCredentialColumns = GetColumnsFromStruct(&ProjectCredential{})
+
+func NewProjectCredential(projectId, credentialId, domain, creator string) *ProjectCredential {
+	if govalidator.IsNull(domain) {
+		domain = "_"
+	}
+	return &ProjectCredential{
+		ProjectId:    projectId,
+		CredentialId: credentialId,
+		Domain:       domain,
+		Creator:      creator,
+		CreateTime:   time.Now(),
+	}
+}
--- a/pkg/models/devops/project_credential_handler.go
+++ b/pkg/models/devops/project_credential_handler.go
@@ -0,0 +1,468 @@
+package devops
+
+import (
+	"fmt"
+	"github.com/PuerkitoBio/goquery"
+	"github.com/asaskevich/govalidator"
+	"github.com/emicklei/go-restful"
+	"github.com/gocraft/dbr"
+	"github.com/golang/glog"
+
+	"kubesphere.io/kubesphere/pkg/db"
+	"kubesphere.io/kubesphere/pkg/gojenkins"
+	"kubesphere.io/kubesphere/pkg/gojenkins/utils"
+	"kubesphere.io/kubesphere/pkg/simple/client/admin_jenkins"
+	"kubesphere.io/kubesphere/pkg/simple/client/devops_mysql"
+	"net/http"
+	"strings"
+)
+
+func CreateProjectCredential(projectId, username string, credentialRequest *JenkinsCredential) (string, error) {
+	jenkinsClient := admin_jenkins.Client()
+	switch credentialRequest.Type {
+	case CredentialTypeUsernamePassword:
+		err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.UsernamePasswordCredential.Id)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", err
+		}
+		if credentialRequest.UsernamePasswordCredential == nil {
+			err := fmt.Errorf("usename_password should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+		credentialId, err := jenkinsClient.CreateUsernamePasswordCredentialInFolder(credentialRequest.Domain,
+			credentialRequest.UsernamePasswordCredential.Id,
+			credentialRequest.UsernamePasswordCredential.Username,
+			credentialRequest.UsernamePasswordCredential.Password,
+			credentialRequest.UsernamePasswordCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+		err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", err
+		}
+		return *credentialId, nil
+	case CredentialTypeSsh:
+		err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.SshCredential.Id)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", err
+		}
+		if credentialRequest.SshCredential == nil {
+			err := fmt.Errorf("ssh should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+		credentialId, err := jenkinsClient.CreateSshCredentialInFolder(credentialRequest.Domain,
+			credentialRequest.SshCredential.Id,
+			credentialRequest.SshCredential.Username,
+			credentialRequest.SshCredential.Passphrase,
+			credentialRequest.SshCredential.PrivateKey,
+			credentialRequest.SshCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+
+		err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(http.StatusInternalServerError, err.Error())
+		}
+		return *credentialId, nil
+	case CredentialTypeSecretText:
+		err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.SecretTextCredential.Id)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", err
+		}
+		if credentialRequest.SecretTextCredential == nil {
+			err := fmt.Errorf("secret_text should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+
+		credentialId, err := jenkinsClient.CreateSecretTextCredentialInFolder(credentialRequest.Domain,
+			credentialRequest.SecretTextCredential.Id,
+			credentialRequest.SecretTextCredential.Secret,
+			credentialRequest.SecretTextCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+
+		err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(http.StatusInternalServerError, err.Error())
+		}
+		return *credentialId, nil
+	case CredentialTypeKubeConfig:
+		err := checkJenkinsCredentialExists(projectId, credentialRequest.Domain, credentialRequest.KubeconfigCredential.Id)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", err
+		}
+		if credentialRequest.KubeconfigCredential == nil {
+			err := fmt.Errorf("kubeconfig should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+		credentialId, err := jenkinsClient.CreateKubeconfigCredentialInFolder(credentialRequest.Domain,
+			credentialRequest.KubeconfigCredential.Id,
+			credentialRequest.KubeconfigCredential.Content,
+			credentialRequest.KubeconfigCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+		err = insertCredentialToDb(projectId, *credentialId, credentialRequest.Domain, username)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(http.StatusInternalServerError, err.Error())
+		}
+		return *credentialId, nil
+	default:
+		err := fmt.Errorf("error unsupport credential type")
+		glog.Errorf("%+v", err)
+		return "", restful.NewError(http.StatusBadRequest, err.Error())
+
+	}
+
+}
+
+func UpdateProjectCredential(projectId, credentialId string, credentialRequest *JenkinsCredential) (string, error) {
+	jenkinsClient := admin_jenkins.Client()
+	jenkinsCredential, err := jenkinsClient.GetCredentialInFolder(credentialRequest.Domain,
+		credentialId,
+		projectId)
+	if err != nil {
+		glog.Errorf("%+v", err)
+		return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+	}
+	credentialType := CredentialTypeMap[jenkinsCredential.TypeName]
+	switch credentialType {
+	case CredentialTypeUsernamePassword:
+		if credentialRequest.UsernamePasswordCredential == nil {
+			err := fmt.Errorf("usename_password should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+		credentialId, err := jenkinsClient.UpdateUsernamePasswordCredentialInFolder(credentialRequest.Domain,
+			credentialId,
+			credentialRequest.UsernamePasswordCredential.Username,
+			credentialRequest.UsernamePasswordCredential.Password,
+			credentialRequest.UsernamePasswordCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+
+		return *credentialId, nil
+	case CredentialTypeSsh:
+		if credentialRequest.SshCredential == nil {
+			err := fmt.Errorf("ssh should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+		credentialId, err := jenkinsClient.UpdateSshCredentialInFolder(credentialRequest.Domain,
+			credentialId,
+			credentialRequest.SshCredential.Username,
+			credentialRequest.SshCredential.Passphrase,
+			credentialRequest.SshCredential.PrivateKey,
+			credentialRequest.SshCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+
+		return *credentialId, nil
+	case CredentialTypeSecretText:
+		if credentialRequest.SecretTextCredential == nil {
+			err := fmt.Errorf("secret_text should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+		credentialId, err := jenkinsClient.UpdateSecretTextCredentialInFolder(credentialRequest.Domain,
+			credentialId,
+			credentialRequest.SecretTextCredential.Secret,
+			credentialRequest.SecretTextCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+		return *credentialId, nil
+	case CredentialTypeKubeConfig:
+		if credentialRequest.KubeconfigCredential == nil {
+			err := fmt.Errorf("kubeconfig should not be nil")
+			glog.Error(err)
+			return "", restful.NewError(http.StatusBadRequest, err.Error())
+		}
+		credentialId, err := jenkinsClient.UpdateKubeconfigCredentialInFolder(credentialRequest.Domain,
+			credentialId,
+			credentialRequest.KubeconfigCredential.Content,
+			credentialRequest.KubeconfigCredential.Description,
+			projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+		return *credentialId, nil
+	default:
+		err := fmt.Errorf("error unsupport credential type")
+		glog.Errorf("%+v", err)
+		return "", restful.NewError(http.StatusBadRequest, err.Error())
+
+	}
+
+}
+
+func DeleteProjectCredential(projectId, credentialId string, credentialRequest *JenkinsCredential) (string, error) {
+	jenkinsClient := admin_jenkins.Client()
+	dbClient := devops_mysql.OpenDatabase()
+	_, err := jenkinsClient.GetCredentialInFolder(credentialRequest.Domain,
+		credentialId,
+		projectId)
+	if err != nil {
+		glog.Errorf("%+v", err)
+		return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+	}
+	id, err := jenkinsClient.DeleteCredentialInFolder(credentialRequest.Domain, credentialId, projectId)
+	if err != nil {
+		glog.Errorf("%+v", err)
+		return "", restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+	}
+
+	deleteConditions := append(make([]dbr.Builder, 0), db.Eq(ProjectCredentialProjectIdColumn, projectId))
+	deleteConditions = append(deleteConditions, db.Eq(ProjectCredentialIdColumn, credentialId))
+	if !govalidator.IsNull(credentialRequest.Domain) {
+		deleteConditions = append(deleteConditions, db.Eq(ProjectCredentialDomainColumn, credentialRequest.Domain))
+	} else {
+		deleteConditions = append(deleteConditions, db.Eq(ProjectCredentialDomainColumn, "_"))
+	}
+
+	_, err = dbClient.DeleteFrom(ProjectCredentialTableName).
+		Where(db.And(deleteConditions...)).Exec()
+	if err != nil && err != db.ErrNotFound {
+		glog.Errorf("%+v", err)
+		return "", restful.NewError(http.StatusInternalServerError, err.Error())
+	}
+	return *id, nil
+
+}
+
+func GetProjectCredential(projectId, credentialId, domain, getContent string) (*JenkinsCredential, error) {
+	jenkinsClient := admin_jenkins.Client()
+	dbClient := devops_mysql.OpenDatabase()
+	jenkinsResponse, err := jenkinsClient.GetCredentialInFolder(domain,
+		credentialId,
+		projectId)
+	if err != nil {
+		glog.Errorf("%+v", err)
+		return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+	}
+
+	projectCredential := &ProjectCredential{}
+	err = dbClient.Select(ProjectCredentialColumns...).
+		From(ProjectCredentialTableName).Where(
+		db.And(db.Eq(ProjectCredentialProjectIdColumn, projectId),
+			db.Eq(ProjectCredentialIdColumn, credentialId),
+			db.Eq(ProjectCredentialDomainColumn, jenkinsResponse.Domain))).LoadOne(projectCredential)
+
+	if err != nil && err != db.ErrNotFound {
+		glog.Errorf("%+v", err)
+		return nil, restful.NewError(http.StatusInternalServerError, err.Error())
+	}
+
+	response := formatCredentialResponse(jenkinsResponse, projectCredential)
+	if getContent != "" {
+		stringBody, err := jenkinsClient.GetCredentialContentInFolder(jenkinsResponse.Domain, credentialId, projectId)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+		}
+		stringReader := strings.NewReader(stringBody)
+		doc, err := goquery.NewDocumentFromReader(stringReader)
+		if err != nil {
+			glog.Errorf("%+v", err)
+			return nil, restful.NewError(http.StatusInternalServerError, err.Error())
+		}
+		switch response.Type {
+		case CredentialTypeKubeConfig:
+			content := &KubeconfigCredential{}
+			doc.Find("textarea[name*=content]").Each(func(i int, selection *goquery.Selection) {
+				value := selection.Text()
+				content.Content = value
+			})
+
+			doc.Find("input[name*=id][type=text]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Id = value
+			})
+			doc.Find("input[name*=description]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Description = value
+			})
+			response.KubeconfigCredential = content
+		case CredentialTypeUsernamePassword:
+			content := &UsernamePasswordCredential{}
+			doc.Find("input[name*=username]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Username = value
+			})
+
+			doc.Find("input[name*=id][type=text]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Id = value
+			})
+			doc.Find("input[name*=description]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Description = value
+			})
+			response.UsernamePasswordCredential = content
+		case CredentialTypeSsh:
+			content := &SshCredential{}
+			doc.Find("input[name*=username]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Username = value
+			})
+
+			doc.Find("input[name*=id][type=text]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Id = value
+			})
+			doc.Find("input[name*=description]").Each(func(i int, selection *goquery.Selection) {
+				value, _ := selection.Attr("value")
+				content.Description = value
+			})
+			doc.Find("textarea[name*=privateKey]").Each(func(i int, selection *goquery.Selection) {
+				value := selection.Text()
+				content.PrivateKey = value
+			})
+			response.SshCredential = content
+		}
+	}
+	return response, nil
+
+}
+
+func GetProjectCredentials(projectId, domain string) ([]*JenkinsCredential, error) {
+	jenkinsClient := admin_jenkins.Client()
+	dbClient := devops_mysql.OpenDatabase()
+	jenkinsCredentialResponses, err := jenkinsClient.GetCredentialsInFolder(domain, projectId)
+	if err != nil {
+		glog.Errorf("%+v", err)
+		return nil, restful.NewError(utils.GetJenkinsStatusCode(err), err.Error())
+	}
+	selectCondition := db.Eq(ProjectCredentialProjectIdColumn, projectId)
+	if !govalidator.IsNull(domain) {
+		selectCondition = db.And(selectCondition, db.Eq(ProjectCredentialDomainColumn, domain))
+	}
+	projectCredentials := make([]*ProjectCredential, 0)
+	_, err = dbClient.Select(ProjectCredentialColumns...).
+		From(ProjectCredentialTableName).Where(selectCondition).Load(&projectCredentials)
+	if err != nil {
+		glog.Errorf("%+v", err)
+		return nil, restful.NewError(http.StatusInternalServerError, err.Error())
+	}
+	response := formatCredentialsResponse(jenkinsCredentialResponses, projectCredentials)
+	return response, nil
+}
+
+func insertCredentialToDb(projectId, credentialId, domain, username string) error {
+	dbClient := devops_mysql.OpenDatabase()
+	projectCredential := NewProjectCredential(projectId, credentialId, domain, username)
+	_, err := dbClient.InsertInto(ProjectCredentialTableName).Columns(ProjectCredentialColumns...).
+		Record(projectCredential).Exec()
+	if err != nil {
+		glog.Errorf("%+v", err)
+		return restful.NewError(http.StatusInternalServerError, err.Error())
+	}
+	return nil
+}
+
+func checkJenkinsCredentialExists(projectId, domain, credentialId string) error {
+	jenkinsClient := admin_jenkins.Client()
+	credential, err := jenkinsClient.GetCredentialInFolder(domain, credentialId, projectId)
+	if credential != nil {
+		err := fmt.Errorf("credential id [%s] has been used", credential.Id)
+		glog.Warning(err.Error())
+		return restful.NewError(http.StatusConflict, err.Error())
+	}
+	if err != nil && utils.GetJenkinsStatusCode(err) != http.StatusNotFound {
+		glog.Errorf("%+v", err)
+
+		return restful.NewError(http.StatusBadRequest, err.Error())
+	}
+	return nil
+}
+
+func formatCredentialResponse(
+	jenkinsCredentialResponse *gojenkins.CredentialResponse,
+	dbCredentialResponse *ProjectCredential) *JenkinsCredential {
+	response := &JenkinsCredential{}
+	response.Id = jenkinsCredentialResponse.Id
+	response.Description = jenkinsCredentialResponse.Description
+	response.DisplayName = jenkinsCredentialResponse.DisplayName
+	if jenkinsCredentialResponse.Fingerprint != nil && jenkinsCredentialResponse.Fingerprint.Hash != "" {
+		response.Fingerprint = &struct {
+			FileName string `json:"file_name,omitempty"`
+			Hash     string `json:"hash,omitempty"`
+			Usage    []*struct {
+				Name   string `json:"name,omitempty"`
+				Ranges struct {
+					Ranges []*struct {
+						Start int `json:"start"`
+						End   int `json:"end"`
+					} `json:"ranges"`
+				} `json:"ranges"`
+			} `json:"usage,omitempty"`
+		}{}
+		response.Fingerprint.FileName = jenkinsCredentialResponse.Fingerprint.FileName
+		response.Fingerprint.Hash = jenkinsCredentialResponse.Fingerprint.Hash
+		for _, usage := range jenkinsCredentialResponse.Fingerprint.Usage {
+			response.Fingerprint.Usage = append(response.Fingerprint.Usage, usage)
+		}
+	}
+	response.Domain = jenkinsCredentialResponse.Domain
+
+	if dbCredentialResponse != nil {
+		response.CreateTime = &dbCredentialResponse.CreateTime
+		response.Creator = dbCredentialResponse.Creator
+	}
+
+	credentialType, ok := CredentialTypeMap[jenkinsCredentialResponse.TypeName]
+	if ok {
+		response.Type = credentialType
+		return response
+	}
+	response.Type = jenkinsCredentialResponse.TypeName
+	return response
+}
+
+func formatCredentialsResponse(jenkinsCredentialsResponse []*gojenkins.CredentialResponse,
+	projectCredentials []*ProjectCredential) []*JenkinsCredential {
+	responseSlice := make([]*JenkinsCredential, 0)
+	for _, jenkinsCredential := range jenkinsCredentialsResponse {
+		var dbCredential *ProjectCredential = nil
+		for _, projectCredential := range projectCredentials {
+			if projectCredential.CredentialId == jenkinsCredential.Id &&
+				projectCredential.Domain == jenkinsCredential.Domain {
+				dbCredential = projectCredential
+			}
+		}
+		responseSlice = append(responseSlice, formatCredentialResponse(jenkinsCredential, dbCredential))
+	}
+	return responseSlice
+}