devops refactor (#1739)

* add devops client interface Signed-off-by: runzexia <runzexia@yunify.com> * direct return jenkins Signed-off-by: runzexia <runzexia@yunify.com> * add some interface Signed-off-by: runzexia <runzexia@yunify.com> * update Signed-off-by: runzexia <runzexia@yunify.com> * update interface Signed-off-by: runzexia <runzexia@yunify.com> * update Signed-off-by: runzexia <runzexia@yunify.com> * credential op structs Signed-off-by: runzexia <runzexia@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * credential handler Signed-off-by: runzexia <runzexia@yunify.com> * update devopsoperator func Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * get build sonar Signed-off-by: runzexia <runzexia@yunify.com> * sonar handler * mv code to cilent Signed-off-by: runzexia <runzexia@yunify.com> * update Signed-off-by: runzexia <runzexia@yunify.com> * project member handler Signed-off-by: runzexia <runzexia@yunify.com> * update pipeline operator interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add tenant devops handler Signed-off-by: runzexia <runzexia@yunify.com> * update merge Signed-off-by: runzexia <runzexia@yunify.com> * clean Signed-off-by: runzexia <runzexia@yunify.com> * fmt Signed-off-by: runzexia <runzexia@yunify.com> * update ListPipelineRuns Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * complate pipelineOperator interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update HttpParameters Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add pipeline steps interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update pipeline GetNodesDetail Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add s2i api Signed-off-by: runzexia <runzexia@yunify.com> * add branch pipeline interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add scan branch interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add common interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add SCM interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add handler Signed-off-by: runzexia <runzexia@yunify.com> * add fake s3 Signed-off-by: runzexia <runzexia@yunify.com> * add webhook&check interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * clean Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * clean Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * format Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add some func Signed-off-by: runzexia <runzexia@yunify.com> * clean code Signed-off-by: runzexia <runzexia@yunify.com> * implement interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * fix interface GetBranchArtifacts Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add s2ibinary upload test Signed-off-by: runzexia <runzexia@yunify.com> * tenant devops Signed-off-by: runzexia <runzexia@yunify.com> * update tenant Signed-off-by: runzexia <runzexia@yunify.com> * fake Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add some unit test Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add devops tenant handler Signed-off-by: runzexia <runzexia@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update fake test Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update unit test and fake data Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update Co-authored-by: Xiaoyang Zhu <sunzhu@yunify.com>
2020-02-04 10:40:36 +08:00
parent 71849f028f
commit c5a340a2b4
101 changed files with 6923 additions and 6972 deletions
--- a/pkg/models/devops/common.go
+++ b/pkg/models/devops/common.go
@@ -14,13 +14,7 @@ limitations under the License.
 package devops

 import (
-	"fmt"
 	"github.com/fatih/structs"
-	"k8s.io/klog"
-	"kubesphere.io/kubesphere/pkg/db"
-	"kubesphere.io/kubesphere/pkg/gojenkins"
-	"kubesphere.io/kubesphere/pkg/simple/client"
-	"kubesphere.io/kubesphere/pkg/utils/reflectutils"
 	"kubesphere.io/kubesphere/pkg/utils/stringutils"
 )

@@ -67,298 +61,3 @@ const (
 const (
 	KS_ADMIN = "admin"
 )
-
-const (
-	ProjectOwner      = "owner"
-	ProjectMaintainer = "maintainer"
-	ProjectDeveloper  = "developer"
-	ProjectReporter   = "reporter"
-)
-
-const (
-	JenkinsAllUserRoleName = "kubesphere-user"
-)
-
-type Role struct {
-	Name        string `json:"name" description:"role's name e.g. owner'"`
-	Description string `json:"description" description:"role 's description'"`
-}
-
-var DefaultRoles = []*Role{
-	{
-		Name:        ProjectOwner,
-		Description: "Owner have access to do all the operations of a DevOps project and own the highest permissions as well.",
-	},
-	{
-		Name:        ProjectMaintainer,
-		Description: "Maintainer have access to manage pipeline and credential configuration in a DevOps project.",
-	},
-	{
-		Name:        ProjectDeveloper,
-		Description: "Developer is able to view and trigger the pipeline.",
-	},
-	{
-		Name:        ProjectReporter,
-		Description: "Reporter is only allowed to view the status of the pipeline.",
-	},
-}
-
-var AllRoleSlice = []string{ProjectDeveloper, ProjectReporter, ProjectMaintainer, ProjectOwner}
-
-var JenkinsOwnerProjectPermissionIds = &gojenkins.ProjectPermissionIds{
-	CredentialCreate:        true,
-	CredentialDelete:        true,
-	CredentialManageDomains: true,
-	CredentialUpdate:        true,
-	CredentialView:          true,
-	ItemBuild:               true,
-	ItemCancel:              true,
-	ItemConfigure:           true,
-	ItemCreate:              true,
-	ItemDelete:              true,
-	ItemDiscover:            true,
-	ItemMove:                true,
-	ItemRead:                true,
-	ItemWorkspace:           true,
-	RunDelete:               true,
-	RunReplay:               true,
-	RunUpdate:               true,
-	SCMTag:                  true,
-}
-
-var JenkinsProjectPermissionMap = map[string]gojenkins.ProjectPermissionIds{
-	ProjectOwner: {
-		CredentialCreate:        true,
-		CredentialDelete:        true,
-		CredentialManageDomains: true,
-		CredentialUpdate:        true,
-		CredentialView:          true,
-		ItemBuild:               true,
-		ItemCancel:              true,
-		ItemConfigure:           true,
-		ItemCreate:              true,
-		ItemDelete:              true,
-		ItemDiscover:            true,
-		ItemMove:                true,
-		ItemRead:                true,
-		ItemWorkspace:           true,
-		RunDelete:               true,
-		RunReplay:               true,
-		RunUpdate:               true,
-		SCMTag:                  true,
-	},
-	ProjectMaintainer: {
-		CredentialCreate:        true,
-		CredentialDelete:        true,
-		CredentialManageDomains: true,
-		CredentialUpdate:        true,
-		CredentialView:          true,
-		ItemBuild:               true,
-		ItemCancel:              true,
-		ItemConfigure:           false,
-		ItemCreate:              true,
-		ItemDelete:              false,
-		ItemDiscover:            true,
-		ItemMove:                false,
-		ItemRead:                true,
-		ItemWorkspace:           true,
-		RunDelete:               true,
-		RunReplay:               true,
-		RunUpdate:               true,
-		SCMTag:                  true,
-	},
-	ProjectDeveloper: {
-		CredentialCreate:        false,
-		CredentialDelete:        false,
-		CredentialManageDomains: false,
-		CredentialUpdate:        false,
-		CredentialView:          false,
-		ItemBuild:               true,
-		ItemCancel:              true,
-		ItemConfigure:           false,
-		ItemCreate:              false,
-		ItemDelete:              false,
-		ItemDiscover:            true,
-		ItemMove:                false,
-		ItemRead:                true,
-		ItemWorkspace:           true,
-		RunDelete:               true,
-		RunReplay:               true,
-		RunUpdate:               true,
-		SCMTag:                  false,
-	},
-	ProjectReporter: {
-		CredentialCreate:        false,
-		CredentialDelete:        false,
-		CredentialManageDomains: false,
-		CredentialUpdate:        false,
-		CredentialView:          false,
-		ItemBuild:               false,
-		ItemCancel:              false,
-		ItemConfigure:           false,
-		ItemCreate:              false,
-		ItemDelete:              false,
-		ItemDiscover:            true,
-		ItemMove:                false,
-		ItemRead:                true,
-		ItemWorkspace:           false,
-		RunDelete:               false,
-		RunReplay:               false,
-		RunUpdate:               false,
-		SCMTag:                  false,
-	},
-}
-
-var JenkinsPipelinePermissionMap = map[string]gojenkins.ProjectPermissionIds{
-	ProjectOwner: {
-		CredentialCreate:        true,
-		CredentialDelete:        true,
-		CredentialManageDomains: true,
-		CredentialUpdate:        true,
-		CredentialView:          true,
-		ItemBuild:               true,
-		ItemCancel:              true,
-		ItemConfigure:           true,
-		ItemCreate:              true,
-		ItemDelete:              true,
-		ItemDiscover:            true,
-		ItemMove:                true,
-		ItemRead:                true,
-		ItemWorkspace:           true,
-		RunDelete:               true,
-		RunReplay:               true,
-		RunUpdate:               true,
-		SCMTag:                  true,
-	},
-	ProjectMaintainer: {
-		CredentialCreate:        true,
-		CredentialDelete:        true,
-		CredentialManageDomains: true,
-		CredentialUpdate:        true,
-		CredentialView:          true,
-		ItemBuild:               true,
-		ItemCancel:              true,
-		ItemConfigure:           true,
-		ItemCreate:              true,
-		ItemDelete:              true,
-		ItemDiscover:            true,
-		ItemMove:                true,
-		ItemRead:                true,
-		ItemWorkspace:           true,
-		RunDelete:               true,
-		RunReplay:               true,
-		RunUpdate:               true,
-		SCMTag:                  true,
-	},
-	ProjectDeveloper: {
-		CredentialCreate:        false,
-		CredentialDelete:        false,
-		CredentialManageDomains: false,
-		CredentialUpdate:        false,
-		CredentialView:          false,
-		ItemBuild:               true,
-		ItemCancel:              true,
-		ItemConfigure:           false,
-		ItemCreate:              false,
-		ItemDelete:              false,
-		ItemDiscover:            true,
-		ItemMove:                false,
-		ItemRead:                true,
-		ItemWorkspace:           true,
-		RunDelete:               true,
-		RunReplay:               true,
-		RunUpdate:               true,
-		SCMTag:                  false,
-	},
-	ProjectReporter: {
-		CredentialCreate:        false,
-		CredentialDelete:        false,
-		CredentialManageDomains: false,
-		CredentialUpdate:        false,
-		CredentialView:          false,
-		ItemBuild:               false,
-		ItemCancel:              false,
-		ItemConfigure:           false,
-		ItemCreate:              false,
-		ItemDelete:              false,
-		ItemDiscover:            true,
-		ItemMove:                false,
-		ItemRead:                true,
-		ItemWorkspace:           false,
-		RunDelete:               false,
-		RunReplay:               false,
-		RunUpdate:               false,
-		SCMTag:                  false,
-	},
-}
-
-func GetProjectRoleName(projectId, role string) string {
-	return fmt.Sprintf("%s-%s-project", projectId, role)
-}
-
-func GetPipelineRoleName(projectId, role string) string {
-	return fmt.Sprintf("%s-%s-pipeline", projectId, role)
-}
-
-func GetProjectRolePattern(projectId string) string {
-	return fmt.Sprintf("^%s$", projectId)
-}
-
-func GetPipelineRolePattern(projectId string) string {
-	return fmt.Sprintf("^%s/.*", projectId)
-}
-
-func CheckProjectUserInRole(username, projectId string, roles []string) error {
-	if username == KS_ADMIN {
-		return nil
-	}
-	dbconn, err := client.ClientSets().MySQL()
-	if err != nil {
-		if _, ok := err.(client.ClientSetNotEnabledError); ok {
-			klog.Error("mysql is not enabled")
-		} else {
-			klog.Error("error creating mysql client", err)
-		}
-		return nil
-	}
-
-	membership := &DevOpsProjectMembership{}
-	err = dbconn.Select(DevOpsProjectMembershipColumns...).
-		From(DevOpsProjectMembershipTableName).
-		Where(db.And(
-			db.Eq(DevOpsProjectMembershipUsernameColumn, username),
-			db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId))).LoadOne(membership)
-	if err != nil {
-		return err
-	}
-	if !reflectutils.In(membership.Role, roles) {
-		return fmt.Errorf("user [%s] in project [%s] role is not in %s", username, projectId, roles)
-	}
-	return nil
-}
-
-func GetProjectUserRole(username, projectId string) (string, error) {
-	if username == KS_ADMIN {
-		return ProjectOwner, nil
-	}
-	dbconn, err := client.ClientSets().MySQL()
-	if err != nil {
-		if _, ok := err.(client.ClientSetNotEnabledError); ok {
-			klog.Error("mysql is not enabled")
-		} else {
-			klog.Error("error creating mysql client", err)
-		}
-		return "", err
-	}
-	membership := &DevOpsProjectMembership{}
-	err = dbconn.Select(DevOpsProjectMembershipColumns...).
-		From(DevOpsProjectMembershipTableName).
-		Where(db.And(
-			db.Eq(DevOpsProjectMembershipUsernameColumn, username),
-			db.Eq(DevOpsProjectMembershipProjectIdColumn, projectId))).LoadOne(membership)
-	if err != nil {
-		return "", err
-	}
-
-	return membership.Role, nil
-}