c5a340a2b4
* add devops client interface Signed-off-by: runzexia <runzexia@yunify.com> * direct return jenkins Signed-off-by: runzexia <runzexia@yunify.com> * add some interface Signed-off-by: runzexia <runzexia@yunify.com> * update Signed-off-by: runzexia <runzexia@yunify.com> * update interface Signed-off-by: runzexia <runzexia@yunify.com> * update Signed-off-by: runzexia <runzexia@yunify.com> * credential op structs Signed-off-by: runzexia <runzexia@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * credential handler Signed-off-by: runzexia <runzexia@yunify.com> * update devopsoperator func Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * get build sonar Signed-off-by: runzexia <runzexia@yunify.com> * sonar handler * mv code to cilent Signed-off-by: runzexia <runzexia@yunify.com> * update Signed-off-by: runzexia <runzexia@yunify.com> * project member handler Signed-off-by: runzexia <runzexia@yunify.com> * update pipeline operator interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add tenant devops handler Signed-off-by: runzexia <runzexia@yunify.com> * update merge Signed-off-by: runzexia <runzexia@yunify.com> * clean Signed-off-by: runzexia <runzexia@yunify.com> * fmt Signed-off-by: runzexia <runzexia@yunify.com> * update ListPipelineRuns Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * complate pipelineOperator interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update HttpParameters Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add pipeline steps interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update pipeline GetNodesDetail Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add s2i api Signed-off-by: runzexia <runzexia@yunify.com> * add branch pipeline interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add scan branch interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add common interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add SCM interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add handler Signed-off-by: runzexia <runzexia@yunify.com> * add fake s3 Signed-off-by: runzexia <runzexia@yunify.com> * add webhook&check interface and update handler Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * clean Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * clean Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * format Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add some func Signed-off-by: runzexia <runzexia@yunify.com> * clean code Signed-off-by: runzexia <runzexia@yunify.com> * implement interface Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * fix interface GetBranchArtifacts Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add s2ibinary upload test Signed-off-by: runzexia <runzexia@yunify.com> * tenant devops Signed-off-by: runzexia <runzexia@yunify.com> * update tenant Signed-off-by: runzexia <runzexia@yunify.com> * fake Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add some unit test Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * add devops tenant handler Signed-off-by: runzexia <runzexia@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * status Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update fake test Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update unit test and fake data Signed-off-by: zhuxiaoyang <sunzhu@yunify.com> * update Co-authored-by: Xiaoyang Zhu <sunzhu@yunify.com>
323 lines
10 KiB
Go
323 lines
10 KiB
Go
package jenkins
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/emicklei/go-restful"
|
|
"k8s.io/klog"
|
|
"kubesphere.io/kubesphere/pkg/simple/client/devops"
|
|
)
|
|
|
|
const (
|
|
JenkinsAllUserRoleName = "kubesphere-user"
|
|
)
|
|
|
|
func GetProjectRoleName(projectId, role string) string {
|
|
return fmt.Sprintf("%s-%s-project", projectId, role)
|
|
}
|
|
|
|
func GetPipelineRoleName(projectId, role string) string {
|
|
return fmt.Sprintf("%s-%s-pipeline", projectId, role)
|
|
}
|
|
|
|
func GetProjectRolePattern(projectId string) string {
|
|
return fmt.Sprintf("^%s$", projectId)
|
|
}
|
|
|
|
func GetPipelineRolePattern(projectId string) string {
|
|
return fmt.Sprintf("^%s/.*", projectId)
|
|
}
|
|
|
|
var JenkinsOwnerProjectPermissionIds = &ProjectPermissionIds{
|
|
CredentialCreate: true,
|
|
CredentialDelete: true,
|
|
CredentialManageDomains: true,
|
|
CredentialUpdate: true,
|
|
CredentialView: true,
|
|
ItemBuild: true,
|
|
ItemCancel: true,
|
|
ItemConfigure: true,
|
|
ItemCreate: true,
|
|
ItemDelete: true,
|
|
ItemDiscover: true,
|
|
ItemMove: true,
|
|
ItemRead: true,
|
|
ItemWorkspace: true,
|
|
RunDelete: true,
|
|
RunReplay: true,
|
|
RunUpdate: true,
|
|
SCMTag: true,
|
|
}
|
|
|
|
var JenkinsProjectPermissionMap = map[string]ProjectPermissionIds{
|
|
devops.ProjectOwner: {
|
|
CredentialCreate: true,
|
|
CredentialDelete: true,
|
|
CredentialManageDomains: true,
|
|
CredentialUpdate: true,
|
|
CredentialView: true,
|
|
ItemBuild: true,
|
|
ItemCancel: true,
|
|
ItemConfigure: true,
|
|
ItemCreate: true,
|
|
ItemDelete: true,
|
|
ItemDiscover: true,
|
|
ItemMove: true,
|
|
ItemRead: true,
|
|
ItemWorkspace: true,
|
|
RunDelete: true,
|
|
RunReplay: true,
|
|
RunUpdate: true,
|
|
SCMTag: true,
|
|
},
|
|
devops.ProjectMaintainer: {
|
|
CredentialCreate: true,
|
|
CredentialDelete: true,
|
|
CredentialManageDomains: true,
|
|
CredentialUpdate: true,
|
|
CredentialView: true,
|
|
ItemBuild: true,
|
|
ItemCancel: true,
|
|
ItemConfigure: false,
|
|
ItemCreate: true,
|
|
ItemDelete: false,
|
|
ItemDiscover: true,
|
|
ItemMove: false,
|
|
ItemRead: true,
|
|
ItemWorkspace: true,
|
|
RunDelete: true,
|
|
RunReplay: true,
|
|
RunUpdate: true,
|
|
SCMTag: true,
|
|
},
|
|
devops.ProjectDeveloper: {
|
|
CredentialCreate: false,
|
|
CredentialDelete: false,
|
|
CredentialManageDomains: false,
|
|
CredentialUpdate: false,
|
|
CredentialView: false,
|
|
ItemBuild: true,
|
|
ItemCancel: true,
|
|
ItemConfigure: false,
|
|
ItemCreate: false,
|
|
ItemDelete: false,
|
|
ItemDiscover: true,
|
|
ItemMove: false,
|
|
ItemRead: true,
|
|
ItemWorkspace: true,
|
|
RunDelete: true,
|
|
RunReplay: true,
|
|
RunUpdate: true,
|
|
SCMTag: false,
|
|
},
|
|
devops.ProjectReporter: {
|
|
CredentialCreate: false,
|
|
CredentialDelete: false,
|
|
CredentialManageDomains: false,
|
|
CredentialUpdate: false,
|
|
CredentialView: false,
|
|
ItemBuild: false,
|
|
ItemCancel: false,
|
|
ItemConfigure: false,
|
|
ItemCreate: false,
|
|
ItemDelete: false,
|
|
ItemDiscover: true,
|
|
ItemMove: false,
|
|
ItemRead: true,
|
|
ItemWorkspace: false,
|
|
RunDelete: false,
|
|
RunReplay: false,
|
|
RunUpdate: false,
|
|
SCMTag: false,
|
|
},
|
|
}
|
|
|
|
var JenkinsPipelinePermissionMap = map[string]ProjectPermissionIds{
|
|
devops.ProjectOwner: {
|
|
CredentialCreate: true,
|
|
CredentialDelete: true,
|
|
CredentialManageDomains: true,
|
|
CredentialUpdate: true,
|
|
CredentialView: true,
|
|
ItemBuild: true,
|
|
ItemCancel: true,
|
|
ItemConfigure: true,
|
|
ItemCreate: true,
|
|
ItemDelete: true,
|
|
ItemDiscover: true,
|
|
ItemMove: true,
|
|
ItemRead: true,
|
|
ItemWorkspace: true,
|
|
RunDelete: true,
|
|
RunReplay: true,
|
|
RunUpdate: true,
|
|
SCMTag: true,
|
|
},
|
|
devops.ProjectMaintainer: {
|
|
CredentialCreate: true,
|
|
CredentialDelete: true,
|
|
CredentialManageDomains: true,
|
|
CredentialUpdate: true,
|
|
CredentialView: true,
|
|
ItemBuild: true,
|
|
ItemCancel: true,
|
|
ItemConfigure: true,
|
|
ItemCreate: true,
|
|
ItemDelete: true,
|
|
ItemDiscover: true,
|
|
ItemMove: true,
|
|
ItemRead: true,
|
|
ItemWorkspace: true,
|
|
RunDelete: true,
|
|
RunReplay: true,
|
|
RunUpdate: true,
|
|
SCMTag: true,
|
|
},
|
|
devops.ProjectDeveloper: {
|
|
CredentialCreate: false,
|
|
CredentialDelete: false,
|
|
CredentialManageDomains: false,
|
|
CredentialUpdate: false,
|
|
CredentialView: false,
|
|
ItemBuild: true,
|
|
ItemCancel: true,
|
|
ItemConfigure: false,
|
|
ItemCreate: false,
|
|
ItemDelete: false,
|
|
ItemDiscover: true,
|
|
ItemMove: false,
|
|
ItemRead: true,
|
|
ItemWorkspace: true,
|
|
RunDelete: true,
|
|
RunReplay: true,
|
|
RunUpdate: true,
|
|
SCMTag: false,
|
|
},
|
|
devops.ProjectReporter: {
|
|
CredentialCreate: false,
|
|
CredentialDelete: false,
|
|
CredentialManageDomains: false,
|
|
CredentialUpdate: false,
|
|
CredentialView: false,
|
|
ItemBuild: false,
|
|
ItemCancel: false,
|
|
ItemConfigure: false,
|
|
ItemCreate: false,
|
|
ItemDelete: false,
|
|
ItemDiscover: true,
|
|
ItemMove: false,
|
|
ItemRead: true,
|
|
ItemWorkspace: false,
|
|
RunDelete: false,
|
|
RunReplay: false,
|
|
RunUpdate: false,
|
|
SCMTag: false,
|
|
},
|
|
}
|
|
|
|
func (j *Jenkins) AddProjectMember(membership *devops.ProjectMembership) (*devops.ProjectMembership, error) {
|
|
globalRole, err := j.GetGlobalRole(JenkinsAllUserRoleName)
|
|
if err != nil {
|
|
klog.Errorf("%+v", err)
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
if globalRole == nil {
|
|
_, err := j.AddGlobalRole(JenkinsAllUserRoleName, GlobalPermissionIds{
|
|
GlobalRead: true,
|
|
}, true)
|
|
if err != nil {
|
|
klog.Errorf("failed to create jenkins global role %+v", err)
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
}
|
|
err = globalRole.AssignRole(membership.Username)
|
|
if err != nil {
|
|
klog.Errorf("%+v", err)
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
projectRole, err := j.GetProjectRole(GetProjectRoleName(membership.ProjectId, membership.Role))
|
|
if err != nil {
|
|
klog.Errorf("%+v", err)
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
err = projectRole.AssignRole(membership.Username)
|
|
if err != nil {
|
|
klog.Errorf("%+v", err)
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
pipelineRole, err := j.GetProjectRole(GetPipelineRoleName(membership.ProjectId, membership.Role))
|
|
if err != nil {
|
|
klog.Errorf("%+v", err)
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
err = pipelineRole.AssignRole(membership.Username)
|
|
if err != nil {
|
|
klog.Errorf("%+v", err)
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
return membership, nil
|
|
}
|
|
|
|
func (j *Jenkins) UpdateProjectMember(oldMembership, newMembership *devops.ProjectMembership) (*devops.ProjectMembership, error) {
|
|
oldProjectRole, err := j.GetProjectRole(GetProjectRoleName(oldMembership.ProjectId, oldMembership.Role))
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
err = oldProjectRole.UnAssignRole(newMembership.Username)
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
oldPipelineRole, err := j.GetProjectRole(GetPipelineRoleName(oldMembership.ProjectId, oldMembership.Role))
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
err = oldPipelineRole.UnAssignRole(newMembership.Username)
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
projectRole, err := j.GetProjectRole(GetProjectRoleName(oldMembership.ProjectId, newMembership.Role))
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
err = projectRole.AssignRole(newMembership.Username)
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
pipelineRole, err := j.GetProjectRole(GetPipelineRoleName(oldMembership.ProjectId, newMembership.Role))
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
err = pipelineRole.AssignRole(newMembership.Username)
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
return newMembership, nil
|
|
}
|
|
|
|
func (j *Jenkins) DeleteProjectMember(membership *devops.ProjectMembership) (*devops.ProjectMembership, error) {
|
|
oldProjectRole, err := j.GetProjectRole(GetProjectRoleName(membership.ProjectId, membership.Role))
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
err = oldProjectRole.UnAssignRole(membership.Username)
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
|
|
oldPipelineRole, err := j.GetProjectRole(GetPipelineRoleName(membership.ProjectId, membership.Role))
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
err = oldPipelineRole.UnAssignRole(membership.Username)
|
|
if err != nil {
|
|
return nil, restful.NewError(GetJenkinsStatusCode(err), err.Error())
|
|
}
|
|
return membership, nil
|
|
}
|