diff --git a/console/exception/main.py b/console/exception/main.py index 4b390bf108..1eabd2d577 100644 --- a/console/exception/main.py +++ b/console/exception/main.py @@ -180,3 +180,59 @@ def __init__(self): self.msg_show = "团队使用内存已超过限额,请联系企业管理员增加限额" self.status_code = 412 self.error_code = 10413 + + +class ErrClusterAuthLackOfMemory(ErrInsufficientResource): + def __init__(self): + super(ErrClusterAuthLackOfMemory, self).__init__("cluster lack of memory") + self.msg_show = "集群授权内存不足,请联系集群管理员" + self.status_code = 412 + self.error_code = 10414 + + +class ErrClusterAuthLackOfNode(ErrInsufficientResource): + def __init__(self): + super(ErrClusterAuthLackOfNode, self).__init__("cluster lack of node") + self.msg_show = "集群授权节点不足,请联系集群管理员" + self.status_code = 412 + self.error_code = 10415 + + +class ErrClusterAuthLackOfLicense(ErrInsufficientResource): + def __init__(self): + super(ErrClusterAuthLackOfLicense, self).__init__("cluster lack of license") + self.msg_show = "集群暂未授权,请联系集群管理员" + self.status_code = 412 + self.error_code = 10416 + + +class ErrClusterAuthLackOfLicenseExpire(ErrInsufficientResource): + def __init__(self): + super(ErrClusterAuthLackOfLicenseExpire, self).__init__("cluster lack of license") + self.msg_show = "集群授权已过期,请联系集群管理员" + self.status_code = 412 + self.error_code = 10417 + + +class ErrTenantLackOfCPU(ErrInsufficientResource): + def __init__(self): + super(ErrTenantLackOfCPU, self).__init__("tenant lack of cpu") + self.msg_show = "团队使用CPU已超过限额,请联系企业管理员增加限额" + self.status_code = 412 + self.error_code = 10418 + + +class ErrTenantQuotaCPULack(ErrInsufficientResource): + def __init__(self): + super(ErrTenantQuotaCPULack, self).__init__("tenant quota lack of cpu") + self.msg_show = "组件启动所需的cpu已经超过团队配额,请联系团队管理员增加限额" + self.status_code = 412 + self.error_code = 10419 + + +class ErrTenantQuotaMemoryLack(ErrInsufficientResource): + def __init__(self): + super(ErrTenantQuotaMemoryLack, self).__init__("tenant quota lack of memory") + self.msg_show = "组件启动所需的内存已经超过团队配额,请联系团队管理员增加限额" + self.status_code = 412 + self.error_code = 10420 diff --git a/console/models/main.py b/console/models/main.py index c326abd018..5d85e2a863 100644 --- a/console/models/main.py +++ b/console/models/main.py @@ -55,7 +55,6 @@ def parse_default(self, a): return "" def parse_kind(self, a): - # print(a.name, type(a)) if type(a) == CharField: return "string" if type(a) == AutoField: @@ -75,7 +74,7 @@ class ConsoleSysConfig(BaseModel): class Meta: db_table = 'console_sys_config' - key = models.CharField(max_length=32, help_text="key") + key = models.CharField(max_length=32, help_text="key", unique=True) type = models.CharField(max_length=32, help_text="类型") value = models.CharField(max_length=4096, null=True, blank=True, help_text="value") desc = models.CharField(max_length=100, null=True, blank=True, default="", help_text="描述") @@ -573,6 +572,7 @@ class Meta: role_id = models.IntegerField(help_text="角色id") perm_code = models.IntegerField(help_text='权限编码') + app_id = models.IntegerField(help_text="application ID", default=-1) class RoleInfo(BaseModel): diff --git a/console/repositories/group.py b/console/repositories/group.py index 0e6aa9e2a8..316337174e 100644 --- a/console/repositories/group.py +++ b/console/repositories/group.py @@ -5,11 +5,11 @@ import logging from datetime import datetime -from django.db.models import Q from console.exception.bcode import ErrComponentGroupNotFound from console.repositories.region_app import region_app_repo from www.apiclient.regionapi import RegionInvokeApi +from django.db.models import Q from www.models.main import (ServiceGroup, ServiceGroupRelation, TenantServiceGroup) logger = logging.getLogger("default") @@ -81,10 +81,12 @@ def get_group_count_by_team_id_and_group_id(self, team_id, group_id): group_count = ServiceGroup.objects.filter(tenant_id=team_id, ID=group_id).count() return group_count - def get_tenant_region_groups(self, team_id, region, query="", app_type=""): + def get_tenant_region_groups(self, team_id, region, query="", app_type="", app_ids=[]): q = Q(tenant_id=team_id, region_name=region, group_name__icontains=query) if app_type: q &= Q(app_type=app_type) + if app_ids and app_ids[0] != -1: + q &= Q(ID__in=app_ids) return ServiceGroup.objects.filter(q).order_by("-update_time", "-order_index") def get_tenant_region_groups_count(self, team_id, region): diff --git a/console/repositories/k8s_resources.py b/console/repositories/k8s_resources.py index ee539bb5d3..af7ce7e0db 100644 --- a/console/repositories/k8s_resources.py +++ b/console/repositories/k8s_resources.py @@ -16,6 +16,15 @@ def update(self, app_id, name, kind, **data): def delete_by_name(self, app_id, kind, name): return K8sResource.objects.filter(app_id=app_id, kind=kind, name=name).delete() + def delete_route_by_name(self, name): + return K8sResource.objects.filter(name=name).delete() + + def get_route_by_name(self, app_id, name): + return K8sResource.objects.filter(app_id=app_id, name=name) + + def delete_by_kind(self, app_id, kind): + return K8sResource.objects.filter(app_id=app_id, kind=kind).delete() + def delete_by_id(self, id): return K8sResource.objects.filter(ID=id).delete() diff --git a/console/repositories/service_group_relation_repo.py b/console/repositories/service_group_relation_repo.py index a459c04e40..2548a64cbf 100644 --- a/console/repositories/service_group_relation_repo.py +++ b/console/repositories/service_group_relation_repo.py @@ -11,6 +11,12 @@ def get_group_id_by_service(self, svc): return group[0].group_id return None + def get_group_id_by_service_tenant(self, svc): + group = ServiceGroupRelation.objects.filter(service_id=svc.service_id, tenant_id=svc.tenant_id) + if group: + return group[0].group_id + return None + @staticmethod def bulk_create(service_group_rels): ServiceGroupRelation.objects.bulk_create(service_group_rels) diff --git a/console/services/app_actions/app_manage.py b/console/services/app_actions/app_manage.py index 67726b8119..01a8eeec67 100644 --- a/console/services/app_actions/app_manage.py +++ b/console/services/app_actions/app_manage.py @@ -16,6 +16,7 @@ from console.repositories.app_config import (auth_repo, create_step_repo, dep_relation_repo, domain_repo, env_var_repo, extend_repo, mnt_repo, port_repo, service_attach_repo, service_payment_repo, tcp_domain, volume_repo) + from console.repositories.app_config_group import app_config_group_service_repo from console.repositories.compose_repo import compose_relation_repo from console.repositories.event_repo import event_repo @@ -327,6 +328,7 @@ def deploy(self, tenant, service, user, oauth_instance=None, service_copy_path=N else: logger.warning("service_source is not exist for service {0}".format(service.service_id)) try: + body['operator'] = user.nick_name re = region_api.build_service(service.service_region, tenant.tenant_name, service.service_alias, body) if re and re.get("bean") and re.get("bean").get("status") != "success": logger.error("deploy component failure {}".format(re)) @@ -548,10 +550,9 @@ def batch_action(self, region_name, tenant, user, action, service_ids, move_grou fail_service_name = [] for service in services: try: - # 第三方组件不具备启动,停止,重启操作 - if action == "start" and service.service_source != "third_party": + if action == "start": self.start(tenant, service, user, oauth_instance=oauth_instance) - elif action == "stop" and service.service_source != "third_party": + elif action == "stop": self.stop(tenant, service, user) elif action == "restart" and service.service_source != "third_party": self.restart(tenant, service, user, oauth_instance=oauth_instance) @@ -600,6 +601,7 @@ def batch_operations(self, tenant, region_name, user, action, service_ids, oauth if code != 200: raise AbortRequest(415, "failed to get component", "组件信息获取失败") # 获取数据中心信息 + data['operator'] = user.nick_name try: _, body = region_api.batch_operation_service(region_name, tenant.tenant_name, data) events = body["bean"]["batch_result"] diff --git a/console/services/app_config/domain_service.py b/console/services/app_config/domain_service.py index 031f266e74..ef6b26db76 100644 --- a/console/services/app_config/domain_service.py +++ b/console/services/app_config/domain_service.py @@ -224,7 +224,6 @@ def bind_domain(self, tenant, user, service, domain_name, container_port, protoc data["private_key"] = certificate_info.private_key data["certificate_name"] = certificate_info.alias data["certificate_id"] = certificate_info.certificate_id - region_api.bind_http_domain(service.service_region, tenant.tenant_name, data) domain_info = dict() domain_info["service_id"] = service.service_id domain_info["service_name"] = service.service_alias @@ -246,7 +245,7 @@ def bind_domain(self, tenant, user, service, domain_name, container_port, protoc domain_info["region_id"] = region.region_id return domain_repo.add_service_domain(**domain_info) - def unbind_domain(self, tenant, service, container_port, domain_name, is_tcp=False): + def unbind_domain(self, tenant, service, container_port, domain_name, is_tcp=False, app_id=None): if not is_tcp: service_domains = domain_repo.get_domain_by_name_and_port(service.service_id, container_port, domain_name) if not service_domains: @@ -258,7 +257,12 @@ def unbind_domain(self, tenant, service, container_port, domain_name, is_tcp=Fal data["container_port"] = int(container_port) data["http_rule_id"] = servicer_domain.http_rule_id try: - region_api.delete_http_domain(service.service_region, tenant.tenant_name, data) + # k8s 资源名 不能以 / * 特殊字符命名,故做替换 + # p-p 对应 / + # s-s 对应 * + path_app_id = "/api-gateway/v1/" + tenant.tenant_name + "/routes/http/" + str( + app_id) + servicer_domain.domain_name + "p-ps-s" + region_api.api_gateway_delete_proxy(service.service_region, tenant.tenant_name, path_app_id) servicer_domain.delete() except region_api.CallApiError as e: if e.status != 404: @@ -900,7 +904,7 @@ def create_default_gateway_rule(self, tenant, region_info, service, port): service_id = service.service_id service_name = service.service_alias container_port = port.container_port - domain_name = str(container_port) + "." + str(service_name) + "." + str(tenant.tenant_name) + "." + str( + domain_name = str(service_name) + "-" + str(container_port) + "-" + str(tenant.tenant_name) + "-" + str( region_info.httpdomain) create_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') protocol = "http" @@ -913,11 +917,14 @@ def create_default_gateway_rule(self, tenant, region_info, service, port): logger.debug("create default gateway http rule for component {0} port {1}".format( service.service_alias, port.container_port)) else: - res, data = region_api.get_port(region_info.region_name, tenant.tenant_name, True) - if int(res.status) != 200: - logger.warning("can not get stream port from region, ignore {0} port {1}".format( - service.service_alias, port.container_port)) - return + svc = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, port.container_port) + # 默认创建成功一条tcp记录,端口随机 + data = region_api.api_gateway_bind_tcp_domain( + region=service.service_region, + tenant_name=tenant.tenant_name, + k8s_service_name=svc.k8s_service_name, + container_port=svc.container_port, + app_id=None) end_point = "0.0.0.0:{0}".format(data["bean"]) service_id = service.service_id service_name = service.service_alias diff --git a/console/services/app_config/port_service.py b/console/services/app_config/port_service.py index 5579fac82d..5f49da5d69 100644 --- a/console/services/app_config/port_service.py +++ b/console/services/app_config/port_service.py @@ -423,28 +423,33 @@ def manage_port(self, protocol, port_alias, k8s_service_name="", - user_name=''): + user_name='', + app=None): if port_alias: port_alias = str(port_alias).strip() + region = region_repo.get_region_by_region_name(region_name) code, msg = self.__check_params(action, container_port, protocol, port_alias, service.service_id) if code != 200: return code, msg, None - - # Compatible with methods that do not return code, such as __change_port_alias + # Compatible with methods thpat do not return code, such as __change_port_alias code = 200 deal_port = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, container_port) if not deal_port: raise ServiceHandleException(msg="component port does not exist", msg_show="组件端口不存在", status_code=404) if action == "open_outer": - code, msg = self.__open_outer(tenant, service, region, deal_port, user_name) + if not deal_port.is_inner_service: + raise ServiceHandleException(msg="inner port is not open", msg_show="对内服务未开启,需先开启对内服务", status_code=404) + code, msg = self.__open_outer(tenant, service, region, deal_port, user_name, app) elif action == "only_open_outer": code, msg = self.__only_open_outer(tenant, service, region, deal_port, user_name) elif action == "close_outer": - code, msg = self.__close_outer(tenant, service, deal_port, user_name) + code, msg = self.__close_outer(tenant, service, region, deal_port, user_name) elif action == "open_inner": code, msg = self.__open_inner(tenant, service, deal_port, user_name) elif action == "close_inner": + if deal_port.is_outer_service: + raise ServiceHandleException(msg="inner port is not open", msg_show="对外服务开启中,需先关闭对外服务", status_code=404) code, msg = self.__close_inner(tenant, service, deal_port, user_name) elif action == "change_protocol": code, msg = self.__change_protocol(tenant, service, deal_port, protocol, user_name) @@ -456,46 +461,56 @@ def manage_port(self, return code, msg, None return 200, "操作成功", new_port - def __open_outer(self, tenant, service, region, deal_port, user_name=''): + def __open_outer(self, tenant, service, region, deal_port, user_name='', app=None): if deal_port.protocol == "http": + service_name = service.service_alias + container_port = deal_port.container_port + domain_name = str(service_name) + "-" + str(container_port) + "-" + str(tenant.tenant_name) + "-" + str( + region.httpdomain) + protocol = "http" + service_id = service.service_id + http_rule_id = make_uuid(domain_name) + tenant_id = tenant.tenant_id + create_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') + service_alias = service.service_cname + region_id = region.region_id service_domains = domain_repo.get_service_domain_by_container_port(service.service_id, deal_port.container_port) - # 在domain表中保存数据 + if service_domains: + svc = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, container_port) for service_domain in service_domains: service_domain.is_outer_service = True service_domain.save() + region_api.api_gateway_bind_http_domain(service_name, region.region_name, tenant.tenant_name, + [service_domain.domain_name], svc, app.app_id) + else: # 在service_domain表中保存数据 service_id = service.service_id service_name = service.service_alias container_port = deal_port.container_port - domain_name = str(container_port) + "." + str(service_name) + "." + str(tenant.tenant_name) + "." + str( + domain_name = str(service_name) + "-" + str(container_port) + "-" + str(tenant.tenant_name) + "-" + str( region.httpdomain) - create_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') - protocol = "http" - http_rule_id = make_uuid(domain_name) - tenant_id = tenant.tenant_id - service_alias = service.service_cname - region_id = region.region_id domain_repo.create_service_domains(service_id, service_name, domain_name, create_time, container_port, protocol, http_rule_id, tenant_id, service_alias, region_id) + if service.create_status == "complete": # 给数据中心发请求添加默认域名 - data = dict() - data["domain"] = domain_name - data["service_id"] = service.service_id - data["tenant_id"] = tenant.tenant_id - data["tenant_name"] = tenant.tenant_name - data["protocol"] = protocol - data["container_port"] = int(container_port) - data["http_rule_id"] = http_rule_id try: - region_api.bind_http_domain(service.service_region, tenant.tenant_name, data) + svc = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, container_port) + region_api.api_gateway_bind_http_domain(service_name, region.region_name, tenant.tenant_name, + [domain_name], svc, app.app_id) except Exception as e: logger.exception(e) domain_repo.delete_http_domains(http_rule_id) return 412, "数据中心添加策略失败" + + path = "/api-gateway/v1/" + tenant.tenant_name + "/routes/http/port?act=opeo&service_alias=" + service.service_alias + + region_api.api_gateway_get_proxy(region.region_name, tenant.tenant_name, path, None) + else: + svc = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, deal_port.container_port) service_tcp_domains = tcp_domain.get_service_tcp_domains_by_service_id_and_port( service.service_id, deal_port.container_port) if service_tcp_domains: @@ -503,11 +518,26 @@ def __open_outer(self, tenant, service, region, deal_port, user_name=''): # 改变tcpdomain表中状态 service_tcp_domain.is_outer_service = True service_tcp_domain.save() + region_api.api_gateway_bind_tcp_domain( + region=service.service_region, + tenant_name=tenant.tenant_name, + k8s_service_name=svc.k8s_service_name, + container_port=svc.container_port, + app_id=app.app_id, + ingressPort=int(service_tcp_domain.end_point.split(':')[1]), + service_id=service.service_id, + service_type=service.namespace) else: - # 在service_tcp_domain表中保存数据 - res, data = region_api.get_port(region.region_name, tenant.tenant_name, True) - if int(res.status) != 200: - return 400, "请求数据中心异常" + data = region_api.api_gateway_bind_tcp_domain( + region=service.service_region, + tenant_name=tenant.tenant_name, + k8s_service_name=svc.k8s_service_name, + container_port=svc.container_port, + app_id=app.app_id, + ingressPort=None, + service_id=service.service_id, + service_type=service.namespace) + end_point = "0.0.0.0:{0}".format(data["bean"]) service_id = service.service_id service_name = service.service_alias @@ -520,34 +550,8 @@ def __open_outer(self, tenant, service, region, deal_port, user_name=''): region_id = region.region_id tcp_domain.create_service_tcp_domains(service_id, service_name, end_point, create_time, container_port, protocol, service_alias, tcp_rule_id, tenant_id, region_id) - if service.create_status == "complete": - port = end_point.split(":")[1] - data = dict() - data["service_id"] = service.service_id - data["container_port"] = int(container_port) - data["ip"] = "0.0.0.0" - data["port"] = int(port) - data["tcp_rule_id"] = tcp_rule_id - try: - # 给数据中心传送数据添加策略 - region_api.bindTcpDomain(service.service_region, tenant.tenant_name, data) - except Exception as e: - logger.exception(e) - tcp_domain.delete_tcp_domain(tcp_rule_id) - return 412, "数据中心添加策略失败" deal_port.is_outer_service = True - if service.create_status == "complete": - body = region_api.manage_outer_port(service.service_region, tenant.tenant_name, service.service_alias, - deal_port.container_port, { - "operation": "open", - "enterprise_id": tenant.enterprise_id, - "operator": user_name - }) - logger.debug("open outer port body {}".format(body)) - lb_mapping_port = body["bean"]["port"] - - deal_port.lb_mapping_port = lb_mapping_port deal_port.save() # component port change, will change entrance network governance plugin configuration if service.create_status == "complete": @@ -587,23 +591,16 @@ def __only_open_outer(self, tenant, service, region, deal_port, user_name=''): return 200, "success" - def close_thirdpart_outer(self, tenant, service, deal_port): + def close_thirdpart_outer(self, tenant, service, region, deal_port): try: - self.__close_outer(tenant, service, deal_port) + self.__close_outer(tenant, service, region, deal_port) except region_api.CallApiError as e: logger.exception(e) raise ServiceHandleException(msg="close outer port failed", msg_show="关闭对外服务失败") - def __close_outer(self, tenant, service, deal_port, user_name=''): + def __close_outer(self, tenant, service, region, deal_port, user_name=''): deal_port.is_outer_service = False - if service.create_status == "complete": - region_api.manage_outer_port(service.service_region, tenant.tenant_name, service.service_alias, - deal_port.container_port, { - "operation": "close", - "enterprise_id": tenant.enterprise_id, - "operator": user_name - }) - + app = group_repo.get_by_service_id(tenant.tenant_id, service.service_id) deal_port.save() # 改变httpdomain表中端口状态 if deal_port.protocol == "http": @@ -612,6 +609,10 @@ def __close_outer(self, tenant, service, deal_port, user_name=''): for service_domain in service_domains: service_domain.is_outer_service = False service_domain.save() + path = ("/api-gateway/v1/" + tenant.tenant_name + "/routes/http/port?act=close&service_alias=" + + service_domain.service_name) + region_api.api_gateway_get_proxy(region.region_name, tenant.tenant_name, path, app.app_id) + else: service_tcp_domains = tcp_domain.get_service_tcp_domains_by_service_id_and_port( service.service_id, deal_port.container_port) @@ -620,7 +621,9 @@ def __close_outer(self, tenant, service, deal_port, user_name=''): for service_tcp_domain in service_tcp_domains: service_tcp_domain.is_outer_service = False service_tcp_domain.save() - # component port change, will change entrance network governance plugin configuration + svc = port_repo.get_service_port_by_port(tenant.tenant_id, service.service_id, deal_port.container_port) + path = "/v2/proxy-pass/gateway/" + tenant.tenant_name + "/routes/tcp/" + svc.k8s_service_name + region_api.delete_proxy(region.region_name, path) if service.create_status == "complete": from console.services.plugin import app_plugin_service app_plugin_service.update_config_if_have_entrance_plugin(tenant, service) @@ -1043,7 +1046,7 @@ def add_endpoint(self, tenant, service, address): ports = port_service.get_service_ports(service) if ports: logger.debug("close third part port: {0}".format(ports[0].container_port)) - port_service.close_thirdpart_outer(tenant, service, ports[0]) + port_service.close_thirdpart_outer(tenant, service, service.service_region, ports[0]) data = {"address": address} diff --git a/console/services/app_config/volume_service.py b/console/services/app_config/volume_service.py index 815efb7fc6..7cab6b921e 100644 --- a/console/services/app_config/volume_service.py +++ b/console/services/app_config/volume_service.py @@ -401,7 +401,7 @@ def delete_service_volume_by_id(self, tenant, service, volume_id, user_name='', volume_repo.delete_volume_by_id(volume_id) volume_repo.delete_file_by_volume(volume) - return 200, "success", volume + return 200, "success", volume.to_dict() def delete_service_volumes(self, service): volume_repo.delete_service_volumes(service.service_id) diff --git a/console/services/config_service.py b/console/services/config_service.py index 5c6f5e881d..8b8ed38f72 100644 --- a/console/services/config_service.py +++ b/console/services/config_service.py @@ -107,7 +107,7 @@ def add_config(self, key, default_value, type, enable=True, desc=""): def get_config_by_key(self, key): try: - return ConsoleSysConfig.objects.get(key=key, enterprise_id=self.enterprise_id) + return ConsoleSysConfig.objects.get(key=key) except ConsoleSysConfig.DoesNotExist: return None diff --git a/console/services/file_upload_service.py b/console/services/file_upload_service.py index dd7861d065..65d97d16c3 100644 --- a/console/services/file_upload_service.py +++ b/console/services/file_upload_service.py @@ -2,12 +2,14 @@ """ Created on 18/3/13. """ +import json import logging import os import oss2 from django.conf import settings +from console.models.main import ConsoleSysConfig from goodrain_web.custom_config import custom_config as custom_settings from www.utils.crypt import make_uuid @@ -53,7 +55,12 @@ def get_bucket(self): return bucket def is_upload_to_oss(self): - return settings.MODULES.get('SSO_LOGIN') + oss_config = ConsoleSysConfig.objects.filter(key='OSS_CONFIG').first() + if oss_config: + data = json.loads(oss_config.value) + enable = data.get('enable', False) + return enable + return False def upload_file_to_local(self, upload_file, suffix): try: diff --git a/console/services/group_service.py b/console/services/group_service.py index c296e205ab..9b5f99ddb0 100644 --- a/console/services/group_service.py +++ b/console/services/group_service.py @@ -2,6 +2,7 @@ """ Created by leon on 18/1/5. """ +import json import logging import re from datetime import datetime @@ -116,6 +117,14 @@ def create_app(self, res['k8s_app'] = app.k8s_app return res + def json_app(self, app_name, k8s_app, logo, note): + return json.dumps({"应用名称": app_name, "应用英文名称": k8s_app, "Logo": logo, "应用备注": note}, ensure_ascii=False) + + def create_default_app(self, tenant, region_name): + app = group_repo.get_or_create_default_group(tenant.tenant_id, region_name) + self.create_region_app(tenant, region_name, app) + return app.to_dict() + def create_region_app(self, tenant, region_name, app, eid=""): region_app = region_api.create_application( region_name, tenant.tenant_name, { @@ -406,7 +415,7 @@ def batch_delete_app_services(self, user, tenant_id, region_name, app_id): if service.create_status == "complete": service_dict["service_id"] = service.service_id stop_infos_list.append(service_dict) - body = {"operation": "stop", "stop_infos": stop_infos_list} + body = {"operation": "stop", "stop_infos": stop_infos_list, "operator": user.nick_name} try: region_api.batch_operation_service(region_name, tenant.tenant_name, body) except region_api.CallApiError as e: diff --git a/console/services/groupapp_recovery/groupapps_migrate.py b/console/services/groupapp_recovery/groupapps_migrate.py index b563b81212..71572934cd 100644 --- a/console/services/groupapp_recovery/groupapps_migrate.py +++ b/console/services/groupapp_recovery/groupapps_migrate.py @@ -482,8 +482,8 @@ def __save_port(self, service_id = service.service_id service_name = service.service_alias container_port = port.container_port - domain_name = str(container_port) + "." + str(service_name) + "." + str( - tenant.tenant_name) + "." + str(region.httpdomain) + domain_name = str(service_name) + "-" + str(container_port) + "-" + str( + tenant.tenant_name) + "-" + str(region.httpdomain) create_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') protocol = "http" http_rule_id = make_uuid(domain_name) diff --git a/console/services/k8s_attribute.py b/console/services/k8s_attribute.py index 58ce42d2b9..4f4518086c 100644 --- a/console/services/k8s_attribute.py +++ b/console/services/k8s_attribute.py @@ -29,12 +29,13 @@ def list_by_component_ids(self, component_ids): return result @transaction.atomic - def create_k8s_attribute(self, tenant, component, region_name, attribute): + def create_k8s_attribute(self, tenant, component, region_name, attribute, nick_name): if attribute["save_type"] == "json": attribute_value = attribute.get("attribute_value", []) attribute_value_json = json.dumps({value["key"]: value["value"] for value in attribute_value}) attribute["attribute_value"] = attribute_value_json k8s_attribute_repo.create(tenant_id=tenant.tenant_id, component_id=component.service_id, **attribute) + attribute["operator"] = nick_name region_api.create_component_k8s_attribute(tenant.tenant_name, region_name, component.service_alias, attribute) @transaction.atomic @@ -49,9 +50,12 @@ def update_k8s_attribute(self, tenant, component, region_name, attribute): region_api.update_component_k8s_attribute(tenant.tenant_name, region_name, component.service_alias, attribute) @transaction.atomic - def delete_k8s_attribute(self, tenant, component, region_name, name): + def delete_k8s_attribute(self, tenant, component, region_name, name, operator): k8s_attribute_repo.delete(component.service_id, name) - region_api.delete_component_k8s_attribute(tenant.tenant_name, region_name, component.service_alias, {"name": name}) + region_api.delete_component_k8s_attribute(tenant.tenant_name, region_name, component.service_alias, { + "name": name, + "operator": operator + }) k8s_attribute_service = ComponentK8sAttributeService() diff --git a/console/services/k8s_resource.py b/console/services/k8s_resource.py index 1c5b18903b..de58f5e913 100644 --- a/console/services/k8s_resource.py +++ b/console/services/k8s_resource.py @@ -27,7 +27,13 @@ def list_by_app_id(self, app_id): def get_k8s_resource(self, enterprise_id, tenant_name, app_id, region_name, name, resource_id): namespace, region_app_id = self.get_app_id_and_namespace(app_id, tenant_name, region_name) resources = k8s_resources_repo.get_by_id(resource_id) - data = {"app_id": region_app_id, "resource_yaml": "", "namespace": namespace, "name": name, "kind": resources.kind} + data = { + "app_id": region_app_id, + "resource_yaml": resources.content, + "namespace": namespace, + "name": name, + "kind": resources.kind + } res, body = region_api.get_app_resource(enterprise_id, region_name, data) k8s_resources_repo.update(app_id, name, resources.kind, content=body["bean"]["content"]) return body["bean"] diff --git a/console/services/market_app/app_restore.py b/console/services/market_app/app_restore.py index 6c52cc04c7..4ebb6edc50 100644 --- a/console/services/market_app/app_restore.py +++ b/console/services/market_app/app_restore.py @@ -72,7 +72,7 @@ def __init__(self, tenant, region: RegionConfig, user, app: ServiceGroup, compon self.original_app = OriginalApp(tenant, region, app, component_group.ID, self.support_labels) self.snapshot = self._get_snapshot() self.new_app = self._create_new_app() - super(AppRestore, self).__init__(self.original_app, self.new_app) + super(AppRestore, self).__init__(self.original_app, self.new_app, self.user) def restore(self): # Sync the new application to the data center first diff --git a/console/services/market_app/app_upgrade.py b/console/services/market_app/app_upgrade.py index 48205bdafc..0ae60186eb 100644 --- a/console/services/market_app/app_upgrade.py +++ b/console/services/market_app/app_upgrade.py @@ -115,7 +115,7 @@ def __init__(self, self.property_changes.ensure_dep_changes(self.new_app, self.original_app) self.app_property_changes = self._get_app_property_changes() - super(AppUpgrade, self).__init__(self.original_app, self.new_app) + super(AppUpgrade, self).__init__(self.original_app, self.new_app, self.user) def preinstall(self): self.pre_install_plugins() @@ -264,6 +264,7 @@ def _sync_plugins(self, plugins: [Plugin]): region_api.sync_plugins(self.tenant_name, self.region_name, body) def _install_predeploy(self): + try: helm_chart_parameter = dict() helm_chart_parameter["app_name"] = self.app_template["group_name"] diff --git a/console/services/market_app/market_app.py b/console/services/market_app/market_app.py index 7c5f607452..0116946315 100644 --- a/console/services/market_app/market_app.py +++ b/console/services/market_app/market_app.py @@ -33,10 +33,12 @@ class MarketApp(object): - def __init__(self, original_app: OriginalApp, new_app: NewApp): + def __init__(self, original_app: OriginalApp, new_app: NewApp, user): self.original_app = original_app self.new_app = new_app + self.user = user + self.tenant_name = self.new_app.tenant.tenant_name self.region_name = self.new_app.region_name @@ -73,6 +75,7 @@ def predeploy(self, helm_chart_parameter): builds = self._generate_builds("export_helm_chart") res = [] body = { + "operator": self.user.nick_name, "operation": "export", "build_infos": builds, "helm_chart": { @@ -90,6 +93,7 @@ def predeploy(self, helm_chart_parameter): return res def deploy(self): + builds = self._generate_builds() upgrades = self._generate_upgrades() @@ -98,6 +102,7 @@ def deploy(self): res = [] if builds: body = { + "operator": self.user.nick_name, "operation": "build", "build_infos": builds, } @@ -106,6 +111,7 @@ def deploy(self): if upgrades: body = { + "operator": self.user.nick_name, "operation": "upgrade", "upgrade_infos": upgrades, } diff --git a/console/services/market_app/new_components.py b/console/services/market_app/new_components.py index 8cdb57c235..a21e71cc7b 100644 --- a/console/services/market_app/new_components.py +++ b/console/services/market_app/new_components.py @@ -307,7 +307,7 @@ def _template_to_ports(self, component, ports): lb_mapping_port=0, protocol=port.get("protocol", "tcp"), port_alias=port.get("port_alias", ""), - is_inner_service=port.get("is_inner_service", False), + is_inner_service=True, is_outer_service=port.get("is_outer_service", False), name=port.get("name", ""), k8s_service_name=k8s_service_name, @@ -539,7 +539,7 @@ def _contains_default_rule(rules: [ServiceDomain]): return False def _create_default_domain(self, service_alias: str, port: int): - return str(port) + "." + service_alias + "." + self.tenant.tenant_name + "." + self.region.httpdomain + return service_alias + "-" + str(port) + "-" + self.tenant.tenant_name + "-" + self.region.httpdomain @staticmethod def _domain_cookie_or_header(items): diff --git a/console/services/market_app_service.py b/console/services/market_app_service.py index 16063ed126..b956e0d379 100644 --- a/console/services/market_app_service.py +++ b/console/services/market_app_service.py @@ -715,6 +715,7 @@ def __deploy_services(self, tenant, user, service_list, app_templates): body = dict() code, data = app_manage_service.deploy_services_info( body, service_list, tenant, user, oauth_instance=None, template_apps=app_templates, upgrade=False) + data['operator'] = user.nick_name if code == 200: # 获取数据中心信息 one_service = service_list[0] diff --git a/console/services/perm_services.py b/console/services/perm_services.py index 88b8b09b62..34c9ee8b79 100644 --- a/console/services/perm_services.py +++ b/console/services/perm_services.py @@ -10,14 +10,15 @@ from console.repositories.perm_repo import role_perm_relation_repo from console.repositories.perm_repo import user_kind_role_repo from console.utils.perms import get_perms_structure, get_perms_model, get_team_perms_model, get_enterprise_perms_model, \ - get_perms_name_code_kv, DEFAULT_TEAM_ROLE_PERMS, DEFAULT_ENTERPRISE_ROLE_PERMS + get_perms_name_code_kv, DEFAULT_TEAM_ROLE_PERMS, DEFAULT_ENTERPRISE_ROLE_PERMS, get_app_perms_model +from www.models.main import ServiceGroup logger = logging.getLogger("default") class PermService(object): - def get_all_perms(self): - perms_structure = get_perms_structure() + def get_all_perms(self, tenant_id): + perms_structure = get_perms_structure(tenant_id) return perms_structure def add_user_tenant_perm(self, perm_info): @@ -123,35 +124,56 @@ def get_roles_perms(self, roles, kind=None): data.append(role_perms_info) return data - def get_roles_union_perms(self, roles, kind=None, is_owner=False): + def get_roles_union_perms(self, roles, kind=None, is_owner=False, tenant_id=""): union_role_perms = [] + app_perms = dict() if roles: role_ids = roles.values_list("role_id", flat=True) roles_perm_relation_mode = role_perm_relation_repo.get_roles_perm_relation(role_ids) if roles_perm_relation_mode: - roles_perm_relations = roles_perm_relation_mode.values("role_id", "perm_code") + roles_perm_relations = roles_perm_relation_mode.values("role_id", "perm_code", "app_id") for roles_perm_relation in roles_perm_relations: - union_role_perms.append(roles_perm_relation["perm_code"]) + if roles_perm_relation.get("app_id") != -1: + if str(roles_perm_relation["app_id"]) not in app_perms: + app_perms[str(roles_perm_relation["app_id"])] = [] + app_perms[str(roles_perm_relation["app_id"])].append(roles_perm_relation["perm_code"]) + else: + union_role_perms.append(roles_perm_relation["perm_code"]) if kind == "team": permissions = self.pack_role_perms_tree(get_team_perms_model(), union_role_perms, is_owner) elif kind == "enterprise": permissions = self.pack_role_perms_tree(get_enterprise_perms_model(), union_role_perms, is_owner) else: permissions = self.pack_role_perms_tree(get_perms_model(), union_role_perms, is_owner) + app_ids = ServiceGroup.objects.filter(tenant_id=tenant_id).values_list("ID", flat=True) + app = {"sub_models": [], "perms": {}} + for app_id in app_ids: + if str(app_id) not in app_perms: + app_permissions = permissions.get("team").get("sub_models")[2].get("team_app_manage") + else: + models = self.pack_role_perms_tree(get_app_perms_model(), app_perms.get(str(app_id))) + app_permissions = models.get("app") + app["sub_models"].append({"app_" + str(app_id): app_permissions}) + permissions.get("team").get("sub_models")[2]["team_app_manage"] = app return {"permissions": permissions} - def get_role_perms(self, role, kind=None): + def get_role_perms(self, role, kind=None, tenant_id=""): if not role: return None roles_perms = {str(role.ID): []} + app_perms = dict() role_perm_relation_mode = role_perm_relation_repo.get_role_perm_relation(role.ID) if role_perm_relation_mode: - roles_perm_relations = role_perm_relation_mode.values("role_id", "perm_code") + roles_perm_relations = role_perm_relation_mode.values("role_id", "perm_code", "app_id") for roles_perm_relation in roles_perm_relations: - if str(roles_perm_relation["role_id"]) not in roles_perms: - roles_perms[str(roles_perm_relation["role_id"])] = [] - roles_perms[str(roles_perm_relation["role_id"])].append(roles_perm_relation["perm_code"]) + if roles_perm_relation.get("app_id") != -1: + if str(roles_perm_relation["app_id"]) not in app_perms: + app_perms[str(roles_perm_relation["app_id"])] = [] + app_perms[str(roles_perm_relation["app_id"])].append(roles_perm_relation["perm_code"]) + else: + roles_perms[str(roles_perm_relation["role_id"])].append(roles_perm_relation["perm_code"]) data = [] + app_ids = ServiceGroup.objects.filter(tenant_id=tenant_id).values_list("ID", flat=True) for role_id, rule_perms in list(roles_perms.items()): role_perms_info = {"role_id": role_id} if kind == "team": @@ -160,6 +182,15 @@ def get_role_perms(self, role, kind=None): permissions = self.pack_role_perms_tree(get_enterprise_perms_model(), rule_perms) else: permissions = self.pack_role_perms_tree(get_perms_model(), rule_perms) + app = {"sub_models": [], "perms": {}} + for app_id in app_ids: + if str(app_id) not in app_perms: + app_permissions = permissions.get("team").get("sub_models")[2].get("team_app_manage") + else: + models = self.pack_role_perms_tree(get_app_perms_model(), app_perms.get(str(app_id))) + app_permissions = models.get("app") + app["sub_models"].append({"app_" + str(app_id): app_permissions}) + permissions.get("team").get("sub_models")[2]["team_app_manage"] = app role_perms_info.update({"permissions": permissions}) data.append(role_perms_info) return data[0] @@ -192,20 +223,25 @@ def pack_role_perms_tree(self, models, role_codes, is_owner=False): models[kind_name]["perms"] = self.__build_perms_list(body["perms"], role_codes, is_owner) return models - def __unpack_to_build_perms_list(self, perms_model, role_id, perms_name_code_kv): + def __unpack_to_build_perms_list(self, perms_model, role_id, perms_name_code_kv, app_id=-1): role_perms_list = [] items_list = list(perms_model.items()) for items in items_list: kind_name, body = items + if kind_name.startswith("app_"): + kind_name_app = kind_name.split('_') + if kind_name_app[1].isdigit(): + app_id = int(kind_name_app[1]) if body["sub_models"]: for sub in body["sub_models"]: - role_perms_list.extend(self.__unpack_to_build_perms_list(sub, role_id, perms_name_code_kv)) + role_perms_list.extend(self.__unpack_to_build_perms_list(sub, role_id, perms_name_code_kv, app_id=app_id)) for perm in body["perms"]: perm_items = list(perm.items())[0] perm_key, perms_value = perm_items if perms_value: role_perms_list.append( - RolePerms(role_id=role_id, perm_code=perms_name_code_kv["_".join([kind_name, perm_key])])) + RolePerms( + role_id=role_id, perm_code=perms_name_code_kv["_".join([kind_name, perm_key])], app_id=app_id)) return role_perms_list # 角色的权限树降维 @@ -242,7 +278,7 @@ def get_user_perms(self, kind, kind_id, user, is_owner=False, is_ent_admin=False if is_owner or is_ent_admin: is_owner = True user_roles = user_kind_role_repo.get_user_roles_model(kind, kind_id, user) - perms = role_perm_service.get_roles_union_perms(user_roles, kind, is_owner) + perms = role_perm_service.get_roles_union_perms(user_roles, kind, is_owner, tenant_id=kind_id) data = {"user_id": user.user_id} data.update(perms) return data diff --git a/console/services/region_services.py b/console/services/region_services.py index 9350023b89..04bb658a8d 100644 --- a/console/services/region_services.py +++ b/console/services/region_services.py @@ -599,7 +599,10 @@ def conver_region_info(self, region, check_status, level="open"): enterprise_id=region.enterprise_id, region=region.region_name) region_services_status = region_repo.get_service_status_count_by_region_name(region) res, body = region_api.get_region_resources(region.enterprise_id, region=region.region_name) - rbd_version = rbd_version["raw"] + if rbd_version: + rbd_version = rbd_version["raw"] + else: + rbd_version = "" if res.get("status") == 200: region_resource["total_memory"] = body["bean"]["cap_mem"] region_resource["used_memory"] = body["bean"]["req_mem"] diff --git a/console/services/user_services.py b/console/services/user_services.py index 3c0565de61..8262b8bc5b 100644 --- a/console/services/user_services.py +++ b/console/services/user_services.py @@ -557,7 +557,7 @@ def list_user_team_perms(user, tenant): if tenant.creater == user.user_id: team_perms = list(PermsInfo.objects.filter(kind="team").values_list("code", flat=True)) user_perms.extend(team_perms) - user_perms.append(200000) + user_perms.append(100001) else: team_roles = RoleInfo.objects.filter(kind="team", kind_id=tenant.tenant_id) if team_roles: diff --git a/console/urls.py b/console/urls.py index d4cc0afdf9..0419f5eddb 100644 --- a/console/urls.py +++ b/console/urls.py @@ -1,10 +1,12 @@ # -*- coding: utf8 -*- + from django.conf.urls import url import console.utils.perms_route_config as perms from console.captcha.captcha_code import CaptchaView from console.cloud.views import ProxyView from console.views import app_upgrade +from console.views.api_gateway import AppApiGatewayView, AppApiGatewayConvertView from console.views.app_autoscaler import (AppAutoscalerView, AppScalingRecords, ListAppAutoscalerView) from console.views.app_config.app_dependency import (AppDependencyManageView, AppDependencyView, AppNotDependencyView, AppDependencyReverseView, AppDependencyViewList) @@ -45,10 +47,10 @@ ChangeServiceUpgradeView, DeleteAppView, DeployAppView, HorizontalExtendAppView, MarketServiceUpgradeView, ReStartAppView, RollBackAppView, StartAppView, StopAppView, TeamAppsCloseView, UpgradeAppView, VerticalExtendAppView, PackageToolView, PauseAppView, - UNPauseAppView, TarImageView) + UNPauseAppView, TarImageView, AppsPorConsoletView) from console.views.app_market import BindableMarketsView from console.views.app_monitor import (AppMonitorQueryRangeView, AppMonitorQueryView, AppResourceQueryView, AppTraceView, - BatchAppMonitorQueryView) + BatchAppMonitorQueryView, MonitorQueryOverConsoleView) from console.views.app_overview import (AppAnalyzePluginView, AppBriefView, AppDetailView, AppGroupView, AppGroupVisitView, AppKeywordView, AppPluginsBriefView, AppStatusView, AppVisitView, BuildSourceinfo, ImageAppView, ListAppPodsView, JobStrategy) @@ -64,6 +66,7 @@ from console.views.center_pool.groupapp_copy import GroupAppsCopyView from console.views.center_pool.groupapp_migration import (GroupAppsMigrateView, GroupAppsView, MigrateRecordView) from console.views.code_repo import ServiceCodeBranch +from console.views.custom_configs import CustomConfigsCLView from console.views.enterprise import (MyEventsView, ServiceAlarm, GetNodes, GetNode, NodeAction, NodeLabelsOperate, NodeTaintOperate, RainbondComponents, ContainerDisk, EnterpriseMenuManage, EnterpriseRegionGatewayBatch, EnterpriseTeamNames) @@ -89,7 +92,7 @@ from console.views.jwt_token_view import JWTTokenView from console.views.k8s_attribute import ComponentK8sAttributeView, ComponentK8sAttributeListView from console.views.k8s_resource import AppK8sResourceListView, AppK8ResourceView -from console.views.logos import ConfigRUDView, InitPerms, PhpConfigView +from console.views.logos import ConfigRUDView, InitPerms, PhpConfigView, ConfigOSSView from console.views.message import UserMessageView from console.views.oauth import (EnterpriseOauthService, OauthConfig, OAuthGitCodeDetection, OAuthGitUserRepositories, OAuthGitUserRepository, OAuthGitUserRepositoryBranches, OAuthServerAuthorize, @@ -111,56 +114,65 @@ ServicePluginsView) from console.views.pod import AppPodsView from console.views.protocols import RegionProtocolView -from console.views.proxy import ProxyPassView +from console.views.proxy import ProxyPassView, ProxySSEView from console.views.public_areas import (AllServiceInfo, GroupServiceView, ServiceEventsView, ServiceGroupView, TeamAppSortViewView, TeamOverView, TeamServiceOverViewView, TenantServiceEnvsView, GroupOperatorManagedView, AccessTokenView, TeamArchView, TeamAppNamesView) +from console.views.rbd_ability import RainbondAbilityRUDView, RainbondAbilityLView +from console.views.rbd_plugin import RainbondPluginLView, RainbondOfficialPluginLView from console.views.region import (GetRegionFeature, GetRegionPublicKeyView, MavenSettingRUDView, MavenSettingView, OpenRegionView, QyeryRegionView, RegQuyView, RegUnopenView) from console.views.registry import HubRegistryView from console.views.role_prems import TeamAddUserView from console.views.service_docker import DockerContainerView -from console.views.service_share import ( - AppMarketAppModelLView, AppMarketAppModelVersionsLView, AppMarketAppModelVersionsRView, AppMarketBatchCView, - AppMarketCLView, AppMarketOrgModelLView, AppMarketRUDView, ServiceGroupSharedApps, ServicePluginShareEventPost, - ServiceShareCompleteView, ServiceShareDeleteView, ServiceShareEventList, ServiceShareEventPost, ServiceShareInfoView, - ServiceShareRecordInfoView, ServiceShareRecordView, ShareRecordView) -from console.views.service_version import AppVersionManageView, AppVersionsView -from console.views.services_toplogical import (GroupServiceDetView, TopologicalGraphView, TopologicalInternetView) +from console.views.service_share import ServiceShareRecordView, ShareRecordView, ServiceGroupSharedApps, \ + ServiceShareInfoView, ServiceShareDeleteView, ServiceShareEventList, ServiceShareCompleteView, \ + ServiceShareEventPost, ServiceShareRecordInfoView, ServicePluginShareEventPost, AppMarketAppModelVersionsRView, \ + AppMarketOrgModelLView, AppMarketAppModelVersionsLView, AppMarketAppModelLView, AppMarketCLView, AppMarketRUDView, \ + AppMarketBatchCView +from console.views.service_version import AppVersionsView, AppVersionManageView +from console.views.services_toplogical import TopologicalGraphView, GroupServiceDetView, TopologicalInternetView from console.views.task_guidance import BaseGuidance -from console.views.team import ( - AddTeamView, AdminAddUserView, ApplicantsView, CertificateView, EnterpriseInfoView, JoinTeamView, NotJoinTeamUserView, - RegisterStatusView, TeamCheckKubernetesServiceName, TeamDelView, TeamExitView, TeamNameModView, TeamRegionInitView, - TeamSortDomainQueryView, TeamSortServiceQueryView, TeamUserCanJoin, TeamUserDetaislView, TeamUserView, UserApplyStatusView, - UserDelView, UserFuzSerView, TeamsPermissionCreateApp, TeamCheckResourceName, TeamRegistryAuthLView, - TeamRegistryAuthRUDView, InitDefaultInfoView, MonitorAlarmStatusView) -from console.views.user import (AdministratorJoinTeamView, AdminRolesView, AdminUserLCView, AdminUserView, CheckSourceView, - EnterPriseUsersCLView, EnterPriseUsersUDView, UserLogoutView, UserPemTraView) -from console.views.user_accesstoken import (UserAccessTokenCLView, UserAccessTokenRUDView) -from console.views.user_operation import (ChangeLoginPassword, PasswordResetBegin, SendResetEmail, TenantServiceView, - UserDetailsView, UserFavoriteLCView, UserFavoriteUDView) -from console.views.webhook import (CustomWebHooksDeploy, GetWebHooksUrl, ImageWebHooksDeploy, ImageWebHooksTrigger, - UpdateSecretKey, WebHooksDeploy, WebHooksStatus) -from console.views.custom_configs import CustomConfigsCLView +from console.views.team import UserFuzSerView, TeamUserDetaislView, TeamCheckResourceName, TeamSortServiceQueryView, \ + TeamCheckKubernetesServiceName, TeamRegistryAuthLView, TeamRegistryAuthRUDView, AddTeamView, TeamUserView, \ + NotJoinTeamUserView, UserDelView, TeamNameModView, TeamSortDomainQueryView, TeamDelView, TeamExitView, \ + TeamRegionInitView, ApplicantsView, RegisterStatusView, MonitorAlarmStatusView, EnterpriseInfoView, \ + InitDefaultInfoView, AdminAddUserView, CertificateView, TeamUserCanJoin, TeamsPermissionCreateApp, JoinTeamView, \ + UserApplyStatusView +from console.views.upgrade import UpgradeView +from console.views.user import CheckSourceView, UserLogoutView, UserPemTraView, AdministratorJoinTeamView, \ + EnterPriseUsersCLView, EnterPriseUsersUDView, AdminUserView, AdminUserLCView, \ + AdminRolesView +from console.views.user_accesstoken import UserAccessTokenCLView, UserAccessTokenRUDView +from console.views.user_operation import TenantServiceView, SendResetEmail, PasswordResetBegin, ChangeLoginPassword, \ + UserDetailsView, UserFavoriteLCView, UserFavoriteUDView +from console.views.webhook import WebHooksDeploy, ImageWebHooksDeploy, CustomWebHooksDeploy, GetWebHooksUrl, \ + ImageWebHooksTrigger, WebHooksStatus, UpdateSecretKey from console.views.yaml_resource import YamlResourceName, YamlResourceDetailed -from console.views.rbd_plugin import RainbondPluginLView, RainbondOfficialPluginLView -from console.views.rbd_ability import RainbondAbilityLView, RainbondAbilityRUDView urlpatterns = [ + # 升级 + url(r'^update', UpgradeView.as_view()), + # 直接代理到 普罗米修斯 + url(r'^open/monitor/query$', MonitorQueryOverConsoleView.as_view()), + url(r'^api-gateway/v1/(?P[\w\-]+)/(.*?)', AppApiGatewayView.as_view()), + url(r'^api-gateway/convert', AppApiGatewayConvertView.as_view()), url(r'^v2/proxy-pass/(.*?)', ProxyPassView.as_view()), + url(r'^sse/(.*?)', ProxySSEView.as_view()), # record error logs url(r'^errlog$', ErrLogView.as_view()), # 获取云帮Logo、标题、github、gitlab配置信息 url(r'^config/info$', ConfigRUDView.as_view()), + url(r'^config/oss$', ConfigOSSView.as_view()), url(r'^init/perms$', InitPerms.as_view()), # 获取权限列表 url(r'^perms$', PermsInfoLView.as_view()), url(r'^custom_configs$', CustomConfigsCLView.as_view()), # OAuth - url(r"^oauth/oauth-config$", OauthConfig.as_view(), perms.OauthConfig), - url(r"^oauth/oauth-services$", OauthService.as_view(), perms.OauthService), - url(r"^oauth/oauth-services/(?P[\w\-]+)$", OauthServiceInfo.as_view(), perms.OauthServiceInfo), + url(r"^oauth/oauth-config$", OauthConfig.as_view()), + url(r"^oauth/oauth-services$", OauthService.as_view()), + url(r"^oauth/oauth-services/(?P[\w\-]+)$", OauthServiceInfo.as_view()), url(r"^oauth/redirect$", OAuthServiceRedirect.as_view()), url(r"^oauth/authorize$", OAuthServerAuthorize.as_view()), url(r"^oauth/type$", OauthType.as_view()), @@ -196,459 +208,478 @@ # 我的详情 url(r'^users/details$', UserDetailsView.as_view()), # 模糊查询用户 - url(r'^users/query$', UserFuzSerView.as_view(), perms.UserFuzSerView), + url(r'^users/query$', UserFuzSerView.as_view()), url(r"^users/access-token$", UserAccessTokenCLView.as_view()), url(r"^users/access-token/(?P[\w\-]+)$", UserAccessTokenRUDView.as_view()), # 团队中用户详情页 - url(r'^teams/(?P[\w\-]+)/(?P[\w\-]+)/details$', TeamUserDetaislView.as_view()), + url(r'^teams/(?P[\w\-]+)/(?P[\w\-]+)/details$', TeamUserDetaislView.as_view(), + perms.TEAM_MEMBER_PERMS), # 团队角色权限管理 - url(r'^teams/(?P[\w\-]+)/roles/perms$', TeamRolesPermsLView.as_view(), perms.TeamRolesPermsLView), + url(r'^teams/(?P[\w\-]+)/roles/perms$', TeamRolesPermsLView.as_view(), perms.TEAM_ROLE_PERMS), url(r'^teams/(?P[\w\-]+)/roles/(?P[\w\-]+)/perms$', TeamRolePermsRUDView.as_view(), - perms.TeamRolePermsRUDView), + perms.TEAM_ROLE_PERMS), # 团队角色管理 - url(r'^teams/(?P[\w\-]+)/roles$', TeamRolesLCView.as_view(), perms.TeamRolesLCView), - url(r'^teams/(?P[\w\-]+)/roles/(?P[\w\-]+)$', TeamRolesRUDView.as_view(), perms.TeamRolesRUDView), + url(r'^teams/(?P[\w\-]+)/roles$', TeamRolesLCView.as_view(), perms.TEAM_ROLE_PERMS), + url(r'^teams/(?P[\w\-]+)/roles/(?P[\w\-]+)$', TeamRolesRUDView.as_view(), perms.TEAM_ROLE_PERMS), # 团队成员角色管理 - url(r'^teams/(?P[\w\-]+)/users/roles', TeamUsersRolesLView.as_view(), perms.TeamUsersRolesLView), + url(r'^teams/(?P[\w\-]+)/users/roles', TeamUsersRolesLView.as_view(), perms.TEAM_MEMBER_PERMS), url(r'^teams/(?P[\w\-]+)/users/(?P[\w\-]+)/roles', TeamUserRolesRUDView.as_view(), - perms.TeamUserRolesRUDView), + perms.TEAM_MEMBER_PERMS), url(r'^teams/(?P[\w\-]+)/users/(?P[\w\-]+)/perms', TeamUserPermsLView.as_view(), - perms.TeamUserPermsLView), + perms.TEAM_MEMBER_PERMS), # 团队镜像仓库授权管理 - url(r'^teams/(?P[\w\-]+)/registry/auth$', TeamRegistryAuthLView.as_view(), perms.TeamRegistryAuthLView), + url(r'^teams/(?P[\w\-]+)/registry/auth$', TeamRegistryAuthLView.as_view(), perms.TEAM_REGISTRY_AUTH), url(r'^teams/(?P[\w\-]+)/registry/auth/(?P[\w\-]+)$', TeamRegistryAuthRUDView.as_view(), - perms.TeamRegistryAuthRUDView), + perms.TEAM_REGISTRY_AUTH), # 移交团队管理权 - url(r'^teams/(?P[\w\-]+)/pemtransfer$', UserPemTraView.as_view(), perms.UserPemTraView), + url(r'^teams/(?P[\w\-]+)/pemtransfer$', UserPemTraView.as_view(), perms.TEAM_MEMBER_PERMS), # 新建团队 - url(r'^teams/add-teams$', AddTeamView.as_view(), perms.AddTeamView), + url(r'^teams/add-teams$', AddTeamView.as_view()), # 获取团队下所有用户 - url(r'^teams/(?P[\w\-]+)/users$', TeamUserView.as_view(), perms.TeamUserView), + url(r'^teams/(?P[\w\-]+)/users$', TeamUserView.as_view(), perms.TEAM_MEMBER_PERMS), # 获取企业下未加入当前团队的用户列表 - url(r'^teams/(?P[\w\-]+)/notjoinusers$', NotJoinTeamUserView.as_view(), perms.NotJoinTeamUserView), + url(r'^teams/(?P[\w\-]+)/notjoinusers$', NotJoinTeamUserView.as_view(), perms.TEAM_MEMBER_PERMS), # 删除团队成员 - url(r'^teams/(?P[\w\-]+)/users/batch/delete', UserDelView.as_view(), perms.UserDelView), + url(r'^teams/(?P[\w\-]+)/users/batch/delete', UserDelView.as_view(), perms.TEAM_MEMBER_PERMS), # 修改团队名称 - url(r'^teams/(?P[\w\-]+)/modifyname$', TeamNameModView.as_view(), perms.TeamNameModView), + url(r'^teams/(?P[\w\-]+)/modifyname$', TeamNameModView.as_view()), # 删除当前团队 - url(r'^teams/(?P[\w\-]+)/delete$', TeamDelView.as_view(), perms.TeamDelView), + url(r'^teams/(?P[\w\-]+)/delete$', TeamDelView.as_view()), # 应用(组)访问 - url(r'^teams/(?P[\w\-]+)/group/service/visit', AppGroupVisitView.as_view(), perms.AppGroupVisitView), + url(r'^teams/(?P[\w\-]+)/group/service/visit', AppGroupVisitView.as_view()), # 退出当前团队 url(r'^teams/(?P[\w\-]+)/exit$', TeamExitView.as_view()), # check kubernetes service name url(r'^teams/(?P[\w\-]+)/checkK8sServiceName$', TeamCheckKubernetesServiceName.as_view()), # 获取团队下域名访问量排序 - url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/sort_domain/query$', TeamSortDomainQueryView.as_view(), - perms.TeamSortDomainQueryView), + url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/sort_domain/query$', + TeamSortDomainQueryView.as_view()), # 获取团队下组件访问量排序 url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/sort_service/query$', - TeamSortServiceQueryView.as_view(), perms.TeamSortServiceQueryView), + TeamSortServiceQueryView.as_view()), # 获取当前租户已开通的数据中心(详细) - url(r'^teams/(?P[\w\-]+)/region/query$', RegQuyView.as_view(), perms.RegQuyView), + url(r'^teams/(?P[\w\-]+)/region/query$', RegQuyView.as_view(), perms.TEAM_REGION_DESCRIBE), # 获取当前团队未开通的数据中心 - url(r'^teams/(?P[\w\-]+)/region/unopen$', RegUnopenView.as_view(), perms.RegUnopenView), + url(r'^teams/(?P[\w\-]+)/region/unopen$', RegUnopenView.as_view(), perms.TEAM_REGION_INSTALL), # 开通数据中心 - url(r'^teams/(?P[\w\-]+)/region$', OpenRegionView.as_view(), perms.OpenRegionView), + url(r'^teams/(?P[\w\-]+)/region$', OpenRegionView.as_view(), perms.TEAM_REGION_INSTALL), # 总览 团队信息 - url(r'^teams/(?P[\w\-]+)/overview$', TeamOverView.as_view(), perms.TeamOverView), - url(r'^teams/(?P[\w\-]+)/arch$', TeamArchView.as_view(), perms.TeamOverView), + url(r'^teams/(?P[\w\-]+)/overview$', TeamOverView.as_view(), perms.TEAM_OVERVIEW_DESCRIBE), + url(r'^teams/(?P[\w\-]+)/arch$', TeamArchView.as_view()), + # team operation logs # 总览 获取应用状态 - url(r'^teams/(?P[\w\-]+)/overview/services/status$', AllServiceInfo.as_view(), perms.AllServiceInfo), + url(r'^teams/(?P[\w\-]+)/overview/services/status$', AllServiceInfo.as_view(), perms.TEAM_OVERVIEW_APP_DESCRIBE), # 上传yaml文件 - url(r'^teams/(?P[\w\-]+)/resource-name$', YamlResourceName.as_view()), - url(r'^teams/(?P[\w\-]+)/resource-detailed$', YamlResourceDetailed.as_view()), + url(r'^teams/(?P[\w\-]+)/resource-name$', YamlResourceName.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/resource-detailed$', YamlResourceDetailed.as_view(), perms.APP_OVERVIEW_CREATE), # helm应用处理 url(r'^helm/repos$', HelmRepo.as_view()), - url(r'^teams/(?P[\w\-]+)/helm_app$', HelmAppView.as_view()), - url(r'^teams/(?P[\w\-]+)/chart/version$', HelmChart.as_view()), - url(r'^teams/(?P[\w\-]+)/helm_command$', CommandInstallHelm.as_view()), - url(r'^teams/(?P[\w\-]+)/helm_list$', HelmList.as_view()), - url(r'^teams/(?P[\w\-]+)/helm_cmd_add$', HelmRepoAdd.as_view()), - url(r'^teams/(?P[\w\-]+)/helm_center_app$', HelmCenterApp.as_view()), - url(r'^teams/(?P[\w\-]+)/get_upload_chart_information$', UploadHelmChart.as_view()), - url(r'^teams/(?P[\w\-]+)/check_upload_chart$', UploadHelmChart.as_view()), - url(r'^teams/(?P[\w\-]+)/get_upload_chart_value$', UploadHelmChartValue.as_view()), - url(r'^teams/(?P[\w\-]+)/get_upload_chart_resource$', UploadHelmChartValueResource.as_view()), - url(r'^teams/(?P[\w\-]+)/import_upload_chart_resource$', UploadHelmChartValueResource.as_view()), + url(r'^teams/(?P[\w\-]+)/helm_app$', HelmAppView.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/chart/version$', HelmChart.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/helm_command$', CommandInstallHelm.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/helm_list$', HelmList.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/helm_cmd_add$', HelmRepoAdd.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/helm_center_app$', HelmCenterApp.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/get_upload_chart_information$', UploadHelmChart.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/check_upload_chart$', UploadHelmChart.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/get_upload_chart_value$', UploadHelmChartValue.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/get_upload_chart_resource$', UploadHelmChartValueResource.as_view(), + perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/import_upload_chart_resource$', UploadHelmChartValueResource.as_view(), + perms.APP_OVERVIEW_CREATE), # 获取生成令牌 url(r'^teams/(?P[\w\-]+)/access-token/(?P[\w\-]+)$', AccessTokenView.as_view()), # 团队应用模块(5.1) - url(r'^teams/(?P[\w\-]+)/apps$', TeamAppSortViewView.as_view(), perms.TeamAppSortViewView), - url(r'^teams/(?P[\w\-]+)/app_names$', TeamAppNamesView.as_view(), perms.TeamAppSortViewView), + url(r'^teams/(?P[\w\-]+)/apps$', TeamAppSortViewView.as_view(), perms.TEAM_OVERVIEW_APP_DESCRIBE), + url(r'^teams/(?P[\w\-]+)/app_names$', TeamAppNamesView.as_view(), perms.TEAM_OVERVIEW_APP_DESCRIBE), # 团队应用信息 url(r'^teams/(?P[\w\-]+)/overview/service/over$', TeamServiceOverViewView.as_view(), - perms.TeamServiceOverViewView), - url(r'^teams/(?P[\w\-]+)/check-resource-name$', TeamCheckResourceName.as_view()), + perms.TEAM_OVERVIEW_APP_DESCRIBE), + url(r'^teams/(?P[\w\-]+)/check-resource-name$', TeamCheckResourceName.as_view(), + perms.TEAM_OVERVIEW_APP_DESCRIBE), # 应用事件动态 - url(r'teams/(?P[\w\-]+)/services/event$', ServiceEventsView.as_view(), perms.ServiceEventsView), + url(r'teams/(?P[\w\-]+)/services/event$', ServiceEventsView.as_view()), # 团队下应用环境变量模糊查询 - url(r'teams/(?P[\w\-]+)/services/envs$', TenantServiceEnvsView.as_view(), perms.TenantServiceEnvsView), + url(r'teams/(?P[\w\-]+)/services/envs$', TenantServiceEnvsView.as_view()), # 应用列表 - url(r'^teams/(?P[\w\-]+)/overview/groups$', ServiceGroupView.as_view(), perms.ServiceGroupView), + url(r'^teams/(?P[\w\-]+)/overview/groups$', ServiceGroupView.as_view()), # 应用列表、状态展示 - url(r'^teams/(?P[\w\-]+)/service/group$', GroupServiceView.as_view(), perms.GroupServiceView), - url(r'^teams/(?P[\w\-]+)/operator-managed$', GroupOperatorManagedView.as_view()), + url(r'^teams/(?P[\w\-]+)/service/group$', GroupServiceView.as_view(), perms.APP_OVERVIEW_PERMS), + url(r'^teams/(?P[\w\-]+)/operator-managed$', GroupOperatorManagedView.as_view(), perms.APP_OVERVIEW_PERMS), # 应用拓扑图 url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/topological$', TopologicalGraphView.as_view(), - perms.TopologicalGraphView), + perms.APP_OVERVIEW_PERMS), # 拓扑图中应用详情 url(r'^teams/(?P[\w\-]+)/topological/services/(?P[\w\-]+)$', GroupServiceDetView.as_view(), - perms.GroupServiceDetView), + perms.APP_OVERVIEW_PERMS), # Internet 拓扑详情 url(r'^teams/(?P[\w\-]+)/(?P\d+)/outer-service$', TopologicalInternetView.as_view(), - perms.TopologicalInternetView), + perms.APP_OVERVIEW_PERMS), # 云市分享应用 url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/share/record$', ServiceShareRecordView.as_view(), - perms.ServiceShareRecordView), + perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/share/record/(?P[\w\-]+)$', - ServiceShareRecordInfoView.as_view(), perms.ServiceShareRecordInfoView), + ServiceShareRecordInfoView.as_view(), perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/share/step$', ShareRecordView.as_view(), - perms.ShareRecordView), + perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P\d+)/shared/apps$', ServiceGroupSharedApps.as_view(), - perms.ServiceGroupSharedApps), + perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/share/(?P[\w\-]+)/info$', ServiceShareInfoView.as_view(), - perms.ServiceShareInfoView), + perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/share/(?P[\w\-]+)/giveup$', ServiceShareDeleteView.as_view(), - perms.ServiceShareDeleteView), + perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/share/(?P[\w\-]+)/events$', ServiceShareEventList.as_view(), - perms.ServiceShareEventList), + perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/share/(?P[\w\-]+)/events/(?P[\w\-]+)$', - ServiceShareEventPost.as_view(), perms.ServiceShareEventPost), + ServiceShareEventPost.as_view(), perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/share/(?P[\w\-]+)/events/(?P[\w\-]+)/plugin$', - ServicePluginShareEventPost.as_view(), perms.ServicePluginShareEventPost), + ServicePluginShareEventPost.as_view(), perms.APP_RELEASE_PERMS), url(r'^teams/(?P[\w\-]+)/share/(?P[\w\-]+)/complete$', ServiceShareCompleteView.as_view(), - perms.ServiceShareCompleteView), + perms.APP_RELEASE_PERMS), # 租户数据中心组信息 - url(r'^teams/(?P[\w\-]+)/groups$', TenantGroupView.as_view(), perms.TenantGroupView), + url(r'^teams/(?P[\w\-]+)/groups$', TenantGroupView.as_view(), perms.APP_CREATE_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)$', TenantGroupOperationView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/handle$', TenantGroupHandleView.as_view(), - perms.TenantGroupHandleView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/install$', ApplicationInstallView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), # 批量修改该应用下有状态组件的存储路径 url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/volumes$', ApplicationVolumesView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/pods/(?P[\w\-]+)$', ApplicationPodView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/upgradable_num$', TenantAppUpgradableNumView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/governancemode$', AppGovernanceModeView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/governancemode-cr$', AppGovernanceModeCRView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/governancemode/check', AppGovernanceModeCheckView.as_view(), - perms.TenantGroupOperationView), - url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/component_names', AppComponentNameView.as_view()), + perms.APP_OVERVIEW_PERMS), + url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/component_names', AppComponentNameView.as_view(), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/k8sservices', AppKubernetesServiceView.as_view()), - url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/k8s-resources$', AppK8sResourceListView.as_view()), + url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/k8s-resources$', AppK8sResourceListView.as_view(), + perms.APP_RESOURCE_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/k8s-resources/(?P[\w\-\.]+)$', - AppK8ResourceView.as_view()), - url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/status', ApplicationStatusView.as_view()), + AppK8ResourceView.as_view(), perms.APP_RESOURCE_PERMS), + url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/status', ApplicationStatusView.as_view(), + perms.APP_OVERVIEW_PERMS), # 应用状态(应用) - url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)$', GroupStatusView.as_view(), perms.GroupStatusView), + url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)$', GroupStatusView.as_view(), perms.APP_OVERVIEW_PERMS), # 应用(组)常见操作 url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/common_operation$', - TenantGroupCommonOperationView.as_view(), perms.TenantGroupCommonOperationView), + TenantGroupCommonOperationView.as_view(), perms.APP_OVERVIEW_PERMS), # Application Config Group url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/configgroups$', ListAppConfigGroupView.as_view(), - perms.AppConfigGroupView), + perms.APP_CONFIG_GROUP), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/configgroups/(?P[\w\-]+)$', - AppConfigGroupView.as_view(), perms.AppConfigGroupView), + AppConfigGroupView.as_view(), perms.APP_CONFIG_GROUP), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/helmapp-components$', - ApplicationHelmAppComponentView.as_view(), perms.TenantGroupOperationView), + ApplicationHelmAppComponentView.as_view(), perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/parse-services$', ApplicationParseServicesView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/releases$', ApplicationReleasesView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/visit$', ApplicationIngressesView.as_view(), - perms.TenantGroupOperationView), + perms.APP_OVERVIEW_PERMS), # 代码仓库 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/code/branch$', ServiceCodeBranch.as_view(), - perms.ServiceCodeBranch), + perms.APP_OVERVIEW_CREATE), # 文件上传最近一次记录 - url(r'^teams/(?P[\w\-]+)/apps/package_build/last-record$', UploadRecordLastView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/package_build/last-record$', UploadRecordLastView.as_view(), + perms.APP_OVERVIEW_CREATE), # 本地文件上传记录 - url(r'^teams/(?P[\w\-]+)/apps/package_build/record$', PackageUploadRecordView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/package_build/record$', PackageUploadRecordView.as_view(), + perms.APP_OVERVIEW_CREATE), # 本地文件创建组件 - url(r'^teams/(?P[\w\-]+)/apps/package_build$', PackageCreateView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/package_build$', PackageCreateView.as_view(), perms.APP_OVERVIEW_CREATE), # 源码创建 - url(r'^teams/(?P[\w\-]+)/apps/source_code$', SourceCodeCreateView.as_view(), perms.SourceCodeCreateView), + url(r'^teams/(?P[\w\-]+)/apps/source_code$', SourceCodeCreateView.as_view(), perms.APP_OVERVIEW_CREATE), # 第三方组件创建 - url(r'^teams/(?P[\w\-]+)/apps/third_party$', ThirdPartyServiceCreateView.as_view(), - perms.ThirdPartyServiceCreateView), + url(r'^teams/(?P[\w\-]+)/apps/third_party$', ThirdPartyServiceCreateView.as_view(), perms.APP_OVERVIEW_CREATE), # 第三方组件api注册方式回调地址 url(r'^third_party/(?P[\w\-]+)', ThirdPartyServiceApiView.as_view()), # 第三方组件api注册方式重置秘钥 url(r"^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/third_party/updatekey$", - ThirdPartyUpdateSecretKeyView.as_view(), perms.ThirdPartyUpdateSecretKeyView), + ThirdPartyUpdateSecretKeyView.as_view()), # 第三方组件健康检测 url(r"^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/3rd-party/health$", ThirdPartyHealthzView.as_view(), - perms.ThirdPartyHealthzView), - url(r'^teams/(?P[\w\-]+)/apps/image_repositories$', TenantImageRepositories.as_view(), perms.AppCheck), - url(r'^teams/(?P[\w\-]+)/apps/image_tags$', TenantImageTags.as_view(), perms.AppCheck), + perms.APP_OVERVIEW_OTHER_SETTING), + url(r'^teams/(?P[\w\-]+)/apps/image_repositories$', TenantImageRepositories.as_view(), + perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/apps/image_tags$', TenantImageTags.as_view(), perms.APP_OVERVIEW_CREATE), # docker镜像创建 - url(r'^teams/(?P[\w\-]+)/apps/docker_run$', DockerRunCreateView.as_view(), perms.DockerRunCreateView), + url(r'^teams/(?P[\w\-]+)/apps/docker_run$', DockerRunCreateView.as_view(), perms.APP_OVERVIEW_CREATE), # docker-compose文件创建 - url(r'^teams/(?P[\w\-]+)/apps/docker_compose$', DockerComposeCreateView.as_view(), - perms.DockerComposeCreateView), + url(r'^teams/(?P[\w\-]+)/apps/docker_compose$', DockerComposeCreateView.as_view(), perms.APP_OVERVIEW_CREATE), # 虚拟机镜像创建 - url(r'^teams/(?P[\w\-]+)/apps/vm_run$', VMRunCreateView.as_view(), perms.VMRunCreateView), + url(r'^teams/(?P[\w\-]+)/apps/vm_run$', VMRunCreateView.as_view(), perms.APP_OVERVIEW_CREATE), # 应用检测 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/check$', AppCheck.as_view(), perms.AppCheck), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/check$', AppCheck.as_view(), perms.APP_OVERVIEW_CREATE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/get_check_uuid$', GetCheckUUID.as_view(), - perms.GetCheckUUID), + perms.APP_OVERVIEW_CREATE), # multiple services check - url(r'^teams/(?P[\w\-]+)/multi/check$', MultiAppCheckView.as_view(), perms.MultiAppCheckView), + url(r'^teams/(?P[\w\-]+)/multi/check$', MultiAppCheckView.as_view(), perms.APP_OVERVIEW_CREATE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/multi/create$', MultiAppCreateView.as_view(), - perms.MultiAppCreateView), + perms.APP_OVERVIEW_CREATE), # 应用检测修改 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/check_update$', AppCheckUpdate.as_view(), - perms.AppCheckUpdate), + perms.APP_OVERVIEW_CREATE), # compose文件检测更新 url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/compose_update$', ComposeCheckUpdate.as_view(), - perms.ComposeCheckUpdate), + perms.APP_OVERVIEW_CREATE), # compose文件检测 url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/check$', ComposeCheckView.as_view(), - perms.ComposeCheckView), + perms.APP_OVERVIEW_CREATE), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/get_check_uuid$', GetComposeCheckUUID.as_view(), - perms.GetComposeCheckUUID), + perms.APP_OVERVIEW_CREATE), # compose应用构建 url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/compose_build$', ComposeBuildView.as_view(), - perms.ComposeBuildView), + perms.APP_OVERVIEW_CONSTRUCT), # 放弃compose创建应用 url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/delete$', ComposeDeleteView.as_view(), - perms.ComposeDeleteView), + perms.APP_OVERVIEW_CREATE), # 查询compose下的应用 url(r'^teams/(?P[\w\-]+)/compose/(?P[\w\-]+)/services$', ComposeServicesView.as_view(), - perms.ComposeServicesView), + perms.APP_OVERVIEW_CREATE), # 获取compose文件内容 url(r'^teams/(?P[\w\-]+)/compose/(?P[\w\-]+)/content$', ComposeContentView.as_view(), - perms.ComposeContentView), + perms.APP_OVERVIEW_CREATE), # 应用构建 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/build$', AppBuild.as_view(), perms.AppBuild), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/build$', AppBuild.as_view(), + perms.APP_OVERVIEW_CONSTRUCT), # 应用编译环境信息 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/compile_env$', AppCompileEnvView.as_view(), - perms.AppCompileEnvView), + perms.APP_OVERVIEW_CREATE), # 应用删除 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/delete$', DeleteAppView.as_view(), perms.DeleteAppView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/delete$', DeleteAppView.as_view(), + perms.APP_OVERVIEW_CREATE), # 应用详情 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/detail', AppDetailView.as_view(), perms.AppDetailView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/detail', AppDetailView.as_view(), + perms.APP_OVERVIEW_CREATE), # 是否安装性能分析插件 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/analyze_plugins', AppAnalyzePluginView.as_view(), - perms.AppAnalyzePluginView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/analyze_plugins', AppAnalyzePluginView.as_view()), # 应用简要信息 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/brief', AppBriefView.as_view(), perms.AppBriefView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/brief', AppBriefView.as_view(), + perms.APP_OVERVIEW_CREATE), # 触发应用自动部署关键字 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/keyword$', AppKeywordView.as_view(), - perms.AppKeywordView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/status', AppStatusView.as_view(), perms.AppStatusView), + perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/status', AppStatusView.as_view(), + perms.APP_OVERVIEW_CREATE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/plugins$', AppPluginsBriefView.as_view(), - perms.AppPluginsBriefView), + perms.APP_OVERVIEW_PLUGIN), # 应用信息修改 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/group', AppGroupView.as_view(), perms.AppGroupView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/group', AppGroupView.as_view(), + perms.APP_OVERVIEW_CREATE), # 应用pod信息 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/pods$', ListAppPodsView.as_view(), - perms.ListAppPodsView), + perms.APP_OVERVIEW_CREATE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/pods/(?P[\w\-]+)/detail$', - AppPodsView.as_view(), perms.AppPodsView), + AppPodsView.as_view(), perms.APP_OVERVIEW_CREATE), # 第三方应用pod信息 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/third_party/pods', ThirdPartyAppPodsView.as_view(), - perms.ThirdPartyAppPodsView), + perms.APP_OVERVIEW_CREATE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/docker_console', DockerContainerView.as_view(), - perms.DockerContainerView), + perms.APP_OVERVIEW_CREATE), # 应用访问 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/visit', AppVisitView.as_view(), perms.AppVisitView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/visit', AppVisitView.as_view(), + perms.APP_OVERVIEW_CREATE), # 环境变量配置 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/envs$', AppEnvView.as_view(), perms.AppEnvView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/envs$', AppEnvView.as_view(), perms.APP_OVERVIEW_ENV), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/envs/(?P[\w\-]+)$', AppEnvManageView.as_view(), - perms.AppEnvManageView), + perms.APP_OVERVIEW_ENV), # 构建运行时环境变量配置 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/build_envs$', AppBuildEnvView.as_view(), - perms.AppBuildEnvView), + perms.APP_OVERVIEW_SOURCE), # 端口配置 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/ports$', AppPortView.as_view(), perms.AppPortView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/ports$', AppPortView.as_view(), + perms.APP_OVERVIEW_PORT), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/ports/(?P[\w\-]+)$', AppPortManageView.as_view(), - perms.AppPortManageView), + perms.APP_OVERVIEW_PORT), # 拓扑图打开对外端口 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/topological/ports$', TopologicalPortView.as_view(), - perms.TopologicalPortView), + perms.APP_OVERVIEW_PORT), # 对外访问tcp端口修改 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/tcp-ports/(?P[\w\-]+)$', - AppTcpOuterManageView.as_view(), perms.AppTcpOuterManageView), + AppTcpOuterManageView.as_view(), perms.APP_OVERVIEW_PORT), # 组件支持的存储列表 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/volume-opts$', AppVolumeOptionsView.as_view(), - perms.AppVolumeOptionsView), + perms.APP_OVERVIEW_STORAGE), # 持久化路径配置 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/volumes$', AppVolumeView.as_view(), - perms.AppVolumeView), + perms.APP_OVERVIEW_STORAGE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/volumes/(?P[\w\-]+)$', - AppVolumeManageView.as_view(), perms.AppVolumeManageView), + AppVolumeManageView.as_view(), perms.APP_OVERVIEW_STORAGE), # 组件依赖 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/dependency$', AppDependencyView.as_view(), - perms.AppDependencyView), + perms.APP_OVERVIEW_RELY), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/dependency-list$', AppDependencyViewList.as_view(), + perms.APP_OVERVIEW_RELY), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/dependency-list$', AppDependencyViewList.as_view(), - perms.AppDependencyView), + perms.APP_OVERVIEW_RELY), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/dependency-reverse$', - AppDependencyReverseView.as_view(), perms.AppDependencyView), + AppDependencyReverseView.as_view(), perms.APP_OVERVIEW_RELY), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/dependency/(?P[\w\-]+)$', - AppDependencyManageView.as_view(), perms.AppDependencyManageView), + AppDependencyManageView.as_view(), perms.APP_OVERVIEW_RELY), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/un_dependency$', AppNotDependencyView.as_view(), - perms.AppNotDependencyView), + perms.APP_OVERVIEW_RELY), # 组件挂载 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/mnt$', AppMntView.as_view(), perms.AppMntView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/mnt$', AppMntView.as_view(), + perms.APP_OVERVIEW_STORAGE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/mnt/(?P[\w\-]+)$', - AppMntManageView.as_view(), perms.AppMntManageView), + AppMntManageView.as_view(), perms.APP_OVERVIEW_STORAGE), # 域名证书 - url(r'^teams/(?P[\w\-]+)/certificates$', TenantCertificateView.as_view(), perms.TenantCertificateView), + url(r'^teams/(?P[\w\-]+)/certificates$', TenantCertificateView.as_view(), perms.TEAM_CERTIFICATE), url(r'^teams/(?P[\w\-]+)/certificates/(?P[\w\-]+)$', TenantCertificateManageView.as_view(), - perms.TenantCertificateManageView), + perms.TEAM_CERTIFICATE), # Component k8s attribute url(r'^teams/(?P[\w\-]+)/components/(?P[\w\-]+)/k8s-attributes$', - ComponentK8sAttributeListView.as_view()), + ComponentK8sAttributeListView.as_view(), perms.APP_OVERVIEW_OTHER_SETTING), url(r'^teams/(?P[\w\-]+)/components/(?P[\w\-]+)/k8s-attributes/(?P[\w\-]+)$', - ComponentK8sAttributeView.as_view()), + ComponentK8sAttributeView.as_view(), perms.APP_OVERVIEW_OTHER_SETTING), # 组件域名操作 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/domain$', ServiceDomainView.as_view(), - perms.ServiceDomainView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/sld-domain', SecondLevelDomainView.as_view(), - perms.SecondLevelDomainView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/domain$', ServiceDomainView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/sld-domain', SecondLevelDomainView.as_view()), # 虚拟机镜像 url(r'^teams/(?P[\w\-]+)/virtual_machine_image$', VirtualMachineImageView.as_view()), # gateway api url(r'^teams/(?P[\w\-]+)/batch-gateway-http-route$', GatewayRouteBatch.as_view()), url(r'^teams/(?P[\w\-]+)/gateway-http-route$', GatewayRoute.as_view()), url(r'^teams/(?P[\w\-]+)/service$', TenantService.as_view()), - url(r'^teams/(?P[\w\-]+)/domain$', DomainView.as_view(), perms.DomainView), + url(r'^teams/(?P[\w\-]+)/domain$', DomainView.as_view()), # 查询策略(含模糊搜索) - url(r'^teams/(?P[\w\-]+)/domain/query$', DomainQueryView.as_view(), perms.DomainQueryView), + url(r'^teams/(?P[\w\-]+)/domain/query$', DomainQueryView.as_view()), # http操作 - url(r'^teams/(?P[\w\-]+)/httpdomain$', HttpStrategyView.as_view(), perms.HttpStrategyView), + url(r'^teams/(?P[\w\-]+)/httpdomain$', HttpStrategyView.as_view()), # 校验证书 url(r'^teams/(?P[\w\-]+)/calibration_certificate$', CalibrationCertificate.as_view()), # 查看高级路由信息 - url(r'^teams/(?P[\w\-]+)/domain/get_senior_url$', GetSeniorUrlView.as_view(), perms.GetSeniorUrlView), + url(r'^teams/(?P[\w\-]+)/domain/get_senior_url$', GetSeniorUrlView.as_view()), # 查询tcp/udp策略(含模糊搜索) - url(r'^teams/(?P[\w\-]+)/tcpdomain/query$', ServiceTcpDomainQueryView.as_view(), - perms.ServiceTcpDomainQueryView), + url(r'^teams/(?P[\w\-]+)/tcpdomain/query$', ServiceTcpDomainQueryView.as_view()), # 获取可用的port - url(r'^teams/(?P[\w\-]+)/domain/get_port$', GetPortView.as_view(), perms.GetPortView), + url(r'^teams/(?P[\w\-]+)/domain/get_port$', GetPortView.as_view()), # tcp/udp策略操作 - url(r'^teams/(?P[\w\-]+)/tcpdomain$', ServiceTcpDomainView.as_view(), perms.ServiceTcpDomainView), + url(r'^teams/(?P[\w\-]+)/tcpdomain$', ServiceTcpDomainView.as_view()), # 查询应用层面tcp/udp策略(含模糊搜索) url(r'^enterprise/(?P[\w\-]+)/team/(?P[\w\-]+)/app/(?P[\w\-]+)/tcpdomain$', - AppServiceTcpDomainQueryView.as_view(), perms.AppServiceTcpDomainQueryView), + AppServiceTcpDomainQueryView.as_view()), url(r'^enterprise/(?P[\w\-]+)/team/(?P[\w\-]+)/app/(?P[\w\-]+)/domain$', - AppServiceDomainQueryView.as_view(), perms.AppServiceDomainQueryView), + AppServiceDomainQueryView.as_view()), # 5.1网关自定义参数 - url(r'^teams/(?P[\w\-]+)/domain/(?P[\w\-]+)/put_gateway$', GatewayCustomConfigurationView.as_view(), - perms.GatewayCustomConfigurationView), + url(r'^teams/(?P[\w\-]+)/domain/(?P[\w\-]+)/put_gateway$', GatewayCustomConfigurationView.as_view()), # 组件操作 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/start$', StartAppView.as_view(), perms.StartAppView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/stop$', StopAppView.as_view(), perms.StopAppView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/pause$', PauseAppView.as_view(), perms.PauseAppView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/unpause$', UNPauseAppView.as_view(), - perms.UNPauseAppView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/vm_web$', UNPauseAppView.as_view(), - perms.UNPauseAppView), + url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/apps_port$', AppsPorConsoletView.as_view(), + perms.APP_OVERVIEW_PERMS), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/start$', StartAppView.as_view(), + perms.APP_OVERVIEW_START), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/stop$', StopAppView.as_view(), perms.APP_OVERVIEW_STOP), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/pause$', PauseAppView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/unpause$', UNPauseAppView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/vm_web$', UNPauseAppView.as_view()), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/restart$', ReStartAppView.as_view(), - perms.ReStartAppView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/deploy$', DeployAppView.as_view(), perms.DeployAppView), + perms.APP_OVERVIEW_UPDATE), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/deploy$', DeployAppView.as_view(), + perms.APP_OVERVIEW_CONSTRUCT), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/rollback$', RollBackAppView.as_view(), - perms.RollBackAppView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/upgrade$', UpgradeAppView.as_view(), - perms.UpgradeAppView), + perms.APP_ROLLBACK), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/upgrade$', UpgradeAppView.as_view(), perms.APP_UPGRADE), # 设置组件构建后是否升级属性 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/set/is_upgrade$', ChangeServiceUpgradeView.as_view(), - perms.ChangeServiceUpgradeView), + perms.APP_OVERVIEW_CONSTRUCT), # 查询云市安装的应用是否有(小版本,大版本)更新 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/market_service/upgrade$', - MarketServiceUpgradeView.as_view(), perms.MarketServiceUpgradeView), + MarketServiceUpgradeView.as_view(), perms.APP_UPGRADE), # 组件设置语言和安装依赖 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/package_tool$', PackageToolView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/package_tool$', PackageToolView.as_view(), + perms.APP_OVERVIEW_PERMS), # tar包设置镜像 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/tar_image$', TarImageView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/tar_image$', TarImageView.as_view(), + perms.APP_OVERVIEW_PERMS), # 批量操作 - url(r'^teams/(?P[\w\-]+)/batch_actions$', BatchActionView.as_view(), perms.BatchActionView), + url(r'^teams/(?P[\w\-]+)/batch_actions$', BatchActionView.as_view(), perms.APP_OVERVIEW_PERMS), # 批量删除应用 - url(r'^teams/(?P[\w\-]+)/batch_delete$', BatchDelete.as_view(), perms.BatchDelete), + url(r'^teams/(?P[\w\-]+)/batch_delete$', BatchDelete.as_view(), perms.APP_OVERVIEW_PERMS), # 二次确认删除应用 - url(r'^teams/(?P[\w\-]+)/again_delete$', AgainDelete.as_view(), perms.AgainDelete), + url(r'^teams/(?P[\w\-]+)/again_delete$', AgainDelete.as_view(), perms.APP_OVERVIEW_PERMS), # 某个组件的event - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/events$', AppEventView.as_view(), perms.AppEventView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/events$', AppEventView.as_view(), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/event_log$', AppEventLogView.as_view(), - perms.AppEventLogView), + perms.APP_OVERVIEW_PERMS), # 某个组件的日志 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/log$', AppLogView.as_view(), perms.AppLogView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/log_instance$', AppLogInstanceView.as_view(), - perms.AppLogInstanceView), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/history_log$', AppHistoryLogView.as_view(), - perms.AppHistoryLogView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/log$', AppLogView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/log_instance$', AppLogInstanceView.as_view()), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/history_log$', AppHistoryLogView.as_view()), # 组件探针 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/probe$', AppProbeView.as_view(), perms.AppProbeView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/probe$', AppProbeView.as_view(), + perms.APP_OVERVIEW_OTHER_SETTING), # 组件扩容操作 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/horizontal$', HorizontalExtendAppView.as_view(), - perms.HorizontalExtendAppView), + perms.APP_OVERVIEW_TELESCOPIC), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/vertical$', VerticalExtendAppView.as_view(), - perms.VerticalExtendAppView), + perms.APP_OVERVIEW_TELESCOPIC), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/extend_method$', AppExtendView.as_view(), - perms.AppExtendView), + perms.APP_OVERVIEW_TELESCOPIC), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/xparules$', ListAppAutoscalerView.as_view(), - perms.ListAppAutoscalerView), + perms.APP_OVERVIEW_TELESCOPIC), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/xparules/(?P[\w\-]+)$', - AppAutoscalerView.as_view(), perms.AppAutoscalerView), + AppAutoscalerView.as_view(), perms.APP_OVERVIEW_TELESCOPIC), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/xparecords$', AppScalingRecords.as_view(), - perms.AppScalingRecords), + perms.APP_OVERVIEW_TELESCOPIC), # 修改组件应用类型标签 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/deploytype$', ChangeServiceTypeView.as_view(), - perms.ChangeServiceTypeView), + perms.APP_OVERVIEW_OTHER_SETTING), # 修改组件名称 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/change/service_name$', ChangeServiceNameView.as_view(), - perms.ChangeServiceNameView), + perms.APP_OVERVIEW_PERMS), # 组件监控 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/monitor/query_range$', - AppMonitorQueryRangeView.as_view(), perms.AppMonitorQueryRangeView), + AppMonitorQueryRangeView.as_view(), perms.APP_OVERVIEW_MONITOR), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/monitor/query$', AppMonitorQueryView.as_view(), - perms.AppMonitorQueryView), + perms.APP_OVERVIEW_MONITOR), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/monitor/batch_query$', BatchAppMonitorQueryView.as_view(), - perms.BatchAppMonitorQueryView), + perms.APP_OVERVIEW_MONITOR), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/trace$', AppTraceView.as_view(), - perms.AppMonitorQueryRangeView), + perms.APP_OVERVIEW_MONITOR), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/service_monitor$', - ComponentServiceMonitorView.as_view(), perms.AppServiceMonitor), + ComponentServiceMonitorView.as_view(), perms.APP_OVERVIEW_MONITOR), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/service_monitor/(?P[\w\-]+)$', - ComponentServiceMonitorEditView.as_view(), perms.AppServiceMonitor), + ComponentServiceMonitorEditView.as_view(), perms.APP_OVERVIEW_MONITOR), # 组件标签 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/labels$', AppLabelView.as_view(), perms.AppLabelView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/labels$', AppLabelView.as_view(), + perms.APP_OVERVIEW_OTHER_SETTING), # 添加特性获取可用标签 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/labels/available$', AppLabelAvailableView.as_view(), - perms.AppLabelAvailableView), + perms.APP_OVERVIEW_OTHER_SETTING), # 应用资源 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/resource$', AppResourceQueryView.as_view(), - perms.AppResourceQueryView), + perms.APP_OVERVIEW_PERMS), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/internal-graphs$', ComponentInternalGraphsView.as_view()), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/exchange-graphs$', @@ -657,129 +688,123 @@ url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/graphs/(?P[\w\-]+)$', ComponentGraphView.as_view()), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/metrics$', ComponentMetricsView.as_view(), - perms.AppServiceMonitor), - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/logs$', ComponentLogView.as_view(), perms.AppLogView), + perms.APP_OVERVIEW_MONITOR), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/logs$', ComponentLogView.as_view()), # 获取当前可用全部数据中心 url(r'^regions$', QyeryRegionView.as_view()), # 获取数据中心builder PublicKey - url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/publickey$', GetRegionPublicKeyView.as_view(), - perms.GetRegionPublicKeyView), + url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/publickey$', GetRegionPublicKeyView.as_view()), url(r'^teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/features$', GetRegionFeature.as_view()), # 插件 - url(r'^teams/(?P[\w\-]+)/plugins$', PluginCreateView.as_view(), perms.PluginCreateView), + url(r'^teams/(?P[\w\-]+)/plugins$', PluginCreateView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 默认插件创建 - url(r'^teams/(?P[\w\-]+)/plugins/default$', DefaultPluginCreateView.as_view(), perms.DefaultPluginCreateView), + url(r'^teams/(?P[\w\-]+)/plugins/default$', DefaultPluginCreateView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 获取租户下所有插件基础信息 - url(r'^teams/(?P[\w\-]+)/plugins/all$', AllPluginBaseInfoView.as_view(), perms.AllPluginBaseInfoView), + url(r'^teams/(?P[\w\-]+)/plugins/all$', AllPluginBaseInfoView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 查询某个插件的基础信息 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)$', PluginBaseInfoView.as_view(), - perms.PluginBaseInfoView), + perms.TEAM_PLUGIN_MANAGE), # 查询当前插件被使用的组件 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/used_services$', PluginUsedServiceView.as_view(), - perms.PluginUsedServiceView), + perms.TEAM_PLUGIN_MANAGE), # 插件历史版本信息查询 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/build-history$', AllPluginVersionInfoView.as_view(), - perms.AllPluginVersionInfoView), + perms.TEAM_PLUGIN_MANAGE), # 创建新版本 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/new-version$', CreatePluginVersionView.as_view(), - perms.CreatePluginVersionView), + perms.TEAM_PLUGIN_MANAGE), # 构建日志 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/version/(?P[\w\-]+)/event-log$', - PluginEventLogView.as_view(), perms.PluginEventLogView), + PluginEventLogView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 某个插件的某个版本查询,删除,修改 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/version/(?P[\w\-]+)$', - PluginVersionInfoView.as_view(), perms.PluginVersionInfoView), + PluginVersionInfoView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 插件配置的增删改查 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/version/(?P[\w\-]+)/config$', - ConfigPluginManageView.as_view(), perms.ConfigPluginManageView), + ConfigPluginManageView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 配置预览 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/version/(?P[\w\-]+)/preview$', - ConfigPreviewView.as_view(), perms.ConfigPreviewView), + ConfigPreviewView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 构建插件 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/version/(?P[\w\-]+)/build$', - PluginBuildView.as_view(), perms.PluginBuildView), + PluginBuildView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 获取插件构建状态 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/version/(?P[\w\-]+)/status$', - PluginBuildStatusView.as_view(), perms.PluginBuildStatusView), + PluginBuildStatusView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 插件与应用相关API url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/pluginlist$', ServicePluginsView.as_view(), - perms.ServicePluginsView), + perms.TEAM_PLUGIN_MANAGE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/plugins/(?P[\w\-]+)/install$', - ServicePluginInstallView.as_view(), perms.ServicePluginInstallView), + ServicePluginInstallView.as_view(), perms.TEAM_PLUGIN_MANAGE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/plugins/(?P[\w\-]+)/open$', - ServicePluginOperationView.as_view(), perms.ServicePluginOperationView), + ServicePluginOperationView.as_view(), perms.TEAM_PLUGIN_MANAGE), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/plugins/(?P[\w\-]+)/configs$', - ServicePluginConfigView.as_view(), perms.ServicePluginConfigView), + ServicePluginConfigView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 插件分享 url(r'^teams/(?P[\w\-]+)/plugins/(?P[\w\-]+)/share/record$', PluginShareRecordView.as_view(), - perms.PluginShareRecordView), + perms.TEAM_PLUGIN_MANAGE), url(r'^teams/(?P[\w\-]+)/plugin-share/(?P[\w\-]+)$', PluginShareInfoView.as_view(), - perms.PluginShareInfoView), + perms.TEAM_PLUGIN_MANAGE), url(r'^teams/(?P[\w\-]+)/plugin-share/(?P[\w\-]+)/events$', PluginShareEventsView.as_view(), - perms.PluginShareEventsView), + perms.TEAM_PLUGIN_MANAGE), url(r'^teams/(?P[\w\-]+)/plugin-share/(?P[\w\-]+)/events/(?P[\w\-]+)', - PluginShareEventView.as_view(), perms.PluginShareEventView), + PluginShareEventView.as_view(), perms.TEAM_PLUGIN_MANAGE), url(r'^teams/(?P[\w\-]+)/plugin-share/(?P[\w\-]+)/complete$', PluginShareCompletionView.as_view(), - perms.PluginShareCompletionView), + perms.TEAM_PLUGIN_MANAGE), # 插件市场 - url(r'^market/plugins$', MarketPluginsView.as_view(), perms.MarketPluginsView), - url(r'^market/plugins/sync$', SyncMarketPluginsView.as_view(), perms.SyncMarketPluginsView), - url(r'^market/plugins/sync-template$', SyncMarketPluginTemplatesView.as_view(), perms.SyncMarketPluginTemplatesView), - url(r'^market/plugins/uninstall-template$', UninstallPluginTemplateView.as_view(), perms.UninstallPluginTemplateView), - url(r'^market/plugins/install$', InstallMarketPlugin.as_view(), perms.InstallMarketPlugin), - url(r'^plugins$', InternalMarketPluginsView.as_view(), perms.InternalMarketPluginsView), - url(r'^plugins/installable$', InstallableInteralPluginsView.as_view(), perms.InstallableInteralPluginsView), - url(r'^teams/(?P[\w\-]+)/apps/market_create$', CenterAppView.as_view(), perms.CenterAppView), - url(r'^teams/(?P[\w\-]+)/apps/cmd_create$', CmdInstallAppView.as_view(), perms.CmdInstallAppView), - url(r'^teams/(?P[\w\-]+)/apps/plugins$', CenterPluginAppView.as_view()), + url(r'^market/plugins$', MarketPluginsView.as_view(), perms.TEAM_PLUGIN_MANAGE), + url(r'^market/plugins/sync$', SyncMarketPluginsView.as_view(), perms.TEAM_PLUGIN_MANAGE), + url(r'^market/plugins/sync-template$', SyncMarketPluginTemplatesView.as_view(), perms.TEAM_PLUGIN_MANAGE), + url(r'^market/plugins/uninstall-template$', UninstallPluginTemplateView.as_view(), perms.TEAM_PLUGIN_MANAGE), + url(r'^market/plugins/install$', InstallMarketPlugin.as_view(), perms.TEAM_PLUGIN_MANAGE), + url(r'^plugins$', InternalMarketPluginsView.as_view(), perms.TEAM_PLUGIN_MANAGE), + url(r'^plugins/installable$', InstallableInteralPluginsView.as_view(), perms.TEAM_PLUGIN_MANAGE), + url(r'^teams/(?P[\w\-]+)/apps/market_create$', CenterAppView.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/apps/cmd_create$', CmdInstallAppView.as_view(), perms.APP_OVERVIEW_CREATE), + url(r'^teams/(?P[\w\-]+)/apps/plugins$', CenterPluginAppView.as_view(), perms.TEAM_PLUGIN_MANAGE), # 文件上传 - url(r'^files/upload$', ConsoleUploadFileView.as_view(), perms.ConsoleUploadFileView), + url(r'^files/upload$', ConsoleUploadFileView.as_view()), # 云市认证 url(r'^teams/(?P[\w\-]+)/enterprise/active$', BindMarketEnterpriseAccessTokenView.as_view()), # 新版本优化云市认证 url(r'^teams/(?P[\w\-]+)/enterprise/active/optimiz$', BindMarketEnterpriseOptimizAccessTokenView.as_view()), # 获取数据中心协议 - url(r'^teams/(?P[\w\-]+)/protocols$', RegionProtocolView.as_view(), perms.RegionProtocolView), + url(r'^teams/(?P[\w\-]+)/protocols$', RegionProtocolView.as_view()), # 批量关闭应用下所有组件 - url(r'^teams/(?P[\w\-]+)/apps/close$', TeamAppsCloseView.as_view(), perms.TeamAppsCloseView), + url(r'^teams/(?P[\w\-]+)/apps/close$', TeamAppsCloseView.as_view()), # 给一个团队添加新用户 - url(r'^teams/(?P[\w\-]+)/add_team_user$', TeamAddUserView.as_view(), perms.TeamAddUserView), + url(r'^teams/(?P[\w\-]+)/add_team_user$', TeamAddUserView.as_view()), # 站内信信息获取 url(r'^teams/(?P[\w\-]+)/message$', UserMessageView.as_view()), # 一组应用备份 - url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/backup$', GroupAppsBackupView.as_view(), - perms.GroupAppsBackupView), + url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/backup$', GroupAppsBackupView.as_view()), url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/backup/all_status$', - GroupAppsBackupStatusView.as_view(), perms.GroupAppsBackupStatusView), - url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/backup/export$', GroupAppsBackupExportView.as_view(), - perms.GroupAppsBackupExportView), - url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/backup/import$', GroupAppsBackupImportView.as_view(), - perms.GroupAppsBackupImportView), - url(r'^teams/(?P[\w\-]+)/groupapp/backup$', TeamGroupAppsBackupView.as_view(), perms.TeamGroupAppsBackupView), + GroupAppsBackupStatusView.as_view()), + url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/backup/export$', GroupAppsBackupExportView.as_view()), + url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/backup/import$', GroupAppsBackupImportView.as_view()), + url(r'^teams/(?P[\w\-]+)/groupapp/backup$', TeamGroupAppsBackupView.as_view()), # 应用复制 url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/copy$', GroupAppsCopyView.as_view(), - perms.GroupAppsCopyView), + perms.APP_OVERVIEW_COPY), # 获取团队下的所有备份记录 - url(r'^teams/(?P[\w\-]+)/all/groupapp/backup$', AllTeamGroupAppsBackupView.as_view(), - perms.AllTeamGroupAppsBackupView), + url(r'^teams/(?P[\w\-]+)/all/groupapp/backup$', AllTeamGroupAppsBackupView.as_view()), # 应用迁移恢复 - url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/migrate$', GroupAppsMigrateView.as_view(), - perms.GroupAppsMigrateView), + url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/migrate$', GroupAppsMigrateView.as_view()), # 迁移与恢复未完成记录查询 - url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/migrate/record$', MigrateRecordView.as_view(), - perms.MigrateRecordView), + url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/migrate/record$', MigrateRecordView.as_view()), # 应用数据删除 - url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/delete$', GroupAppsView.as_view(), perms.GroupAppsView), + url(r'^teams/(?P[\w\-]+)/groupapp/(?P[\w\-]+)/delete$', GroupAppsView.as_view(), + perms.APP_OVERVIEW_PERMS), # 源码仓库webhooks回调地址 url(r'^webhooks/(?P[\w\-]+)', WebHooksDeploy.as_view()), @@ -800,12 +825,11 @@ url(r'^teams/init', TeamRegionInitView.as_view()), # 应用版本管理 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/version$', AppVersionsView.as_view(), - perms.AppVersionsView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/version$', AppVersionsView.as_view()), url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/version/(?P[\w\-]+)$', - AppVersionManageView.as_view(), perms.AppVersionManageView), + AppVersionManageView.as_view()), # 获取当前团队所有的申请者 - url(r'^teams/(?P[\w\-]+)/applicants$', ApplicantsView.as_view(), perms.ApplicantsView), + url(r'^teams/(?P[\w\-]+)/applicants$', ApplicantsView.as_view()), # enterprise configuration url(r'^enterprise/(?P[\w\-]+)/objectstorage$', EnterpriseObjectStorageView.as_view()), url(r'^enterprise/(?P[\w\-]+)/appstoreimagehub$', EnterpriseAppStoreImageHubView.as_view()), @@ -817,11 +841,11 @@ # 获取企业信息 url(r'^enterprise/info$', EnterpriseInfoView.as_view()), # 初始化集群、团队信息 - url(r'^enterprise/init$', InitDefaultInfoView.as_view(), perms.AdminAddUserView), + url(r'^enterprise/init$', InitDefaultInfoView.as_view()), # 上传证书无用接口(为前端提供) url(r'^enterprise/team/certificate$', CertificateView.as_view()), # 企业管理员添加用户 - url(r'^enterprise/admin/add-user$', AdminAddUserView.as_view(), perms.AdminAddUserView), + url(r'^enterprise/admin/add-user$', AdminAddUserView.as_view()), url(r'^enterprise/admin/join-team$', AdministratorJoinTeamView.as_view()), # get basic task guided information url(r'^enterprises$', Enterprises.as_view()), @@ -835,7 +859,7 @@ url(r'^enterprise/(?P[\w\-]+)/overview/app$', EnterpriseAppOverView.as_view()), url(r'^enterprise/(?P[\w\-]+)/overview/team$', EnterpriseTeamOverView.as_view()), url(r'^enterprise/(?P[\w\-]+)/monitor$', EnterpriseMonitor.as_view()), - url(r'^enterprise/(?P[\w\-]+)/users$', EnterPriseUsersCLView.as_view(), perms.EnterPriseUsersCLView), + url(r'^enterprise/(?P[\w\-]+)/users$', EnterPriseUsersCLView.as_view()), url(r'^enterprise/(?P[\w\-]+)/user/(?P[\d\-]+)$', EnterPriseUsersUDView.as_view()), url(r'^enterprise/(?P[\w\-]+)/user/(?P[\d\-]+)/teams$', EnterpriseUserTeams.as_view()), url(r'^enterprise/(?P[\w\-]+)/myteams$', EnterpriseMyTeams.as_view()), @@ -844,8 +868,8 @@ url(r'^enterprise/(?P[\w\-]+)/admin/user$', AdminUserLCView.as_view()), url(r'^enterprise/(?P[\w\-]+)/admin/user/(?P[\w\-]+)$', AdminUserView.as_view()), url(r'^enterprise/(?P[\w\-]+)/admin/roles', AdminRolesView.as_view()), - url(r'^enterprise/(?P[\w\-]+)/teams$', EnterpriseTeams.as_view(), perms.EnterpriseTeams), - url(r'^enterprise/(?P[\w\-]+)/team_names$', EnterpriseTeamNames.as_view(), perms.EnterpriseTeams), + url(r'^enterprise/(?P[\w\-]+)/teams$', EnterpriseTeams.as_view()), + url(r'^enterprise/(?P[\w\-]+)/team_names$', EnterpriseTeamNames.as_view()), url(r'^enterprise/(?P[\w\-]+)/apps$', EnterpriseAppsLView.as_view()), url(r'^enterprise/(?P[\w\-]+)/menu$', EnterpriseMenuManage.as_view()), url(r'^enterprise/(?P[\w\-]+)/regions$', EnterpriseRegionsLCView.as_view()), @@ -870,10 +894,9 @@ RainbondAbilityRUDView.as_view()), url(r'^enterprise/(?P[\w\-]+)/regions/(?P[\w\-]+)/officialplugins$', RainbondOfficialPluginLView.as_view()), - url(r'^enterprise/(?P[\w\-]+)/regions/(?P[\w\-]+)/mavensettings$', MavenSettingView.as_view(), - perms.MavenSettingRUDView), + url(r'^enterprise/(?P[\w\-]+)/regions/(?P[\w\-]+)/mavensettings$', MavenSettingView.as_view()), url(r'^enterprise/(?P[\w\-]+)/regions/(?P[\w\-]+)/mavensettings/(?P[\w\-]+)$', - MavenSettingRUDView.as_view(), perms.MavenSettingRUDView), + MavenSettingRUDView.as_view()), # 获取节点下rainbond组件 url(r'^enterprise/(?P[\w\-]+)/regions/(?P[\w\-]+)/rbd-components$', RainbondComponents.as_view()), @@ -896,20 +919,17 @@ ContainerDisk.as_view()), url(r'^enterprise/(?P[\w\-]+)/app/(?P[\w\-]+)/components$', EnterpriseAppComponentsLView.as_view()), url(r'^enterprise/(?P[\w\-]+)/base-guidance$', BaseGuidance.as_view()), - url(r'^enterprise/(?P[\w\-]+)/storehub-check$', LocalComponentLibraryConfigCheck.as_view(), - perms.CenterAppCLView), - url(r'^enterprise/(?P[\w\-]+)/app-models$', CenterAppCLView.as_view(), perms.CenterAppCLView), - url(r'^enterprise/(?P[\w\-]+)/app-model/(?P[\w\-]+)$', CenterAppUDView.as_view(), - perms.CenterAppUDView), + url(r'^enterprise/(?P[\w\-]+)/storehub-check$', LocalComponentLibraryConfigCheck.as_view()), + url(r'^enterprise/(?P[\w\-]+)/app-models$', CenterAppCLView.as_view()), + url(r'^enterprise/(?P[\w\-]+)/app-model/(?P[\w\-]+)$', CenterAppUDView.as_view()), url(r'^enterprise/(?P[\w\-]+)/app-model/(?P[\w\-]+)/version/(?P.*)', - AppVersionUDView.as_view(), perms.AppVersionUDView), + AppVersionUDView.as_view()), url(r'^enterprise/(?P[\w\-]+)/app-models/tag$', TagCLView.as_view()), url(r'^enterprise/(?P[\w\-]+)/app-models/tag/(?P[\w\-]+)$', TagUDView.as_view()), url(r'^enterprise/(?P[\w\-]+)/app-model/(?P[\w\-]+)/tag$', AppTagCDView.as_view()), - url(r'^enterprise/(?P[\w\-]+)/cloud/markets$', AppMarketCLView.as_view(), perms.AppMarketCLView), - url(r'^enterprise/(?P[\w\-]+)/cloud/bind-markets$', AppMarketBatchCView.as_view(), perms.AppMarketCLView), - url(r'^enterprise/(?P[\w\-]+)/cloud/markets/(?P[\w\-]+)$', AppMarketRUDView.as_view(), - perms.AppMarketRUDView), + url(r'^enterprise/(?P[\w\-]+)/cloud/markets$', AppMarketCLView.as_view()), + url(r'^enterprise/(?P[\w\-]+)/cloud/bind-markets$', AppMarketBatchCView.as_view()), + url(r'^enterprise/(?P[\w\-]+)/cloud/markets/(?P[\w\-]+)$', AppMarketRUDView.as_view()), url(r'^enterprise/(?P[\w\-]+)/cloud/markets/(?P[\w\-]+)/app-models$', AppMarketAppModelLView.as_view()), url( @@ -923,19 +943,18 @@ AppMarketOrgModelLView.as_view()), # 应用导出 - url(r'^enterprise/(?P[\w\-]+)/app-models/export$', CenterAppExportView.as_view(), perms.CenterAppExportView), + url(r'^enterprise/(?P[\w\-]+)/app-models/export$', CenterAppExportView.as_view(), perms.APP_RELEASE_EXPORT), # WIP # 创建应用导入记录 url(r'^enterprise/(?P[\w\-]+)/app-models/import$', EnterpriseAppImportInitView.as_view()), # 应用导入修改、查询、删除 - url(r'^enterprise/(?P[\w\-]+)/app-models/import/(?P[\w\-]+)$', CenterAppImportView.as_view(), - perms.CenterAppImportView), + url(r'^enterprise/(?P[\w\-]+)/app-models/import/(?P[\w\-]+)$', CenterAppImportView.as_view()), # 应用包目录查询 url(r'^enterprise/(?P[\w\-]+)/app-models/import/(?P[\w\-]+)/dir$', CenterAppTarballDirView.as_view()), url(r"^enterprise/(?P[\w\-]+)/oauth/oauth-services$", EnterpriseOauthService.as_view()), url(r"^enterprise/(?P[\w\-]+)/users/(?P[\w\-]+)/teams/(?P[\w\-]+)/roles$", - EnterpriseUserTeamRoleView.as_view(), perms.EnterpriseUserTeamRoles), + EnterpriseUserTeamRoleView.as_view(), perms.TEAM_ROLE_PERMS), # 查询登录用户可以加入哪些团队 url(r"^enterprise/(?P[\w\-]+)/jointeams$", TeamUserCanJoin.as_view()), url(r"^enterprise/(?P[\w\-]+)/create-app-teams$", TeamsPermissionCreateApp.as_view()), @@ -966,57 +985,52 @@ # 用户申请某个团队 url(r"^user/applicants/join$", JoinTeamView.as_view()), # 修改部署密钥 - url(r"^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/webhooks/updatekey$", UpdateSecretKey.as_view(), - perms.UpdateSecretKey), + url(r"^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/webhooks/updatekey$", UpdateSecretKey.as_view()), # 修改镜像源 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/image', ImageAppView.as_view(), perms.ImageAppView), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/image', ImageAppView.as_view()), # 查询构建源 - url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/buildsource$', BuildSourceinfo.as_view(), - perms.BuildSourceinfo), + url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/buildsource$', BuildSourceinfo.as_view()), # job、cronjob策略配置 url(r'^teams/(?P[\w\-]+)/apps/(?P[\w\-]+)/job_strategy$', JobStrategy.as_view()), # 针对target 查看日志 - url(r'^teams/(?P[\w\-]+)/events$', AppEventsView.as_view(), perms.AppEventsView), - url(r'^teams/(?P[\w\-]+)/events/(?P[\w\-]+)/log$', AppEventsLogView.as_view(), perms.AppEventsLogView), + url(r'^teams/(?P[\w\-]+)/events$', AppEventsView.as_view()), + url(r'^teams/(?P[\w\-]+)/events/(?P[\w\-]+)/log$', AppEventsLogView.as_view()), ] # 云市应用升级相关接口 urlpatterns += [ # 查询当前组下的云市应用 - url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/apps$', app_upgrade.GroupAppView.as_view(), - perms.GroupAppView), + url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/apps$', app_upgrade.GroupAppView.as_view()), # 查询某个升级应用的详情 url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/apps/(?P[0-9]+)$', - app_upgrade.AppUpgradeDetailView.as_view(), perms.GroupAppView), + app_upgrade.AppUpgradeDetailView.as_view()), url(r'^teams/(?P[\w\-]+)/groups/(?P[\w\-]+)/apps/(?P[\w\-]+)/components', app_upgrade.AppUpgradeComponentListView.as_view()), # 查询当前组下某云市应用的更新版本 url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-versions$', - app_upgrade.AppUpgradeVersion.as_view(), - perms.AppUpgradeVersion), + app_upgrade.AppUpgradeVersion.as_view()), url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/last-upgrade-record$', - app_upgrade.AppLastUpgradeRecordView.as_view(), perms.AppUpgradeRecordsView), + app_upgrade.AppLastUpgradeRecordView.as_view()), # 升级记录集合 url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-records$', - app_upgrade.AppUpgradeRecordsView.as_view(), perms.AppUpgradeRecordsView), + app_upgrade.AppUpgradeRecordsView.as_view()), url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-records/(?P[0-9]+)' + \ - '/rollback-records$', app_upgrade.AppRollbackRecordsView.as_view(), perms.AppUpgradeRecordsView), + '/rollback-records$', app_upgrade.AppRollbackRecordsView.as_view()), # 某一条升级记录 url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-records/(?P[0-9]+)$', - app_upgrade.AppUpgradeRecordDetailView.as_view(), perms.AppUpgradeRecordView), + app_upgrade.AppUpgradeRecordDetailView.as_view()), # 查询某云市应用下组件的更新信息 url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-info$', - app_upgrade.AppUpgradeInfoView.as_view(), - perms.AppUpgradeInfoView), + app_upgrade.AppUpgradeInfoView.as_view()), # upgrade application url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-records/(?P[0-9]+)/upgrade$', - app_upgrade.AppUpgradeView.as_view(), perms.AppUpgradeView), + app_upgrade.AppUpgradeView.as_view()), # 回滚某一条升级 url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-records/(?P[0-9]+)/rollback$', - app_upgrade.AppUpgradeRollbackView.as_view(), perms.AppUpgradeRollbackView), + app_upgrade.AppUpgradeRollbackView.as_view()), url(r'teams/(?P[\w\-]+)/groups/(?P[0-9]+)/upgrade-records/(?P[0-9]+)/deploy$', - app_upgrade.AppUpgradeDeployView.as_view(), perms.AppUpgradeView) + app_upgrade.AppUpgradeDeployView.as_view()) ] # ONLINE 业务相关接口 diff --git a/console/utils/perms.py b/console/utils/perms.py index e247913fd6..21268ae832 100644 --- a/console/utils/perms.py +++ b/console/utils/perms.py @@ -3,6 +3,7 @@ from collections import Counter from console.enum.enterprise_enum import EnterpriseRolesEnum +from www.models.main import ServiceGroup """ - enterprise 100 sub1 -- 101 @@ -20,12 +21,11 @@ ENTERPRISE = { "admin": { "perms": [ - # what is What is 10000 and 20000? - ["", "", 100000], - ["", "", 200000], - ["users", "企业用户查询和创建", 800003], - ["query", "用户模糊查询", 800002], - ["upload", "上传", 800001], + ["enterprise_info", "企业视图的功能", 100000], + ["team_info", "团队相关操作", 100001], + ["users", "企业用户查询和创建", 100002], + ["query", "用户模糊查询", 100003], + ["upload", "上传", 100004], ] }, "app_store": { @@ -55,146 +55,319 @@ ["get_ent_teams", "获取企业的团队列表", 120000], ] -TEAM = { - "perms": [ - ["describe", "查看团队信息", 200001], - ["dynamic_describe", "查看团队动态", 200009], - ["maven_setting", "管理Maven配置", 200014], - ], - "teamRegion": { - "perms": [["describe", "查看", 200002], ["install", "开通", 200003], ["uninstall", "卸载", 200004]] - }, - "teamMember": { - "perms": [ - ["describe", "查看", 200005], - ["create", "创建", 200006], - ["edit", "编辑", 200007], - ["delete", "删除", 200008], - ] - }, - "teamRole": { - "perms": [ - ["describe", "查看", 200010], - ["create", "创建", 200011], - ["edit", "编辑", 200012], - ["delete", "删除", 200013], - ] - }, - "teamRegistryAuth": { +APP = { + "perms": [], + "app_overview": { "perms": [ - ["describe", "查看", 200015], - ["create", "创建", 200016], - ["edit", "编辑", 200017], - ["delete", "删除", 200018], - ] - }, - "app": { - "perms": [ - ["describe", "查看", 300001], - ["create", "创建", 300002], + ["describe", "查看", 300002], ["edit", "编辑", 300003], ["delete", "删除", 300004], ["start", "启动", 300005], ["stop", "停用", 300006], ["update", "更新", 300007], ["construct", "构建", 300008], - ["backup", "备份", 300009], - ["migrate", "迁移", 300010], - ["share", "发布", 300012], - ["upgrade", "升级", 300013], - ["copy", "复制", 300014], - ["import", "导入", 300015], - ["export", "导出", 300016], + ["create", "组件创建", 300013], + ["copy", "快速复制", 300009], + ["visit_web_terminal", "组件访问web终端", 300010], + ["service_monitor", "组件监控", 300025], + ["telescopic", "组件伸缩", 300011], + ["env", "组件环境配置", 300016], + ["rely", "组件依赖", 300017], + ["storage", "组件存储", 300018], + ["port", "组件端口", 300019], + ["plugin", "组件插件", 300020], + ["source", "组件构建源", 300021], + ["safety", "组件安全", 300027], + ["other_setting", "组件其他设置", 300022], ] }, + "app_release": { + "perms": [["describe", "查看", 310004], ["share", "发布", 310001], ["export", "导出", 310002], ["delete", "删除", 310003]] + }, + "app_gateway_manage": { + "perms": [], + "app_gateway_monitor": { + "perms": [ + ["describe", "查看", 320001], + ], + }, + "app_route_manage": { + "perms": [ + ["describe", "查看", 321001], + ["create", "创建", 321002], + ["edit", "编辑", 321003], + ["delete", "删除", 321004], + ], + }, + "app_target_services": { + "perms": [ + ["describe", "查看", 322001], + ["create", "创建", 322002], + ["edit", "编辑", 322003], + ["delete", "删除", 322004], + ], + }, + "app_certificate": { + "perms": [ + ["describe", "查看", 323001], + ["create", "创建", 323002], + ["edit", "编辑", 323003], + ["delete", "删除", 323004], + ] + }, + }, + "app_upgrade": { + "perms": [["app_model_list", "应用模型列表", 330001], ["upgrade_record", "升级记录", 330002], ["upgrade", "升级", 330003], + ["rollback", "回滚", 330004]] + }, + "app_resources": { + "perms": [ + ["describe", "查看", 340001], + ["create", "创建", 340002], + ["edit", "编辑", 340003], + ["delete", "删除", 340004], + ], + }, + # "app_backup": { + # "perms": [ + # ["backup", "新增备份", 350001], + # ["backup", "导入备份", 350002], + # ["backup", "恢复", 350003], + # ["backup", "迁移", 350004], + # ["backup", "导出", 350005], + # ["backup", "删除", 350006], + # ] + # }, "app_config_group": { "perms": [ - ["describe", "查看", 300017], - ["create", "创建", 300018], - ["edit", "编辑", 300019], - ["delete", "删除", 300020], + ["describe", "查看", 360001], + ["create", "创建", 360002], + ["edit", "编辑", 360003], + ["delete", "删除", 360004], ] + } +} +''' +注意:以下注释部分是企业版功能,新增权限的时候需要避免冲突! +''' +TEAM = { + "perms": [], + "team_overview": { + "perms": [ + ["describe", "查看团队信息", 200001], + ["app_list", "查看应用信息", 200002], + ["resource_limit", "申请资源限额", 200003], + ], }, - "component": { + "team_app_create": { "perms": [ - ["describe", "查看", 400001], - ["create", "创建", 400002], - ["edit", "编辑", 400003], - ["delete", "删除", 400004], - ["visit_web_terminal", "访问web终端", 400005], - ["start", "启动", 400006], - ["restart", "重启", 400007], - ["stop", "关闭", 400008], - ["update", "更新", 400009], - ["construct", "构建", 400010], - ["rollback", "回滚", 400011], - ["telescopic", "伸缩管理", 400012], - ["env", "环境管理", 400013], - ["rely", "依赖管理", 400014], - ["storage", "存储管理", 400015], - ["port", "端口管理", 400016], - ["plugin", "插件管理", 400017], - ["source", "构建源管理", 400018], - ["deploy_type", "部署类型", 400019], - ["characteristic", "特性", 400020], - ["health", "健康检测", 400021], - ["service_monitor", "业务监控管理", 400022], - ["paused", "暂停", 400023], - ["unpaused", "恢复", 400024], - ] + ["describe", "新建应用", 300001], + ], + }, + "team_app_manage": { + "perms": [], + "app_overview": { + "perms": [ + ["describe", "查看", 300002], + ["edit", "编辑", 300003], + ["delete", "删除", 300004], + ["start", "启动", 300005], + ["stop", "停用", 300006], + ["update", "更新", 300007], + ["construct", "构建", 300008], + ["create", "组件创建", 300013], + ["copy", "快速复制", 300009], + ["visit_web_terminal", "组件访问web终端", 300010], + ["service_monitor", "组件监控", 300025], + ["telescopic", "组件伸缩", 300011], + ["env", "组件环境配置", 300016], + ["rely", "组件依赖", 300017], + ["storage", "组件存储", 300018], + ["port", "组件端口", 300019], + ["plugin", "组件插件", 300020], + ["source", "组件构建源", 300021], + ["safety", "组件安全", 300027], + ["other_setting", "组件其他设置", 300022], + ] + }, + "app_release": { + "perms": [ + ["describe", "查看", 310004], + ["share", "发布", 310001], + ["export", "导出", 310002], + ["delete", "删除", 310003], + ] + }, + "app_gateway_manage": { + "perms": [], + "app_gateway_monitor": { + "perms": [ + ["describe", "查看", 320001], + ], + }, + "app_route_manage": { + "perms": [ + ["describe", "查看", 321001], + ["create", "创建", 321002], + ["edit", "编辑", 321003], + ["delete", "删除", 321004], + ], + }, + "app_target_services": { + "perms": [ + ["describe", "查看", 322001], + ["create", "创建", 322002], + ["edit", "编辑", 322003], + ["delete", "删除", 322004], + ], + }, + "app_certificate": { + "perms": [ + ["describe", "查看", 323001], + ["create", "创建", 323002], + ["edit", "编辑", 323003], + ["delete", "删除", 323004], + ] + }, + }, + "app_upgrade": { + "perms": [["app_model_list", "应用模型列表", 330001], ["upgrade_record", "升级记录", 330002], ["upgrade", "升级", 330003], + ["rollback", "回滚", 330004]] + }, + "app_resources": { + "perms": [ + ["describe", "查看", 340001], + ["create", "创建", 340002], + ["edit", "编辑", 340003], + ["delete", "删除", 340004], + ], + }, + # "app_backup": { + # "perms": [ + # ["backup", "新增备份", 350001], + # ["backup", "导入备份", 350002], + # ["backup", "恢复", 350003], + # ["backup", "迁移", 350004], + # ["backup", "导出", 350005], + # ["backup", "删除", 350006], + # ] + # }, + "app_config_group": { + "perms": [ + ["describe", "查看", 360001], + ["create", "创建", 360002], + ["edit", "编辑", 360003], + ["delete", "删除", 360004], + ] + } + }, + "team_gateway_manage": { + "perms": [], + "team_gateway_monitor": { + "perms": [ + ["describe", "查看", 400001], + ], + }, + "team_route_manage": { + "perms": [ + ["describe", "查看", 410001], + ["create", "创建", 410002], + ["edit", "编辑", 410003], + ["delete", "删除", 410004], + ], + }, + "team_target_services": { + "perms": [ + ["describe", "查看", 420001], + ["create", "创建", 420002], + ["edit", "编辑", 420003], + ["delete", "删除", 420004], + ], + }, + "team_certificate": { + "perms": [ + ["describe", "查看", 430001], + ["create", "创建", 430002], + ["edit", "编辑", 430003], + ["delete", "删除", 430004], + ] + }, }, - "gatewayRule": { + "team_plugin_manage": { "perms": [ ["describe", "查看", 500001], ["create", "创建", 500002], ["edit", "编辑", 500003], ["delete", "删除", 500004], - ] + ], }, - "certificate": { - "perms": [ - ["describe", "查看", 600001], - ["create", "创建", 600002], - ["edit", "编辑", 600003], - ["delete", "删除", 600004], - ] + "team_manage": { + "perms": [], + "team_dynamic": { + "perms": [ + ["describe", "查看", 600001], + ] + }, + "team_member": { + "perms": [ + ["describe", "查看", 610001], + ["create", "创建", 610002], + ["edit", "编辑", 610003], + ["delete", "删除", 610004], + ] + }, + "team_region": { + "perms": [["describe", "查看", 620001], ["install", "开通", 620002], ["uninstall", "卸载", 620003]] + }, + "team_role": { + "perms": [ + ["describe", "查看", 630001], + ["create", "创建", 630002], + ["edit", "编辑", 630003], + ["delete", "删除", 630004], + ] + }, + "team_registry_auth": { + "perms": [ + ["describe", "查看", 640001], + ["create", "创建", 640002], + ["edit", "编辑", 640003], + ["delete", "删除", 640004], + ] + }, }, - "plugin": { - "perms": [ - ["describe", "查看", 700001], - ["create", "创建", 700002], - ["edit", "编辑", 700003], - ["delete", "删除", 700004], - ] - } + # "listed_manage": { + # "perms": [ + # ["describe", "查看", 700001], + # ["create", "创建", 700002], + # ["edit", "编辑", 700003], + # ["delete", "删除", 700004], + # ], + # }, + # "application_records": { + # "perms": [ + # ["describe", "查看", 800001], + # ], + # }, } DEFAULT_ENTERPRISE_ROLE_PERMS = { - "管理员": [800001, 800002, 800003], - "开发者": [800001, 800002, 800003], + "管理员": [100000, 100001, 100002, 100003, 100004], + "开发者": [100000, 100001, 100002, 100003, 100004], "观察者": [], } DEFAULT_TEAM_ROLE_PERMS = { "管理员": [ - 200001, - 200002, - 200003, - 200004, - 200005, - 200006, - 200007, - 200008, - 200009, - 200010, - 200011, - 200012, - 200013, - 200014, - 200015, - 200016, - 200017, - 200018, + 200001, 200002, 300001, 300002, 300003, 300004, 300005, 300006, 300007, 300008, 300009, 300010, 300011, 300012, 300013, + 300014, 300015, 300016, 300017, 300018, 300019, 300020, 300021, 300022, 300023, 300024, 300025, 300026, 310001, 310002, + 310003, 320001, 321001, 321002, 321003, 321004, 322001, 322002, 322003, 322004, 323001, 323002, 323003, 323004, 330001, + 330002, 330003, 330004, 340001, 340002, 340003, 340004, 350001, 350002, 350003, 350004, 350005, 350006, 360001, 360002, + 360003, 360004, 400001, 410001, 410002, 410003, 410004, 420001, 420002, 420003, 420004, 430001, 430002, 430003, 430004, + 500001, 500002, 500003, 500004, 600001, 610001, 610002, 610003, 610004, 620001, 620002, 620003, 620004, 630001, 630002, + 630003, 630004, 640001, 640002, 640003, 640004, 700001, 700002, 700003, 700004, 800001 + ], + "开发者": [ 300001, 300002, 300003, @@ -215,101 +388,48 @@ 300018, 300019, 300020, - 400001, - 400002, - 400003, - 400004, - 400005, - 400006, - 400007, - 400008, - 400009, - 400010, - 400011, - 400012, - 400013, - 400014, - 400015, - 400016, - 400017, - 400018, - 400019, - 400020, - 400021, - 400022, - 500001, - 500002, - 500003, - 500004, - 600001, - 600002, - 600003, - 600004, - 700001, - 700002, - 700003, - 700004, - 400023, - 400024, + 300021, + 300022, + 300023, + 300024, + 300025, + 300026, + 310001, + 310002, + 310003, + 320001, + 321001, + 321002, + 321003, + 321004, + 322001, + 322002, + 322003, + 322004, + 323001, + 323002, + 323003, + 323004, + 330001, + 330002, + 330003, + 330004, + 340001, + 340002, + 340003, + 340004, + 350001, + 350002, + 350003, + 350004, + 350005, + 350006, + 360001, + 360002, + 360003, + 360004, ], - "开发者": [ - 200001, - 200002, - 200005, - 200010, - 200014, - 200015, - 300001, - 300002, - 300003, - 300005, - 300006, - 300007, - 300008, - 300009, - 300010, - 300011, - 300012, - 300013, - 300014, - 300017, - 300018, - 300019, - 300020, - 400001, - 400002, - 400003, - 400005, - 400006, - 400007, - 400008, - 400009, - 400010, - 400011, - 400012, - 400013, - 400014, - 400015, - 400016, - 400017, - 400022, - 400018, - 400019, - 400020, - 400021, - 500001, - 500002, - 500003, - 600001, - 600002, - 600003, - 700001, - 700002, - 700003, - 400023, - 400024, - ], - "观察者": [200001, 200002, 200005, 200010, 300001, 400001, 500001, 600001, 700001], + "观察者": [], } @@ -352,6 +472,10 @@ def get_team_perms_model(): return get_model(copy.deepcopy(TEAM), "team") +def get_app_perms_model(): + return get_model(copy.deepcopy(APP), "app") + + def get_enterprise_perms_model(): return get_model(copy.deepcopy(ENTERPRISE), "enterprise") @@ -365,12 +489,24 @@ def get_perms_model(): return perms_model -def get_perms_structure(): +def get_perms_structure(tenant_id): perms_structure = {} - team = get_structure(copy.deepcopy(TEAM), "team") + app_ids = ServiceGroup.objects.filter(tenant_id=tenant_id).values_list("ID", flat=True) + if not app_ids: + app_ids = [] + team = copy.deepcopy(TEAM) + removed_value = team.get("team_app_manage") + app_perms = dict() + for app_id in app_ids: + key = "app_" + str(app_id) + app_perms[key] = removed_value + team = get_structure(team, "team") enterprise = get_structure(copy.deepcopy(ENTERPRISE), "enterprise") + app = get_structure(app_perms, "app") + team.get("team").get("sub_models")[2]["team_app_manage"] = app.get("app") perms_structure.update(team) perms_structure.update(enterprise) + # perms_structure.update(app) return perms_structure diff --git a/console/utils/perms_route_config.py b/console/utils/perms_route_config.py index 8b1374d2df..becf8fb8d6 100644 --- a/console/utils/perms_route_config.py +++ b/console/utils/perms_route_config.py @@ -1,3858 +1,741 @@ -# -*- coding: utf-8 -*- - -Admin = { +TEAM_OVERVIEW_DESCRIBE = { "__message": { "get": { - "perms": [100000] + "perms": [200001] }, "post": { - "perms": [100000] + "perms": [200001] }, "put": { - "perms": [100000] + "perms": [200001] }, "delete": { - "perms": [100000] + "perms": [200001] } } } - -OauthConfig = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": [100000]}, "delete": {"perms": []}}} - -OauthService = { +TEAM_OVERVIEW_APP_DESCRIBE = { "__message": { "get": { - "perms": [100000] + "perms": [200002] }, "post": { - "perms": [100000] + "perms": [200002] }, "put": { - "perms": [] + "perms": [200002] }, "delete": { - "perms": [] + "perms": [200002] } } } - -OauthServiceInfo = { +TEAM_OVERVIEW_RESOURCE_LIMIT = { "__message": { "get": { - "perms": [] + "perms": [200003] }, "post": { - "perms": [] + "perms": [620002] }, "put": { - "perms": [] + "perms": [200003] }, "delete": { - "perms": [100000] + "perms": [200003] } } } - -TeamRolesPermsLView = { +APP_CREATE_PERMS = { "__message": { "get": { - "perms": [200001] - }, - "post": { "perms": [] }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -TeamRolePermsRUDView = { - "__message": { - "get": { - "perms": [200001] - }, "post": { - "perms": [] + "perms": [300001] }, "put": { - "perms": [200012] + "perms": [] }, "delete": { "perms": [] } } } - -TeamRolesLCView = { +APP_OVERVIEW_PERMS = { "__message": { "get": { - "perms": [200001] + "perms": [300002] }, "post": { - "perms": [200011] + "perms": [300003] }, "put": { - "perms": [] + "perms": [300003] }, "delete": { - "perms": [] + "perms": [300004] } } } -TeamRolesRUDView = { +APP_OVERVIEW_CREATE = { "__message": { "get": { - "perms": [200001] + "perms": [300002] }, "post": { - "perms": [] + "perms": [300013] }, "put": { - "perms": [200012] + "perms": [300003] }, "delete": { - "perms": [200013] + "perms": [300004] } } } -TeamUsersRolesLView = { +APP_OVERVIEW_START = { "__message": { "get": { - "perms": [200001] + "perms": [300005] }, "post": { - "perms": [] + "perms": [300005] }, "put": { - "perms": [] + "perms": [300005] }, "delete": { - "perms": [] + "perms": [300005] } } } - -TeamUserRolesRUDView = { +APP_OVERVIEW_STOP = { "__message": { "get": { - "perms": [] + "perms": [300006] }, "post": { - "perms": [] + "perms": [300006] }, "put": { - "perms": [200007, 200010] + "perms": [300006] }, "delete": { - "perms": [200007, 200010] + "perms": [300006] } } } - -TeamUserPermsLView = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -TeamRegistryAuthLView = {"__message": {"get": {"perms": [200015]}, "post": {"perms": [200016]}}} - -TeamRegistryAuthRUDView = {"__message": {"put": {"perms": [200017]}, "delete": {"perms": [200018]}}} - -UserPemTraView = { +APP_OVERVIEW_UPDATE = { "__message": { "get": { - "perms": [] + "perms": [300007] }, "post": { - "perms": [200000] + "perms": [300007] }, "put": { - "perms": [] + "perms": [300007] }, "delete": { - "perms": [] + "perms": [300007] } } } - -AddTeamView = {"__message": {"get": {"perms": []}, "post": {"perms": [100000]}, "put": {"perms": []}, "delete": {"perms": []}}} - -TeamUserView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -NotJoinTeamUserView = { +APP_OVERVIEW_CONSTRUCT = { "__message": { "get": { - "perms": [200001] + "perms": [300008] }, "post": { - "perms": [] + "perms": [300008] }, "put": { - "perms": [] + "perms": [300008] }, "delete": { - "perms": [] + "perms": [300008] } } } - -UserDelView = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": [200008]}}} - -TeamNameModView = { +APP_OVERVIEW_COPY = { "__message": { "get": { - "perms": [] + "perms": [300009] }, "post": { - "perms": [200000] + "perms": [300009] }, "put": { - "perms": [] + "perms": [300009] }, "delete": { - "perms": [] + "perms": [300009] } } } - -TeamDelView = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": [100000]}}} - -AppGroupVisitView = { +APP_OVERVIEW_WEB = { "__message": { "get": { - "perms": [200001] + "perms": [300010] }, "post": { - "perms": [] + "perms": [300010] }, "put": { - "perms": [] + "perms": [300010] }, "delete": { - "perms": [] + "perms": [300010] } } } - -TeamSortDomainQueryView = { +APP_OVERVIEW_TELESCOPIC = { "__message": { "get": { - "perms": [200001] + "perms": [300011] }, "post": { - "perms": [] + "perms": [300011] }, "put": { - "perms": [] + "perms": [300011] }, "delete": { - "perms": [] + "perms": [300011] } } } - -TeamSortServiceQueryView = { +APP_OVERVIEW_ENV = { "__message": { "get": { - "perms": [200001] + "perms": [300016] }, "post": { - "perms": [] + "perms": [300016] }, "put": { - "perms": [] + "perms": [300016] }, "delete": { - "perms": [] + "perms": [300016] } } } - -RegQuyView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -RegUnopenView = { +APP_OVERVIEW_RELY = { "__message": { "get": { - "perms": [200001] + "perms": [300017] }, "post": { - "perms": [] + "perms": [300017] }, "put": { - "perms": [] + "perms": [300017] }, "delete": { - "perms": [] + "perms": [300017] } } } - -OpenRegionView = { +APP_OVERVIEW_STORAGE = { "__message": { "get": { - "perms": [] + "perms": [300018] }, "post": { - "perms": [200003] + "perms": [300018] }, "put": { - "perms": [] - }, - "patch": { - "perms": [200003] + "perms": [300018] }, "delete": { - "perms": [200004] + "perms": [300018] } } } - -TeamOverView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -AllServiceInfo = { +APP_OVERVIEW_PORT = { "__message": { "get": { - "perms": [] + "perms": [300019] }, "post": { - "perms": [400001] + "perms": [300019] }, "put": { - "perms": [] + "perms": [300019] }, "delete": { - "perms": [] + "perms": [300019] } } } - -TeamAppSortViewView = { +APP_OVERVIEW_PLUGIN = { "__message": { "get": { - "perms": [200001] + "perms": [300020] }, "post": { - "perms": [] + "perms": [300020] }, "put": { - "perms": [] + "perms": [300020] }, "delete": { - "perms": [] + "perms": [300020] } } } - -TeamServiceOverViewView = { +APP_OVERVIEW_SOURCE = { "__message": { "get": { - "perms": [200001] + "perms": [300021] }, "post": { - "perms": [] + "perms": [300021] }, "put": { - "perms": [] + "perms": [300021] }, "delete": { - "perms": [] + "perms": [300021] } } } - -ServiceEventsView = { +APP_OVERVIEW_OTHER_SETTING = { "__message": { "get": { - "perms": [200001] + "perms": [300022] }, "post": { - "perms": [] + "perms": [300022] }, "put": { - "perms": [] + "perms": [300022] }, "delete": { - "perms": [] + "perms": [300022] } } } -TenantServiceEnvsView = { +APP_OVERVIEW_MONITOR = { "__message": { "get": { - "perms": [200001] + "perms": [300025] }, "post": { - "perms": [] + "perms": [300025] }, "put": { - "perms": [] + "perms": [300025] }, "delete": { - "perms": [] + "perms": [300025] } } } -ServiceGroupView = { +APP_OVERVIEW_SAFETY = { "__message": { "get": { - "perms": [200001] + "perms": [300027] }, "post": { - "perms": [] + "perms": [300027] }, "put": { - "perms": [] + "perms": [300027] }, "delete": { - "perms": [] + "perms": [300027] } } } -GroupServiceView = { +APP_RELEASE_PERMS = { "__message": { "get": { - "perms": [200001] + "perms": [310004] }, "post": { - "perms": [] + "perms": [310001] }, "put": { - "perms": [] + "perms": [310001] }, "delete": { - "perms": [] + "perms": [310003] } } } - -TopologicalGraphView = { +APP_RELEASE_EXPORT = { "__message": { "get": { - "perms": [200001] + "perms": [310002] }, "post": { - "perms": [] + "perms": [310002] }, "put": { - "perms": [] + "perms": [310002] }, "delete": { - "perms": [] + "perms": [310002] } } } - -GroupServiceDetView = { +APP_GATEWAY_MONITOR = { "__message": { "get": { - "perms": [200001] + "perms": [320001] }, "post": { - "perms": [] + "perms": [320001] }, "put": { - "perms": [] + "perms": [320001] }, "delete": { - "perms": [] + "perms": [320001] } } } - -TopologicalInternetView = { +APP_ROUTE_MANAGE_PERMS = { "__message": { "get": { - "perms": [200001] + "perms": [321001] }, "post": { - "perms": [] + "perms": [321002] }, "put": { - "perms": [] + "perms": [321003] }, "delete": { - "perms": [] + "perms": [321004] } } } - -ServiceShareRecordView = { +APP_TARGET_SERVICES = { "__message": { "get": { - "perms": [200001] + "perms": [322001] }, "post": { - "perms": [300012] + "perms": [322002] }, "put": { - "perms": [300012] + "perms": [322003] }, "delete": { - "perms": [300012] + "perms": [322004] } } } - -ServiceShareRecordInfoView = { +APP_CERTIFICATE = { "__message": { "get": { - "perms": [200001] + "perms": [323001] }, "post": { - "perms": [300012] + "perms": [323002] }, "put": { - "perms": [300012] + "perms": [323003] }, "delete": { - "perms": [300012] + "perms": [323004] } } } - -ShareRecordView = { +APP_UPGRADE_MODEL_LIST = { "__message": { "get": { - "perms": [200001] + "perms": [330001] }, "post": { - "perms": [300012] + "perms": [330001] }, "put": { - "perms": [300012] + "perms": [330001] }, "delete": { - "perms": [300012] + "perms": [330001] } } } - -ServiceGroupSharedApps = { +APP_UPGRADE_RECORD = { "__message": { "get": { - "perms": [200001] + "perms": [330002] }, "post": { - "perms": [300012] + "perms": [330002] }, "put": { - "perms": [300012] + "perms": [330002] }, "delete": { - "perms": [300012] + "perms": [330002] } } } - -ServiceShareInfoView = { +APP_UPGRADE = { "__message": { "get": { - "perms": [200001] + "perms": [330003] }, "post": { - "perms": [300012] + "perms": [330003] }, "put": { - "perms": [300012] + "perms": [330003] }, "delete": { - "perms": [300012] + "perms": [330003] } } } - -ServiceShareDeleteView = { +APP_ROLLBACK = { "__message": { "get": { - "perms": [200001] + "perms": [330004] }, "post": { - "perms": [300012] + "perms": [330004] }, "put": { - "perms": [300012] + "perms": [330004] }, "delete": { - "perms": [300012] + "perms": [330004] } } } - -ServiceShareEventList = { +APP_RESOURCE_PERMS = { "__message": { "get": { - "perms": [200001] + "perms": [340001] }, "post": { - "perms": [300012] + "perms": [340002] }, "put": { - "perms": [300012] + "perms": [340003] }, "delete": { - "perms": [300012] + "perms": [340004] } } } - -ServiceShareEventPost = { +APP_CONFIG_GROUP = { "__message": { "get": { - "perms": [200001] + "perms": [360001] }, "post": { - "perms": [300012] + "perms": [360002] }, "put": { - "perms": [300012] + "perms": [360003] }, "delete": { - "perms": [300012] + "perms": [360004] } } } - -ServicePluginShareEventPost = { +TEAM_GATEWAY_MONITOR = { "__message": { "get": { - "perms": [200001] + "perms": [300002] }, "post": { - "perms": [300012] + "perms": [400001] }, "put": { - "perms": [300012] + "perms": [400001] }, "delete": { - "perms": [300012] + "perms": [400001] } } } - -ServiceShareCompleteView = { +TEAM_ROUTE_MANAGE_PERMS = { "__message": { "get": { - "perms": [200001] + "perms": [410001] }, "post": { - "perms": [300012] + "perms": [410002] }, "put": { - "perms": [300012] + "perms": [410003] }, "delete": { - "perms": [300012] + "perms": [410004] } } } - -TenantGroupView = { +TEAM_TARGET_SERVICES = { "__message": { "get": { - "perms": [200001] + "perms": [420001] }, "post": { - "perms": [300002, 400002] + "perms": [420002] }, "put": { - "perms": [] + "perms": [420003] }, "delete": { - "perms": [] + "perms": [420004] } } } - -TenantGroupOperationView = { +TEAM_CERTIFICATE = { "__message": { "get": { - "perms": [200001] + "perms": [430001] }, "post": { - "perms": [] + "perms": [430002] }, "put": { - "perms": [300003] + "perms": [430003] }, "delete": { - "perms": [300004] + "perms": [430004] } } } - -TenantGroupHandleView = { +TEAM_PLUGIN_MANAGE = { "__message": { "get": { - "perms": [200001] + "perms": [500001] }, "post": { - "perms": [] + "perms": [500002] }, "put": { - "perms": [300003] + "perms": [500003] }, "delete": { - "perms": [300004] + "perms": [500004] } } } - -GroupStatusView = { +TEAM_DYNAMIC_PERMS = { "__message": { "get": { - "perms": [200001] + "perms": [600001] }, "post": { - "perms": [] + "perms": [600001] }, "put": { - "perms": [] + "perms": [600001] }, "delete": { - "perms": [] + "perms": [600001] } } } -# 权限在内部验证 -TenantGroupCommonOperationView = { +TEAM_MEMBER_PERMS = { "__message": { "get": { - "perms": [] + "perms": [610001] }, "post": { - "perms": [] + "perms": [610002] }, "put": { - "perms": [] + "perms": [610003] }, "delete": { - "perms": [] + "perms": [610004] } } } - -SourceCodeCreateView = { +TEAM_REGION_DESCRIBE = { "__message": { "get": { - "perms": [] + "perms": [620001] }, "post": { - "perms": [300002, 400002] + "perms": [620001] }, "put": { - "perms": [] + "perms": [620001] }, "delete": { - "perms": [] + "perms": [620001] } } } - -ThirdPartyServiceCreateView = { +TEAM_REGION_INSTALL = { "__message": { "get": { - "perms": [] + "perms": [620002] }, "post": { - "perms": [300002, 400002] + "perms": [620002] }, "put": { - "perms": [] + "perms": [620002] }, "delete": { - "perms": [] + "perms": [620002] } } } - -ThirdPartyServiceApiView = { +TEAM_REGION_UNINSTALL = { "__message": { "get": { - "perms": [] + "perms": [620003] }, "post": { - "perms": [300002, 400002] + "perms": [620003] }, "put": { - "perms": [300002, 400002] + "perms": [620003] }, "delete": { - "perms": [300002, 400002] + "perms": [620003] } } } - -ThirdPartyUpdateSecretKeyView = { +TEAM_ROLE_PERMS = { "__message": { "get": { - "perms": [] + "perms": [630001] }, "post": { - "perms": [] + "perms": [630002] }, "put": { - "perms": [400001, 400003] + "perms": [630003] }, "delete": { - "perms": [] + "perms": [630004] } } } - -ThirdPartyHealthzView = { +TEAM_REGISTRY_AUTH = { "__message": { "get": { - "perms": [200001] + "perms": [640001] }, "post": { - "perms": [] + "perms": [640002] }, "put": { - "perms": [400021] + "perms": [640003] }, "delete": { - "perms": [] + "perms": [640004] } } } - -DockerRunCreateView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002, 400002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -VMRunCreateView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002, 400002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -DockerComposeCreateView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002, 400002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppCheck = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400001] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GetCheckUUID = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -MultiAppCheckView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -MultiAppCreateView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002, 400002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppCheckUpdate = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [300002, 400002] - }, - "delete": { - "perms": [] - } - } -} - -ComposeCheckUpdate = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [200001] - }, - "delete": { - "perms": [] - } - } -} - -ComposeCheckView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [200001] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GetComposeCheckUUID = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ComposeBuildView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002, 400002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ComposeDeleteView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [300002, 400002] - } - } -} - -ComposeServicesView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ComposeContentView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppBuild = {"__message": {"get": {"perms": []}, "post": {"perms": [400010]}, "put": {"perms": []}, "delete": {"perms": []}}} - -AppCompileEnvView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [300002, 400002] - }, - "delete": { - "perms": [] - } - } -} - -DeleteAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [400004] - } - } -} - -AppDetailView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppAnalyzePluginView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppBriefView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [300001, 300003, 400001] - }, - "delete": { - "perms": [] - } - } -} - -AppKeywordView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [300001, 400001, 400003, 400018] - }, - "delete": { - "perms": [] - } - } -} - -AppStatusView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppPluginsBriefView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppGroupView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [300001, 300003, 400001, 400003] - }, - "delete": { - "perms": [] - } - } -} - -ListAppPodsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400005] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppPodsView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -ThirdPartyAppPodsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400003] - }, - "put": { - "perms": [400003] - }, - "delete": { - "perms": [400003] - } - } -} - -DockerContainerView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppVisitView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -AppEnvView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400013] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppEnvManageView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400013] - }, - "put": { - "perms": [400013] - }, - "patch": { - "perms": [400013] - }, - "delete": { - "perms": [400013] - } - } -} - -AppBuildEnvView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400013] - }, - "delete": { - "perms": [] - } - } -} - -AppPortView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400016] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppPortManageView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400016] - }, - "put": { - "perms": [400016] - }, - "delete": { - "perms": [400016] - } - } -} - -TopologicalPortView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400016] - }, - "delete": { - "perms": [] - } - } -} - -AppTcpOuterManageView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppVolumeOptionsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppVolumeView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400015] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppVolumeManageView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400015] - }, - "delete": { - "perms": [400015] - } - } -} - -AppDependencyView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400014] - }, - "put": { - "perms": [] - }, - "patch": { - "perms": [400014] - }, - "delete": { - "perms": [] - } - } -} - -AppDependencyManageView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [400014] - } - } -} - -AppNotDependencyView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppMntView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400014] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppMntManageView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [400014] - } - } -} - -TenantCertificateView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [600002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -TenantCertificateManageView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [600003] - }, - "delete": { - "perms": [600004] - } - } -} - -ServiceDomainView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400016] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [400016] - } - } -} - -SecondLevelDomainView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400016] - }, - "delete": { - "perms": [] - } - } -} - -DomainView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -DomainQueryView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -HttpStrategyView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [500002] - }, - "put": { - "perms": [500003] - }, - "delete": { - "perms": [500004] - } - } -} - -GetSeniorUrlView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ServiceTcpDomainQueryView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GetPortView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -ServiceTcpDomainView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [500002] - }, - "put": { - "perms": [500003] - }, - "delete": { - "perms": [500004] - } - } -} - -AppServiceTcpDomainQueryView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppServiceDomainQueryView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GatewayCustomConfigurationView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [500003] - }, - "delete": { - "perms": [] - } - } -} - -StartAppView = {"__message": {"get": {"perms": []}, "post": {"perms": [400006]}, "put": {"perms": []}, "delete": {"perms": []}}} - -PauseAppView = {"__message": {"get": {"perms": []}, "post": {"perms": [400023]}, "put": {"perms": []}, "delete": {"perms": []}}} - -UNPauseAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400024] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -StopAppView = {"__message": {"get": {"perms": []}, "post": {"perms": [400008]}, "put": {"perms": []}, "delete": {"perms": []}}} - -ReStartAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400007] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -DeployAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400010] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -RollBackAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400011] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -UpgradeAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400009] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ChangeServiceUpgradeView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400010] - }, - "delete": { - "perms": [] - } - } -} - -MarketServiceUpgradeView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -BatchActionView = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -BatchDelete = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": [400004]}}} - -AgainDelete = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": [400004]}}} - -AppEventView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -AppLogView = {"__message": {"get": {"perms": [200001]}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -AppEventLogView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppLogInstanceView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppHistoryLogView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppProbeView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400003] - }, - "put": { - "perms": [400003] - }, - "delete": { - "perms": [400003] - } - } -} - -HorizontalExtendAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400012] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -VerticalExtendAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400012] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppExtendView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ListAppAutoscalerView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400012] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppAutoscalerView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400012] - }, - "delete": { - "perms": [] - } - } -} - -AppScalingRecords = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ChangeServiceTypeView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400019] - }, - "delete": { - "perms": [] - } - } -} - -ChangeServiceNameView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400003] - }, - "delete": { - "perms": [] - } - } -} - -ServiceCodeBranch = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400018] - }, - "delete": { - "perms": [] - } - } -} - -AppMonitorQueryRangeView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppMonitorQueryView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -BatchAppMonitorQueryView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppLabelView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [400020] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [400020] - } - } -} - -AppLabelAvailableView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppResourceQueryView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GetRegionPublicKeyView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -PluginCreateView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -DefaultPluginCreateView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -AllPluginBaseInfoView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -PluginBaseInfoView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -PluginUsedServiceView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -AllPluginVersionInfoView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -CreatePluginVersionView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -PluginEventLogView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -PluginVersionInfoView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700004] - } - } -} - -ConfigPluginManageView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -ConfigPreviewView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -PluginBuildView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -PluginBuildStatusView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700002] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -ServicePluginsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400017] - }, - "put": { - "perms": [400017] - }, - "delete": { - "perms": [400017] - } - } -} - -ServicePluginInstallView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400017] - }, - "put": { - "perms": [400017] - }, - "delete": { - "perms": [400017] - } - } -} - -ServicePluginOperationView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400017] - }, - "put": { - "perms": [400017] - }, - "delete": { - "perms": [400017] - } - } -} - -ServicePluginConfigView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [400017] - }, - "put": { - "perms": [400017] - }, - "delete": { - "perms": [400017] - } - } -} - -PluginShareRecordView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -PluginShareInfoView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -PluginShareEventsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -PluginShareEventView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -PluginShareCompletionView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -MarketPluginsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -SyncMarketPluginsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -SyncMarketPluginTemplatesView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -UninstallPluginTemplateView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -InstallMarketPlugin = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -InternalMarketPluginsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -InstallableInteralPluginsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [700003] - }, - "put": { - "perms": [700003] - }, - "delete": { - "perms": [700003] - } - } -} - -CenterAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002, 400002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -CmdInstallAppView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002, 400002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -RegionProtocolView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ImportingRecordView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300015] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -CenterAppImportingAppsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300015] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -TeamAddUserView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [200006] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GroupAppsBackupView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300009] - }, - "put": { - "perms": [300009] - }, - "delete": { - "perms": [300009] - } - } -} - -GroupAppsBackupStatusView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300009] - }, - "put": { - "perms": [300009] - }, - "delete": { - "perms": [300009] - } - } -} - -GroupAppsBackupExportView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300009] - }, - "put": { - "perms": [300009] - }, - "delete": { - "perms": [300009] - } - } -} - -GroupAppsBackupImportView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300009] - }, - "put": { - "perms": [300009] - }, - "delete": { - "perms": [300009] - } - } -} - -TeamGroupAppsBackupView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300009] - }, - "put": { - "perms": [300009] - }, - "delete": { - "perms": [300009] - } - } -} - -GroupAppsCopyView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300014] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AllTeamGroupAppsBackupView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GroupAppsMigrateView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300010] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -MigrateRecordView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GroupAppsView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [300004] - } - } -} - -AppVersionsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppVersionManageView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [300004] - } - } -} - -ApplicantsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [200006] - }, - "delete": { - "perms": [] - } - } -} - -AdminAddUserView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [100000] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -UpdateSecretKey = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400003] - }, - "delete": { - "perms": [] - } - } -} - -ImageAppView = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": [400018]}, "delete": {"perms": []}}} - -BuildSourceinfo = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [400018] - }, - "delete": { - "perms": [] - } - } -} - -AppEventsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppEventsLogView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -GroupAppView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -AppUpgradeVersion = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -AppUpgradeRecordsView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -AppUpgradeRecordView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -AppUpgradeInfoView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -AppUpgradeView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -AppUpgradeRollbackView = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -# OPENAPI VIEW PERMS -TeamInfo = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [200000] - }, - "delete": { - "perms": [100000] - } - } -} - -ListTeamUsersInfo = { - "__message": { - "get": { - "perms": [200001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -TeamUserInfoView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [200006] - }, - "put": { - "perms": [200012] - }, - "delete": { - "perms": [200008] - } - } -} - -ListRegionsView = { - "__message": { - "get": { - "perms": [200002] - }, - "post": { - "perms": [200003] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ListRegionTeamServicesView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [400004] - } - } -} - -TeamRegionView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [200004] - } - } -} - -UserTeamInfoView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [200004] - } - } -} - -TeamCertificatesLCView = { - "__message": { - "get": { - "perms": [600001] - }, - "post": { - "perms": [600002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [200004] - } - } -} - -TeamCertificatesRUDView = { - "__message": { - "get": { - "perms": [600001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [600003] - }, - "delete": { - "perms": [600004] - } - } -} - -AppInfoView = { - "__message": { - "get": { - "perms": [300001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [300004] - } - } -} - -AppInstallView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [300002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -APPOperationsView = {"__message": {"get": {"perms": []}, "post": {"perms": []}, "put": {"perms": []}, "delete": {"perms": []}}} - -ListAppGatewayRuleView = { - "__message": { - "get": { - "perms": [500001] - }, - "post": { - "perms": [500002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ListAppGatewayHTTPRuleView = { - "__message": { - "get": { - "perms": [500001] - }, - "post": { - "perms": [500002] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -UpdateAppGatewayHTTPRuleView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [500003] - }, - "delete": { - "perms": [500004] - } - } -} - -ListAppServicesView = { - "__message": { - "get": { - "perms": [300001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppServicesView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [400004] - } - } -} - -AppServiceEventsView = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -ListAdminsView = { - "__message": { - "get": { - "perms": [100000] - }, - "post": { - "perms": [100000] - }, - "put": { - "perms": [100000] - }, - "delete": { - "perms": [100000] - } - } -} - -ListUsersView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [100000] - }, - "put": { - "perms": [100000] - }, - "delete": { - "perms": [100000] - } - } -} - -UserInfoView = { - "__message": { - "get": { - "perms": [100000] - }, - "post": { - "perms": [100000] - }, - "put": { - "perms": [100000] - }, - "delete": { - "perms": [100000] - } - } -} - -ChangeUserPassword = { - "__message": { - "get": { - "perms": [100000] - }, - "post": { - "perms": [100000] - }, - "put": { - "perms": [100000] - }, - "delete": { - "perms": [100000] - } - } -} - -AdminInfoView = { - "__message": { - "get": { - "perms": [100000] - }, - "post": { - "perms": [100000] - }, - "put": { - "perms": [100000] - }, - "delete": { - "perms": [100000] - } - } -} - -AppServiceTelescopicVerticalView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400012] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppServiceTelescopicHorizontalView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [400012] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppUpgradeView = { - "__message": { - "get": { - "perms": [300013] - }, - "post": { - "perms": [300013] - }, - "put": { - "perms": [300013] - }, - "delete": { - "perms": [300013] - } - } -} - -TeamAppsCloseView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [100000] - }, - "put": { - "perms": [] - }, - "delete": { - "perms": [] - } - } -} - -AppServiceMonitor = { - "__message": { - "get": { - "perms": [400001] - }, - "post": { - "perms": [400022] - }, - "put": { - "perms": [400022] - }, - "delete": { - "perms": [400022] - } - } -} - -MavenSettingRUDView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [200014] - }, - "put": { - "perms": [200014] - }, - "delete": { - "perms": [200014] - } - } -} - -AppConfigGroupView = { - "__message": { - "get": { - "perms": [300017] - }, - "post": { - "perms": [300018] - }, - "put": { - "perms": [300019] - }, - "delete": { - "perms": [300020] - } - } -} - -CenterAppCLView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [110000] - }, - } -} - -CenterAppExportView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [110004] - }, - } -} - -CenterAppUDView = { - "__message": { - "get": { - "perms": [] - }, - "put": { - "perms": [110001] - }, - "delete": { - "perms": [110002] - }, - } -} - -CenterAppImportView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [110003] - }, - "delete": { - "perms": [110003] - }, - } -} - -AppMarketCLView = { - "__message": { - "get": { - "perms": [] - }, - "post": { - "perms": [110005] - }, - } -} - -AppMarketRUDView = { - "__message": { - "get": { - "perms": [110006] - }, - "put": { - "perms": [110007] - }, - "delete": { - "perms": [110008] - }, - } -} - -AppVersionUDView = { - "__message": { - "put": { - "perms": [110009] - }, - "delete": { - "perms": [110010] - }, - } -} - -EnterpriseTeams = {"__message": {"get": {"perms": [120000]}}} - -EnterpriseUserTeamRoles = { - "__message": { - "post": { - "perms": [100000] - }, - } -} - -ConsoleUploadFileView = { - "__message": { - "post": { - "perms": [800001] - }, - } -} - -UserFuzSerView = { - "__message": { - "get": { - "perms": [800002] - }, - } -} - -EnterPriseUsersCLView = { - "__message": { - "get": { - "perms": [800003] - }, - "post": { - "perms": [800003] - }, - } -} diff --git a/console/views/api_gateway.py b/console/views/api_gateway.py new file mode 100644 index 0000000000..377a392729 --- /dev/null +++ b/console/views/api_gateway.py @@ -0,0 +1,53 @@ +from django.views.decorators.cache import never_cache + +from console.repositories.app_config import domain_repo, port_repo +from console.repositories.service_group_relation_repo import ServiceGroupRelationRepositry +from console.views.base import RegionTenantHeaderView +from www.apiclient.regionapi import RegionInvokeApi +from www.utils.return_message import general_message +from rest_framework.response import Response + +region_api = RegionInvokeApi() +service_group_relation_repo = ServiceGroupRelationRepositry() + + +class AppApiGatewayView(RegionTenantHeaderView): + @never_cache + def post(self, request, *args, **kwargs): + app_id = request.query_params.get('appID', "") + path = request.get_full_path().replace("/console", "") + resp = region_api.api_gateway_post_proxy(self.response_region, self.tenant_name, path, request.data, app_id) + result = general_message(200, "success", "创建成功", bean=resp) + return Response(result, status=result["code"]) + + @never_cache + def get(self, request, *args, **kwargs): + app_id = request.query_params.get('appID', "") + path = request.get_full_path().replace("/console", "") + resp = region_api.api_gateway_get_proxy(self.response_region, self.tenant_name, path, app_id) + result = general_message(200, "success", "查询成功", bean=resp['bean'], list=resp['list']) + return Response(result, status=result["code"]) + + @never_cache + def delete(self, request, *args, **kwargs): + path = request.get_full_path().replace("/console", "") + # app_id = request.query_params.get('appID', "") + resp = region_api.api_gateway_delete_proxy(self.response_region, self.tenant_name, path) + result = general_message(200, "success", "删除成功", bean=resp) + return Response(result, status=result["code"]) + + +class AppApiGatewayConvertView(RegionTenantHeaderView): + @never_cache + def get(self, request, *args, **kwargs): + all = domain_repo.get_all_domain() + list = [] + for e in all: + svc = port_repo.get_service_port_by_port(e.tenant_id, e.service_id, e.container_port) + app_id = service_group_relation_repo.get_group_id_by_service_tenant(svc) + region_api.api_gateway_bind_http_domain_convert(e.service_name, self.region.region_name, self.tenant_name, + [e.domain_name], svc, app_id) + list.append(e.domain_name) + + result = general_message(200, "success", "创建成功", list=list) + return Response(result, status=result["code"]) diff --git a/console/views/app_config/app_domain.py b/console/views/app_config/app_domain.py index 48a2d9e4e6..99007566f2 100644 --- a/console/views/app_config/app_domain.py +++ b/console/views/app_config/app_domain.py @@ -27,6 +27,7 @@ from rest_framework import status from rest_framework.response import Response from www.apiclient.regionapi import RegionInvokeApi +from www.models.main import ServiceDomain from www.utils.crypt import make_uuid from www.utils.return_message import general_message from console.exception.main import AbortRequest @@ -186,8 +187,11 @@ def put(self, request, *args, **kwargs): private_key = request.data.get("private_key", None) certificate = request.data.get("certificate", None) certificate_type = request.data.get("certificate_type", None) + domain_repo.get_certificate_by_pk(int(certificate_id)) + domain_service.update_certificate(self.region, self.tenant, certificate_id, new_alias, certificate, private_key, certificate_type) + result = general_message(200, "success", "证书修改成功") return Response(result, status=result["code"]) @@ -311,6 +315,10 @@ def post(self, request, *args, **kwargs): domain_service.bind_domain(self.tenant, self.user, self.service, domain_name, container_port, protocol, certificate_id, DomainType.WWW, rule_extensions) result = general_message(200, "success", "域名绑定成功") + svc = port_repo.get_service_port_by_port(self.tenant.tenant_id, self.service.service_id, container_port) + + region_api.api_gateway_bind_http_domain(self.service.service_alias, self.region.region_name, self.tenant.tenant_name, + [domain_name], svc, self.app.app_id) return Response(result, status=result["code"]) @never_cache @@ -351,7 +359,21 @@ def delete(self, request, *args, **kwargs): is_tcp = request.data.get("is_tcp", False) if not container_port or not domain_name: return Response(general_message(400, "params error", "参数错误"), status=400) - domain_service.unbind_domain(self.tenant, self.service, container_port, domain_name, is_tcp) + old_service_domain_list = ServiceDomain.objects.filter(service_id=self.service.service_id, domain_name=domain_name) + if len(old_service_domain_list) == 0: + result = general_message(200, "success", "域名解绑成功") + return Response(result, status=result["code"]) + old_service_domain = old_service_domain_list[0] + protocol = old_service_domain.protocol + agreement = "HTTP转HTTPS" if protocol == "httptohttps" \ + else "HTTP" if protocol == "http" else "HTTPS "\ + if protocol == "https" else "HTTP和HTTPS" + service_domain = {"端口": container_port, "协议": agreement, "域名": domain_name} + if protocol != "http": + certificate = domain_repo.get_certificate_by_id(old_service_domain.certificate_id) + if certificate: + service_domain["证书别名"] = certificate.alias + domain_service.unbind_domain(self.tenant, self.service, container_port, domain_name, is_tcp, self.app.app_id) result = general_message(200, "success", "域名解绑成功") return Response(result, status=result["code"]) @@ -857,9 +879,8 @@ def put(self, request, *args, **kwargs): domain_service.bind_domain(self.tenant, self.user, self.service, domain_name, container_port, "http", None, DomainType.SLD_DOMAIN) else: - # 先解绑 再绑定 code, msg = domain_service.unbind_domain( - self.tenant, self.service, container_port, sld_domains[0].domain_name, is_tcp=False) + self.tenant, self.service, container_port, sld_domains[0].domain_name, is_tcp=False, app_id=self.app.app_id) if code != 200: return Response(general_message(code, "unbind domain error", msg), status=code) domain_service.bind_domain(self.tenant, self.user, self.service, domain_name, container_port, "http", None, diff --git a/console/views/app_config/app_env.py b/console/views/app_config/app_env.py index f11f98c3d8..e113137df0 100644 --- a/console/views/app_config/app_env.py +++ b/console/views/app_config/app_env.py @@ -4,14 +4,14 @@ """ import logging -from django.db import connection -from django.forms.models import model_to_dict -from django.views.decorators.cache import never_cache -from rest_framework.response import Response from console.services.app_config.env_service import AppEnvVarService from console.utils.reqparse import parse_item from console.utils.response import MessageResponse from console.views.app_config.base import AppBaseView +from django.db import connection +from django.forms.models import model_to_dict +from django.views.decorators.cache import never_cache +from rest_framework.response import Response from www.utils.return_message import general_message from console.exception.main import AbortRequest @@ -416,6 +416,10 @@ def put(self, request, *args, **kwargs): attr_value, is_change) if code != 200: continue + new_build_env_dict = dict() + new_build_envs = env_var_service.get_service_build_envs(self.service) + for build_env in new_build_envs: + new_build_env_dict[build_env.attr_name] = build_env.attr_value result = general_message(200, "success", "环境变量添加成功") return Response(result, status=result["code"]) diff --git a/console/views/app_config/app_port.py b/console/views/app_config/app_port.py index e55cc891e9..958e9d757c 100644 --- a/console/views/app_config/app_port.py +++ b/console/views/app_config/app_port.py @@ -67,10 +67,19 @@ def get(self, request, *args, **kwargs): port_info["bind_domains"] = [] bind_domains = domain_service.get_port_bind_domains(self.service, port.container_port) if bind_domains: - for bind_domain in bind_domains: - if not bind_domain.domain_path: - bind_domain.domain_path = '/' - bind_domain.save() + path = ("/api-gateway/v1/" + self.tenant_name + "/routes/http/domains?service_alias=" + + self.service.service_alias + "&port=" + str(port.container_port)) + body = region_api.api_gateway_get_proxy(self.region_name, self.tenant_name, path, None) + if body.get("list", []) is not None: + port_info["bind_domains"] = [{ + "protocol": "http", + "domain_type": "www", + "ID": -1, + "domain_name": host, + "container_port": port.container_port + } for host in body.get("list", [])] + if port_info['protocol'] == 'http': + port_info["is_outer_service"] = len(port_info["bind_domains"]) > 0 port_info["bind_domains"] = [domain.to_dict() for domain in bind_domains] bind_tcp_domains = domain_service.get_tcp_port_bind_domains(self.service, port.container_port) @@ -256,7 +265,6 @@ def put(self, request, *args, **kwargs): k8s_service_name = parse_item(request, "k8s_service_name", default="") if not container_port: raise AbortRequest("container_port not specify", "端口变量名未指定") - if self.service.service_source == "third_party" and ("outer" in action): msg, msg_show, code = port_service.check_domain_thirdpart(self.tenant, self.service) if code != 200: @@ -264,7 +272,7 @@ def put(self, request, *args, **kwargs): return Response(general_message(code, msg, msg_show), status=code) code, msg, data = port_service.manage_port(self.tenant, self.service, self.response_region, int(container_port), action, - protocol, port_alias, k8s_service_name, self.user.nick_name) + protocol, port_alias, k8s_service_name, self.user.nick_name, self.app) if code != 200: return Response(general_message(code, "change port fail", msg), status=code) result = general_message(200, "success", "操作成功", bean=model_to_dict(data)) @@ -335,9 +343,9 @@ def put(self, request, *args, **kwargs): if close_outer: tenant_service_ports = port_service.get_service_ports(self.service) for tenant_service_port in tenant_service_ports: - code, msg, data = port_service.manage_port(self.tenant, self.service, self.response_region, - tenant_service_port.container_port, "close_outer", - tenant_service_port.protocol, tenant_service_port.port_alias) + code, msg, data = port_service.manage_port( + self.tenant, self.service, self.response_region, tenant_service_port.container_port, "close_outer", + tenant_service_port.protocol, tenant_service_port.port_alias, self.app) if code != 200: return Response(general_message(412, "open outer fail", "关闭对外端口失败"), status=412) return Response(general_message(200, "close outer success", "关闭对外端口成功"), status=200) diff --git a/console/views/app_config/app_security_context.py b/console/views/app_config/app_security_context.py new file mode 100644 index 0000000000..3f0ceae0b3 --- /dev/null +++ b/console/views/app_config/app_security_context.py @@ -0,0 +1,81 @@ +import logging + +from console.services.app_security_context import app_security_context, app_inspect +from console.views.app_config.base import AppBaseView +from rest_framework.response import Response + +from www.apiclient.regionapi import RegionInvokeApi +from www.utils.return_message import general_message + +logger = logging.getLogger("default") +region_api = RegionInvokeApi() + + +class AppSecurityContext(AppBaseView): + def get(self, request, *args, **kwargs): + security_context = app_security_context.get_security_context(self.service.service_id) + msg_show = "组件安全状态关闭" + if security_context: + msg_show = "组件安全状态开启" + security_context = security_context.to_dict() + result = general_message(200, "success", msg_show, bean=security_context) + return Response(result, status=result["code"]) + + def post(self, request, *args, **kwargs): + app_security_context.open_security_context(self.region_name, self.tenant_name, self.service.service_id, + self.service.service_alias) + result = general_message(200, "success", "开启组件安全", bean="开启组件安全") + return Response(result, status=result["code"]) + + def put(self, request, *args, **kwargs): + seccomp_profile = request.data.get("seccomp_profile", {}) + run_as_non_root = request.data.get("run_as_non_root", True) + allow_privilege_escalation = request.data.get("allow_privilege_escalation", False) + run_as_user = request.data.get("run_as_user", 10001) + run_as_group = request.data.get("run_as_group", 10001) + capabilities = request.data.get("capabilities", {}) + read_only_root_filesystem = request.data.get("read_only_root_filesystem", True) + app_security_context.update_security_context( + self.region_name, self.tenant_name, self.service.service_id, self.service.service_alias, seccomp_profile, + run_as_non_root, allow_privilege_escalation, run_as_user, run_as_group, capabilities, read_only_root_filesystem) + result = general_message(200, "success", "修改成功", bean="修改成功") + return Response(result, status=result["code"]) + + def delete(self, request, *args, **kwargs): + app_security_context.close_security_context(self.region_name, self.tenant_name, self.service.service_id, + self.service.service_alias) + result = general_message(200, "success", "组件安全已关闭", bean="组件安全已关闭") + return Response(result, status=result["code"]) + + +class AppInspection(AppBaseView): + def get(self, request, *args, **kwargs): + inspection = app_inspect.get_inspection(self.service.service_id) + msg_show = "检测开关一览" + if inspection: + inspection = inspection.to_dict() + result = general_message(200, "success", msg_show, bean=inspection) + return Response(result, status=result["code"]) + + def post(self, request, *args, **kwargs): + operation_type = request.data.get("operation_type", False) + inspection_type = request.data.get("inspection_type", "") + app_inspect.operation_inspection(self.region_name, self.tenant_name, self.service.service_id, operation_type, + self.service.service_alias, inspection_type) + result = general_message(200, "success", "修改成功", bean="修改成功") + return Response(result, status=result["code"]) + + +class AppInspectionReport(AppBaseView): + def get(self, request, *args, **kwargs): + p = request.GET.get("p", 1) + ps = request.GET.get("ps", 100) + scan_type = request.GET.get("scan_type", "code") + url = request.GET.get("url", "") + if scan_type == "code" or scan_type == "normative": + ret_data = app_inspect.get_inspection_report(self.service.service_id, p, ps, scan_type, url) + else: + ret_data = app_inspect.leak_or_config_inspection(self.tenant_name, self.service.service_alias, scan_type, p, ps, + url) + result = general_message(200, "success", "获取成功", bean=ret_data) + return Response(result, status=result["code"]) diff --git a/console/views/app_config/app_volume.py b/console/views/app_config/app_volume.py index 90c9c2abda..451fcb7057 100644 --- a/console/views/app_config/app_volume.py +++ b/console/views/app_config/app_volume.py @@ -193,9 +193,10 @@ def delete(self, request, *args, **kwargs): return Response(general_message(400, "attr_name not specify", "未指定需要删除的持久化路径"), status=400) code, msg, volume = volume_service.delete_service_volume_by_id(self.tenant, self.service, int(volume_id), self.user.nick_name, force) - result = general_message(200, "success", "删除成功") if code != 200: - result = general_message(code=code, msg="delete volume error", msg_show=msg, list=volume) + result = general_message(code=code, msg="delete volume error", msg_show=msg) + return Response(result, status=result["code"]) + result = general_message(code=code, msg="delete volume error", msg_show=msg, list=volume) return Response(result, status=result["code"]) @never_cache diff --git a/console/views/app_config/base.py b/console/views/app_config/base.py index 1499be2b3b..166a20f1ad 100644 --- a/console/views/app_config/base.py +++ b/console/views/app_config/base.py @@ -6,7 +6,7 @@ from rest_framework.response import Response -from console.exception.main import BusinessException, AbortRequest +from console.exception.main import BusinessException, AbortRequest, ServiceHandleException from console.services.group_service import group_service from console.views.base import RegionTenantHeaderView from www.models.main import Tenants, TenantServiceInfo @@ -21,6 +21,8 @@ class AppBaseView(RegionTenantHeaderView): def __init__(self, *args, **kwargs): super(AppBaseView, self).__init__(*args, **kwargs) self.service = None + self.app = None + self.component = None def initial(self, request, *args, **kwargs): super(AppBaseView, self).initial(request, *args, **kwargs) @@ -54,6 +56,12 @@ def initial(self, request, *args, **kwargs): else: raise BusinessException( Response(general_message(404, "service not found", "组件{0}不存在".format(service_alias)), status=404)) + app = group_service.get_service_group_info(self.service.service_id) + if not app: + raise ServiceHandleException("app not found", "应用不存在", 404, 404) + self.app = group_service.get_app_by_id(self.tenant, self.region_name, app.ID) + if not self.app: + raise ServiceHandleException("app not found", "应用不存在", 404, 404) class AppBaseCloudEnterpriseCenterView(AppBaseView, CloudEnterpriseCenterView): diff --git a/console/views/app_manage.py b/console/views/app_manage.py index bed9f65b18..c2312c12b7 100644 --- a/console/views/app_manage.py +++ b/console/views/app_manage.py @@ -12,6 +12,7 @@ from console.exception.main import (AbortRequest, AccountOverdueException, CallRegionAPIException, RbdAppNotFound, ResourceNotEnoughException) from console.repositories.app import service_repo +from console.repositories.app_config import port_repo from console.repositories.group import group_repo from console.services.app_actions import app_manage_service from console.services.app_actions.app_deploy import AppDeployService @@ -33,6 +34,27 @@ region_api = RegionInvokeApi() +class AppsPorConsoletView(RegionTenantHeaderView): + def get(self, req, *args, **kwargs): + ports = port_repo.get_tenant_services(self.team.tenant_id) + component_list = service_repo.get_tenant_region_services(self.region_name, self.team.tenant_id) + component_dict = {component.service_id: component.service_cname for component in component_list} + port_list = list() + if ports: + for port in ports: + port_dict = dict() + if not port.is_inner_service: + continue + port_dict["port"] = port.container_port + port_dict["service_name"] = port.k8s_service_name + port_dict["namespace"] = self.team.namespace + port_dict["component_name"] = component_dict.get(port.service_id) + port_list.append(port_dict) + ret_data = {"namespace": self.team.namespace, "ports": port_list} + result = general_message(200, "success", "查询成功", bean=ret_data) + return Response(result, status=result["code"]) + + class StartAppView(AppBaseCloudEnterpriseCenterView): @never_cache def post(self, request, *args, **kwargs): @@ -392,18 +414,6 @@ def post(self, request, *args, **kwargs): move_group_id = request.data.get("move_group_id", None) if action not in ("stop", "start", "restart", "move", "upgrade", "deploy"): return Response(general_message(400, "param error", "操作类型错误"), status=400) - if action == "stop": - self.has_perms([400008]) - if action == "start": - self.has_perms([400006]) - if action == "restart": - self.has_perms([400007]) - if action == "move": - self.has_perms([400003]) - if action == "upgrade": - self.has_perms([400009]) - if action == "deploy": - self.has_perms([400010]) service_id_list = service_ids.split(",") code, msg = app_manage_service.batch_action(self.region_name, self.tenant, self.user, action, service_id_list, move_group_id, self.oauth_instance) diff --git a/console/views/app_monitor.py b/console/views/app_monitor.py index f3d7e05db4..e441d5cc5f 100644 --- a/console/views/app_monitor.py +++ b/console/views/app_monitor.py @@ -9,8 +9,10 @@ from console.services.app_config.promql_service import promql_service from console.services.group_service import group_service from console.views.app_config.base import AppBaseView -from console.views.base import RegionTenantHeaderView +from console.views.base import RegionTenantHeaderView, AlowAnyApiView from rest_framework.response import Response + +from openapi.serializer.config_serializers import MonitorQueryOverviewSeralizer from www.apiclient.regionapi import RegionInvokeApi from www.utils.return_message import general_message @@ -280,3 +282,17 @@ def delete(self, request, *args, **kwargs): env_var_service.delete_env_by_attr_name(self.tenant, self.service, "ES_TRACE_APP_NAME") result = general_message(200, "success", "关闭成功") return Response(result, status=result["code"]) + + +class MonitorQueryOverConsoleView(AlowAnyApiView): + def get(self, req, *args, **kwargs): + region_name = req.GET.get("region_name", "") + query = req.GET.get("query", "") + start = req.GET.get("start", "") + end = req.GET.get("end", "") + step = req.GET.get("step", "") + _, body = region_api.get_query_range_data(region_name, "", "?query={}&start={}&end={}&step={}".format( + query, start, end, step)) + serializer = MonitorQueryOverviewSeralizer(data=body) + serializer.is_valid() + return Response(body, status=200) diff --git a/console/views/app_overview.py b/console/views/app_overview.py index 426974d8ac..c751b22250 100644 --- a/console/views/app_overview.py +++ b/console/views/app_overview.py @@ -307,9 +307,8 @@ def foobar(data): if self.service.k8s_component_name in key and 'default-tcpmesh' not in key: if len(container_list) > 1: container_list[0], container_list[len(container_list) - 1] = container_list[ - len( - container_list) - 1], \ - container_list[0] + len(container_list) - 1], \ + container_list[0] bean["container"] = container_list res.append(bean) return res diff --git a/console/views/base.py b/console/views/base.py index 5756ac2172..2ce3a9f3c2 100644 --- a/console/views/base.py +++ b/console/views/base.py @@ -15,6 +15,7 @@ from console.repositories.upgrade_repo import upgrade_repo from console.repositories.region_repo import region_repo # service +from console.services.group_service import group_service from console.services.user_services import user_services from console.utils import perms from console.utils.oauth.oauth_types import get_oauth_instance @@ -35,7 +36,7 @@ from rest_framework_jwt.authentication import BaseJSONWebTokenAuthentication from rest_framework_jwt.settings import api_settings from www.apiclient.regionapibaseclient import RegionApiBaseHttpClient -from www.models.main import TenantEnterprise, Tenants, Users +from www.models.main import TenantEnterprise, Tenants, Users, TenantServiceInfo from console.login.jwt_manager import JwtManager jwt_get_username_from_payload = api_settings.JWT_PAYLOAD_GET_USERNAME_HANDLER @@ -206,6 +207,7 @@ def check_perms(self, request, *args, **kwargs): if kwargs.get("__message"): request_perms = kwargs["__message"][request.META.get("REQUEST_METHOD").lower()]["perms"] if request_perms and (len(set(request_perms) & set(self.user_perms)) != len(set(request_perms))): + print(request_perms, self.user_perms) logger.info("no permission. request perms: {}. user perms: {}".format(request_perms, self.user_perms)) raise NoPermissionsError @@ -289,6 +291,8 @@ def __init__(self, *args, **kwargs): self.report = Dict({"ok": True}) self.user = None self.is_team_owner = False + self.perm_app_id = "" + self.perm_apps = [] def get_perms(self): self.user_perms = [] @@ -297,7 +301,7 @@ def get_perms(self): if self.is_team_owner: team_perms = list(PermsInfo.objects.filter(kind="team").values_list("code", flat=True)) self.user_perms.extend(team_perms) - self.user_perms.append(200000) + self.user_perms.append(100001) else: team_roles = RoleInfo.objects.filter(kind="team", kind_id=self.tenant.tenant_id) if team_roles: @@ -307,7 +311,16 @@ def get_perms(self): team_user_role_ids = team_user_roles.values_list("role_id", flat=True) team_role_perms = RolePerms.objects.filter(role_id__in=team_user_role_ids) if team_role_perms: - self.user_perms.extend(list(team_role_perms.values_list("perm_code", flat=True))) + global_team_role_perms = team_role_perms.filter(app_id=-1) + self.user_perms.extend(list(global_team_role_perms.values_list("perm_code", flat=True))) + if global_team_role_perms.filter(perm_code=300002): + self.perm_apps = [-1] + if self.perm_app_id: + app_role_perms = team_role_perms.filter(app_id=self.perm_app_id) + self.user_perms.extend(list(app_role_perms.values_list("perm_code", flat=True))) + if not self.perm_apps and team_role_perms.filter(perm_code=300002).exclude(app_id=-1): + self.perm_apps = team_role_perms.filter(perm_code=300002).exclude(app_id=-1).values_list( + "app_id", flat=True) self.user_perms = list(set(self.user_perms)) def initial(self, request, *args, **kwargs): @@ -337,7 +350,25 @@ def initial(self, request, *args, **kwargs): self.tenant = Tenants.objects.get(tenant_name=self.tenant_name) self.team = self.tenant except Tenants.DoesNotExist: - raise NotFound("tenant {0} not found".format(self.tenant_name)) + try: + self.tenant = Tenants.objects.get(tenant_id=self.tenant_name) + self.team = self.tenant + except Tenants.DoesNotExist: + raise AbortRequest(msg="tenant {0} not found".format(self.tenant_name), msg_show="团队不存在", status_code=404) + if kwargs.get("app_id"): + self.perm_app_id = kwargs.get("app_id") + if request.GET.get("group_id"): + self.perm_app_id = request.GET.get("group_id") + if request.GET.get("app_id"): + self.perm_app_id = request.GET.get("group_id") + if kwargs.get("group_id"): + self.perm_app_id = kwargs.get("group_id") + if kwargs.get("serviceAlias"): + service_alias = kwargs.get("serviceAlias") + services = TenantServiceInfo.objects.filter(service_alias=service_alias, tenant_id=self.tenant.tenant_id) + if services: + s_groups = group_service.get_service_group_info(services[0].service_id) + self.perm_app_id = s_groups.ID if self.user.user_id == self.tenant.creater: self.is_team_owner = True diff --git a/console/views/group.py b/console/views/group.py index c394802369..bca17da708 100644 --- a/console/views/group.py +++ b/console/views/group.py @@ -268,21 +268,6 @@ def post(self, request, *args, **kwargs): service_ids = [service.service_id for service in services] if action not in ("stop", "start", "upgrade", "deploy"): return Response(general_message(400, "param error", "操作类型错误"), status=400) - # 去除掉第三方组件 - for service_id in service_ids: - service_obj = service_repo.get_service_by_service_id(service_id) - if service_obj and service_obj.service_source == "third_party": - service_ids.remove(service_id) - - if action == "stop": - self.has_perms([300006, 400008]) - if action == "start": - self.has_perms([300005, 400006]) - if action == "upgrade": - self.has_perms([300007, 400009]) - if action == "deploy": - self.has_perms([300008, 400010]) - # 批量操作 app_manage_service.batch_operations(self.tenant, self.region_name, self.user, action, service_ids, self.oauth_instance) result = general_message(200, "success", "操作成功") return Response(result, status=result["code"]) diff --git a/console/views/jwt_token_view.py b/console/views/jwt_token_view.py index b625ec9156..cd7a3db2c5 100644 --- a/console/views/jwt_token_view.py +++ b/console/views/jwt_token_view.py @@ -2,6 +2,7 @@ import logging import datetime +from console.utils.cache import cache from rest_framework import status from rest_framework.response import Response from rest_framework_jwt.settings import api_settings @@ -34,6 +35,38 @@ def post(self, request, *args, **kwargs): """ nick_name = request.POST.get("nick_name", None) password = request.POST.get("password", None) + captcha_code = request.POST.get("captcha_code", None) + real_captcha_code = request.session.get("captcha_code") + is_validate = request.POST.get("is_validate", False) + times = cache.get(nick_name) + pass_error_times = cache.get(nick_name + "pass_error_times") + if pass_error_times and int(pass_error_times) >= 4: + ten_min = cache.get(nick_name + "freeze") + if not ten_min: + ten_min = (datetime.datetime.now() + datetime.timedelta(minutes=10)).strftime('%H:%M:%S') + cache.set(nick_name + "freeze", ten_min, 600) + cache.set(nick_name + "pass_error_times", pass_error_times, 600) + freeze_time = ten_min + elif type(ten_min) == bytes: + freeze_time = str(ten_min, encoding='utf-8') + else: + freeze_time = str(ten_min) + return Response( + general_message(400, "captcha code error", "连续登录失败次数过多,{0}后重试".format(freeze_time), + {"is_verification_code": True}), + status=400) + times = 1 if not times else int(times) + 1 + if is_validate == "false" and (real_captcha_code is None or captcha_code is None + or real_captcha_code.lower() != captcha_code.lower()): + return Response(general_message(400, "captcha code error", "验证码有误", {"is_verification_code": True}), status=400) + if is_validate == "true" and times > 3 and (real_captcha_code is None or captcha_code is None + or real_captcha_code.lower() != captcha_code.lower()): + cache.set(nick_name, times, 3600) + return Response(general_message(400, "captcha code error", "验证码有误", {"is_verification_code": True}), status=400) + cache.set(nick_name, times, 3600) + # Invalidate the verification code after verification + request.session["captcha_code"] = None + request.session.save() try: if not nick_name: code = 400 diff --git a/console/views/k8s_attribute.py b/console/views/k8s_attribute.py index 5c003370fb..205386d87f 100644 --- a/console/views/k8s_attribute.py +++ b/console/views/k8s_attribute.py @@ -17,11 +17,12 @@ def put(self, request, name, *args, **kwargs): attribute = request.data.get("attribute", {}) if name != attribute.get("name", ""): raise AbortRequest(400, "参数错误") + attribute['operator'] = self.user.nick_name k8s_attribute_service.update_k8s_attribute(self.tenant, self.service, self.region_name, attribute) return Response(general_message(200, "success", "修改成功")) def delete(self, request, name, *args, **kwargs): - k8s_attribute_service.delete_k8s_attribute(self.tenant, self.service, self.region_name, name) + k8s_attribute_service.delete_k8s_attribute(self.tenant, self.service, self.region_name, name, self.user.nick_name) return Response(general_message(200, "success", "删除成功")) @@ -32,5 +33,6 @@ def get(self, request, *args, **kwargs): def post(self, request, *args, **kwargs): attribute = request.data.get("attribute", {}) - k8s_attribute_service.create_k8s_attribute(self.tenant, self.service, self.region_name, attribute) + # attribute['operator'] = self.user.nick_name + k8s_attribute_service.create_k8s_attribute(self.tenant, self.service, self.region_name, attribute, self.user.nick_name) return Response(general_message(200, "success", "创建成功")) diff --git a/console/views/logos.py b/console/views/logos.py index 657a676dc0..3b0eb252aa 100644 --- a/console/views/logos.py +++ b/console/views/logos.py @@ -1,11 +1,14 @@ # -*- coding: utf8 -*- +import json import logging import os +from datetime import datetime from django.db import transaction from rest_framework.response import Response from console.exception.main import ServiceHandleException +from console.models.main import ConsoleSysConfig from console.repositories.perm_repo import perms_repo from console.repositories.team_repo import team_repo from console.services.config_service import platform_config_service @@ -13,6 +16,7 @@ from console.services.perm_services import user_kind_role_service from console.views.base import AlowAnyApiView from console.views.base import BaseApiView +from console.views.jwt_token_view import JWTTokenView from www.models.main import Tenants from www.utils.return_message import error_message from www.utils.return_message import general_message @@ -20,6 +24,39 @@ logger = logging.getLogger("default") +class ConfigOSSView(JWTTokenView): + + def get(self, request, *args, **kwargs): + oss_config = ConsoleSysConfig.objects.filter(key='OSS_CONFIG').first() + if oss_config: + data = json.loads(oss_config.value) + return Response(data=data, status=200) + return Response(data={}, status=200) + + def put(self, request, *args, **kwargs): + oss_config = ConsoleSysConfig.objects.filter(key='OSS_CONFIG').first() + + # 如果已存在,则更新;如果不存在,则创建 + if oss_config: + oss_config.value = json.dumps(request.data) + oss_config.desc = 'OSS 配置' + oss_config.create_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S') + oss_config.save() + data = {'message': '配置更新成功'} + else: + new_config = ConsoleSysConfig.objects.create( + key='OSS_CONFIG', + type='json', + value=json.dumps(request.data), + desc='OSS 配置', + create_time=datetime.now().strftime('%Y-%m-%d %H:%M:%S'), + enterprise_id="" + ) + data = {'message': '配置创建成功', 'config_id': new_config.ID} + + return Response(data=data, status=200) + + class ConfigRUDView(AlowAnyApiView): """ 获取配置信息 @@ -148,82 +185,82 @@ def get(self, request, *args, **kwargs): "url": "http://docs.php.net/mbstring", "version": "1.3.2" }, - { - "name": "MySQL(PHP 5.5 版本已经停止支持,请使用 MySQLi 或 PDO)", - "value": "mysql", - "url": "http://docs.php.net/book.mysql", - "version": "mysqlnd 5.0.11-dev" - }, { - "name": "PCNTL", - "value": "pcntl", - "url": "http://docs.php.net/pcntl", - "version": None - }, { - "name": "Shmop", - "value": "shmop", - "url": "http://docs.php.net/shmop", - "version": None - }, { - "name": "SOAP", - "value": "soap", - "url": "http://docs.php.net/soap", - "version": None - }, { - "name": "SQLite3", - "value": "sqlite3", - "url": "http://docs.php.net/sqlite3", - "version": "0.7-dev" - }, { - "name": "SQLite(PDO)", - "value": "pdo_sqlite", - "url": "http://docs.php.net/pdo_sqlite", - "version": "3.8.2" - }, { - "name": "XMLRPC", - "value": "xmlrpc", - "url": "http://docs.php.net/xmlrpc", - "version": "0.51" - }, { - "name": "XSL", - "value": "xsl", - "url": "http://docs.php.net/xsl", - "version": "1.1.28" - }, { - "name": "APCu", - "value": "apcu", - "url": "http://pecl.php.net/package/apcu", - "version": "4.0.6" - }, { - "name": "Blackfire", - "value": "blackfire", - "url": "http://blackfire.io/", - "version": "0.20.6" - }, { - "name": "memcached", - "value": "memcached", - "url": "http://docs.php.net/memcached", - "version": "2.2.0" - }, { - "name": "MongoDB", - "value": "mongodb", - "url": "http://docs.php.net/mongo", - "version": "1.6.6" - }, { - "name": "NewRelic", - "value": "newrelic", - "url": "http://newrelic.com/php", - "version": "4.19.0.90" - }, { - "name": "OAuth", - "value": "oauth", - "url": "http://docs.php.net/oauth", - "version": "1.2.3" - }, { - "name": "PHPRedis", - "value": "redis", - "url": "http://pecl.php.net/package/redis", - "version": "2.2.7" - }] + { + "name": "MySQL(PHP 5.5 版本已经停止支持,请使用 MySQLi 或 PDO)", + "value": "mysql", + "url": "http://docs.php.net/book.mysql", + "version": "mysqlnd 5.0.11-dev" + }, { + "name": "PCNTL", + "value": "pcntl", + "url": "http://docs.php.net/pcntl", + "version": None + }, { + "name": "Shmop", + "value": "shmop", + "url": "http://docs.php.net/shmop", + "version": None + }, { + "name": "SOAP", + "value": "soap", + "url": "http://docs.php.net/soap", + "version": None + }, { + "name": "SQLite3", + "value": "sqlite3", + "url": "http://docs.php.net/sqlite3", + "version": "0.7-dev" + }, { + "name": "SQLite(PDO)", + "value": "pdo_sqlite", + "url": "http://docs.php.net/pdo_sqlite", + "version": "3.8.2" + }, { + "name": "XMLRPC", + "value": "xmlrpc", + "url": "http://docs.php.net/xmlrpc", + "version": "0.51" + }, { + "name": "XSL", + "value": "xsl", + "url": "http://docs.php.net/xsl", + "version": "1.1.28" + }, { + "name": "APCu", + "value": "apcu", + "url": "http://pecl.php.net/package/apcu", + "version": "4.0.6" + }, { + "name": "Blackfire", + "value": "blackfire", + "url": "http://blackfire.io/", + "version": "0.20.6" + }, { + "name": "memcached", + "value": "memcached", + "url": "http://docs.php.net/memcached", + "version": "2.2.0" + }, { + "name": "MongoDB", + "value": "mongodb", + "url": "http://docs.php.net/mongo", + "version": "1.6.6" + }, { + "name": "NewRelic", + "value": "newrelic", + "url": "http://newrelic.com/php", + "version": "4.19.0.90" + }, { + "name": "OAuth", + "value": "oauth", + "url": "http://docs.php.net/oauth", + "version": "1.2.3" + }, { + "name": "PHPRedis", + "value": "redis", + "url": "http://pecl.php.net/package/redis", + "version": "2.2.7" + }] bean = {"versions": versions, "default_version": default_version, "extends": extends} return Response(general_message(200, "success", "查询成功", bean)) diff --git a/console/views/perms.py b/console/views/perms.py index 599237550a..4589399c62 100644 --- a/console/views/perms.py +++ b/console/views/perms.py @@ -17,7 +17,8 @@ class PermsInfoLView(AlowAnyApiView): def get(self, request, *args, **kwargs): - perms = perm_services.get_all_perms() + tenant_id = request.GET.get("tenant_id", None) + perms = perm_services.get_all_perms(tenant_id) result = general_message(200, None, None, bean=perms) return Response(result, status=200) @@ -70,7 +71,7 @@ def get(self, request, team_name, *args, **kwargs): class TeamRolePermsRUDView(RegionTenantHeaderView): def get(self, request, team_name, role_id, *args, **kwargs): role = role_kind_services.get_role_by_id("team", self.tenant.tenant_id, role_id, with_default=True) - data = role_perm_service.get_role_perms(role, kind="team") + data = role_perm_service.get_role_perms(role, kind="team", tenant_id=self.tenant.tenant_id) result = general_message(200, "success", None, bean=data) return Response(result, status=200) @@ -78,7 +79,7 @@ def put(self, request, team_name, role_id, *args, **kwargs): perms_model = request.data.get("permissions") role = role_kind_services.get_role_by_id("team", self.tenant.tenant_id, role_id, with_default=True) role_perm_service.update_role_perms(role.ID, perms_model, kind="team") - data = role_perm_service.get_role_perms(role, kind="team") + data = role_perm_service.get_role_perms(role, kind="team", tenant_id=self.tenant.tenant_id) result = general_message(200, "success", None, bean=data) return Response(result, status=200) diff --git a/console/views/proxy.py b/console/views/proxy.py index 28e296da0d..485ae0b4c1 100644 --- a/console/views/proxy.py +++ b/console/views/proxy.py @@ -1,7 +1,9 @@ # -*- coding: utf8 -*- import logging +from django.views import View from django.views.decorators.cache import never_cache + from rest_framework.response import Response from www.apiclient.regionapi import RegionInvokeApi @@ -13,6 +15,13 @@ region_api = RegionInvokeApi() +class ProxySSEView(View): + @never_cache + def get(self, request, *args, **kwargs): + path = request.get_full_path().replace("/console/sse", "") + return region_api.sse_proxy(request.GET.get("region_name"), path) + + class ProxyPassView(JWTAuthApiView): @never_cache def post(self, request, *args, **kwargs): @@ -27,3 +36,10 @@ def get(self, request, *args, **kwargs): resp = region_api.get_proxy(request.GET.get("region_name"), path) result = general_message(200, "success", "请求成功", bean=resp['bean'], list=resp['list']) return Response(result, status=result["code"]) + + @never_cache + def delete(self, request, *args, **kwargs): + path = request.get_full_path().replace("/console", "") + resp = region_api.delete_proxy(request.GET.get("region_name"), path) + result = general_message(200, "success", "请求成功", bean=resp['bean'], list=resp['list']) + return Response(result, status=result["code"]) diff --git a/console/views/public_areas.py b/console/views/public_areas.py index 94f3ded9b1..a8aeeccf50 100644 --- a/console/views/public_areas.py +++ b/console/views/public_areas.py @@ -546,7 +546,7 @@ def get(self, request, *args, **kwargs): query = request.GET.get("query", "") page = int(request.GET.get("page", 1)) page_size = int(request.GET.get("page_size", 10)) - groups = group_repo.get_tenant_region_groups(self.team.tenant_id, self.response_region, query) + groups = group_repo.get_tenant_region_groups(self.team.tenant_id, self.response_region, query, app_ids=self.perm_apps) total = len(groups) app_num_dict = {"total": total} start = (page - 1) * page_size diff --git a/console/views/team.py b/console/views/team.py index 497c798c5f..91a0d3d3a9 100644 --- a/console/views/team.py +++ b/console/views/team.py @@ -712,13 +712,18 @@ def get(self, request, enterprise_id, *args, **kwargs): # 已申请过的团队 applied_team = [team_name.team_name for team_name in apply_team] can_join_team_list = [] + users = enterprise_repo.get_enterprise_users(enterprise_id) + team_creater = {user.user_id: user.get_name() for user in users} for join_team in team_list: if join_team.tenant_name not in applied_team and join_team.tenant_name not in team_name_list: can_join_team_list.append(join_team.tenant_name) join_list = [{ "team_name": j_team.tenant_name, "team_alias": j_team.tenant_alias, - "team_id": j_team.tenant_id + "team_id": j_team.tenant_id, + "team_logo": j_team.logo, + "team_owner": j_team.creater, + "team_owner_name": team_creater.get(j_team.creater, "") } for j_team in team_repo.get_team_by_team_names(can_join_team_list)] result = general_message(200, "success", "查询成功", list=join_list) return Response(result, status=result["code"]) diff --git a/console/views/upgrade.py b/console/views/upgrade.py new file mode 100644 index 0000000000..3f467a4324 --- /dev/null +++ b/console/views/upgrade.py @@ -0,0 +1,21 @@ +from django.views.decorators.cache import never_cache + +from console.views.base import JWTAuthApiView +from www.apiclient.regionapi import RegionInvokeApi +from console.repositories.region_repo import region_repo +from www.utils.return_message import general_message +from rest_framework.response import Response + +region_api = RegionInvokeApi() + + +class UpgradeView(JWTAuthApiView): + @never_cache + def post(self, request, *args, **kwargs): + regions = region_repo.get_all_regions() + body = {} + for region in regions: + resp = region_api.upgrade_region(region.region_name, request.data) + body[region.region_name] = resp + result = general_message(200, "success", "请求成功", bean=body) + return Response(result, status=200) diff --git a/console/views/user_operation.py b/console/views/user_operation.py index e21bf3024b..d347bf3ee8 100644 --- a/console/views/user_operation.py +++ b/console/views/user_operation.py @@ -367,7 +367,7 @@ def get(self, request, *args, **kwargs): tenant_info["region"] = team_region_list tenant_info["creater"] = tenant.creater tenant_info["create_time"] = tenant.create_time - + tenant_info["namespace"] = tenant.namespace if tenant.creater == user.user_id: is_team_owner = True role_list = user_kind_role_service.get_user_roles(kind="team", kind_id=tenant.tenant_id, user=user) diff --git a/default_region_sqlite.py b/default_region_sqlite.py new file mode 100644 index 0000000000..cc99af4fa2 --- /dev/null +++ b/default_region_sqlite.py @@ -0,0 +1,110 @@ +# -*- coding: UTF-8 -*- +import datetime +import os +import uuid + +import sqlite3 + + +def create_db_client(): + db = sqlite3.connect('/app/data/db.sqlite3') + return db + + +def make_uuid(key=None): + random_uuid = str(uuid.uuid4()).replace('-', '') + return random_uuid + + +def get_region_id(): + return make_uuid() + + +def get_url(): + return os.environ.get('REGION_URL') + + +def get_wsurl(): + return os.environ.get('REGION_WS_URL') + + +def get_http_domain(): + return os.environ.get('REGION_HTTP_DOMAIN') + + +def get_tcp_domain(): + return os.environ.get('REGION_TCP_DOMAIN') + + +# 获取文件的内容 +def get_contends(path): + with open(path) as file_object: + contends = file_object.read() + return contends + + +def get_ssl_ca_cert(): + content = get_contends("/app/region/ssl/ca.pem") + print(content) + return content + + +def get_cert_file(): + content = get_contends("/app/region/ssl/client.pem") + print(content) + return content + + +def get_key_file(): + content = get_contends("/app/region/ssl/client.key.pem") + print(content) + return content + + +def get_current_time(): + create_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') + print(create_time) + return create_time + + +def get_sql(): + sql = 'INSERT INTO region_info (`region_id`,`region_name`,`region_alias`,`url`,`status`,`desc`,`wsurl`, \ + `httpdomain`,`tcpdomain`,`scope`,`ssl_ca_cert`,`cert_file`,`key_file`,`create_time`) VALUES ("{0}", "rainbond", \ + "默认集群", "{1}", "1", "当前集群是默认安装添加的集群", "{2}", "{3}", "{4}", "private", \ + "{5}", "{6}", "{7}", "{8}" )'.format(get_region_id(), get_url(), get_wsurl(), get_http_domain(), get_tcp_domain(), + get_ssl_ca_cert(), get_cert_file(), get_key_file(), get_current_time()) + print(sql) + return sql + + +def insert_default_region_info(): + sql = get_sql() + db = create_db_client() + cursor = db.cursor() + cursor.execute(sql) + cursor.close() + db.commit() + db.close() + + +def get_region_info(): + print("get region info") + db = create_db_client() + cursor = db.cursor() + cursor.execute("select * from region_info") + data = cursor.fetchone() + cursor.close() + db.commit() + db.close() + return data + + +if __name__ == '__main__': + print("Initialize default region info ") + region_info = get_region_info() + if region_info: + print("default region info already exists, skip it") + else: + print("default region info do not exists, init it") + insert_default_region_info() + print("init default region info success") diff --git a/entrypoint.sh b/entrypoint.sh index 17dc6df304..0a811e11e7 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -48,6 +48,21 @@ function init_database() { return 0 } +use_sqlite() { + # shellcheck disable=SC1035 + if !(python default_region_sqlite.py 2> /dev/null); then + echo -e "${RED}failed to default_region${NC}" + exit 1 + fi +} + +use_mysql() { + if !(python default_region.py 2> /dev/null); then + echo -e "${RED}failed to default_region${NC}" + exit 1 + fi +} + if [ "$1" = "debug" -o "$1" = "bash" ]; then exec /bin/bash elif [ "$1" = "version" ]; then @@ -56,9 +71,12 @@ elif [ "$1" = "init" ]; then if ! (init_database); then exit 1 fi - if !(python default_region.py 2> /dev/null); then - echo -e "${RED}failed to default_region${NC}" - exit 1 + if [ "${INSTALL_TYPE}" != "allinone" ]; then + if [ "$DB_TYPE" != "mysql" ]; then + use_sqlite + else + use_mysql + fi fi else if ! (init_database); then diff --git a/openapi/serializer/app_serializer.py b/openapi/serializer/app_serializer.py index a7767f6bda..05f7f40bf9 100644 --- a/openapi/serializer/app_serializer.py +++ b/openapi/serializer/app_serializer.py @@ -4,7 +4,7 @@ from openapi.serializer.utils import DateCharField from rest_framework import serializers, validators -from www.models.main import ServiceGroup, TenantServiceInfo, TenantServicesPort +from www.models.main import ServiceGroup, TenantServicesPort, TenantServiceInfo ACTION_CHOICE = ( ("stop", ("stop")), @@ -197,6 +197,14 @@ class AppServiceTelescopicVerticalSerializer(serializers.Serializer): new_cpu = serializers.IntegerField(help_text="组件cpu额度申请", allow_null=True, validators=[new_cpu_validator]) +class UpdateAppPeerAuthentications(serializers.Serializer): + operating_mode = serializers.CharField(max_length=32, help_text="操作类型") + + +class UpdateAppAuthorizationPolicy(serializers.Serializer): + operating_mode = serializers.CharField(max_length=32, help_text="操作类型") + + class AppServiceTelescopicHorizontalSerializer(serializers.Serializer): new_node = serializers.IntegerField(help_text="组件节点", allow_null=False, validators=[new_node_validator]) diff --git a/openapi/serializer/config_serializers.py b/openapi/serializer/config_serializers.py index bbba5796f9..1a91d265a2 100644 --- a/openapi/serializer/config_serializers.py +++ b/openapi/serializer/config_serializers.py @@ -7,6 +7,11 @@ class ConfigBaseSerializer(serializers.Serializer): enable = serializers.BooleanField(required=False, default=False) +class MonitorQueryOverviewSeralizer(serializers.Serializer): + data = serializers.DictField(help_text="查询数据") + status = serializers.CharField(help_text="查询状态", max_length=64) + + class AppStoreImageHubRespSerializer(serializers.Serializer): namespace = serializers.CharField(max_length=255, allow_null=True, allow_blank=True, required=False) hub_password = serializers.CharField(max_length=255, allow_null=True, allow_blank=True, required=False) diff --git a/openapi/serializer/region_serializer.py b/openapi/serializer/region_serializer.py index 33b66a3d91..9e12270b4b 100644 --- a/openapi/serializer/region_serializer.py +++ b/openapi/serializer/region_serializer.py @@ -64,6 +64,12 @@ class RegionInfoRSerializer(serializers.Serializer): total_cpu = serializers.FloatField(required=False, help_text="全部cpu") health_status = serializers.CharField(required=False, help_text="集群状态") status = serializers.CharField(required=False, help_text="状态") + manage_node = serializers.IntegerField(required=False, help_text="管理节点总数") + notready_manage_node = serializers.IntegerField(required=False, help_text="不健康管理节点数") + compute_node = serializers.IntegerField(required=False, help_text="计算节点总数") + notready_compute_node = serializers.IntegerField(required=False, help_text="不健康计算节点数") + etcd_node = serializers.IntegerField(required=False, help_text="etcd节点总数") + notready_etcd_node = serializers.IntegerField(required=False, help_text="不健康etcd节点数") class UpdateRegionReqSerializer(serializers.ModelSerializer, RegionReqValidate): diff --git a/openapi/sub_urls/app_url.py b/openapi/sub_urls/app_url.py index 005db65e2d..922351b79f 100644 --- a/openapi/sub_urls/app_url.py +++ b/openapi/sub_urls/app_url.py @@ -1,40 +1,37 @@ # -*- coding: utf-8 -*- # creater by: barnett -from console.utils import perms_route_config as perms + from django.conf.urls import url from openapi.views.apps.apps import (AppInfoView, APPOperationsView, AppServiceEventsView, AppServicesView, AppServiceTelescopicHorizontalView, AppServiceTelescopicVerticalView, ComponentBuildView, ComponentEnvsUView, CreateThirdComponentView, ListAppServicesView, TeamAppsCloseView, - TeamAppsMonitorQueryRangeView, TeamAppsMonitorQueryView, ComponentPortsShowView, - ComponentPortsChangeView, ChangeDeploySourceView, ServiceVolumeView) + TeamAppsMonitorQueryRangeView, TeamAppsMonitorQueryView, ComponentPortsChangeView, + ComponentPortsShowView, ServiceVolumeView, ChangeDeploySourceView) from openapi.views.apps.market import AppInstallView, AppUpgradeView from openapi.views.gateway.gateway import (ListAppGatewayHTTPRuleView, ListAppGatewayRuleView, UpdateAppGatewayHTTPRuleView, UpdateAppGatewayRuleView) from openapi.views.groupapp import GroupAppsCopyView urlpatterns = [ - url(r'^close$', TeamAppsCloseView.as_view(), perms.TeamAppsCloseView), - url(r'^(?P[\d\-]+)$', AppInfoView.as_view(), perms.AppInfoView), - url(r'^(?P[\d\-]+)/monitor/query$', TeamAppsMonitorQueryView.as_view(), perms.AppInfoView), - url(r'^(?P[\d\-]+)/monitor/query_range$', TeamAppsMonitorQueryRangeView.as_view(), perms.AppInfoView), - url(r'^(?P[\d\-]+)/install$', AppInstallView.as_view(), perms.AppInstallView), - url(r'^(?P[\d\-]+)/upgrade$', AppUpgradeView.as_view(), perms.AppUpgradeView), - url(r'^(?P[\d\-]+)/copy$', GroupAppsCopyView.as_view(), perms.GroupAppsCopyView), - url(r'^(?P[\d\-]+)/operations$', APPOperationsView.as_view(), perms.APPOperationsView), - url(r'^(?P[\d\-]+)/httpdomains$', ListAppGatewayHTTPRuleView.as_view(), perms.ListAppGatewayHTTPRuleView), - url(r'^(?P[\d\-]+)/httpdomains/(?P[\w\-]+)$', UpdateAppGatewayHTTPRuleView.as_view(), - perms.UpdateAppGatewayHTTPRuleView), - url(r'^(?P[\d\-]+)/domains$', ListAppGatewayRuleView.as_view(), perms.ListAppGatewayRuleView), - url(r'^(?P[\d\-]+)/domains/(?P[\w\-]+)$', UpdateAppGatewayRuleView.as_view(), - perms.UpdateAppGatewayHTTPRuleView), - url(r'^(?P[\d\-]+)/services$', ListAppServicesView.as_view(), perms.ListAppServicesView), - url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)$', AppServicesView.as_view(), perms.AppServicesView), - url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)/events$', AppServiceEventsView.as_view(), - perms.AppServiceEventsView), + url(r'^close$', TeamAppsCloseView.as_view()), + url(r'^(?P[\d\-]+)$', AppInfoView.as_view()), + url(r'^(?P[\d\-]+)/monitor/query$', TeamAppsMonitorQueryView.as_view()), + url(r'^(?P[\d\-]+)/monitor/query_range$', TeamAppsMonitorQueryRangeView.as_view()), + url(r'^(?P[\d\-]+)/install$', AppInstallView.as_view()), + url(r'^(?P[\d\-]+)/upgrade$', AppUpgradeView.as_view()), + url(r'^(?P[\d\-]+)/copy$', GroupAppsCopyView.as_view()), + url(r'^(?P[\d\-]+)/operations$', APPOperationsView.as_view()), + url(r'^(?P[\d\-]+)/httpdomains$', ListAppGatewayHTTPRuleView.as_view()), + url(r'^(?P[\d\-]+)/httpdomains/(?P[\w\-]+)$', UpdateAppGatewayHTTPRuleView.as_view()), + url(r'^(?P[\d\-]+)/domains$', ListAppGatewayRuleView.as_view()), + url(r'^(?P[\d\-]+)/domains/(?P[\w\-]+)$', UpdateAppGatewayRuleView.as_view()), + url(r'^(?P[\d\-]+)/services$', ListAppServicesView.as_view()), + url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)$', AppServicesView.as_view()), + url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)/events$', AppServiceEventsView.as_view()), url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)/telescopic/vertical$', - AppServiceTelescopicVerticalView.as_view(), perms.AppServiceTelescopicVerticalView), + AppServiceTelescopicVerticalView.as_view()), url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)/telescopic/horizontal$', - AppServiceTelescopicHorizontalView.as_view(), perms.AppServiceTelescopicHorizontalView), + AppServiceTelescopicHorizontalView.as_view()), url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)/envs$', ComponentEnvsUView.as_view()), url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)/ports/(?P[\w\-]+)$', ComponentPortsChangeView.as_view()), url(r'^(?P[\d\-]+)/services/(?P[\w\-]+)/ports$', ComponentPortsShowView.as_view()), diff --git a/openapi/urls.py b/openapi/urls.py index 749f29bbd2..823b084d76 100644 --- a/openapi/urls.py +++ b/openapi/urls.py @@ -2,7 +2,6 @@ # creater by: barnett import os -from console.utils import perms_route_config as perms from django.conf.urls import include, url from drf_yasg import openapi from drf_yasg.views import get_schema_view @@ -12,7 +11,7 @@ from openapi.views.admin_view import AdminInfoView, ListAdminsView from openapi.views.apps.apps import ListAppsView, AppModelImportEvent, AppTarballDirView, \ AppImportView, AppDeployView, AppChartInfo, DeleteApp, AppsPortView, HelmChart -from openapi.views.enterprise_view import EnterpriseConfigView + from openapi.views.gateway.gateway import ListEnterpriseAppGatewayHTTPRuleView from openapi.views.region_view import ListRegionInfo, RegionInfo, ReplaceRegionIP from openapi.views.team_view import (ListRegionsView, ListTeamInfo, TeamAppsResourceView, TeamCertificatesLCView, @@ -40,21 +39,19 @@ # get enterprise regions url(r'^v1/regions$', ListRegionInfo.as_view(), name="list_regions"), url(r'^v1/regions/(?P[\w\-]+)$', RegionInfo.as_view(), name="region_info"), - url(r'^v1/configs$', EnterpriseConfigView.as_view(), name="ent-configs"), - url(r'^v1/administrators$', ListAdminsView.as_view(), perms.ListAdminsView), - url(r'^v1/administrators/(?P[\w\-]+)$', AdminInfoView.as_view(), perms.AdminInfoView), + url(r'^v1/administrators$', ListAdminsView.as_view()), + url(r'^v1/administrators/(?P[\w\-]+)$', AdminInfoView.as_view()), url(r'^v1/changepwd$', ChangePassword.as_view()), - url(r'^v1/users$', ListUsersView.as_view(), perms.ListUsersView), + url(r'^v1/users$', ListUsersView.as_view()), url(r'^v1/currentuser$', CurrentUsersView.as_view()), - url(r'^v1/users/(?P[\w\-]+)$', UserInfoView.as_view(), perms.UserInfoView), - url(r'^v1/users/(?P[\w\-]+)/changepwd$', ChangeUserPassword.as_view(), perms.ChangeUserPassword), + url(r'^v1/users/(?P[\w\-]+)$', UserInfoView.as_view()), + url(r'^v1/users/(?P[\w\-]+)/changepwd$', ChangeUserPassword.as_view()), url(r'^v1/teams$', ListTeamInfo.as_view()), url(r'^v1/teams/resource$', TeamsResourceView.as_view()), - url(r'^v1/teams/(?P[\w\-]+)$', TeamInfo.as_view(), perms.TeamInfo), - url(r'^v1/teams/(?P[\w\-]+)/regions$', ListRegionsView.as_view(), perms.ListRegionsView), - url(r'^v1/teams/(?P[\w\-]+)/certificates$', TeamCertificatesLCView.as_view(), perms.TeamCertificatesLCView), - url(r'^v1/teams/(?P[\w\-]+)/certificates/(?P[\d\-]+)$', TeamCertificatesRUDView.as_view(), - perms.TeamCertificatesRUDView), + url(r'^v1/teams/(?P[\w\-]+)$', TeamInfo.as_view()), + url(r'^v1/teams/(?P[\w\-]+)/regions$', ListRegionsView.as_view()), + url(r'^v1/teams/(?P[\w\-]+)/certificates$', TeamCertificatesLCView.as_view()), + url(r'^v1/teams/(?P[\w\-]+)/certificates/(?P[\d\-]+)$', TeamCertificatesRUDView.as_view()), url(r'^v1/httpdomains', ListEnterpriseAppGatewayHTTPRuleView.as_view()), url(r'^v1/teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/resource', TeamAppsResourceView.as_view()), url(r'^v1/teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/overview', TeamOverviewView.as_view()), @@ -79,7 +76,7 @@ AppTarballDirView.as_view()), # 应用包生成本地组件库模版 url(r'^v1/teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/app-model/import/(?P[\w\-]+)$', - AppImportView.as_view(), perms.CenterAppImportView), + AppImportView.as_view()), # 获取chart包信息 url(r'^v1/teams/(?P[\w\-]+)/regions/(?P[\w\-]+)/app-model/import/(?P[\w\-]+)/chart$', AppChartInfo.as_view()), diff --git a/openapi/views/apps/apps.py b/openapi/views/apps/apps.py index 15f93f0c8d..e3fe2e1965 100644 --- a/openapi/views/apps/apps.py +++ b/openapi/views/apps/apps.py @@ -47,8 +47,9 @@ AppServiceTelescopicHorizontalSerializer, AppServiceTelescopicVerticalSerializer, ComponentBuildReqSerializers, ComponentEnvsSerializers, ComponentEventSerializers, ComponentMonitorSerializers, CreateThirdComponentResponseSerializer, CreateThirdComponentSerializer, ListServiceEventsResponse, ServiceBaseInfoSerializer, ServiceGroupOperationsSerializer, - TeamAppsCloseSerializers, DeployAppSerializer, ServicePortSerializer, ComponentPortReqSerializers, - ComponentUpdatePortReqSerializers, ChangeDeploySourceSerializer, ServiceVolumeSerializer, HelmChartSerializer) + TeamAppsCloseSerializers, DeployAppSerializer, ServicePortSerializer, ComponentUpdatePortReqSerializers, + ComponentPortReqSerializers, UpdateAppAuthorizationPolicy, ServiceVolumeSerializer, ChangeDeploySourceSerializer, + HelmChartSerializer) from openapi.serializer.base_serializer import (FailSerializer, SuccessSerializer) from openapi.services.app_service import app_service from openapi.services.component_action import component_action_service @@ -1352,8 +1353,17 @@ def post(self, request, app_id, *args, **kwargs): helm_app_service.generate_template(cvdata, helm_center_app, version, self.team, chart, self.region_name, self.enterprise.enterprise_id, self.user.user_id, overrides_list, app_id) - market_app_service.install_app(self.team, self.region, self.user, app_id, app_model_id, version, "localApplication", - False, True, False) + @swagger_auto_schema( + operation_description="更新授权认证", + manual_parameters=[ + openapi.Parameter("app_id", openapi.IN_PATH, description="应用id", type=openapi.TYPE_INTEGER), + ], + request_body=UpdateAppAuthorizationPolicy(), + tags=['openapi-apps'], + ) + def put(self, request, app_id, *args, **kwargs): + ap = UpdateAppAuthorizationPolicy(data=request.data) + ap.is_valid(raise_exception=True) result = general_message(200, "success", "成功") return Response(result, status=result["code"]) diff --git a/openapi/views/base.py b/openapi/views/base.py index 3b16634daa..1c94fbd7d5 100644 --- a/openapi/views/base.py +++ b/openapi/views/base.py @@ -40,6 +40,8 @@ def __init__(self): def check_perms(self, request, *args, **kwargs): if kwargs.get("__message"): + if kwargs.get("app_id"): + pass request_perms = kwargs["__message"][request.META.get("REQUEST_METHOD").lower()]["perms"] if request_perms and (len(set(request_perms) & set(self.user_perms)) != len(set(request_perms))): raise NoPermissionsError @@ -101,7 +103,7 @@ def get_perms(self): if self.is_team_owner: team_perms = list(PermsInfo.objects.filter(kind="team").values_list("code", flat=True)) self.user_perms.extend(team_perms) - self.user_perms.append(200000) + self.user_perms.append(100001) else: team_roles = RoleInfo.objects.filter(kind="team", kind_id=self.team.tenant_id) if team_roles: diff --git a/region_client/region_client.py b/region_client/region_client.py index 73a055351b..307c9727e9 100644 --- a/region_client/region_client.py +++ b/region_client/region_client.py @@ -1,7 +1,7 @@ # -*- coding: utf8 -*- import logging -from .region_client.regionapibaseclient import RegionApiBaseHttpClient -from .api.tenants import Tenant +from region_client.regionapibaseclient import RegionApiBaseHttpClient +from api.tenants import Tenant logger = logging.getLogger('default') diff --git a/region_client/regionapibaseclient.py b/region_client/regionapibaseclient.py index 09c525986a..7282efb070 100644 --- a/region_client/regionapibaseclient.py +++ b/region_client/regionapibaseclient.py @@ -13,7 +13,6 @@ import os from django.conf import settings from addict import Dict -from back_manager.decorator import method_perf_time from urllib3.exceptions import MaxRetryError logger = logging.getLogger('default') @@ -102,7 +101,6 @@ def _unpack(self, dict_body): else: return dict() - @method_perf_time def _request(self, url, method, body=None, *args, **kwargs): url = "{0}://{1}{2}".format(self.host.scheme, self.host.netloc, url) retry_count = kwargs.get("retry_count", 2) diff --git a/requirements.txt b/requirements.txt index 1ac038d3e0..5ab2f85b94 100644 --- a/requirements.txt +++ b/requirements.txt @@ -36,5 +36,5 @@ enum34==1.1.6 validators==0.14.2 deprecated==1.2.10 redis==3.5.3 -cryptography==3.2 --e git+https://gitee.com/rainbond/appstore-sdk-python.git@python3#egg=openapi_client \ No newline at end of file +cryptography==3.3 +-e git+https://gitee.com/rainbond/appstore-sdk-python.git@python3#egg=openapi_client diff --git a/sql/enterprise-2203-latest.sql b/sql/enterprise-2203-latest.sql new file mode 100644 index 0000000000..a06c3e8b2c --- /dev/null +++ b/sql/enterprise-2203-latest.sql @@ -0,0 +1,102 @@ +ALTER TABLE user_info ADD COLUMN `password_expiration_time` datetime(6) NULL; +ALTER TABLE operation_log ADD new_information longtext; +ALTER TABLE operation_log ADD old_information longtext; +ALTER TABLE operation_log ADD information_type varchar(32) default 'no_details'; +-- 2203升级到2208 -- +alter TABLE service_domain ADD enable_mod_security tinyint(1) NOT NULL; +alter TABLE service_domain ADD white_ip longtext; +-- 2211升级到2302 -- +CREATE TABLE `menus` ( + `ID` int(11) NOT NULL AUTO_INCREMENT, + `eid` varchar(33) NOT NULL, + `title` varchar(64) NOT NULL, + `path` longtext NOT NULL, + `parent_id` int(11) NOT NULL, + `iframe` bool DEFAULT false NOT NULL, + `sequence` int(11) NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; +ALTER TABLE service_domain ADD black_ip longtext; +ALTER TABLE service_domain ADD black_or_white varchar(32) default 'close'; +ALTER TABLE service_domain ADD waf_rules longtext; + +-- 2302升级到2303 -- +ALTER TABLE `tenant_service_volume` ADD COLUMN `nfs_path` varchar(400) NULL; +ALTER TABLE `tenant_service_volume` ADD COLUMN `nfs_server` varchar(400) NULL; + +-- 2303升级到2306 -- +CREATE TABLE service_security_context ( + ID int(11) NOT NULL AUTO_INCREMENT, + service_id varchar(32) NULL, + seccomp_profile varchar(1024) NULL, + run_as_non_root BOOL NULL, + allow_privilege_escalation BOOL NULL, + run_as_user INTEGER NULL, + run_as_group INTEGER NULL, + capabilities LONGTEXT NULL, + read_only_root_filesystem BOOL NULL, + PRIMARY KEY (`ID`) +) +ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE console.app_gray_release ( + ID int(11) NOT NULL AUTO_INCREMENT, + app_id varchar(32) NULL, + entry_component_id varchar(32) NULL, + flow_entry_rule LONGTEXT NULL, + gray_strategy_type varchar(32) NULL, + gray_strategy LONGTEXT NULL, + entry_http_route varchar(128) NULL, + status BOOL DEFAULT 0 NULL, + trace_type varchar(32) NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +ALTER TABLE service_domain ADD is_limiting BOOL default FALSE; +ALTER TABLE service_domain ADD burst_traffic_number int(11) NOT NULL default 1; +ALTER TABLE service_domain ADD limiting_policy_name varchar(32) NULL; + +CREATE TABLE limiting_policy ( + ID int(11) NOT NULL AUTO_INCREMENT, + limiting_name varchar(32) NULL, + access_memory_size INTEGER DEFAULT 20 NULL, + max_access_rate INTEGER DEFAULT 20 NULL, + tenant_id varchar(32) NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +-- 2303升级到2306 BS -- +ALTER TABLE user_info ADD COLUMN oss_app_status bool DEFAULT false NOT NULL; +ALTER TABLE user_info ADD COLUMN oss_psid varchar(32) DEFAULT ''; + + + +------ 2306s升级到2309 ----------- +CREATE TABLE service_inspection ( + ID int(11) NOT NULL AUTO_INCREMENT, + service_id varchar(32) NULL, + code_open BOOL DEFAULT 0 NULL, + normative_open BOOL DEFAULT 0 NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE service_gateway_domain ( + ID int(11) NOT NULL AUTO_INCREMENT, + service_id varchar(32) NULL, + port INTEGER DEFAULT 5000 NULL, + protocol varchar(32) DEFAULT "http" NULL, + hosts LONGTEXT NULL, + route_yaml LONGTEXT NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +CREATE TABLE component_report ( + ID int(11) NOT NULL AUTO_INCREMENT, + component_id varchar(32) COLLATE utf8mb4_unicode_ci DEFAULT NULL, + create_time datetime DEFAULT NULL, + primary_link varchar(1024) COLLATE utf8mb4_unicode_ci DEFAULT NULL, + level int DEFAULT NULL, + type varchar(16) COLLATE utf8mb4_unicode_ci DEFAULT NULL, + message varchar(4096) COLLATE utf8mb4_unicode_ci DEFAULT NULL, + PRIMARY KEY (`ID`) +) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/www/apiclient/regionapi.py b/www/apiclient/regionapi.py index d6cded7a96..f7a75fd8bf 100644 --- a/www/apiclient/regionapi.py +++ b/www/apiclient/regionapi.py @@ -4,6 +4,9 @@ import os import httplib2 +import urllib3 +from django.http import StreamingHttpResponse + from console.exception.main import ServiceHandleException from console.models.main import RegionConfig from django import http @@ -13,6 +16,8 @@ from www.apiclient.regionapibaseclient import RegionApiBaseHttpClient from www.models.main import TenantRegionInfo, Tenants from console.exception.bcode import ErrNamespaceExists +from console.repositories.k8s_resources import k8s_resources_repo +from console.repositories.region_app import region_app_repo logger = logging.getLogger('default') @@ -147,8 +152,8 @@ def delete_service(self, region, tenant_name, service_alias, enterprise_id, data url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "?enterprise_id=" + enterprise_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "?enterprise_id=" + + enterprise_id) self._set_headers(token) if not data: @@ -357,8 +362,8 @@ def get_service_pods(self, region, tenant_name, service_alias, enterprise_id): url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/pods?enterprise_id=" + enterprise_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/pods?enterprise_id=" + + enterprise_id) self._set_headers(token) res, body = self._get(url, self.default_headers, None, region=region, timeout=15) @@ -377,8 +382,8 @@ def pod_detail(self, region, tenant_name, service_alias, pod_name): url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/pods/" + pod_name + "/detail" + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/pods/" + pod_name + + "/detail") self._set_headers(token) res, body = self._get(url, self.default_headers, None, region=region) @@ -436,6 +441,27 @@ def manage_inner_port(self, region, tenant_name, service_alias, port, body): res, body = self._put(url, self.default_headers, json.dumps(body), region=region) return body + def api_gateway_manage_outer_port(self, region, tenant_name, service_alias, port, body): + """打开关闭对外端口""" + try: + url, token = self.__get_region_access_info(tenant_name, region) + tenant_region = self.__get_tenant_region_info(tenant_name, region) + url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/ports/" + str( + port) + "/outer" + + self._set_headers(token) + res, body = self._put(url, self.default_headers, json.dumps(body), region=region) + return body + except RegionApiBaseHttpClient.CallApiError as e: + message = e.body.get("msg") + if message and message.find("do not allow operate outer port for thirdpart domain endpoints") >= 0: + raise ServiceHandleException( + status_code=400, + msg="do not allow operate outer port for thirdpart domain endpoints", + msg_show="该第三方组件具有域名类实例,暂不支持开放网关访问") + else: + raise e + def manage_outer_port(self, region, tenant_name, service_alias, port, body): """打开关闭对外端口""" try: @@ -574,8 +600,8 @@ def check_service_status(self, region, tenant_name, service_alias, enterprise_id url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/status?enterprise_id=" + enterprise_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/status?enterprise_id=" + + enterprise_id) self._set_headers(token) res, body = self._get(url, self.default_headers, region=region) @@ -808,8 +834,8 @@ def get_docker_log_instance(self, region, tenant_name, service_alias, enterprise url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/log-instance?enterprise_id=" + enterprise_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + + "/log-instance?enterprise_id=" + enterprise_id) self._set_headers(token) res, body = self._get(url, self.default_headers, region=region) @@ -829,8 +855,8 @@ def get_service_log_files(self, region, tenant_name, service_alias, enterprise_i url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/log-file?enterprise_id=" + enterprise_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + + "/log-file?enterprise_id=" + enterprise_id) self._set_headers(token) res, body = self._get(url, self.default_headers, region=region) @@ -980,8 +1006,8 @@ def unbindDomain(self, region, tenant_name, service_alias, body): url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/domains/" + \ - body["domain"] + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/domains/" + + body["domain"]) self._set_headers(token) res, body = self._delete(url, self.default_headers, json.dumps(body), region=region) return body @@ -1082,6 +1108,32 @@ def bindTcpDomain(self, region, tenant_name, body): res, body = self._post(url, self.default_headers, json.dumps(body), region=region) return body + def create_http_limiting_policy(self, region, tenant_name, body): + + url, token = self.__get_region_access_info(tenant_name, region) + url = url + "/v2/tenants/" + tenant_name + "/http-limiting-policy" + self._set_headers(token) + res, body = self._post(url, self.default_headers, json.dumps(body), region=region) + return body + + def update_http_limiting_policy(self, region, tenant_name, body): + + url, token = self.__get_region_access_info(tenant_name, region) + url = url + "/v2/tenants/" + tenant_name + "/http-limiting-policy" + + self._set_headers(token) + res, body = self._put(url, self.default_headers, json.dumps(body), region=region) + return body + + def delete_http_limiting_policy(self, region, tenant_name, limiting_policy_name): + + url, token = self.__get_region_access_info(tenant_name, region) + url = url + "/v2/tenants/" + tenant_name + "/http-limiting-policy?limiting_policy_name={}".format(limiting_policy_name) + + self._set_headers(token) + res, body = self._delete(url, self.default_headers, region=region) + return body + def updateTcpDomain(self, region, tenant_name, body): url, token = self.__get_region_access_info(tenant_name, region) @@ -1102,13 +1154,6 @@ def unbindTcpDomain(self, region, tenant_name, body): res, body = self._delete(url, self.default_headers, json.dumps(body), region=region) return body - def get_port(self, region, tenant_name, lock=False): - url, token = self.__get_region_access_info(tenant_name, region) - url = url + "/v2/gateway/ports?lock={}".format(lock) - self._set_headers(token) - res, body = self._get(url, self.default_headers, region=region) - return res, body - def get_ips(self, region, tenant_name): url, token = self.__get_region_access_info(tenant_name, region) url = url + "/v2/gateway/ips" @@ -1147,8 +1192,8 @@ def postPluginAttr(self, region, tenant_name, service_alias, plugin_id, body): url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/plugin/" \ - + plugin_id + "/setenv" + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/plugin/" + plugin_id + + "/setenv") self._set_headers(token) return self._post(url, self.default_headers, json.dumps(body), region=region) @@ -1158,8 +1203,8 @@ def putPluginAttr(self, region, tenant_name, service_alias, plugin_id, body): url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/plugin/" + plugin_id + "/upenv" + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/plugin/" + plugin_id + + "/upenv") self._set_headers(token) return self._put(url, self.default_headers, json.dumps(body), region=region) @@ -1220,9 +1265,16 @@ def delete_plugin_version(self, region, tenant_name, plugin_id, build_version): def get_query_data(self, region, tenant_name, params): """获取监控数据""" + url, token = self.__get_region_access_info(tenant_name, region) + url = "/api/v1/query" + params + self._set_headers(token) + res, body = self._get(url, self.default_headers, region=region, timeout=10, retries=1) + return res, body + def get_query_range_data(self, region, tenant_name, params): + """获取监控数据""" url, token = self.__get_region_access_info(tenant_name, region) - url = url + "/api/v1/query" + params + url = url + "/api/v1/query_range" + params self._set_headers(token) res, body = self._get(url, self.default_headers, region=region, timeout=10, retries=1) return res, body @@ -1245,14 +1297,6 @@ def get_query_domain_access(self, region, tenant_name, params): res, body = self._get(url, self.default_headers, region=region, timeout=10, retries=1) return res, body - def get_query_range_data(self, region, tenant_name, params): - """获取监控范围数据""" - url, token = self.__get_region_access_info(tenant_name, region) - url = url + "/api/v1/query_range" + params - self._set_headers(token) - res, body = self._get(url, self.default_headers, region=region, timeout=10, retries=1) - return res, body - def get_service_publish_status(self, region, tenant_name, service_key, app_version): url, token = self.__get_region_access_info(tenant_name, region) @@ -1386,8 +1430,8 @@ def service_chargesverify(self, region, tenant_name, data): """组件扩大资源申请接口""" url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + \ - "/chargesverify?quantity={0}&reason={1}&eid={2}".format(data["quantity"], data["reason"], data["eid"]) + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + + "/chargesverify?quantity={0}&reason={1}&eid={2}".format(data["quantity"], data["reason"], data["eid"])) self._set_headers(token) res, body = self._get(url, self.default_headers, region=region, body=json.dumps(data)) return res, body @@ -1439,8 +1483,8 @@ def update_service_plugin_config(self, region, tenant_name, service_alias, plugi url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/plugin/" + plugin_id + "/upenv" + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/plugin/" + plugin_id + + "/upenv") self._set_headers(token) return self._put(url, self.default_headers, json.dumps(body), region=region) @@ -1450,8 +1494,8 @@ def get_services_pods(self, region, tenant_name, service_id_list, enterprise_id) service_ids = ",".join(service_id_list) url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/pods?enterprise_id=" \ - + enterprise_id + "&service_ids=" + service_ids + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/pods?enterprise_id=" + enterprise_id + + "&service_ids=" + service_ids) self._set_headers(token) res, body = self._get(url, self.default_headers, None, region=region, timeout=10) @@ -1631,8 +1675,8 @@ def get_apps_migrate_status(self, region, tenant_name, backup_id, restore_id): """获取迁移结果""" url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/groupapp/backups/" \ - + backup_id + "/restore/" + restore_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/groupapp/backups/" + backup_id + "/restore/" + + restore_id) self._set_headers(token) res, body = self._get(url, self.default_headers, region=region) @@ -1653,8 +1697,7 @@ def get_service_build_versions(self, region, tenant_name, service_alias): url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/build-list" + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/build-list") self._set_headers(token) res, body = self._get(url, self.default_headers, region=region) @@ -1665,8 +1708,8 @@ def delete_service_build_version(self, region, tenant_name, service_alias, versi url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/build-version/" + version_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/build-version/" + + version_id) self._set_headers(token) res, body = self._delete(url, self.default_headers, region=region, body=json.dumps(body)) @@ -1677,13 +1720,25 @@ def get_service_build_version_by_id(self, region, tenant_name, service_alias, ve url, token = self.__get_region_access_info(tenant_name, region) tenant_region = self.__get_tenant_region_info(tenant_name, region) - url = url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" \ - + service_alias + "/build-version/" + version_id + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/build-version/" + + version_id) self._set_headers(token) res, body = self._get(url, self.default_headers, region=region) return res, body + def update_service_build_version_by_id(self, region, tenant_name, service_alias, version_id, data): + """更新组件的某次构建版本的规划版本""" + + url, token = self.__get_region_access_info(tenant_name, region) + tenant_region = self.__get_tenant_region_info(tenant_name, region) + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + "/build-version/" + + version_id) + + self._set_headers(token) + res, body = self._put(url, self.default_headers, region=region, body=json.dumps(data)) + return res, body + def get_team_services_deploy_version(self, region, tenant_name, data): """查询指定组件的部署版本""" url, token = self.__get_region_access_info(tenant_name, region) @@ -2362,6 +2417,14 @@ def delete_registry_auth(self, tenant_name, region_name, body): resp, _ = self._delete(url, self._set_headers(token), region=region_name, body=json.dumps(body)) return resp + def get_component_authorization_policy(self, tenant_name, region_name, service_alias, namespace): + url, token = self.__get_region_access_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/services/{}/component_authorization_policy?namespace={}&".format( + tenant_name, service_alias, namespace) + self._set_headers(token) + res, body = self._get(url, self.default_headers, region=region_name) + return body + def get_app_resource(self, enterprise_id, region, data): region_info = self.get_enterprise_region_info(enterprise_id, region) if not region_info: @@ -2641,3 +2704,253 @@ def get_proxy(self, region_name, path): self._set_headers(region_info.token) res, body = self._get(url, self.default_headers, region=region_name) return body + + def get_files(self, region_name, tenant_name, service_alias, path, pod_name, namespace): + """获取组件的构建版本""" + + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = (url + "/v2/tenants/" + tenant_region.region_tenant_name + "/services/" + service_alias + + "/file-manage?path={0}&pod_name={1}&namespace={2}".format(path, pod_name, namespace)) + + self._set_headers(token) + res, body = self._get(url, self.default_headers, region=region_name, timeout=10) + return body + + def get_pod_volume(self, region_name, tenant_name, pod_name, namespace, volume_path, service): + region_info = self.get_region_info(region_name=region_name) + if not region_info: + raise ServiceHandleException("region not found") + url = region_info.url + url = ( + url + + "/v2/tenants/{0}/services/{1}/pod-volume?pod_name={2}&namespace={3}&volume_path={4}&k8s_component_name={5}".format( + tenant_name, service.service_alias, pod_name, namespace, volume_path, service.k8s_component_name)) + res, body = self._get(url, self.default_headers, region=region_name, timeout=10) + return res, body + + def get_app_peer_authentications(self, tenant_name, region_name, region_app_id, namespace, name): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/app_peer_authentications".format(tenant_region.region_tenant_name, region_app_id) + url = url + "?namespace={0}&name={1}".format(namespace, name) + self._set_headers(token) + res, body = self._get(url, self.default_headers, region=region_name) + return body + + def app_peer_authentications(self, tenant_name, region_name, region_app_id, data): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/app_peer_authentications".format(tenant_region.region_tenant_name, region_app_id) + self._set_headers(token) + res, body = self._put(url, self.default_headers, body=json.dumps(data), region=region_name) + return body + + def get_app_authorization_policy(self, tenant_name, region_name, region_app_id, namespace, name): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/app_authorization_policy".format(tenant_region.region_tenant_name, region_app_id) + url = url + "?namespace={0}&name={1}".format(namespace, name) + self._set_headers(token) + res, body = self._get(url, self.default_headers, region=region_name) + return body + + def app_authorization_policy(self, tenant_name, region_name, region_app_id, data): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/app_authorization_policy".format(tenant_region.region_tenant_name, region_app_id) + self._set_headers(token) + res, body = self._put(url, self.default_headers, body=json.dumps(data), region=region_name) + return body + + def get_app_gray_release(self, tenant_name, region_name, region_app_id, namespace, component_id): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/gray_release".format(tenant_region.region_tenant_name, region_app_id) + url = url + "?namespace={0}&app_id={1}&component_id={2}".format(namespace, region_app_id, component_id) + self._set_headers(token) + res, body = self._get(url, self.default_headers, region=region_name) + return res, body + + def create_app_gray_release(self, tenant_name, region_name, region_app_id, data): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/gray_release".format(tenant_region.region_tenant_name, region_app_id) + self._set_headers(token) + res, body = self._post(url, self.default_headers, body=json.dumps(data), region=region_name) + return body.get("bean", None) + + def update_app_gray_release(self, tenant_name, region_name, region_app_id, data): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/gray_release".format(tenant_region.region_tenant_name, region_app_id) + self._set_headers(token) + res, body = self._put(url, self.default_headers, body=json.dumps(data), region=region_name) + return body.get("bean", None) + + def operate_app_gray_release(self, tenant_name, region_name, region_app_id, namespace, operation_method): + url, token = self.__get_region_access_info(tenant_name, region_name) + tenant_region = self.__get_tenant_region_info(tenant_name, region_name) + url = url + "/v2/tenants/{}/apps/{}/operate_gray_release".format(tenant_region.region_tenant_name, region_app_id) + url = url + "?namespace={0}&app_id={1}&operation_method={2}".format(namespace, region_app_id, operation_method) + self._set_headers(token) + res, body = self._put(url, self.default_headers, region=region_name) + return body + + def save_yaml(self, app_id, body): + name = body["bean"].get("name") + data = { + "app_id": app_id, + "name": name, + "kind": body["bean"].get("kind"), + "content": body["bean"].get("content"), + "state": 1, + } + if len(k8s_resources_repo.get_route_by_name(app_id, name)) == 0: + k8s_resources_repo.create(**data) + else: + k8s_resources_repo.update(app_id=app_id, name=name, kind=data["kind"], content=body["bean"]["content"]) + + def api_gateway_post_proxy(self, region, tenant_name, path, data, app_id): + if app_id: + region_app_id = region_app_repo.get_region_app_id(region, app_id) + path = path.replace("appID=" + str(app_id), "appID=" + region_app_id) + "&intID=" + str(app_id) + + url, token = self.__get_region_access_info(tenant_name, region) + # url = "http://127.0.0.1:8888" + url = url + path + self._set_headers(token) + res, body = self._post(url, self.default_headers, region=region, body=json.dumps(data)) + self.save_yaml(app_id, body) + return body["bean"] + + def api_gateway_get_proxy(self, region, tenant_name, path, app_id): + if app_id: + region_app_id = region_app_repo.get_region_app_id(region, app_id) + path = path.replace("appID=" + str(app_id), "appID=" + region_app_id) + "&intID=" + str(app_id) + url, token = self.__get_region_access_info(tenant_name, region) + self._set_headers(token) + res, body = self._get(url + path, self.default_headers, region=region) + return body + + def api_gateway_delete_proxy(self, region, tenant_name, path): + url, token = self.__get_region_access_info(tenant_name, region) + self._set_headers(token) + res, body = self._delete(url + path, self.default_headers, region=region) + if body["list"]: + for n in body["list"]: + # 在这里对每个元素进行操作 + k8s_resources_repo.delete_route_by_name(n) + return body["bean"] + + def get_port(self, region, tenant_name, lock=False): + url, token = self.__get_region_access_info(tenant_name, region) + url = url + "/v2/gateway/ports?lock={}".format(lock) + self._set_headers(token) + res, body = self._get(url, self.default_headers, region=region) + return res, body + + def api_gateway_bind_tcp_domain(self, + region, + tenant_name, + k8s_service_name, + container_port, + app_id, + ingressPort=None, + service_id="", + service_type=""): + """ + 根据endpoint 0.0.0.0:10000 来监听,将请求转发到 region 处理,需要绑定k8s的service + """ + data = { + "protocol": "TCP", + "match": { + "host": "0.0.0.0", + "ingressPort": ingressPort + }, + "backend": { + "serviceName": k8s_service_name, + "servicePort": container_port + } + } + + path = "/v2/proxy-pass/gateway/" + tenant_name + "/routes/tcp?appID=" + str( + app_id) + "&service_id=" + service_id + "&service_type=" + service_type + return self.post_proxy(region, path, data) + + def api_gateway_bind_http_domain(self, service_name, region, tenant_name, domains, svc, app_id): + """ + 根据域名,k8s的service生成 http 路由规则,默认全部转发。/* + """ + body = { + "match": { + "hosts": domains, + "paths": ["/*"], + }, + "backends": [{ + "serviceName": svc.k8s_service_name, + "servicePort": svc.container_port + }], + "authentication": { + "enable": False, + "type": "basicAuth", + "keyAuth": {} + } + } + path = "/api-gateway/v1/" + tenant_name + "/routes/http?appID=" + str(app_id) + "&service_alias=" + service_name + return self.api_gateway_post_proxy(region, tenant_name, path, body, app_id) + + def api_gateway_bind_http_domain_convert(self, service_name, region, tenant_name, domains, svc, app_id): + """ + 根据域名,k8s的service生成 http 路由规则,默认全部转发。/* + """ + body = { + "match": { + "hosts": domains, + "paths": ["/*"], + }, + "backends": [{ + "serviceName": svc.k8s_service_name, + "servicePort": svc.container_port + }], + "authentication": { + "enable": False, + "type": "basicAuth", + "keyAuth": {} + } + } + path = "/api-gateway/v1/" + tenant_name + "/routes/http?appID=&service_alias=" + service_name + return self.api_gateway_post_proxy(region, tenant_name, path, body, app_id) + + def delete_proxy(self, region_name, path): + region_info = self.get_region_info(region_name) + if not region_info: + raise ServiceHandleException("region not found") + url = region_info.url + path + self._set_headers(region_info.token) + res, body = self._delete(url, self.default_headers, region=region_name) + return body + + def sse_proxy(self, region_name, path): + region_info = self.get_region_info(region_name) + if not region_info: + raise ServiceHandleException("region not found") + url = region_info.url + path + client = self.get_client(region_config=region_info) + # requests + resp = client.request(method="GET", url=url, preload_content=False, timeout=urllib3.Timeout(connect=30, read=60 * 60)) + + def event_stream(): + for chunk in resp.stream(4096): + yield str(chunk, encoding="utf-8") + + response = StreamingHttpResponse(event_stream(), content_type='text/event-stream') + response['Content-Encoding'] = 'identity' + return response + + def upgrade_region(self, region_name, data): + url, token = self.__get_region_access_info(None, region_name) + url = url + "/v2/cluster/rbd-upgrade" + self._set_headers(token) + res, body = self._post(url, self.default_headers, region=region_name, body=json.dumps(data)) + return body diff --git a/www/apiclient/regionapibaseclient.py b/www/apiclient/regionapibaseclient.py index 0b0ba67923..c6217bbbaf 100644 --- a/www/apiclient/regionapibaseclient.py +++ b/www/apiclient/regionapibaseclient.py @@ -12,7 +12,9 @@ import certifi import urllib3 from addict import Dict -from console.exception.main import ServiceHandleException, ErrClusterLackOfMemory, ErrTenantLackOfMemory +from console.exception.main import ServiceHandleException, ErrClusterLackOfMemory, ErrTenantLackOfMemory, \ + ErrClusterAuthLackOfMemory, ErrClusterAuthLackOfNode, ErrClusterAuthLackOfLicense, \ + ErrClusterAuthLackOfLicenseExpire, ErrTenantLackOfCPU, ErrTenantQuotaCPULack, ErrTenantQuotaMemoryLack from console.repositories.region_repo import region_repo from django.conf import settings from django.http import HttpResponse, QueryDict @@ -102,6 +104,20 @@ def _check_status(self, url, method, status, content): raise ErrClusterLackOfMemory() if body.get("msg") == "tenant_lack_of_memory": raise ErrTenantLackOfMemory() + if body.get("msg") == "tenant_lack_of_cpu": + raise ErrTenantLackOfCPU() + if body.get("msg") == "tenant_quota_cpu_lack": + raise ErrTenantQuotaCPULack() + if body.get("msg") == "tenant_quota_memory_lack": + raise ErrTenantQuotaMemoryLack() + if body.get("msg") == "authorize_cluster_lack_of_memory": + raise ErrClusterAuthLackOfMemory() + if body.get("msg") == "authorize_cluster_lack_of_node": + raise ErrClusterAuthLackOfNode() + if body.get("msg") == "authorize_cluster_lack_of_license": + raise ErrClusterAuthLackOfLicense() + if body.get("msg") == "authorize_expiration_of_authorization": + raise ErrClusterAuthLackOfLicenseExpire() raise self.CallApiError(self.apitype, url, method, res, body) else: return res, body diff --git a/www/models/main.py b/www/models/main.py index 64d4b7f139..9ca4ab050a 100644 --- a/www/models/main.py +++ b/www/models/main.py @@ -309,7 +309,6 @@ def parse_default(self, a): return "" def parse_kind(self, a): - # print(a.name, type(a)) if type(a) == CharField: return "string" if type(a) == AutoField: