|
|
package decortsdk
|
|
|
|
|
|
import (
|
|
|
"bytes"
|
|
|
"context"
|
|
|
"crypto/tls"
|
|
|
"encoding/json"
|
|
|
"errors"
|
|
|
"fmt"
|
|
|
"io"
|
|
|
"mime/multipart"
|
|
|
"net/http"
|
|
|
"strconv"
|
|
|
"strings"
|
|
|
"sync"
|
|
|
|
|
|
"github.com/google/go-querystring/query"
|
|
|
"golang.org/x/oauth2"
|
|
|
"repository.basistech.ru/BASIS/decort-golang-sdk/config"
|
|
|
"repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudapi"
|
|
|
k8s_ca "repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudapi/k8s"
|
|
|
"repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudbroker"
|
|
|
k8s_cb "repository.basistech.ru/BASIS/decort-golang-sdk/pkg/cloudbroker/k8s"
|
|
|
)
|
|
|
|
|
|
// HTTP-client for platform
|
|
|
type BVSDecortClient struct {
|
|
|
client *http.Client
|
|
|
cfg *oauth2.Config
|
|
|
mutex *sync.Mutex
|
|
|
token *oauth2.Token
|
|
|
decortURL string
|
|
|
username string
|
|
|
password string
|
|
|
}
|
|
|
|
|
|
type ProviderEndpoint struct {
|
|
|
TokenURL string `json:"token_endpoint"`
|
|
|
}
|
|
|
|
|
|
// Сlient builder
|
|
|
func NewBVS(cfg config.BVSConfig) *BVSDecortClient {
|
|
|
if cfg.Retries == 0 {
|
|
|
cfg.Retries = 5
|
|
|
}
|
|
|
// if cfg.Token.AccessToken != "" {
|
|
|
|
|
|
// }
|
|
|
ctx := context.Background()
|
|
|
providerEndpoint, _ := GetEndpoint(ctx, cfg.SSOURL, cfg.Domain, cfg.SSLSkipVerify)
|
|
|
|
|
|
return &BVSDecortClient{
|
|
|
decortURL: cfg.DecortURL,
|
|
|
client: &http.Client{
|
|
|
Transport: &http.Transport{
|
|
|
TLSClientConfig: &tls.Config{
|
|
|
//nolint:gosec
|
|
|
InsecureSkipVerify: cfg.SSLSkipVerify,
|
|
|
},
|
|
|
},
|
|
|
},
|
|
|
cfg: &oauth2.Config{
|
|
|
ClientID: cfg.AppID,
|
|
|
ClientSecret: cfg.AppSecret,
|
|
|
Endpoint: providerEndpoint,
|
|
|
},
|
|
|
mutex: &sync.Mutex{},
|
|
|
token: &cfg.Token,
|
|
|
username: cfg.Username,
|
|
|
password: cfg.Password,
|
|
|
}
|
|
|
}
|
|
|
|
|
|
// CloudAPI builder
|
|
|
func (bdc *BVSDecortClient) CloudAPI() *cloudapi.CloudAPI {
|
|
|
return cloudapi.New(bdc)
|
|
|
}
|
|
|
|
|
|
// CloudBroker builder
|
|
|
func (bdc *BVSDecortClient) CloudBroker() *cloudbroker.CloudBroker {
|
|
|
return cloudbroker.New(bdc)
|
|
|
}
|
|
|
|
|
|
// DecortApiCall method for sending requests to the platform
|
|
|
func (bdc *BVSDecortClient) DecortApiCall(ctx context.Context, method, url string, params interface{}) ([]byte, error) {
|
|
|
k8sCaCreateReq, okCa := params.(k8s_ca.CreateRequest)
|
|
|
k8sCbCreateReq, okCb := params.(k8s_cb.CreateRequest)
|
|
|
var body *bytes.Buffer
|
|
|
var ctype string
|
|
|
|
|
|
if okCa {
|
|
|
body, ctype = createK8sCloudApiBVS(k8sCaCreateReq)
|
|
|
} else if okCb {
|
|
|
body, ctype = createK8sCloudBrokerBVS(k8sCbCreateReq)
|
|
|
} else {
|
|
|
values, err := query.Values(params)
|
|
|
if err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
body = bytes.NewBufferString(values.Encode())
|
|
|
}
|
|
|
|
|
|
req, err := http.NewRequestWithContext(ctx, method, bdc.decortURL+restmachine+url, body)
|
|
|
if err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
|
|
|
if err = bdc.getToken(ctx); err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
|
|
|
resp, err := bdc.do(req, ctype)
|
|
|
if err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
respBytes, err := io.ReadAll(resp.Body)
|
|
|
if err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
|
|
|
if resp.StatusCode != 200 {
|
|
|
return nil, errors.New(string(respBytes))
|
|
|
}
|
|
|
|
|
|
return respBytes, nil
|
|
|
}
|
|
|
|
|
|
func (bdc *BVSDecortClient) getToken(ctx context.Context) error {
|
|
|
bdc.mutex.Lock()
|
|
|
defer bdc.mutex.Unlock()
|
|
|
|
|
|
if !bdc.token.Valid() {
|
|
|
|
|
|
body := fmt.Sprintf("grant_type=password&client_id=%s&client_secret=%s&username=%s&password=%s&response_type=token", bdc.cfg.ClientID, bdc.cfg.ClientSecret, bdc.username, bdc.password)
|
|
|
bodyReader := strings.NewReader(body)
|
|
|
// body := fmt.Sprintf("grant_type=client_credentials&client_id=%s&client_secret=%s&", bdc.cfg.ClientID, bdc.cfg.ClientSecret)
|
|
|
// bodyReader := strings.NewReader(body)
|
|
|
|
|
|
req, _ := http.NewRequestWithContext(ctx, "POST", bdc.cfg.Endpoint.TokenURL, bodyReader)
|
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
|
|
resp, err := bdc.client.Do(req)
|
|
|
if err != nil {
|
|
|
return fmt.Errorf("cannot get token: %w", err)
|
|
|
}
|
|
|
|
|
|
tokenBytes, _ := io.ReadAll(resp.Body)
|
|
|
resp.Body.Close()
|
|
|
|
|
|
if resp.StatusCode != 200 {
|
|
|
return fmt.Errorf("cannot get token: %s", tokenBytes)
|
|
|
}
|
|
|
|
|
|
err = json.Unmarshal(tokenBytes, &bdc.token)
|
|
|
if err != nil {
|
|
|
return fmt.Errorf("cannot unmarshal token: %s", tokenBytes)
|
|
|
}
|
|
|
}
|
|
|
|
|
|
return nil
|
|
|
}
|
|
|
|
|
|
func (bdc *BVSDecortClient) do(req *http.Request, ctype string) (*http.Response, error) {
|
|
|
if ctype != "" {
|
|
|
req.Header.Add("Content-Type", ctype)
|
|
|
} else {
|
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
|
}
|
|
|
bdc.token.SetAuthHeader(req)
|
|
|
req.Header.Set("Accept", "application/json")
|
|
|
|
|
|
// var resp *http.Response
|
|
|
// var err error
|
|
|
buf, _ := io.ReadAll(req.Body)
|
|
|
// req = req.Clone(req.Context())
|
|
|
|
|
|
// for i := uint64(0); i < dc.cfg.Retries; i++ {
|
|
|
req.Body = io.NopCloser(bytes.NewBuffer(buf))
|
|
|
resp, err := bdc.client.Do(req)
|
|
|
// if err == nil {
|
|
|
if resp.StatusCode != 200 {
|
|
|
return resp, err
|
|
|
}
|
|
|
respBytes, _ := io.ReadAll(resp.Body)
|
|
|
err = fmt.Errorf("%s", respBytes)
|
|
|
resp.Body.Close()
|
|
|
// }
|
|
|
// }
|
|
|
|
|
|
return nil, fmt.Errorf("could not execute request: %w", err)
|
|
|
}
|
|
|
|
|
|
func createK8sCloudApiBVS(req k8s_ca.CreateRequest) (*bytes.Buffer, string) {
|
|
|
reqBody := &bytes.Buffer{}
|
|
|
writer := multipart.NewWriter(reqBody)
|
|
|
if req.OidcCertificate != "" {
|
|
|
part, _ := writer.CreateFormFile("oidcCertificate", "ca.crt")
|
|
|
_, _ = io.Copy(part, strings.NewReader(req.OidcCertificate))
|
|
|
}
|
|
|
|
|
|
_ = writer.WriteField("name", req.Name)
|
|
|
_ = writer.WriteField("rgId", strconv.FormatUint(req.RGID, 10))
|
|
|
_ = writer.WriteField("k8ciId", strconv.FormatUint(req.K8SCIID, 10))
|
|
|
_ = writer.WriteField("workerGroupName", req.WorkerGroupName)
|
|
|
_ = writer.WriteField("networkPlugin", req.NetworkPlugin)
|
|
|
|
|
|
if req.MasterSEPID != 0 {
|
|
|
_ = writer.WriteField("masterSepId", strconv.FormatUint(req.MasterSEPID, 10))
|
|
|
}
|
|
|
if req.MasterSEPPool != "" {
|
|
|
_ = writer.WriteField("masterSepPool", req.MasterSEPPool)
|
|
|
}
|
|
|
if req.WorkerSEPID != 0 {
|
|
|
_ = writer.WriteField("workerSepId", strconv.FormatUint(req.WorkerSEPID, 10))
|
|
|
}
|
|
|
if req.WorkerSEPPool != "" {
|
|
|
_ = writer.WriteField("workerSepPool", req.WorkerSEPPool)
|
|
|
}
|
|
|
|
|
|
if req.Labels != nil {
|
|
|
for _, v := range req.Labels {
|
|
|
_ = writer.WriteField("labels", v)
|
|
|
}
|
|
|
}
|
|
|
if req.Taints != nil {
|
|
|
for _, v := range req.Taints {
|
|
|
_ = writer.WriteField("taints", v)
|
|
|
}
|
|
|
}
|
|
|
if req.Annotations != nil {
|
|
|
for _, v := range req.Annotations {
|
|
|
_ = writer.WriteField("annotations", v)
|
|
|
}
|
|
|
}
|
|
|
|
|
|
if req.MasterCPU != 0 {
|
|
|
_ = writer.WriteField("masterCpu", strconv.FormatUint(uint64(req.MasterCPU), 10))
|
|
|
}
|
|
|
if req.MasterNum != 0 {
|
|
|
_ = writer.WriteField("masterNum", strconv.FormatUint(uint64(req.MasterNum), 10))
|
|
|
}
|
|
|
if req.MasterRAM != 0 {
|
|
|
_ = writer.WriteField("masterRam", strconv.FormatUint(uint64(req.MasterRAM), 10))
|
|
|
}
|
|
|
if req.MasterDisk != 0 {
|
|
|
_ = writer.WriteField("masterDisk", strconv.FormatUint(uint64(req.MasterDisk), 10))
|
|
|
}
|
|
|
if req.WorkerCPU != 0 {
|
|
|
_ = writer.WriteField("workerCpu", strconv.FormatUint(uint64(req.WorkerCPU), 10))
|
|
|
}
|
|
|
if req.WorkerNum != 0 {
|
|
|
_ = writer.WriteField("workerNum", strconv.FormatUint(uint64(req.WorkerNum), 10))
|
|
|
}
|
|
|
if req.WorkerRAM != 0 {
|
|
|
_ = writer.WriteField("workerRam", strconv.FormatUint(uint64(req.WorkerRAM), 10))
|
|
|
}
|
|
|
if req.WorkerDisk != 0 {
|
|
|
_ = writer.WriteField("workerDisk", strconv.FormatUint(uint64(req.WorkerDisk), 10))
|
|
|
}
|
|
|
if req.ExtNetID != 0 {
|
|
|
_ = writer.WriteField("extnetId", strconv.FormatUint(req.ExtNetID, 10))
|
|
|
}
|
|
|
if req.VinsId != 0 {
|
|
|
_ = writer.WriteField("vinsId", strconv.FormatUint(req.VinsId, 10))
|
|
|
}
|
|
|
if !req.WithLB {
|
|
|
_ = writer.WriteField("withLB", strconv.FormatBool(req.WithLB))
|
|
|
}
|
|
|
|
|
|
_ = writer.WriteField("highlyAvailableLB", strconv.FormatBool(req.HighlyAvailable))
|
|
|
|
|
|
if req.AdditionalSANs != nil {
|
|
|
for _, v := range req.AdditionalSANs {
|
|
|
_ = writer.WriteField("additionalSANs", v)
|
|
|
}
|
|
|
}
|
|
|
if req.InitConfiguration != "" {
|
|
|
_ = writer.WriteField("initConfiguration", req.InitConfiguration)
|
|
|
}
|
|
|
if req.ClusterConfiguration != "" {
|
|
|
_ = writer.WriteField("clusterConfiguration", req.ClusterConfiguration)
|
|
|
}
|
|
|
if req.KubeletConfiguration != "" {
|
|
|
_ = writer.WriteField("kubeletConfiguration", req.KubeletConfiguration)
|
|
|
}
|
|
|
if req.KubeProxyConfiguration != "" {
|
|
|
_ = writer.WriteField("kubeProxyConfiguration", req.KubeProxyConfiguration)
|
|
|
}
|
|
|
if req.JoinConfiguration != "" {
|
|
|
_ = writer.WriteField("joinConfiguration", req.JoinConfiguration)
|
|
|
}
|
|
|
if req.Description != "" {
|
|
|
_ = writer.WriteField("desc", req.Description)
|
|
|
}
|
|
|
if req.UserData != "" {
|
|
|
_ = writer.WriteField("userData", req.UserData)
|
|
|
}
|
|
|
|
|
|
_ = writer.WriteField("extnetOnly", strconv.FormatBool(req.ExtNetOnly))
|
|
|
|
|
|
ct := writer.FormDataContentType()
|
|
|
writer.Close()
|
|
|
|
|
|
return reqBody, ct
|
|
|
}
|
|
|
|
|
|
func createK8sCloudBrokerBVS(req k8s_cb.CreateRequest) (*bytes.Buffer, string) {
|
|
|
reqBody := &bytes.Buffer{}
|
|
|
writer := multipart.NewWriter(reqBody)
|
|
|
if req.OidcCertificate != "" {
|
|
|
part, _ := writer.CreateFormFile("oidcCertificate", "ca.crt")
|
|
|
_, _ = io.Copy(part, strings.NewReader(req.OidcCertificate))
|
|
|
}
|
|
|
|
|
|
_ = writer.WriteField("name", req.Name)
|
|
|
_ = writer.WriteField("rgId", strconv.FormatUint(req.RGID, 10))
|
|
|
_ = writer.WriteField("k8ciId", strconv.FormatUint(req.K8CIID, 10))
|
|
|
_ = writer.WriteField("workerGroupName", req.WorkerGroupName)
|
|
|
_ = writer.WriteField("networkPlugin", req.NetworkPlugin)
|
|
|
|
|
|
if req.MasterSEPID != 0 {
|
|
|
_ = writer.WriteField("masterSepId", strconv.FormatUint(req.MasterSEPID, 10))
|
|
|
}
|
|
|
if req.MasterSEPPool != "" {
|
|
|
_ = writer.WriteField("masterSepPool", req.MasterSEPPool)
|
|
|
}
|
|
|
if req.WorkerSEPID != 0 {
|
|
|
_ = writer.WriteField("workerSepId", strconv.FormatUint(req.WorkerSEPID, 10))
|
|
|
}
|
|
|
if req.WorkerSEPPool != "" {
|
|
|
_ = writer.WriteField("workerSepPool", req.WorkerSEPPool)
|
|
|
}
|
|
|
|
|
|
if req.Labels != nil {
|
|
|
for _, v := range req.Labels {
|
|
|
_ = writer.WriteField("labels", v)
|
|
|
}
|
|
|
}
|
|
|
if req.Taints != nil {
|
|
|
for _, v := range req.Taints {
|
|
|
_ = writer.WriteField("taints", v)
|
|
|
}
|
|
|
}
|
|
|
if req.Annotations != nil {
|
|
|
for _, v := range req.Annotations {
|
|
|
_ = writer.WriteField("annotations", v)
|
|
|
}
|
|
|
}
|
|
|
|
|
|
if req.MasterCPU != 0 {
|
|
|
_ = writer.WriteField("masterCpu", strconv.FormatUint(req.MasterCPU, 10))
|
|
|
}
|
|
|
if req.MasterNum != 0 {
|
|
|
_ = writer.WriteField("masterNum", strconv.FormatUint(req.MasterNum, 10))
|
|
|
}
|
|
|
if req.MasterRAM != 0 {
|
|
|
_ = writer.WriteField("masterRam", strconv.FormatUint(req.MasterRAM, 10))
|
|
|
}
|
|
|
if req.MasterDisk != 0 {
|
|
|
_ = writer.WriteField("masterDisk", strconv.FormatUint(req.MasterDisk, 10))
|
|
|
}
|
|
|
if req.WorkerCPU != 0 {
|
|
|
_ = writer.WriteField("workerCpu", strconv.FormatUint(req.WorkerCPU, 10))
|
|
|
}
|
|
|
if req.WorkerNum != 0 {
|
|
|
_ = writer.WriteField("workerNum", strconv.FormatUint(req.WorkerNum, 10))
|
|
|
}
|
|
|
if req.WorkerRAM != 0 {
|
|
|
_ = writer.WriteField("workerRam", strconv.FormatUint(req.WorkerRAM, 10))
|
|
|
}
|
|
|
if req.WorkerDisk != 0 {
|
|
|
_ = writer.WriteField("workerDisk", strconv.FormatUint(req.WorkerDisk, 10))
|
|
|
}
|
|
|
if req.ExtNetID != 0 {
|
|
|
_ = writer.WriteField("extnetId", strconv.FormatUint(req.ExtNetID, 10))
|
|
|
}
|
|
|
if req.VinsId != 0 {
|
|
|
_ = writer.WriteField("vinsId", strconv.FormatUint(req.VinsId, 10))
|
|
|
}
|
|
|
if !req.WithLB {
|
|
|
_ = writer.WriteField("withLB", strconv.FormatBool(req.WithLB))
|
|
|
}
|
|
|
|
|
|
_ = writer.WriteField("highlyAvailableLB", strconv.FormatBool(req.HighlyAvailable))
|
|
|
|
|
|
if req.AdditionalSANs != nil {
|
|
|
for _, v := range req.AdditionalSANs {
|
|
|
_ = writer.WriteField("additionalSANs", v)
|
|
|
}
|
|
|
}
|
|
|
if req.InitConfiguration != "" {
|
|
|
_ = writer.WriteField("initConfiguration", req.InitConfiguration)
|
|
|
}
|
|
|
if req.ClusterConfiguration != "" {
|
|
|
_ = writer.WriteField("clusterConfiguration", req.ClusterConfiguration)
|
|
|
}
|
|
|
if req.KubeletConfiguration != "" {
|
|
|
_ = writer.WriteField("kubeletConfiguration", req.KubeletConfiguration)
|
|
|
}
|
|
|
if req.KubeProxyConfiguration != "" {
|
|
|
_ = writer.WriteField("kubeProxyConfiguration", req.KubeProxyConfiguration)
|
|
|
}
|
|
|
if req.JoinConfiguration != "" {
|
|
|
_ = writer.WriteField("joinConfiguration", req.JoinConfiguration)
|
|
|
}
|
|
|
if req.Description != "" {
|
|
|
_ = writer.WriteField("desc", req.Description)
|
|
|
}
|
|
|
if req.UserData != "" {
|
|
|
_ = writer.WriteField("userData", req.UserData)
|
|
|
}
|
|
|
|
|
|
_ = writer.WriteField("extnetOnly", strconv.FormatBool(req.ExtNetOnly))
|
|
|
|
|
|
ct := writer.FormDataContentType()
|
|
|
|
|
|
writer.Close()
|
|
|
return reqBody, ct
|
|
|
}
|
|
|
|
|
|
func GetEndpoint(ctx context.Context, issuer string, domain string, skip bool) (oauth2.Endpoint, error) {
|
|
|
wellKnown := issuer + "/" + domain + "/.well-known/openid-configuration"
|
|
|
req, err := http.NewRequestWithContext(ctx, "GET", wellKnown, nil)
|
|
|
if err != nil {
|
|
|
return oauth2.Endpoint{}, err
|
|
|
}
|
|
|
|
|
|
client := &http.Client{
|
|
|
Transport: &http.Transport{
|
|
|
TLSClientConfig: &tls.Config{
|
|
|
//nolint:gosec
|
|
|
InsecureSkipVerify: skip,
|
|
|
},
|
|
|
},
|
|
|
}
|
|
|
|
|
|
resp, err := client.Do(req)
|
|
|
if err != nil {
|
|
|
return oauth2.Endpoint{}, err
|
|
|
}
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
|
if err != nil {
|
|
|
return oauth2.Endpoint{}, fmt.Errorf("unable to read response body: %w", err)
|
|
|
}
|
|
|
|
|
|
var p ProviderEndpoint
|
|
|
err = json.Unmarshal(body, &p)
|
|
|
if err != nil {
|
|
|
return oauth2.Endpoint{}, fmt.Errorf("cannot unmarshal endpoint: %s", body)
|
|
|
}
|
|
|
|
|
|
return oauth2.Endpoint{TokenURL: p.TokenURL}, nil
|
|
|
}
|
