@jfvilas/plugin-kubelog-backend
Version:
Backstage backend plugin for Kubelog
156 lines (152 loc) • 6.89 kB
JavaScript
;
var KubelogStaticData = require('../model/KubelogStaticData.cjs.js');
var kwirthCommon = require('@jfvilas/kwirth-common');
const loadNamespacePermissions = (logger, cluster, kdata) => {
if (cluster.has("kubelogNamespacePermissions")) {
logger.info(`Namespace permisson evaluation will be performed for cluster ${cluster.getString("name")}.`);
var permNamespaces = cluster.getOptionalConfigArray("kubelogNamespacePermissions");
for (var ns of permNamespaces) {
var namespace = ns.keys()[0];
var identityRefs = ns.getStringArray(namespace);
identityRefs = identityRefs.map((g) => g.toLowerCase());
kdata.namespacePermissions.push({ namespace, identityRefs });
}
} else {
logger.info(`Cluster ${cluster.getString("name")} will have no namespace restrictions.`);
kdata.namespacePermissions = [];
}
};
const loadPodRules = (config, id) => {
var rules = [];
for (var rule of config.getConfigArray(id)) {
var podsStringArray = rule.getOptionalStringArray("pods") || [".*"];
var podsRegexArray = [];
for (var expr of podsStringArray) {
podsRegexArray.push(new RegExp(expr));
}
var refsStringArray = rule.getOptionalStringArray("refs") || [".*"];
var refsRegexArray = [];
for (var expr of refsStringArray) {
refsRegexArray.push(new RegExp(expr));
}
var prr = {
pods: podsRegexArray,
refs: refsRegexArray
};
rules.push(prr);
}
return rules;
};
const loadPodPermissions = (configKey, logger, cluster) => {
var clusterPodPermissions = [];
if (cluster.has(configKey)) {
var namespaceList = cluster.getConfigArray(configKey);
for (var ns of namespaceList) {
var namespaceName = ns.keys()[0];
var podPermissions = { namespace: namespaceName };
if (ns.getConfig(namespaceName).has("allow")) {
podPermissions.allow = loadPodRules(ns.getConfig(namespaceName), "allow");
if (ns.getConfig(namespaceName).has("except")) podPermissions.except = loadPodRules(ns.getConfig(namespaceName), "except");
if (ns.getConfig(namespaceName).has("deny")) podPermissions.deny = loadPodRules(ns.getConfig(namespaceName), "deny");
if (ns.getConfig(namespaceName).has("unless")) podPermissions.unless = loadPodRules(ns.getConfig(namespaceName), "unless");
} else {
podPermissions.allow = [];
podPermissions.allow.push({
pods: [new RegExp(".*")],
refs: [new RegExp(".*")]
});
}
clusterPodPermissions.push(podPermissions);
}
} else {
logger.info(`No pod permissions for ${configKey} will be applied for ${cluster.getString("name")} (everyone will be allowed).`);
}
return clusterPodPermissions;
};
const loadClusters = async (logger, config) => {
KubelogStaticData.KubelogStaticData.clusterKubelogData.clear();
var locatingMethods = config.getConfigArray("kubernetes.clusterLocatorMethods");
for (var method of locatingMethods) {
var clusters = method.getConfigArray("clusters");
for (var cluster of clusters) {
var name = cluster.getString("name");
if (cluster.has("kubelogKwirthHome") && cluster.has("kubelogKwirthApiKey")) {
var home = cluster.getOptionalString("kwirthHome") || cluster.getOptionalString("kubelogKwirthHome");
var apiKeyStr = cluster.getOptionalString("kwirthApiKey") || cluster.getOptionalString("kubelogKwirthApiKey");
var title = cluster.has("title") ? cluster.getString("title") : "No name";
var kubelogClusterData = {
name,
kwirthHome: home,
kwirthApiKey: apiKeyStr,
kwirthData: {
version: "",
clusterName: "",
inCluster: false,
namespace: "",
deployment: "",
lastVersion: "",
clusterType: kwirthCommon.EClusterType.KUBERNETES,
metricsInterval: 0,
channels: [],
isElectron: false
},
title,
namespacePermissions: [],
viewPermissions: [],
restartPermissions: [],
enabled: false
};
logger.info(`Kwirth for ${name} is located at ${kubelogClusterData.kwirthHome}. Testing connection...`);
let enableCluster = false;
try {
var response = await fetch(kubelogClusterData.kwirthHome + "/config/info");
try {
var data = await response.text();
try {
var kwirthData = JSON.parse(data);
logger.info(`Kwirth info at cluster '${kubelogClusterData.name}': ${JSON.stringify(kwirthData)}`);
kubelogClusterData.kwirthData = kwirthData;
if (kwirthCommon.versionGreatOrEqualThan(kwirthData.version, KubelogStaticData.MIN_KWIRTH_VERSION)) {
enableCluster = true;
} else {
logger.error(`Unsupported Kwirth version on cluster '${name}' (${title}) [${kwirthData.version}]. Min version is ${KubelogStaticData.MIN_KWIRTH_VERSION}`);
}
} catch (err) {
logger.error(`Kwirth at cluster ${kubelogClusterData.name} returned errors: ${err}`);
logger.info("Returned data is:");
logger.info(data);
kubelogClusterData.kwirthData = {
version: "0.0.0",
clusterName: "unknown",
inCluster: false,
namespace: "unknown",
deployment: "unknown",
lastVersion: "0.0.0",
clusterType: kwirthCommon.EClusterType.KUBERNETES,
metricsInterval: 0,
channels: [],
isElectron: false
};
}
} catch (err) {
logger.warn(`Error parsing version response from cluster '${kubelogClusterData.name}': ${err}`);
}
} catch (err) {
logger.info(`Kwirth access error: ${err}.`);
logger.warn(`Kwirth home URL (${kubelogClusterData.kwirthHome}) at cluster '${kubelogClusterData.name}' cannot be accessed right now.`);
}
if (enableCluster) {
loadNamespacePermissions(logger, cluster, kubelogClusterData);
kubelogClusterData.viewPermissions = loadPodPermissions("kubelogPodViewPermissions", logger, cluster);
kubelogClusterData.restartPermissions = loadPodPermissions("kubelogPodRestartPermissions", logger, cluster);
KubelogStaticData.KubelogStaticData.clusterKubelogData.set(name, kubelogClusterData);
}
} else {
logger.warn(`Cluster ${name} has no Kubelog information (kubelogHome and kubelogApiKey are missing). It will not be used for Kubelog log viewing.`);
}
}
}
console.log(KubelogStaticData.KubelogStaticData.clusterKubelogData);
};
exports.loadClusters = loadClusters;
//# sourceMappingURL=config.cjs.js.map