mirror of
				https://github.com/onepanelio/onepanel.git
				synced 2025-10-26 23:10:21 +08:00 
			
		
		
		
	Compare commits
	
		
			37 Commits
		
	
	
		
			v0.13.0-rc
			...
			v0.13.1-rc
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | 6c5b6c877e | ||
|   | 67e684a715 | ||
|   | 20c4950b69 | ||
|   | 5e5c3cca67 | ||
|   | 575a33c272 | ||
|   | 8e9b95aa12 | ||
|   | 38f1aafaec | ||
|   | 30ebda4918 | ||
|   | ce972f2988 | ||
|   | ede4c67c8f | ||
|   | 68ddec78c8 | ||
|   | c42997a643 | ||
|   | 5bd2feaa86 | ||
|   | de4302d226 | ||
|   | 7150f24631 | ||
|   | 0e1e48dfc8 | ||
|   | dd0f1f7705 | ||
|   | 03f8f47664 | ||
|   | c85496d216 | ||
|   | 5f6415548d | ||
|   | c641c17a8c | ||
|   | 83a2543b13 | ||
|   | e8dae0f2e9 | ||
|   | b85bf4d688 | ||
|   | 7fe0ab2654 | ||
|   | dfa6eb2fe6 | ||
|   | cc2c51ace5 | ||
|   | 897462ede7 | ||
|   | 4e3c24fd89 | ||
|   | 276e105f20 | ||
|   | 656026ac84 | ||
|   | 95bea11e43 | ||
|   | c6f65510d8 | ||
|   | d6e279dde5 | ||
|   | e99b0e943d | ||
|   | 22a7c31f1d | ||
|   | b6c0f24170 | 
							
								
								
									
										29
									
								
								.github/workflows/push_tag.yaml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								.github/workflows/push_tag.yaml
									
									
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,29 @@ | ||||
| name: Publish docker image on tag push | ||||
| on: | ||||
|   push: | ||||
|     tags: | ||||
|       - '*' | ||||
| jobs: | ||||
|   build: | ||||
|     runs-on: ubuntu-latest | ||||
|     steps: | ||||
|       - uses: actions/checkout@master | ||||
|       - uses: olegtarasov/get-tag@v2 | ||||
|         id: tagName | ||||
|       - name: Publish to Registry | ||||
|         uses: elgohr/Publish-Docker-Github-Action@master | ||||
|         with: | ||||
|           name: onepanel/core | ||||
|           username: ${{ secrets.DOCKER_HUB_USERNAME }} | ||||
|           password: ${{ secrets.DOCKER_HUB_TOKEN }} | ||||
|           tags: "${{ env.GIT_TAG_NAME }}" | ||||
|       - name: Set Slack Message | ||||
|         run: echo "::set-env name=SLACK_MESSAGE::Tag $GIT_TAG_NAME. Docker Tag onepanel/core:$GIT_TAG_NAME" | ||||
|       - name: Notify Slack Channels | ||||
|         uses: rtCamp/action-slack-notify@v2.0.0 | ||||
|         env: | ||||
|           SLACK_CHANNEL: dev | ||||
|           SLACK_ICON: https://avatars1.githubusercontent.com/u/30390575?s=48&v=4 | ||||
|           SLACK_TITLE: New Core Version | ||||
|           SLACK_USERNAME: opBot | ||||
|           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | ||||
| @@ -3,7 +3,7 @@ | ||||
|   "info": { | ||||
|     "title": "Onepanel", | ||||
|     "description": "Onepanel API", | ||||
|     "version": "0.13.0", | ||||
|     "version": "0.14.0", | ||||
|     "contact": { | ||||
|       "name": "Onepanel project", | ||||
|       "url": "https://github.com/onepanelio/core" | ||||
| @@ -77,7 +77,7 @@ | ||||
|             "in": "body", | ||||
|             "required": true, | ||||
|             "schema": { | ||||
|               "$ref": "#/definitions/TokenWrapper" | ||||
|               "$ref": "#/definitions/IsValidTokenRequest" | ||||
|             } | ||||
|           } | ||||
|         ], | ||||
| @@ -2967,11 +2967,28 @@ | ||||
|         } | ||||
|       } | ||||
|     }, | ||||
|     "IsValidTokenRequest": { | ||||
|       "type": "object", | ||||
|       "properties": { | ||||
|         "username": { | ||||
|           "type": "string" | ||||
|         }, | ||||
|         "token": { | ||||
|           "type": "string" | ||||
|         } | ||||
|       } | ||||
|     }, | ||||
|     "IsValidTokenResponse": { | ||||
|       "type": "object", | ||||
|       "properties": { | ||||
|         "domain": { | ||||
|           "type": "string" | ||||
|         }, | ||||
|         "token": { | ||||
|           "type": "string" | ||||
|         }, | ||||
|         "username": { | ||||
|           "type": "string" | ||||
|         } | ||||
|       } | ||||
|     }, | ||||
| @@ -3394,14 +3411,6 @@ | ||||
|         } | ||||
|       } | ||||
|     }, | ||||
|     "TokenWrapper": { | ||||
|       "type": "object", | ||||
|       "properties": { | ||||
|         "token": { | ||||
|           "type": "string" | ||||
|         } | ||||
|       } | ||||
|     }, | ||||
|     "UpdateSecretKeyValueResponse": { | ||||
|       "type": "object", | ||||
|       "properties": { | ||||
|   | ||||
							
								
								
									
										184
									
								
								api/auth.pb.go
									
									
									
									
									
								
							
							
						
						
									
										184
									
								
								api/auth.pb.go
									
									
									
									
									
								
							| @@ -204,65 +204,19 @@ func (x *IsAuthorizedResponse) GetAuthorized() bool { | ||||
| 	return false | ||||
| } | ||||
|  | ||||
| type TokenWrapper struct { | ||||
| 	state         protoimpl.MessageState | ||||
| 	sizeCache     protoimpl.SizeCache | ||||
| 	unknownFields protoimpl.UnknownFields | ||||
|  | ||||
| 	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` | ||||
| } | ||||
|  | ||||
| func (x *TokenWrapper) Reset() { | ||||
| 	*x = TokenWrapper{} | ||||
| 	if protoimpl.UnsafeEnabled { | ||||
| 		mi := &file_auth_proto_msgTypes[3] | ||||
| 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) | ||||
| 		ms.StoreMessageInfo(mi) | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func (x *TokenWrapper) String() string { | ||||
| 	return protoimpl.X.MessageStringOf(x) | ||||
| } | ||||
|  | ||||
| func (*TokenWrapper) ProtoMessage() {} | ||||
|  | ||||
| func (x *TokenWrapper) ProtoReflect() protoreflect.Message { | ||||
| 	mi := &file_auth_proto_msgTypes[3] | ||||
| 	if protoimpl.UnsafeEnabled && x != nil { | ||||
| 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) | ||||
| 		if ms.LoadMessageInfo() == nil { | ||||
| 			ms.StoreMessageInfo(mi) | ||||
| 		} | ||||
| 		return ms | ||||
| 	} | ||||
| 	return mi.MessageOf(x) | ||||
| } | ||||
|  | ||||
| // Deprecated: Use TokenWrapper.ProtoReflect.Descriptor instead. | ||||
| func (*TokenWrapper) Descriptor() ([]byte, []int) { | ||||
| 	return file_auth_proto_rawDescGZIP(), []int{3} | ||||
| } | ||||
|  | ||||
| func (x *TokenWrapper) GetToken() string { | ||||
| 	if x != nil { | ||||
| 		return x.Token | ||||
| 	} | ||||
| 	return "" | ||||
| } | ||||
|  | ||||
| type IsValidTokenRequest struct { | ||||
| 	state         protoimpl.MessageState | ||||
| 	sizeCache     protoimpl.SizeCache | ||||
| 	unknownFields protoimpl.UnknownFields | ||||
|  | ||||
| 	Token *TokenWrapper `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` | ||||
| 	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` | ||||
| 	Token    string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` | ||||
| } | ||||
|  | ||||
| func (x *IsValidTokenRequest) Reset() { | ||||
| 	*x = IsValidTokenRequest{} | ||||
| 	if protoimpl.UnsafeEnabled { | ||||
| 		mi := &file_auth_proto_msgTypes[4] | ||||
| 		mi := &file_auth_proto_msgTypes[3] | ||||
| 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) | ||||
| 		ms.StoreMessageInfo(mi) | ||||
| 	} | ||||
| @@ -275,7 +229,7 @@ func (x *IsValidTokenRequest) String() string { | ||||
| func (*IsValidTokenRequest) ProtoMessage() {} | ||||
|  | ||||
| func (x *IsValidTokenRequest) ProtoReflect() protoreflect.Message { | ||||
| 	mi := &file_auth_proto_msgTypes[4] | ||||
| 	mi := &file_auth_proto_msgTypes[3] | ||||
| 	if protoimpl.UnsafeEnabled && x != nil { | ||||
| 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) | ||||
| 		if ms.LoadMessageInfo() == nil { | ||||
| @@ -288,14 +242,21 @@ func (x *IsValidTokenRequest) ProtoReflect() protoreflect.Message { | ||||
|  | ||||
| // Deprecated: Use IsValidTokenRequest.ProtoReflect.Descriptor instead. | ||||
| func (*IsValidTokenRequest) Descriptor() ([]byte, []int) { | ||||
| 	return file_auth_proto_rawDescGZIP(), []int{4} | ||||
| 	return file_auth_proto_rawDescGZIP(), []int{3} | ||||
| } | ||||
|  | ||||
| func (x *IsValidTokenRequest) GetToken() *TokenWrapper { | ||||
| func (x *IsValidTokenRequest) GetUsername() string { | ||||
| 	if x != nil { | ||||
| 		return x.Username | ||||
| 	} | ||||
| 	return "" | ||||
| } | ||||
|  | ||||
| func (x *IsValidTokenRequest) GetToken() string { | ||||
| 	if x != nil { | ||||
| 		return x.Token | ||||
| 	} | ||||
| 	return nil | ||||
| 	return "" | ||||
| } | ||||
|  | ||||
| type IsValidTokenResponse struct { | ||||
| @@ -304,12 +265,14 @@ type IsValidTokenResponse struct { | ||||
| 	unknownFields protoimpl.UnknownFields | ||||
|  | ||||
| 	Domain   string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` | ||||
| 	Token    string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` | ||||
| 	Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"` | ||||
| } | ||||
|  | ||||
| func (x *IsValidTokenResponse) Reset() { | ||||
| 	*x = IsValidTokenResponse{} | ||||
| 	if protoimpl.UnsafeEnabled { | ||||
| 		mi := &file_auth_proto_msgTypes[5] | ||||
| 		mi := &file_auth_proto_msgTypes[4] | ||||
| 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) | ||||
| 		ms.StoreMessageInfo(mi) | ||||
| 	} | ||||
| @@ -322,7 +285,7 @@ func (x *IsValidTokenResponse) String() string { | ||||
| func (*IsValidTokenResponse) ProtoMessage() {} | ||||
|  | ||||
| func (x *IsValidTokenResponse) ProtoReflect() protoreflect.Message { | ||||
| 	mi := &file_auth_proto_msgTypes[5] | ||||
| 	mi := &file_auth_proto_msgTypes[4] | ||||
| 	if protoimpl.UnsafeEnabled && x != nil { | ||||
| 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) | ||||
| 		if ms.LoadMessageInfo() == nil { | ||||
| @@ -335,7 +298,7 @@ func (x *IsValidTokenResponse) ProtoReflect() protoreflect.Message { | ||||
|  | ||||
| // Deprecated: Use IsValidTokenResponse.ProtoReflect.Descriptor instead. | ||||
| func (*IsValidTokenResponse) Descriptor() ([]byte, []int) { | ||||
| 	return file_auth_proto_rawDescGZIP(), []int{5} | ||||
| 	return file_auth_proto_rawDescGZIP(), []int{4} | ||||
| } | ||||
|  | ||||
| func (x *IsValidTokenResponse) GetDomain() string { | ||||
| @@ -345,6 +308,20 @@ func (x *IsValidTokenResponse) GetDomain() string { | ||||
| 	return "" | ||||
| } | ||||
|  | ||||
| func (x *IsValidTokenResponse) GetToken() string { | ||||
| 	if x != nil { | ||||
| 		return x.Token | ||||
| 	} | ||||
| 	return "" | ||||
| } | ||||
|  | ||||
| func (x *IsValidTokenResponse) GetUsername() string { | ||||
| 	if x != nil { | ||||
| 		return x.Username | ||||
| 	} | ||||
| 	return "" | ||||
| } | ||||
|  | ||||
| var File_auth_proto protoreflect.FileDescriptor | ||||
|  | ||||
| var file_auth_proto_rawDesc = []byte{ | ||||
| @@ -370,32 +347,33 @@ var file_auth_proto_rawDesc = []byte{ | ||||
| 	0x7a, 0x65, 0x64, 0x22, 0x36, 0x0a, 0x14, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, | ||||
| 	0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x61, | ||||
| 	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, | ||||
| 	0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x22, 0x24, 0x0a, 0x0c, 0x54, | ||||
| 	0x6f, 0x6b, 0x65, 0x6e, 0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x74, | ||||
| 	0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, | ||||
| 	0x6e, 0x22, 0x3e, 0x0a, 0x13, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, | ||||
| 	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, | ||||
| 	0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x54, 0x6f, | ||||
| 	0x6b, 0x65, 0x6e, 0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, | ||||
| 	0x6e, 0x22, 0x2e, 0x0a, 0x14, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, | ||||
| 	0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, | ||||
| 	0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, | ||||
| 	0x6e, 0x32, 0xea, 0x01, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x68, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, | ||||
| 	0x65, 0x12, 0x6c, 0x0a, 0x0c, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, | ||||
| 	0x6e, 0x12, 0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, | ||||
| 	0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, | ||||
| 	0x69, 0x2e, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, | ||||
| 	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x27, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x21, 0x22, 0x18, | ||||
| 	0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, | ||||
| 	0x74, 0x68, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, | ||||
| 	0x6d, 0x0a, 0x0c, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x12, | ||||
| 	0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, | ||||
| 	0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, | ||||
| 	0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, 0x70, | ||||
| 	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x22, 0x22, 0x12, 0x2f, 0x61, | ||||
| 	0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, | ||||
| 	0x3a, 0x0c, 0x69, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x62, 0x06, | ||||
| 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, | ||||
| 	0x0a, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x22, 0x47, 0x0a, 0x13, 0x49, | ||||
| 	0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, | ||||
| 	0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, | ||||
| 	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, | ||||
| 	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, | ||||
| 	0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x60, 0x0a, 0x14, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, | ||||
| 	0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, | ||||
| 	0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, | ||||
| 	0x6d, 0x61, 0x69, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, | ||||
| 	0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, | ||||
| 	0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, | ||||
| 	0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0xe6, 0x01, 0x0a, 0x0b, 0x41, 0x75, 0x74, 0x68, 0x53, | ||||
| 	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x68, 0x0a, 0x0c, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, | ||||
| 	0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x56, | ||||
| 	0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, | ||||
| 	0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x54, 0x6f, | ||||
| 	0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x23, 0x82, 0xd3, 0xe4, | ||||
| 	0x93, 0x02, 0x1d, 0x22, 0x18, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, | ||||
| 	0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x01, 0x2a, | ||||
| 	0x12, 0x6d, 0x0a, 0x0c, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, | ||||
| 	0x12, 0x18, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, | ||||
| 	0x7a, 0x65, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x61, 0x70, 0x69, | ||||
| 	0x2e, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x52, 0x65, 0x73, | ||||
| 	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x22, 0x22, 0x12, 0x2f, | ||||
| 	0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x61, 0x75, 0x74, | ||||
| 	0x68, 0x3a, 0x0c, 0x69, 0x73, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x62, | ||||
| 	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, | ||||
| } | ||||
|  | ||||
| var ( | ||||
| @@ -410,27 +388,25 @@ func file_auth_proto_rawDescGZIP() []byte { | ||||
| 	return file_auth_proto_rawDescData | ||||
| } | ||||
|  | ||||
| var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 6) | ||||
| var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 5) | ||||
| var file_auth_proto_goTypes = []interface{}{ | ||||
| 	(*IsAuthorized)(nil),         // 0: api.IsAuthorized | ||||
| 	(*IsAuthorizedRequest)(nil),  // 1: api.IsAuthorizedRequest | ||||
| 	(*IsAuthorizedResponse)(nil), // 2: api.IsAuthorizedResponse | ||||
| 	(*TokenWrapper)(nil),         // 3: api.TokenWrapper | ||||
| 	(*IsValidTokenRequest)(nil),  // 4: api.IsValidTokenRequest | ||||
| 	(*IsValidTokenResponse)(nil), // 5: api.IsValidTokenResponse | ||||
| 	(*IsValidTokenRequest)(nil),  // 3: api.IsValidTokenRequest | ||||
| 	(*IsValidTokenResponse)(nil), // 4: api.IsValidTokenResponse | ||||
| } | ||||
| var file_auth_proto_depIdxs = []int32{ | ||||
| 	0, // 0: api.IsAuthorizedRequest.isAuthorized:type_name -> api.IsAuthorized | ||||
| 	3, // 1: api.IsValidTokenRequest.token:type_name -> api.TokenWrapper | ||||
| 	4, // 2: api.AuthService.IsValidToken:input_type -> api.IsValidTokenRequest | ||||
| 	1, // 3: api.AuthService.IsAuthorized:input_type -> api.IsAuthorizedRequest | ||||
| 	5, // 4: api.AuthService.IsValidToken:output_type -> api.IsValidTokenResponse | ||||
| 	2, // 5: api.AuthService.IsAuthorized:output_type -> api.IsAuthorizedResponse | ||||
| 	4, // [4:6] is the sub-list for method output_type | ||||
| 	2, // [2:4] is the sub-list for method input_type | ||||
| 	2, // [2:2] is the sub-list for extension type_name | ||||
| 	2, // [2:2] is the sub-list for extension extendee | ||||
| 	0, // [0:2] is the sub-list for field type_name | ||||
| 	3, // 1: api.AuthService.IsValidToken:input_type -> api.IsValidTokenRequest | ||||
| 	1, // 2: api.AuthService.IsAuthorized:input_type -> api.IsAuthorizedRequest | ||||
| 	4, // 3: api.AuthService.IsValidToken:output_type -> api.IsValidTokenResponse | ||||
| 	2, // 4: api.AuthService.IsAuthorized:output_type -> api.IsAuthorizedResponse | ||||
| 	3, // [3:5] is the sub-list for method output_type | ||||
| 	1, // [1:3] is the sub-list for method input_type | ||||
| 	1, // [1:1] is the sub-list for extension type_name | ||||
| 	1, // [1:1] is the sub-list for extension extendee | ||||
| 	0, // [0:1] is the sub-list for field type_name | ||||
| } | ||||
|  | ||||
| func init() { file_auth_proto_init() } | ||||
| @@ -476,18 +452,6 @@ func file_auth_proto_init() { | ||||
| 			} | ||||
| 		} | ||||
| 		file_auth_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { | ||||
| 			switch v := v.(*TokenWrapper); i { | ||||
| 			case 0: | ||||
| 				return &v.state | ||||
| 			case 1: | ||||
| 				return &v.sizeCache | ||||
| 			case 2: | ||||
| 				return &v.unknownFields | ||||
| 			default: | ||||
| 				return nil | ||||
| 			} | ||||
| 		} | ||||
| 		file_auth_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { | ||||
| 			switch v := v.(*IsValidTokenRequest); i { | ||||
| 			case 0: | ||||
| 				return &v.state | ||||
| @@ -499,7 +463,7 @@ func file_auth_proto_init() { | ||||
| 				return nil | ||||
| 			} | ||||
| 		} | ||||
| 		file_auth_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { | ||||
| 		file_auth_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { | ||||
| 			switch v := v.(*IsValidTokenResponse); i { | ||||
| 			case 0: | ||||
| 				return &v.state | ||||
| @@ -518,7 +482,7 @@ func file_auth_proto_init() { | ||||
| 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(), | ||||
| 			RawDescriptor: file_auth_proto_rawDesc, | ||||
| 			NumEnums:      0, | ||||
| 			NumMessages:   6, | ||||
| 			NumMessages:   5, | ||||
| 			NumExtensions: 0, | ||||
| 			NumServices:   1, | ||||
| 		}, | ||||
|   | ||||
| @@ -39,7 +39,7 @@ func request_AuthService_IsValidToken_0(ctx context.Context, marshaler runtime.M | ||||
| 	if berr != nil { | ||||
| 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) | ||||
| 	} | ||||
| 	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Token); err != nil && err != io.EOF { | ||||
| 	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { | ||||
| 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) | ||||
| 	} | ||||
|  | ||||
| @@ -56,7 +56,7 @@ func local_request_AuthService_IsValidToken_0(ctx context.Context, marshaler run | ||||
| 	if berr != nil { | ||||
| 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) | ||||
| 	} | ||||
| 	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Token); err != nil && err != io.EOF { | ||||
| 	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { | ||||
| 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) | ||||
| 	} | ||||
|  | ||||
|   | ||||
| @@ -9,7 +9,7 @@ service AuthService { | ||||
|     rpc IsValidToken(IsValidTokenRequest) returns (IsValidTokenResponse) { | ||||
|         option (google.api.http) = { | ||||
|             post: "/apis/v1beta1/auth/token" | ||||
|             body: "token" | ||||
|             body: "*" | ||||
|         }; | ||||
|     } | ||||
|  | ||||
| @@ -37,14 +37,13 @@ message IsAuthorizedResponse { | ||||
|     bool authorized = 1; | ||||
| } | ||||
|  | ||||
| message TokenWrapper { | ||||
|     string token = 1; | ||||
| } | ||||
|  | ||||
| message IsValidTokenRequest { | ||||
|     TokenWrapper token = 1; | ||||
|     string username = 1; | ||||
|     string token = 2; | ||||
| } | ||||
|  | ||||
| message IsValidTokenResponse { | ||||
|     string domain = 1; | ||||
|     string token = 2; | ||||
|     string username = 3; | ||||
| } | ||||
| @@ -155,6 +155,10 @@ func printMarkDown(issues []*issue, version *string) { | ||||
| 	fmt.Println("# Contributors") | ||||
| 	contributors := make([]user, 0) | ||||
| 	for _, contributor := range contributorsMap { | ||||
| 		// Sorry, no bots. | ||||
| 		if contributor.Login == "dependabot[bot]" { | ||||
| 			continue | ||||
| 		} | ||||
| 		contributors = append(contributors, contributor) | ||||
| 	} | ||||
| 	sort.Slice(contributors, func(i, j int) bool { return contributors[i].ContributionsCount > contributors[j].ContributionsCount }) | ||||
|   | ||||
| @@ -2,7 +2,6 @@ package migration | ||||
|  | ||||
| import ( | ||||
| 	"database/sql" | ||||
| 	v1 "github.com/onepanelio/core/pkg" | ||||
| 	uid2 "github.com/onepanelio/core/pkg/util/uid" | ||||
| 	"github.com/pressly/goose" | ||||
| ) | ||||
| @@ -103,13 +102,7 @@ func Up20200929153931(tx *sql.Tx) error { | ||||
| 		return err | ||||
| 	} | ||||
| 	for _, namespace := range namespaces { | ||||
| 		workspaceTemplate := &v1.WorkspaceTemplate{ | ||||
| 			UID:      uid, | ||||
| 			Name:     jupyterLabTemplateName, | ||||
| 			Manifest: jupyterWorkspaceTemplate3, | ||||
| 		} | ||||
|  | ||||
| 		if _, err := client.UpdateWorkspaceTemplate(namespace.Name, workspaceTemplate); err != nil { | ||||
| 		if _, err := client.UpdateWorkspaceTemplateManifest(namespace.Name, uid, jupyterWorkspaceTemplate3); err != nil { | ||||
| 			return err | ||||
| 		} | ||||
| 	} | ||||
| @@ -144,14 +137,9 @@ func Down20200929153931(tx *sql.Tx) error { | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 	workspaceTemplate := &v1.WorkspaceTemplate{ | ||||
| 		UID:      uid, | ||||
| 		Name:     jupyterLabTemplateName, | ||||
| 		Manifest: jupyterWorkspaceTemplate2, | ||||
| 	} | ||||
|  | ||||
| 	for _, namespace := range namespaces { | ||||
| 		if _, err := client.UpdateWorkspaceTemplate(namespace.Name, workspaceTemplate); err != nil { | ||||
| 		if _, err := client.UpdateWorkspaceTemplateManifest(namespace.Name, uid, jupyterWorkspaceTemplate2); err != nil { | ||||
| 			return err | ||||
| 		} | ||||
| 	} | ||||
|   | ||||
							
								
								
									
										1
									
								
								go.mod
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								go.mod
									
									
									
									
									
								
							| @@ -43,4 +43,5 @@ require ( | ||||
| 	k8s.io/apimachinery v0.16.7-beta.0 | ||||
| 	k8s.io/client-go v0.16.4 | ||||
| 	sigs.k8s.io/yaml v1.2.0 | ||||
| 	github.com/dgrijalva/jwt-go v3.2.0+incompatible | ||||
| ) | ||||
| @@ -4,6 +4,7 @@ import ( | ||||
| 	"fmt" | ||||
| 	sq "github.com/Masterminds/squirrel" | ||||
| 	argoprojv1alpha1 "github.com/argoproj/argo/pkg/client/clientset/versioned/typed/workflow/v1alpha1" | ||||
| 	"github.com/jmoiron/sqlx" | ||||
| 	"github.com/onepanelio/core/pkg/util/gcs" | ||||
| 	"github.com/onepanelio/core/pkg/util/router" | ||||
| 	"github.com/onepanelio/core/pkg/util/s3" | ||||
| @@ -38,6 +39,24 @@ func NewConfig() (config *Config) { | ||||
| 	return | ||||
| } | ||||
|  | ||||
| // GetDefaultClient loads a default k8s client | ||||
| func GetDefaultClient() (*Client, error) { | ||||
| 	kubeConfig := NewConfig() | ||||
| 	client, err := NewClient(kubeConfig, nil, nil) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	config, err := client.GetSystemConfig() | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
|  | ||||
| 	dbDriverName, dbDataSourceName := config.DatabaseConnection() | ||||
| 	client.DB = NewDB(sqlx.MustConnect(dbDriverName, dbDataSourceName)) | ||||
|  | ||||
| 	return client, nil | ||||
| } | ||||
|  | ||||
| // NewClient creates a client to interact with the Onepanel system. | ||||
| // It includes access to the database, kubernetes, argo, and configuration. | ||||
| func NewClient(config *Config, db *DB, systemConfig SystemConfig) (client *Client, err error) { | ||||
|   | ||||
| @@ -38,6 +38,12 @@ func NewSystemConfig(configMap *ConfigMap, secret *Secret) (config SystemConfig, | ||||
| 	} | ||||
| 	config["databasePassword"] = string(databasePassword) | ||||
|  | ||||
| 	hmac, err := base64.StdEncoding.DecodeString(secret.Data["hmac"]) | ||||
| 	if err != nil { | ||||
| 		return | ||||
| 	} | ||||
| 	config["hmac"] = string(hmac) | ||||
|  | ||||
| 	return | ||||
| } | ||||
|  | ||||
| @@ -183,6 +189,16 @@ func (s SystemConfig) UpdateNodePoolOptions(parameters []Parameter) ([]Parameter | ||||
| 	return result, nil | ||||
| } | ||||
|  | ||||
| // HMACKey gets the HMAC value, or nil. | ||||
| func (s SystemConfig) HMACKey() []byte { | ||||
| 	hmac := s.GetValue("hmac") | ||||
| 	if hmac == nil { | ||||
| 		return []byte{} | ||||
| 	} | ||||
|  | ||||
| 	return []byte(*hmac) | ||||
| } | ||||
|  | ||||
| // ArtifactRepositoryS3Provider is meant to be used | ||||
| // by the CLI. CLI will marshal this struct into the correct | ||||
| // YAML structure for k8s configmap / secret. | ||||
|   | ||||
| @@ -18,7 +18,6 @@ import ( | ||||
| 	"gopkg.in/yaml.v2" | ||||
| 	"io" | ||||
| 	"io/ioutil" | ||||
| 	"k8s.io/apimachinery/pkg/api/resource" | ||||
| 	"k8s.io/apimachinery/pkg/watch" | ||||
| 	"net/http" | ||||
| 	"strconv" | ||||
| @@ -197,93 +196,21 @@ func injectArtifactRepositoryConfig(artifact *wfv1.Artifact, namespaceConfig *Na | ||||
| 	} | ||||
| } | ||||
|  | ||||
| // injectContainerResourceQuotas adds resource requests and limits if they exist | ||||
| // Code grabs the resource request information from the nodeSelector, compared against running nodes. | ||||
| // If the running node is not present, no resource information is retrieved. | ||||
| func (c *Client) injectContainerResourceQuotas(wf *wfv1.Workflow, template *wfv1.Template, systemConfig SystemConfig) error { | ||||
| // injectHostPortToContainer adds a hostPort to the template container, if a nodeSelector is present. | ||||
| // Kubernetes will ensure that multiple containers with the same hostPort do not share the same node. | ||||
| func (c *Client) injectHostPortToContainer(template *wfv1.Template) error { | ||||
| 	if template.NodeSelector == nil { | ||||
| 		return nil | ||||
| 	} | ||||
|  | ||||
| 	supportedNodePoolLabels := []string{"beta.kubernetes.io/instance-type", "node.kubernetes.io/instance-type"} | ||||
| 	nodePoolLabel := "" | ||||
| 	var value string | ||||
| 	for k, v := range template.NodeSelector { | ||||
| 		for _, supportedNodePoolLabel := range supportedNodePoolLabels { | ||||
| 			if k == supportedNodePoolLabel { | ||||
| 				nodePoolLabel = k | ||||
| 				value = v | ||||
| 				break | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| 	if value == "" { | ||||
| 		return nil | ||||
| 	} | ||||
| 	if strings.Contains(value, "{{workflow.") { | ||||
| 		parts := strings.Split(strings.Replace(value, "}}", "", -1), ".") | ||||
| 		paramName := parts[len(parts)-1] | ||||
| 		for _, param := range wf.Spec.Arguments.Parameters { | ||||
| 			if param.Name == paramName && param.Value != nil { | ||||
| 				value = *param.Value | ||||
| 				break | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	runningNodes, err := c.Interface.CoreV1().Nodes().List(ListOptions{}) | ||||
| 	if err != nil { | ||||
| 		return err | ||||
| 	} | ||||
| 	var cpu string | ||||
| 	var memory string | ||||
| 	var gpu int64 | ||||
| 	gpuManufacturer := "" | ||||
| 	for _, node := range runningNodes.Items { | ||||
| 		if node.Labels[nodePoolLabel] == value { | ||||
| 			cpuInt := node.Status.Allocatable.Cpu().MilliValue() | ||||
| 			cpu = strconv.FormatFloat(float64(cpuInt)*.9, 'f', 0, 64) + "m" | ||||
| 			memoryInt := node.Status.Allocatable.Memory().MilliValue() | ||||
| 			kiBase := 1024.0 | ||||
| 			ninetyPerc := float64(memoryInt) * .9 | ||||
| 			toKi := ninetyPerc / kiBase / kiBase | ||||
| 			memory = strconv.FormatFloat(toKi, 'f', 0, 64) + "Ki" | ||||
| 			//Check for Nvidia | ||||
| 			gpuQuantity := node.Status.Allocatable["nvidia.com/gpu"] | ||||
| 			if gpuQuantity.IsZero() == false { | ||||
| 				gpu = gpuQuantity.Value() | ||||
| 				gpuManufacturer = "nvidia.com/gpu" | ||||
| 			} | ||||
|  | ||||
| 			//Check for AMD | ||||
| 			//Source: https://github.com/RadeonOpenCompute/k8s-device-plugin/blob/master/example/pod/alexnet-gpu.yaml | ||||
| 			gpuQuantity = node.Status.Allocatable["amd.com/gpu"] | ||||
| 			if gpuQuantity.IsZero() == false { | ||||
| 				gpu = gpuQuantity.Value() | ||||
| 				gpuManufacturer = "amd.com/gpu" | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	if cpu != "" && memory != "" { | ||||
| 		resourceList := corev1.ResourceRequirements{ | ||||
| 			Limits: nil, | ||||
| 			Requests: map[corev1.ResourceName]resource.Quantity{ | ||||
| 				corev1.ResourceCPU:    resource.MustParse(cpu), | ||||
| 				corev1.ResourceMemory: resource.MustParse(memory), | ||||
| 			}, | ||||
| 		} | ||||
| 		if gpu > 0 { | ||||
| 			stringGpu := strconv.FormatInt(gpu, 10) | ||||
| 			resourceList.Limits = make(map[corev1.ResourceName]resource.Quantity) | ||||
| 			resourceList.Limits[corev1.ResourceName(gpuManufacturer)] = resource.MustParse(stringGpu) | ||||
| 	ports := []corev1.ContainerPort{ | ||||
| 		{Name: "node-capturer", HostPort: 80, ContainerPort: 80}, | ||||
| 	} | ||||
| 	if template.Container != nil { | ||||
| 			template.Container.Resources = resourceList | ||||
| 		template.Container.Ports = ports | ||||
| 	} | ||||
| 	if template.Script != nil { | ||||
| 			template.Script.Container.Resources = resourceList | ||||
| 		} | ||||
| 		template.Script.Container.Ports = ports | ||||
| 	} | ||||
| 	return nil | ||||
| } | ||||
| @@ -355,7 +282,7 @@ func (c *Client) injectAutomatedFields(namespace string, wf *wfv1.Workflow, opts | ||||
| 				Name:      "sys-dshm", | ||||
| 				MountPath: "/dev/shm", | ||||
| 			}) | ||||
| 			err = c.injectContainerResourceQuotas(wf, template, systemConfig) | ||||
| 			err = c.injectHostPortToContainer(template) | ||||
| 			if err != nil { | ||||
| 				return err | ||||
| 			} | ||||
| @@ -363,7 +290,7 @@ func (c *Client) injectAutomatedFields(namespace string, wf *wfv1.Workflow, opts | ||||
| 		} | ||||
|  | ||||
| 		if template.Script != nil { | ||||
| 			err = c.injectContainerResourceQuotas(wf, template, systemConfig) | ||||
| 			err = c.injectHostPortToContainer(template) | ||||
| 			if err != nil { | ||||
| 				return err | ||||
| 			} | ||||
| @@ -1924,14 +1851,14 @@ func workflowExecutionsSelectBuilderNoColumns(namespace, workflowTemplateUID, wo | ||||
|  | ||||
| func workflowExecutionsSelectBuilder(namespace, workflowTemplateUID, workflowTemplateVersion string, includeSystem bool) sq.SelectBuilder { | ||||
| 	sb := workflowExecutionsSelectBuilderNoColumns(namespace, workflowTemplateUID, workflowTemplateVersion, includeSystem) | ||||
| 	sb = sb.Columns(getWorkflowExecutionColumns("we", "")...). | ||||
| 	sb = sb.Columns(getWorkflowExecutionColumns("we")...). | ||||
| 		Columns(`wtv.version "workflow_template.version"`, `wtv.created_at "workflow_template.created_at"`, `wt.name "workflow_template.name"`, `wt.uid "workflow_template.uid"`) | ||||
|  | ||||
| 	return sb | ||||
| } | ||||
|  | ||||
| func (c *Client) getWorkflowExecutionAndTemplate(namespace string, uid string) (workflow *WorkflowExecution, err error) { | ||||
| 	sb := sb.Select(getWorkflowExecutionColumns("we", "")...). | ||||
| 	sb := sb.Select(getWorkflowExecutionColumns("we")...). | ||||
| 		Columns(getWorkflowTemplateColumns("wt", "workflow_template")...). | ||||
| 		Columns(`wtv.manifest "workflow_template.manifest"`, `wtv.version "workflow_template.version"`). | ||||
| 		From("workflow_executions we"). | ||||
|   | ||||
							
								
								
									
										110
									
								
								pkg/workspace.go
									
									
									
									
									
								
							
							
						
						
									
										110
									
								
								pkg/workspace.go
									
									
									
									
									
								
							| @@ -15,7 +15,6 @@ import ( | ||||
| 	"github.com/onepanelio/core/pkg/util/request" | ||||
| 	log "github.com/sirupsen/logrus" | ||||
| 	"google.golang.org/grpc/codes" | ||||
| 	"strconv" | ||||
| 	"strings" | ||||
| 	"time" | ||||
| ) | ||||
| @@ -286,32 +285,15 @@ func (c *Client) addResourceRequestsAndLimitsToWorkspaceTemplate(t wfv1.Template | ||||
| 	if !ok { | ||||
| 		return nil, errors.New("unable to type check statefulset manifest") | ||||
| 	} | ||||
| 	//Get node selected | ||||
| 	labelKey := "sys-node-pool-label" | ||||
| 	labelKeyVal := "" | ||||
| 	for _, parameter := range argoTemplate.Spec.Arguments.Parameters { | ||||
| 		if parameter.Name == labelKey { | ||||
| 			labelKeyVal = *parameter.Value | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	nodePoolKey := "sys-node-pool" | ||||
| 	nodePoolVal := "" | ||||
| 	for _, parameter := range workspace.Parameters { | ||||
| 		if parameter.Name == nodePoolKey { | ||||
| 			nodePoolVal = *parameter.Value | ||||
| 		} | ||||
| 	} | ||||
| 	extraContainer, err := generateExtraContainerWithResources(c, labelKeyVal, nodePoolVal) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	extraContainer := generateExtraContainerWithHostPortToSequesterNode() | ||||
| 	if extraContainer != nil { | ||||
| 		containers, ok := templateSpec["containers"].([]interface{}) | ||||
| 		if !ok { | ||||
| 			return nil, errors.New("unable to type check statefulset manifest") | ||||
| 		} | ||||
|  | ||||
| 		templateSpec["containers"] = append([]interface{}{extraContainer}, containers...) | ||||
| 	} | ||||
| 	resultManifest, err := yaml.Marshal(statefulSet) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| @@ -319,78 +301,25 @@ func (c *Client) addResourceRequestsAndLimitsToWorkspaceTemplate(t wfv1.Template | ||||
| 	return resultManifest, nil | ||||
| } | ||||
|  | ||||
| // generateExtraContainerWithResources will add an extra container to a workspace. | ||||
| // The extra container will have the calculated resource request for the node selected by the workspace. | ||||
| // generateExtraContainerWithHostPortToSequesterNode will add an extra container to a workspace. | ||||
| // The extra container have a hostPort set. Kubernetes will ensure the hostPort does not get conflict | ||||
| // between containers, scheduling a new node as needed. | ||||
| // The container will sleep once started, and generally consume negligible resources. | ||||
| // | ||||
| // The node that was selected has to be already running, in order to get the resource request correct. | ||||
| func generateExtraContainerWithResources(c *Client, labelKeyVal string, nodePoolVal string) (map[string]interface{}, error) { | ||||
| 	runningNodes, err := c.Interface.CoreV1().Nodes().List(ListOptions{}) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
| 	var cpu string | ||||
| 	var memory string | ||||
| 	var gpu int64 | ||||
| 	gpuManufacturer := "" | ||||
| 	for _, node := range runningNodes.Items { | ||||
| 		if node.Labels[labelKeyVal] == nodePoolVal { | ||||
| 			cpuInt := node.Status.Allocatable.Cpu().MilliValue() | ||||
| 			cpu = strconv.FormatFloat(float64(cpuInt)*.9, 'f', 0, 64) + "m" | ||||
| 			memoryInt := node.Status.Allocatable.Memory().MilliValue() | ||||
| 			kiBase := 1024.0 | ||||
| 			ninetyPerc := float64(memoryInt) * .9 | ||||
| 			toKi := ninetyPerc / kiBase / kiBase | ||||
| 			memory = strconv.FormatFloat(toKi, 'f', 0, 64) + "Ki" | ||||
| 			//Check for Nvidia | ||||
| 			gpuQuantity := node.Status.Allocatable["nvidia.com/gpu"] | ||||
| 			if gpuQuantity.IsZero() == false { | ||||
| 				gpu = gpuQuantity.Value() | ||||
| 				gpuManufacturer = "nvidia.com/gpu" | ||||
| 			} | ||||
|  | ||||
| 			//Check for AMD | ||||
| 			//Source: https://github.com/RadeonOpenCompute/k8s-device-plugin/blob/master/example/pod/alexnet-gpu.yaml | ||||
| 			gpuQuantity = node.Status.Allocatable["amd.com/gpu"] | ||||
| 			if gpuQuantity.IsZero() == false { | ||||
| 				gpu = gpuQuantity.Value() | ||||
| 				gpuManufacturer = "amd.com/gpu" | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| func generateExtraContainerWithHostPortToSequesterNode() map[string]interface{} { | ||||
| 	extraContainer := map[string]interface{}{ | ||||
| 		"image":   "alpine:latest", | ||||
| 		"name":    "resource-requester", | ||||
| 		"name":    "node-capturer", | ||||
| 		"command": []interface{}{"/bin/sh"}, | ||||
| 		"args":    []interface{}{"-c", "while :; do sleep 2073600; done"}, | ||||
| 		"resources": map[string]interface{}{ | ||||
| 			"requests": map[string]interface{}{ | ||||
| 				"cpu":    cpu, | ||||
| 				"memory": memory, | ||||
| 		"ports": []interface{}{ | ||||
| 			map[string]interface{}{ | ||||
| 				"name":          "node-capturer", | ||||
| 				"hostPort":      80, | ||||
| 				"containerPort": 80, | ||||
| 			}, | ||||
| 			"limits": map[string]interface{}{}, | ||||
| 		}, | ||||
| 	} | ||||
|  | ||||
| 	if gpu > 0 { | ||||
| 		res, ok := extraContainer["resources"].(map[string]interface{}) | ||||
| 		if !ok { | ||||
| 			return nil, errors.New("unable to type check extraContainer") | ||||
| 		} | ||||
| 		reqs, ok := res["requests"].(map[string]interface{}) | ||||
| 		if !ok { | ||||
| 			return nil, errors.New("unable to type check extraContainer") | ||||
| 		} | ||||
| 		reqs[gpuManufacturer] = gpu | ||||
|  | ||||
| 		limits, ok := res["limits"].(map[string]interface{}) | ||||
| 		if !ok { | ||||
| 			return nil, errors.New("unable to type check extraContainer") | ||||
| 		} | ||||
| 		limits[gpuManufacturer] = gpu | ||||
|  | ||||
| 	} | ||||
| 	return extraContainer, err | ||||
| 	return extraContainer | ||||
| } | ||||
|  | ||||
| // startWorkspace starts a workspace and related resources. It assumes a DB record already exists | ||||
| @@ -441,6 +370,17 @@ func (c *Client) startWorkspace(namespace string, parameters []byte, workspace * | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	templates := argoTemplate.Spec.Templates | ||||
| 	for i, t := range templates { | ||||
| 		if t.Name == WorkspaceStatefulSetResource { | ||||
| 			resultManifest, err := c.addResourceRequestsAndLimitsToWorkspaceTemplate(t, argoTemplate, workspace) | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
| 			templates[i].Resource.Manifest = string(resultManifest) | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	_, err = c.CreateWorkflowExecution(namespace, &WorkflowExecution{ | ||||
| 		Parameters: workspace.Parameters, | ||||
| 	}, workflowTemplate) | ||||
|   | ||||
| @@ -1158,6 +1158,19 @@ func (c *Client) UpdateWorkspaceTemplate(namespace string, workspaceTemplate *Wo | ||||
| 	return workspaceTemplate, nil | ||||
| } | ||||
|  | ||||
| // UpdateWorkspaceTemplateManifest updates a workspace template by creating a new version where the only difference is the manifest | ||||
| func (c *Client) UpdateWorkspaceTemplateManifest(namespace, uid string, manifest string) (*WorkspaceTemplate, error) { | ||||
| 	existingTemplate, err := c.GetWorkspaceTemplate(namespace, uid, 0) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| 	} | ||||
|  | ||||
| 	existingTemplate.UID = uid | ||||
| 	existingTemplate.Manifest = manifest | ||||
|  | ||||
| 	return c.UpdateWorkspaceTemplate(namespace, existingTemplate) | ||||
| } | ||||
|  | ||||
| // ListWorkspaceTemplates returns a list of workspace templates that are not archived, sorted by most recent created first | ||||
| func (c *Client) ListWorkspaceTemplates(namespace string, request *request.Request) (workspaceTemplates []*WorkspaceTemplate, err error) { | ||||
| 	sb := c.workspaceTemplatesSelectBuilder(namespace). | ||||
|   | ||||
| @@ -2,9 +2,13 @@ package auth | ||||
|  | ||||
| import ( | ||||
| 	"context" | ||||
| 	"crypto/md5" | ||||
| 	"encoding/hex" | ||||
| 	"errors" | ||||
| 	"fmt" | ||||
| 	"github.com/onepanelio/core/api" | ||||
| 	"github.com/onepanelio/core/pkg/util" | ||||
| 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||||
| 	"net/http" | ||||
| 	"strings" | ||||
|  | ||||
| @@ -36,6 +40,9 @@ func getBearerToken(ctx context.Context) (*string, bool) { | ||||
| 			return nil, false | ||||
| 		} | ||||
| 		t = strings.ReplaceAll(t, prefix, "") | ||||
| 		if t == "null" { | ||||
| 			return nil, false | ||||
| 		} | ||||
| 		return &t, true | ||||
| 	} | ||||
|  | ||||
| @@ -64,7 +71,12 @@ func getClient(ctx context.Context, kubeConfig *v1.Config, db *v1.DB, sysConfig | ||||
| 		return nil, status.Error(codes.Unauthenticated, `Missing or invalid "authorization" header.`) | ||||
| 	} | ||||
|  | ||||
| 	if sysConfig["token"] != *bearerToken { | ||||
| 		sysConfig["token"] = *bearerToken | ||||
| 	} | ||||
|  | ||||
| 	kubeConfig.BearerToken = *bearerToken | ||||
|  | ||||
| 	client, err := v1.NewClient(kubeConfig, db, sysConfig) | ||||
| 	if err != nil { | ||||
| 		return nil, err | ||||
| @@ -98,6 +110,43 @@ func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) ( | ||||
| 	return | ||||
| } | ||||
|  | ||||
| func verifyLogin(client *v1.Client, tokenRequest *api.IsValidTokenRequest) (rawToken string, err error) { | ||||
| 	accountsList, err := client.CoreV1().ServiceAccounts("onepanel").List(v1.ListOptions{}) | ||||
| 	if err != nil { | ||||
| 		return "", err | ||||
| 	} | ||||
|  | ||||
| 	authTokenSecretName := "" | ||||
| 	for _, serviceAccount := range accountsList.Items { | ||||
| 		if serviceAccount.Name != tokenRequest.Username { | ||||
| 			continue | ||||
| 		} | ||||
| 		for _, secret := range serviceAccount.Secrets { | ||||
| 			if strings.Contains(secret.Name, "-token-") { | ||||
| 				authTokenSecretName = secret.Name | ||||
| 				break | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| 	if authTokenSecretName == "" { | ||||
| 		return "", util.NewUserError(codes.InvalidArgument, fmt.Sprintf("unknown service account '%v'", tokenRequest.Username)) | ||||
| 	} | ||||
|  | ||||
| 	secret, err := client.CoreV1().Secrets("onepanel").Get(authTokenSecretName, v12.GetOptions{}) | ||||
| 	if err != nil { | ||||
| 		return "", err | ||||
| 	} | ||||
|  | ||||
| 	currentTokenBytes := md5.Sum(secret.Data["token"]) | ||||
| 	currentTokenString := hex.EncodeToString(currentTokenBytes[:]) | ||||
|  | ||||
| 	if tokenRequest.Token != fmt.Sprintf("%s", currentTokenString) { | ||||
| 		return "", util.NewUserError(codes.InvalidArgument, "token doesn't match what's on record") | ||||
| 	} | ||||
|  | ||||
| 	return string(secret.Data["token"]), nil | ||||
| } | ||||
|  | ||||
| // UnaryInterceptor performs authentication checks. | ||||
| // The two main cases are: | ||||
| //   1. Is the token valid? This is used for logging in. | ||||
| @@ -113,10 +162,25 @@ func UnaryInterceptor(kubeConfig *v1.Config, db *v1.DB, sysConfig v1.SystemConfi | ||||
|  | ||||
| 			tokenRequest, ok := req.(*api.IsValidTokenRequest) | ||||
| 			if !ok { | ||||
| 				return resp, errors.New("IsValidToken does not have correct request type") | ||||
| 				return resp, errors.New("LogInRequest does not have correct request type") | ||||
| 			} | ||||
|  | ||||
| 			md.Set("authorization", tokenRequest.Token.Token) | ||||
| 			defaultClient, err := v1.GetDefaultClient() | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
|  | ||||
| 			rawToken, err := verifyLogin(defaultClient, tokenRequest) | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
|  | ||||
| 			sysConfig, err := defaultClient.GetSystemConfig() | ||||
| 			if err != nil { | ||||
| 				return nil, err | ||||
| 			} | ||||
|  | ||||
| 			md.Set("onepanel-auth-token", rawToken) | ||||
|  | ||||
| 			ctx, err = getClient(ctx, kubeConfig, db, sysConfig) | ||||
| 			if err != nil { | ||||
|   | ||||
| @@ -66,8 +66,10 @@ func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequ | ||||
| 	if err != nil { | ||||
| 		return | ||||
| 	} | ||||
| 	res = &api.IsValidTokenResponse{} | ||||
| 	res.Domain = config["ONEPANEL_DOMAIN"] | ||||
| 	res = &api.IsValidTokenResponse{ | ||||
| 		Domain: config["ONEPANEL_DOMAIN"], | ||||
| 		Token:  config["token"], | ||||
| 	} | ||||
|  | ||||
| 	return res, nil | ||||
| } | ||||
|   | ||||
| @@ -7,21 +7,22 @@ import ( | ||||
| 	"github.com/onepanelio/core/server/auth" | ||||
| ) | ||||
|  | ||||
| func resourceIdentifierToArgoResource(identifier string) string { | ||||
| func getGroupAndResourceByIdentifier(identifier string) (group, resource string) { | ||||
| 	group = "argoproj.io" | ||||
| 	switch identifier { | ||||
| 	case v1.TypeWorkflowTemplate: | ||||
| 		return "workflowtemplates" | ||||
| 		return group, "workflowtemplates" | ||||
| 	case v1.TypeWorkflowTemplateVersion: | ||||
| 		return "workflowtemplates" | ||||
| 		return group, "workflowtemplates" | ||||
| 	case v1.TypeWorkflowExecution: | ||||
| 		return "workflows" | ||||
| 		return group, "workflows" | ||||
| 	case v1.TypeCronWorkflow: | ||||
| 		return "cronworkflows" | ||||
| 		return group, "cronworkflows" | ||||
| 	case v1.TypeWorkspace: | ||||
| 		return "statefulset" | ||||
| 		return "onepanel.io", "workspaces" | ||||
| 	} | ||||
|  | ||||
| 	return "" | ||||
| 	return "", "" | ||||
| } | ||||
|  | ||||
| func mapLabelsToKeyValue(labels []*v1.Label) []*api.KeyValue { | ||||
| @@ -54,10 +55,10 @@ func NewLabelServer() *LabelServer { | ||||
| } | ||||
|  | ||||
| func (s *LabelServer) GetLabels(ctx context.Context, req *api.GetLabelsRequest) (*api.GetLabelsResponse, error) { | ||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||
| 	group, resource := getGroupAndResourceByIdentifier(req.Resource) | ||||
|  | ||||
| 	client := getClient(ctx) | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", argoResource, "") | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", group, resource, "") | ||||
| 	if err != nil || !allowed { | ||||
| 		return nil, err | ||||
| 	} | ||||
| @@ -73,10 +74,10 @@ func (s *LabelServer) GetLabels(ctx context.Context, req *api.GetLabelsRequest) | ||||
| } | ||||
|  | ||||
| func (s *LabelServer) AddLabels(ctx context.Context, req *api.AddLabelsRequest) (*api.GetLabelsResponse, error) { | ||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||
| 	group, resource := getGroupAndResourceByIdentifier(req.Resource) | ||||
|  | ||||
| 	client := getClient(ctx) | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", argoResource, "") | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", group, resource, "") | ||||
| 	if err != nil || !allowed { | ||||
| 		return nil, err | ||||
| 	} | ||||
| @@ -97,10 +98,10 @@ func (s *LabelServer) AddLabels(ctx context.Context, req *api.AddLabelsRequest) | ||||
| } | ||||
|  | ||||
| func (s *LabelServer) ReplaceLabels(ctx context.Context, req *api.ReplaceLabelsRequest) (*api.GetLabelsResponse, error) { | ||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||
| 	group, resource := getGroupAndResourceByIdentifier(req.Resource) | ||||
|  | ||||
| 	client := getClient(ctx) | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", argoResource, "") | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", group, resource, "") | ||||
| 	if err != nil || !allowed { | ||||
| 		return nil, err | ||||
| 	} | ||||
| @@ -121,11 +122,11 @@ func (s *LabelServer) ReplaceLabels(ctx context.Context, req *api.ReplaceLabelsR | ||||
| } | ||||
|  | ||||
| func (s *LabelServer) DeleteLabel(ctx context.Context, req *api.DeleteLabelRequest) (*api.GetLabelsResponse, error) { | ||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||
| 	group, resource := getGroupAndResourceByIdentifier(req.Resource) | ||||
|  | ||||
| 	client := getClient(ctx) | ||||
| 	// update verb here since we are not deleting the resource, but labels | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", argoResource, "") | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", group, resource, "") | ||||
| 	if err != nil || !allowed { | ||||
| 		return nil, err | ||||
| 	} | ||||
|   | ||||
| @@ -363,7 +363,7 @@ func (s *WorkspaceServer) RetryLastWorkspaceAction(ctx context.Context, req *api | ||||
| func (s *WorkspaceServer) GetWorkspaceStatisticsForNamespace(ctx context.Context, req *api.GetWorkspaceStatisticsForNamespaceRequest) (*api.GetWorkspaceStatisticsForNamespaceResponse, error) { | ||||
| 	client := getClient(ctx) | ||||
|  | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workspaces", "") | ||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "onepanel.io", "workspaces", "") | ||||
| 	if err != nil || !allowed { | ||||
| 		return nil, err | ||||
| 	} | ||||
|   | ||||
		Reference in New Issue
	
	Block a user