diff --git a/docs/docs/en/guide/security.md b/docs/docs/en/guide/security.md index 5511802ae0..3c22f580c5 100644 --- a/docs/docs/en/guide/security.md +++ b/docs/docs/en/guide/security.md @@ -149,3 +149,15 @@ worker.groups=default,test - Create a task node in the workflow definition, select the worker group and the environment corresponding to the worker group. When executing the task, the Worker will execute the environment first before executing the task. ![use-environment](/img/new_ui/dev/security/use-environment.png) + +## Namespace Management + +> Add or update k8s cluster + +- First enter the configuration of the k8s cluster connection into the table `t_ds_k8s` in the database, which will be configured later by the web page. + +> Add or update namespace + +- After creation and authorization, you can select it from the namespace drop down list when edit k8s task, If the k8s cluster name is `ds_null_k8s` means test mode which will not operate the cluster actually. + +![create-environment](/img/new_ui/dev/security/create-namespace.png) diff --git a/docs/docs/zh/guide/security.md b/docs/docs/zh/guide/security.md index 16ff17577d..8dadd18cde 100644 --- a/docs/docs/zh/guide/security.md +++ b/docs/docs/zh/guide/security.md @@ -96,8 +96,8 @@ ## 授予权限 -* 授予权限包括项目权限,资源权限,数据源权限,UD F函数权限。 -* 管理员可以对普通用户进行非其创建的项目、资源、数据源和 UDF 函数进行授权。因为项目、资源、数据源和 UDF 函数授权方式都是一样的,所以以项目授权为例介绍。 +* 授予权限包括项目权限,资源权限,数据源权限,UDF函数权限,k8s命名空间。 +* 管理员可以对普通用户进行非其创建的项目、资源、数据源、UDF函数、k8s命名空间。因为项目、资源、数据源、UDF函数、k8s命名空间授权方式都是一样的,所以以项目授权为例介绍。 * 注意:对于用户自己创建的项目,该用户拥有所有的权限。则项目列表和已选项目列表中不会显示。 - 管理员进入安全中心->用户管理页面,点击需授权用户的“授权”按钮,如下图所示: @@ -148,3 +148,15 @@ worker.groups=default,test - 在工作流定义中创建任务节点选择 worker 分组和 worker 分组对应的环境,任务执行时 worker 会先执行环境在执行任务. ![use-environment](/img/new_ui/dev/security/use-environment.png) + +## 命名空间管理 + +> 创建/更新 k8s集群 + +- 先把k8s集群连接的配置录入 database 的表 `t_ds_k8s`,后续会通过页面配置. + +> 创建/更新 namespace + +- 创建和授权后,在相关k8s任务选择命名空间时下拉可选,如果k8s集群名字是`ds_null_k8s`是测试模式,不会真正操作集群. + +![create-environment](/img/new_ui/dev/security/create-namespace.png) diff --git a/docs/img/new_ui/dev/security/create-namespace.png b/docs/img/new_ui/dev/security/create-namespace.png new file mode 100644 index 0000000000..aac7cdf79a Binary files /dev/null and b/docs/img/new_ui/dev/security/create-namespace.png differ diff --git a/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/K8sNamespaceMapperTest.java b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/K8sNamespaceMapperTest.java new file mode 100644 index 0000000000..6ce3755a73 --- /dev/null +++ b/dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/K8sNamespaceMapperTest.java @@ -0,0 +1,136 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.dao.mapper; + +import org.apache.dolphinscheduler.dao.BaseDaoTest; +import org.apache.dolphinscheduler.dao.entity.K8sNamespace; + +import java.util.Date; +import java.util.List; + +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; + +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; + +public class K8sNamespaceMapperTest extends BaseDaoTest { + + @Autowired + K8sNamespaceMapper k8sNamespaceMapper; + + /** + * insert + * + * @return K8sNamespace + */ + private K8sNamespace insertOne() { + //insertOne + K8sNamespace k8sNamespace = new K8sNamespace(); + k8sNamespace.setNamespace("testNamespace"); + k8sNamespace.setK8s("ds_null_k8s"); + k8sNamespace.setLimitsCpu(100.0); + k8sNamespace.setLimitsMemory(100); + k8sNamespace.setCreateTime(new Date()); + k8sNamespace.setUpdateTime(new Date()); + k8sNamespaceMapper.insert(k8sNamespace); + return k8sNamespace; + } + + @Before + public void setUp() { + clearTestData(); + } + + @After + public void after() { + clearTestData(); + } + + public void clearTestData() { + k8sNamespaceMapper.selectList(null).stream().forEach(nanespace -> { + k8sNamespaceMapper.deleteById(nanespace.getId()); + }); + } + + /** + * test update + */ + @Test + public void testUpdate() { + //insertOne + K8sNamespace k8sNamespace = insertOne(); + k8sNamespace.setLimitsMemory(200); + //update + int update = k8sNamespaceMapper.updateById(k8sNamespace); + Assert.assertEquals(update, 1); + } + + /** + * test delete + */ + @Test + public void testDelete() { + K8sNamespace k8sNamespace = insertOne(); + int delete = k8sNamespaceMapper.deleteById(k8sNamespace.getId()); + Assert.assertEquals(delete, 1); + } + + /** + * test query + */ + @Test + public void testQuery() { + insertOne(); + //query + List k8sNamespaces = k8sNamespaceMapper.selectList(null); + Assert.assertEquals(k8sNamespaces.size(), 1); + } + + + /** + * test query k8sNamespaces by id + */ + @Test + public void testQueryByK8sNamespaceId() { + K8sNamespace entity = insertOne(); + K8sNamespace k8sNamespace = k8sNamespaceMapper.selectById(entity.getId()); + Assert.assertEquals(entity.toString(),k8sNamespace.toString()); + } + + + /** + * test query k8sNamespaces list paging + */ + @Test + public void testQueryK8sNamespaceListPaging() { + K8sNamespace entity = insertOne(); + Page page = new Page<>(1, 10); + IPage k8sNamespaceIPage = k8sNamespaceMapper.queryK8sNamespacePaging(page,""); + List k8sNamespaceList = k8sNamespaceIPage.getRecords(); + Assert.assertEquals(k8sNamespaceList.size(), 1); + + k8sNamespaceIPage = k8sNamespaceMapper.queryK8sNamespacePaging(page,"abc"); + k8sNamespaceList = k8sNamespaceIPage.getRecords(); + Assert.assertEquals(k8sNamespaceList.size(), 0); + } + +} \ No newline at end of file diff --git a/dolphinscheduler-ui/src/locales/modules/en_US.ts b/dolphinscheduler-ui/src/locales/modules/en_US.ts index badaf5bbf7..a6ad43bc82 100644 --- a/dolphinscheduler-ui/src/locales/modules/en_US.ts +++ b/dolphinscheduler-ui/src/locales/modules/en_US.ts @@ -1184,8 +1184,6 @@ const security = { k8s_cluster_tips: 'Please enter k8s cluster', owner: 'Owner', owner_tips: 'Please enter owner', - tag: 'Tag', - tag_tips: 'Please enter tag', limit_cpu: 'Limit CPU', limit_cpu_tips: 'Please enter limit CPU', limit_memory: 'Limit Memory', diff --git a/dolphinscheduler-ui/src/locales/modules/zh_CN.ts b/dolphinscheduler-ui/src/locales/modules/zh_CN.ts index c75a83427d..8da25ee750 100644 --- a/dolphinscheduler-ui/src/locales/modules/zh_CN.ts +++ b/dolphinscheduler-ui/src/locales/modules/zh_CN.ts @@ -1172,8 +1172,6 @@ const security = { k8s_cluster_tips: '请输入k8s集群', owner: '负责人', owner_tips: '请输入负责人', - tag: '标签', - tag_tips: '请输入标签', limit_cpu: '最大CPU', limit_cpu_tips: '请输入最大CPU', limit_memory: '最大内存', diff --git a/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/k8s-namespace-modal.tsx b/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/k8s-namespace-modal.tsx index 5e7da9b42a..4d7a1e6be2 100644 --- a/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/k8s-namespace-modal.tsx +++ b/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/k8s-namespace-modal.tsx @@ -52,10 +52,9 @@ const K8sNamespaceModal = defineComponent({ if (props.statusRef === 0) { variables.model.namespace = '' variables.model.k8s = '' - variables.model.tag = '' variables.model.limitsCpu = '' variables.model.limitsMemory = '' - variables.model.owner = '' + variables.model.userId = '' } ctx.emit('cancelModal', props.showModalRef) } @@ -70,18 +69,16 @@ const K8sNamespaceModal = defineComponent({ if (props.statusRef === 0) { variables.model.namespace = '' variables.model.k8s = '' - variables.model.tag = '' variables.model.limitsCpu = '' variables.model.limitsMemory = '' - variables.model.owner = '' + variables.model.userId = '' } else { variables.model.id = props.row.id variables.model.namespace = props.row.namespace variables.model.k8s = props.row.k8s - variables.model.tag = props.row.tag variables.model.limitsCpu = props.row.limitsCpu + '' variables.model.limitsMemory = props.row.limitsMemory + '' - variables.model.owner = props.row.owner + variables.model.userId = props.row.userId } } ) @@ -92,10 +89,9 @@ const K8sNamespaceModal = defineComponent({ variables.model.id = props.row.id variables.model.namespace = props.row.namespace variables.model.k8s = props.row.k8s - variables.model.tag = props.row.tag variables.model.limitsCpu = props.row.limitsCpu + '' variables.model.limitsMemory = props.row.limitsMemory + '' - variables.model.owner = props.row.owner + variables.model.userId = props.row.userId } ) @@ -131,6 +127,7 @@ const K8sNamespaceModal = defineComponent({ - - - diff --git a/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/use-modal.ts b/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/use-modal.ts index 59101215fa..9bebe8ea6d 100644 --- a/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/use-modal.ts +++ b/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/components/use-modal.ts @@ -35,8 +35,7 @@ export function useModal( id: ref(-1), namespace: ref(''), k8s: ref(''), - owner: ref(''), - tag: ref(''), + userId: ref(''), limitsCpu: ref(''), limitsMemory: ref('') }, @@ -84,10 +83,9 @@ export function useModal( createK8sNamespace(variables.model).then(() => { variables.model.namespace = '' variables.model.k8s = '' - variables.model.tag = '' variables.model.limitsCpu = '' variables.model.limitsMemory = '' - variables.model.owner = '' + variables.model.userId = '' ctx.emit('confirmModal', props.showModalRef) }) }) diff --git a/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/use-table.ts b/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/use-table.ts index 6ed8bdd283..9a857b27d9 100644 --- a/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/use-table.ts +++ b/dolphinscheduler-ui/src/views/security/k8s-namespace-manage/use-table.ts @@ -78,14 +78,9 @@ export function useTable() { }, { title: t('security.k8s_namespace.owner'), - key: 'owner', + key: 'userId', ...COLUMN_WIDTH_CONFIG['userName'] }, - { - title: t('security.k8s_namespace.tag'), - key: 'tag', - ...COLUMN_WIDTH_CONFIG['tag'] - }, { title: t('security.k8s_namespace.limit_cpu'), key: 'limitsCpu',