Initial import from osism/public-services

berendt · Tim Beermann · berendt · commit d34a399756aa · 2022-07-18T13:14:53.000+02:00
Co-authored-by: Tim Beermann &lt;beermann@osism.tech&gt;
Signed-off-by: Christian Berendt &lt;berendt@osism.tech&gt;
diff --git a/README.md b/README.md
@@ -0,0 +1 @@
+# python-harborclient
diff --git a/api.py b/api.py
@@ -0,0 +1,51 @@
+from json import JSONDecodeError
+import requests
+
+
+class Api:
+    url: str = ""
+    password: str = ""
+    username: str = ""
+    verify: bool = True
+
+    def __init__(self, url: str, password: str, username: str, verify: bool = True) -> None:
+        self.url = url
+        self.password = password
+        self.username = username
+        self.verify = verify
+
+        requests.packages.urllib3.disable_warnings()
+
+    def get(self, endpoint: str) -> list:
+        r = requests.get(
+            url=f"{self.url}/{endpoint}",
+            auth=(self.username, self.password),
+            verify=self.verify
+        )
+        result = r.json()
+
+        if type(result) is dict:
+            return [result]
+
+        return result
+
+    def post(self, endpoint: str, payload: dict, statuscode: int = 201) -> dict:
+        r = requests.post(
+            url=f"{self.url}/{endpoint}",
+            auth=(self.username, self.password),
+            json=payload,
+            verify=self.verify
+        )
+
+        # Catch error when r.json() is not available
+        try:
+            result = r.json()
+        except JSONDecodeError:
+            result = {}
+
+        if r.status_code != statuscode:
+            print("Failed!")
+            # add a dict key to identify if the result is an error message
+            result['is_failed'] = True
+
+        return result
diff --git a/config.yml b/config.yml
@@ -0,0 +1,111 @@
+---
+# harbor api url and credentials.
+api:
+  url: https://harbor.services.osism.tech/api/v2.0
+  username: foobar
+  password: foobar
+  # verfiy = check ssl or not
+  verify: true
+
+# this variable is unsed and rather for documentation of possible permissions.
+available_permissions:
+  - artifact:delete
+  - artifact:list
+  - artifact:read
+  - artifact-label:create
+  - artifact-label:delete
+  - helm-chart-version-label:create
+  - helm-chart-version-label:delete
+  - helm-chart-version:create
+  - helm-chart-version:delete
+  - helm-chart:read
+  - repository:delete
+  - repository:list
+  - repository:pull
+  - repository:push
+  - scan:create
+  - scan:stop
+  - tag:create
+  - tag:delete
+  - tag:list
+
+# list of harbor projects
+projects:
+  - project_name: "kolla"
+    public: true
+  - project_name: "osism"
+    public: true
+
+# list of robot accounts
+robot_accounts:
+  - name: github
+    disable: False
+    level: system
+    duration: -1
+    description: ""
+    permissions:
+      - kind: project
+        namespace: "*"
+        access_simplified:
+          - artifact:list
+          - artifact-label:create
+          - repository:list
+          - repository:pull
+          - repository:push
+          - scan:create
+          - scan:stop
+          - tag:create
+
+# list of registries which should be connected to harbor (no replication yet)
+registries:
+  - credential:
+      access_key: foo+bar
+      access_secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      type: basic
+      # or oauth
+    name: quay.io
+    url: https://quay.io
+    type: docker-registry
+    # possible values of type:
+    # quay-io
+    # harbor
+    # google-gcr
+    # aws-ecr
+    # azure-acr
+    # ali-acr
+    # gitlab
+    # docker-registry
+    # docker-hub
+    # huawei-SWR
+    # jfrog-artifactory
+    # helm-hub
+    description: ""
+
+# list of replication rules
+replication_rules:
+  - description: ""
+    dest_namespace_replace_conut: -1
+    replicate_deletion: true
+    filters:
+      - type: "name"
+        value: "kolla/**"
+    name: "kolla"
+    dest_registry: "quay.io"
+    enabled: true
+    dest_namespace: kolla
+    trigger:
+      type: "event_based"
+    override: true
+  - description: ""
+    dest_namespace_replace_conut: -1
+    replicate_deletion: true
+    filters:
+      - type: "name"
+        value: "osism/**"
+    name: "osism"
+    dest_registry: "quay.io"
+    enabled: true
+    dest_namespace: osism
+    trigger:
+      type: "event_based"
+    override: true
diff --git a/main.py b/main.py
@@ -0,0 +1,29 @@
+import yaml
+import robot_accounts
+import replication_rules
+import registries
+import projects
+from api import Api
+
+
+def main(api: Api, config: dict) -> None:
+    registries.create(api=api, registries=config['registries'])
+    projects.create(api=api, projects=config['projects'])
+    replication_rules.create(api=api, replication_rules=config['replication_rules'])
+    print(robot_accounts.create(api=api, robot_accounts=config['robot_accounts']))
+
+
+if __name__ == "__main__":
+    with open("config.yml", "r") as stream:
+        try:
+            config = yaml.safe_load(stream)
+        except yaml.YAMLError as exc:
+            print(exc)
+
+    api = Api(
+        url=config['api']['url'],
+        username=config['api']['username'],
+        password=config['api']['password'],
+        verify=config['api']['verify']
+    )
+    main(api, config)
diff --git a/projects.py b/projects.py
@@ -0,0 +1,6 @@
+from api import Api
+
+
+def create(api: Api, projects: list) -> None:
+    for project in projects:
+        api.post(endpoint="projects", payload=project)
diff --git a/registries.py b/registries.py
@@ -0,0 +1,6 @@
+from api import Api
+
+
+def create(api: Api, registries: list) -> None:
+    for registry in registries:
+        api.post(endpoint="registries", payload=registry)
diff --git a/replication_rules.py b/replication_rules.py
@@ -0,0 +1,18 @@
+from api import Api
+
+
+def get_registry_id(api: Api, registry_name: str) -> int:
+    result = api.get(endpoint="registries")
+
+    for registry in result:
+        if registry['name'] == registry_name:
+            return {"id": registry['id']}
+
+    return {"id": -1}
+
+
+def create(api: Api, replication_rules: list) -> None:
+    for replication_rule in replication_rules:
+        replication_rule['dest_registry'] = get_registry_id(api=api, registry_name=replication_rule['dest_registry'])
+
+        api.post(endpoint="replication/policies", payload=replication_rule)
diff --git a/robot_accounts.py b/robot_accounts.py
@@ -0,0 +1,26 @@
+from api import Api
+
+
+def rework_permissions(permissions_list: list) -> list:
+    for permission in permissions_list:
+        permission['access'] = []
+        for entry in permission['access_simplified']:
+            resource, action = entry.split(":")
+            permission['access'].append(
+                {"action": action, "resource": resource}
+            )
+        del permission['access_simplified']
+    return permissions_list
+
+
+def create(api: Api, robot_accounts: list) -> list:
+    result = []
+    for robot_account in robot_accounts:
+        robot_account['permissions'] = rework_permissions(permissions_list=robot_account['permissions'])
+
+        rvalue = api.post(endpoint="robots", payload=robot_account)
+
+        if "is_failed" not in rvalue:
+            result.append(f"{rvalue['name']}: {rvalue['secret']}")
+
+    return result
