protected async Task ProvisionEnvironmentPermissionsAsync(
Kdoctl.CliServices.AzDoServices.Dtos.Project project,
PipelineEnvironmentService peService,
EnvironmentManifest pe, PipelineEnvironment envObject)
{
if (envObject != null && pe.Permissions != null && pe.Permissions.Any())
{
foreach (var permissionObject in pe.Permissions)
{
using var op = Insights.BeginOperation($"Configuring Environment ({pe.Name}) permissions: AAD object ({permissionObject.Group}) ...", "Envrionment");
var group = await GetGroupByNameAsync(
permissionObject.Origin, permissionObject.Group, permissionObject.Id);
if (group != null)
{
var legacyIdentity = await GetGraphService()
.GetLegacyIdentitiesBySidAsync(group.Sid);
if (legacyIdentity != null && legacyIdentity.Value.Any())
{
var localId = legacyIdentity.Value.First().Id;
foreach (var role in permissionObject.Roles)
{
await peService.SetPermissionAsync(project.Id, envObject.Id, localId, role);
}
}
}
else
{
op.EndWithFailure("Failed (Not found in AAD)");
}
}
}
}
protected async Task DeleteDefaultRepoAsync(
RepositoryService repoService,
Kdoctl.CliServices.AzDoServices.Dtos.Project project, bool projectWasAbsent)
{
if (projectWasAbsent)
{
// when new projects are created, there's a defaul repository
// let's remove that
var allRepos = await repoService.GetRepositoryListAsync(project.Id);
if (allRepos != null && allRepos.Count > 0)
{
await repoService.DeleteRepositoryAsync(project.Id, allRepos.First().Id);
}
}
}
protected async Task EnsureRepositoryPermissionsAsync(
Kdoctl.CliServices.AzDoServices.Dtos.Project project,
RepositoryManifest repo, Microsoft.TeamFoundation.SourceControl.WebApi.GitRepository repository)
{
if (repository != null && repo.Permissions != null && repo.Permissions.Any())
{
var secService = GetSecurityNamespaceService();
var gitNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Git_Repositories);
var gitSecurityNamespaceId = gitNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
await CreateAclsAsync(typeof(GitRepositories), repo.Permissions, aclDictioanry);
if (aclDictioanry.Count > 0)
{
var repositorySecurityToken = $"repoV2/{project.Id}/{repository.Id}";
var aclService = GetAclListService();
await aclService.SetAclsAsync(gitSecurityNamespaceId, repositorySecurityToken, aclDictioanry, false);
}
}
}
protected async Task ProvisionEnvironmentAsync(
Kdoctl.CliServices.AzDoServices.Dtos.Project project,
PipelineEnvironmentService peService, EnvironmentManifest pe,
string k8sNamespace, string k8sClusterName)
{
var seService = GetServiceEndpointService();
var peColl = await peService.ListEnvironmentsAsync(project.Id);
if (peColl != null)
{
var envObject = peColl.Value
.FirstOrDefault(penv => penv.Name.Equals(pe.Name, StringComparison.OrdinalIgnoreCase));
if (envObject == null)
{
envObject = await peService.CreateEnvironmentAsync(project.Id, pe.Name, pe.Description);
if (!string.IsNullOrWhiteSpace(pe.ServiceEndpointReference))
{
var seColl = await seService.ListServiceEndpointsAsync(project.Id);
if (seColl != null && seColl.Value != null)
{
var foundSe = seColl.Value
.FirstOrDefault(s => s.Name
.Equals(pe.ServiceEndpointReference, StringComparison.OrdinalIgnoreCase));
if (foundSe != null)
{
await seService.CreateKubernetesResourceAsync(
project.Id.ToString(),
envObject.Id,
foundSe.Id, k8sNamespace, k8sClusterName);
}
}
}
}
await ProvisionEnvironmentPermissionsAsync(project, peService, pe, envObject);
}
}
protected async Task ProvisionReleasePathPermissionsAsync(
Kdoctl.CliServices.AzDoServices.Dtos.Project project, PipelineFolder rp, VstsFolder existingItem)
{
if (existingItem != null)
{
var secService = GetSecurityNamespaceService();
var buildNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.ReleaseManagement,
ReleaseManagementEx.AdministerReleasePermissions.ToString());
var namespaceId = buildNamespace.NamespaceId;
var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>();
await CreateAclsAsync(typeof(ReleaseManagementEx), rp.Permissions, aclDictioanry);
if (aclDictioanry.Count > 0)
{
var fpath = rp.Path.TrimStart("\\/".ToCharArray()).Replace("\\", "/");
var token = $"{project.Id}/{fpath}";
var aclService = GetAclListService();
await aclService.SetAclsAsync(namespaceId, token, aclDictioanry, false);
}
}
}
protected async Task EnsureReleaseFoldersAsync(ProjectManifest manifest,
Kdoctl.CliServices.AzDoServices.Dtos.Project project)
{
if (manifest.ReleaseFolders != null && manifest.ReleaseFolders.Any())
{
var releaseService = GetReleaseService();
var releasePaths = await releaseService.ListFoldersAsync(project.Id);
foreach (var rp in manifest.ReleaseFolders)
{
var existingItem = releasePaths.Value
.FirstOrDefault(p => p.Path.Replace("\\", "/").Equals(rp.Path, StringComparison.OrdinalIgnoreCase));
if (existingItem == null)
{
existingItem = await releaseService.CreateFolderAsync(project.Id, rp.Path);
}
using var op = Insights.BeginOperation($"Creating permissions {rp.Path}...", "ReleaseFolderPermissions");
await ProvisionReleasePathPermissionsAsync(project, rp, existingItem);
}
}
}
protected async Task EnsureEnvironmentExistsAsync(
ProjectManifest manifest,
Kdoctl.CliServices.AzDoServices.Dtos.Project project,
List <Tuple <k8s.Models.V1ServiceAccount> > k8sOutcome)
{
if (project != null && manifest.Environments != null && manifest.Environments.Any())
{
var peService = GetPipelineEnvironmentService();
foreach (var pe in manifest.Environments)
{
if (pe != null && !string.IsNullOrWhiteSpace(pe.Name) && k8sOutcome != null && k8sOutcome.Count > 0)
{
var item = k8sOutcome.FirstOrDefault().Item1;
if (item != null)
{
await ProvisionEnvironmentAsync(project, peService, pe,
item.Metadata.NamespaceProperty, item.Metadata.NamespaceProperty);
}
}
}
}
}
protected async Task EnsureBuildFoldersAsync(
ProjectManifest manifest,
Kdoctl.CliServices.AzDoServices.Dtos.Project project)
{
if (manifest.BuildFolders != null && manifest.BuildFolders.Any())
{
var buildService = this.GetBuildService();
var buildPaths = await buildService.ListFoldersAsync(project.Id);
foreach (var bp in manifest.BuildFolders)
{
var existingItem = buildPaths.Value
.FirstOrDefault(p => p.Path.Replace("\\", "/").Equals(bp.Path, StringComparison.OrdinalIgnoreCase));
if (existingItem == null)
{
existingItem = await buildService.CreateFolderAsync(project.Id, bp.Path);
}
using var op = Insights.BeginOperation($"Creating permissions {bp.Path}...", "Build-Folder-Permissions");
await ProvisionBuildPathPermissionsAsync(project, bp, existingItem);
}
}
}
protected async Task EnsureRepositoriesExistsAsync(
ProjectManifest manifest,
RepositoryService repoService,
Kdoctl.CliServices.AzDoServices.Dtos.Project project,
bool projectWasAbsent)
{
if (project != null && manifest.Repositories != null && manifest.Repositories.Any())
{
foreach (var repo in manifest.Repositories)
{
if (!string.IsNullOrWhiteSpace(repo.Name))
{
var reposCollection = await repoService.GetRepositoryListAsync(project.Id);
var repository = reposCollection
.FirstOrDefault(r => r.Name.Equals(repo.Name, StringComparison.OrdinalIgnoreCase));
if (repository == null)
{
using var op = Insights.BeginOperation($"Creating Repository {repo.Name}...", "Repository");
await ExecutionSupports.Retry(async() =>
{
repository = await repoService.CreateAsync(project.Id, repo.Name);
},
exception => { Insights.TrackException(exception); });
op.EndWithSuccess("Succeed");
}
using var opPermissions = Insights.BeginOperation($"Setting up permissions for repository {repo.Name}...", "RepoPermissions");
await EnsureRepositoryPermissionsAsync(project, repo, repository);
}
}
await DeleteDefaultRepoAsync(repoService, project, projectWasAbsent);
}
}
