protected async Task ProvisionEnvironmentPermissionsAsync( Kdoctl.CliServices.AzDoServices.Dtos.Project project, PipelineEnvironmentService peService, EnvironmentManifest pe, PipelineEnvironment envObject) { if (envObject != null && pe.Permissions != null && pe.Permissions.Any()) { foreach (var permissionObject in pe.Permissions) { using var op = Insights.BeginOperation($"Configuring Environment ({pe.Name}) permissions: AAD object ({permissionObject.Group}) ...", "Envrionment"); var group = await GetGroupByNameAsync( permissionObject.Origin, permissionObject.Group, permissionObject.Id); if (group != null) { var legacyIdentity = await GetGraphService() .GetLegacyIdentitiesBySidAsync(group.Sid); if (legacyIdentity != null && legacyIdentity.Value.Any()) { var localId = legacyIdentity.Value.First().Id; foreach (var role in permissionObject.Roles) { await peService.SetPermissionAsync(project.Id, envObject.Id, localId, role); } } } else { op.EndWithFailure("Failed (Not found in AAD)"); } } } }
protected async Task DeleteDefaultRepoAsync( RepositoryService repoService, Kdoctl.CliServices.AzDoServices.Dtos.Project project, bool projectWasAbsent) { if (projectWasAbsent) { // when new projects are created, there's a defaul repository // let's remove that var allRepos = await repoService.GetRepositoryListAsync(project.Id); if (allRepos != null && allRepos.Count > 0) { await repoService.DeleteRepositoryAsync(project.Id, allRepos.First().Id); } } }
protected async Task EnsureRepositoryPermissionsAsync( Kdoctl.CliServices.AzDoServices.Dtos.Project project, RepositoryManifest repo, Microsoft.TeamFoundation.SourceControl.WebApi.GitRepository repository) { if (repository != null && repo.Permissions != null && repo.Permissions.Any()) { var secService = GetSecurityNamespaceService(); var gitNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.Git_Repositories); var gitSecurityNamespaceId = gitNamespace.NamespaceId; var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>(); await CreateAclsAsync(typeof(GitRepositories), repo.Permissions, aclDictioanry); if (aclDictioanry.Count > 0) { var repositorySecurityToken = $"repoV2/{project.Id}/{repository.Id}"; var aclService = GetAclListService(); await aclService.SetAclsAsync(gitSecurityNamespaceId, repositorySecurityToken, aclDictioanry, false); } } }
protected async Task ProvisionEnvironmentAsync( Kdoctl.CliServices.AzDoServices.Dtos.Project project, PipelineEnvironmentService peService, EnvironmentManifest pe, string k8sNamespace, string k8sClusterName) { var seService = GetServiceEndpointService(); var peColl = await peService.ListEnvironmentsAsync(project.Id); if (peColl != null) { var envObject = peColl.Value .FirstOrDefault(penv => penv.Name.Equals(pe.Name, StringComparison.OrdinalIgnoreCase)); if (envObject == null) { envObject = await peService.CreateEnvironmentAsync(project.Id, pe.Name, pe.Description); if (!string.IsNullOrWhiteSpace(pe.ServiceEndpointReference)) { var seColl = await seService.ListServiceEndpointsAsync(project.Id); if (seColl != null && seColl.Value != null) { var foundSe = seColl.Value .FirstOrDefault(s => s.Name .Equals(pe.ServiceEndpointReference, StringComparison.OrdinalIgnoreCase)); if (foundSe != null) { await seService.CreateKubernetesResourceAsync( project.Id.ToString(), envObject.Id, foundSe.Id, k8sNamespace, k8sClusterName); } } } } await ProvisionEnvironmentPermissionsAsync(project, peService, pe, envObject); } }
protected async Task ProvisionReleasePathPermissionsAsync( Kdoctl.CliServices.AzDoServices.Dtos.Project project, PipelineFolder rp, VstsFolder existingItem) { if (existingItem != null) { var secService = GetSecurityNamespaceService(); var buildNamespace = await secService.GetNamespaceAsync(SecurityNamespaceConstants.ReleaseManagement, ReleaseManagementEx.AdministerReleasePermissions.ToString()); var namespaceId = buildNamespace.NamespaceId; var aclDictioanry = new Dictionary <string, VstsAcesDictionaryEntry>(); await CreateAclsAsync(typeof(ReleaseManagementEx), rp.Permissions, aclDictioanry); if (aclDictioanry.Count > 0) { var fpath = rp.Path.TrimStart("\\/".ToCharArray()).Replace("\\", "/"); var token = $"{project.Id}/{fpath}"; var aclService = GetAclListService(); await aclService.SetAclsAsync(namespaceId, token, aclDictioanry, false); } } }
protected async Task EnsureReleaseFoldersAsync(ProjectManifest manifest, Kdoctl.CliServices.AzDoServices.Dtos.Project project) { if (manifest.ReleaseFolders != null && manifest.ReleaseFolders.Any()) { var releaseService = GetReleaseService(); var releasePaths = await releaseService.ListFoldersAsync(project.Id); foreach (var rp in manifest.ReleaseFolders) { var existingItem = releasePaths.Value .FirstOrDefault(p => p.Path.Replace("\\", "/").Equals(rp.Path, StringComparison.OrdinalIgnoreCase)); if (existingItem == null) { existingItem = await releaseService.CreateFolderAsync(project.Id, rp.Path); } using var op = Insights.BeginOperation($"Creating permissions {rp.Path}...", "ReleaseFolderPermissions"); await ProvisionReleasePathPermissionsAsync(project, rp, existingItem); } } }
protected async Task EnsureEnvironmentExistsAsync( ProjectManifest manifest, Kdoctl.CliServices.AzDoServices.Dtos.Project project, List <Tuple <k8s.Models.V1ServiceAccount> > k8sOutcome) { if (project != null && manifest.Environments != null && manifest.Environments.Any()) { var peService = GetPipelineEnvironmentService(); foreach (var pe in manifest.Environments) { if (pe != null && !string.IsNullOrWhiteSpace(pe.Name) && k8sOutcome != null && k8sOutcome.Count > 0) { var item = k8sOutcome.FirstOrDefault().Item1; if (item != null) { await ProvisionEnvironmentAsync(project, peService, pe, item.Metadata.NamespaceProperty, item.Metadata.NamespaceProperty); } } } } }
protected async Task EnsureBuildFoldersAsync( ProjectManifest manifest, Kdoctl.CliServices.AzDoServices.Dtos.Project project) { if (manifest.BuildFolders != null && manifest.BuildFolders.Any()) { var buildService = this.GetBuildService(); var buildPaths = await buildService.ListFoldersAsync(project.Id); foreach (var bp in manifest.BuildFolders) { var existingItem = buildPaths.Value .FirstOrDefault(p => p.Path.Replace("\\", "/").Equals(bp.Path, StringComparison.OrdinalIgnoreCase)); if (existingItem == null) { existingItem = await buildService.CreateFolderAsync(project.Id, bp.Path); } using var op = Insights.BeginOperation($"Creating permissions {bp.Path}...", "Build-Folder-Permissions"); await ProvisionBuildPathPermissionsAsync(project, bp, existingItem); } } }
protected async Task EnsureRepositoriesExistsAsync( ProjectManifest manifest, RepositoryService repoService, Kdoctl.CliServices.AzDoServices.Dtos.Project project, bool projectWasAbsent) { if (project != null && manifest.Repositories != null && manifest.Repositories.Any()) { foreach (var repo in manifest.Repositories) { if (!string.IsNullOrWhiteSpace(repo.Name)) { var reposCollection = await repoService.GetRepositoryListAsync(project.Id); var repository = reposCollection .FirstOrDefault(r => r.Name.Equals(repo.Name, StringComparison.OrdinalIgnoreCase)); if (repository == null) { using var op = Insights.BeginOperation($"Creating Repository {repo.Name}...", "Repository"); await ExecutionSupports.Retry(async() => { repository = await repoService.CreateAsync(project.Id, repo.Name); }, exception => { Insights.TrackException(exception); }); op.EndWithSuccess("Succeed"); } using var opPermissions = Insights.BeginOperation($"Setting up permissions for repository {repo.Name}...", "RepoPermissions"); await EnsureRepositoryPermissionsAsync(project, repo, repository); } } await DeleteDefaultRepoAsync(repoService, project, projectWasAbsent); } }