feat: update apiserver python version to 3.11.10 (#1655)

apiserver/Dockerfile

@@ -22,29 +22,19 @@ ADD ./configs ./configs
 RUN EDITION=${EDITION} npm run build
 
 ################# PaaS #################
-FROM python:3.8.13-slim-buster
+FROM python:3.11.10-slim-bullseye
 USER root
 
-RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim
+RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim git
 
-# Add buster-backports to sources.list
-RUN echo "deb http://archive.debian.org/debian buster-backports main" >> /etc/apt/sources.list
-# Install git from backports, because the version(git:v2.20.1) in buster will leak usernames from the url
-# And this bug is fixed in v2.22.0, so we should install git from buster-backports, which is v2.30.2-1
-# See more info at: https://packages.debian.org/buster-backports/git
-#
-# Update(2024-05-07): The GitClient class has added a new logic to remove sensitive information
-# in the git command output, so a newer git version is no longer required to fix the username leakage.
-RUN apt-get update && apt-get -y install -t buster-backports git
-
-RUN mkdir ~/.pip &&  printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf
+RUN mkdir ~/.pip && printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf
 
 ENV LC_ALL=C.UTF-8 \
     LANG=C.UTF-8
 
 RUN pip install --upgrade 'pip<24.1'
 
-RUN pip install poetry==1.3.2
+RUN pip install poetry==1.8.3
 
 # Change security level of openssl to lower value in order to avoid "CA_MD_TOO_WEAK" error
 # See https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep?rq=1
@@ -56,8 +46,7 @@ ADD ./pyproject.toml .
 ADD ./poetry.lock .
 
 # Install dependecies in system
-# Disable "new installer" to fix https://github.com/python-poetry/poetry/issues/6301
-RUN poetry config virtualenvs.create false && poetry config experimental.new-installer false && poetry install --no-dev
+RUN poetry config virtualenvs.create false && poetry install --no-dev
 
 ARG BKPAAS_BUILD_VERSION="tag: null, commitID: ^HEAD, buildID: null, buildTime: null"
 ENV BKPAAS_BUILD_VERSION=${BKPAAS_BUILD_VERSION}
@@ -67,7 +56,6 @@ RUN mkdir -p ./public
 COPY --from=admin42 /build/paasng/public ./public
 ADD ./paasng .
 
-
 # Add extra files: static assets & I18N .mo translation file. 
 
 # "gettext" package is required for running "compilemessages"

apiserver/Makefile

@@ -8,7 +8,7 @@ init-pre-commit: ## 初始化 pre-commit
 	pre-commit install
 
 init-py-dep: ## 初始化 python 依赖包
-	pip install poetry==1.3.2
+	pip install poetry==1.8.3
 	poetry install
 
 init-node-dep: ## 初始化 nodejs

apiserver/README.md

@@ -28,16 +28,16 @@ apiserver 为 blueking-paas 项目的主控模块。
 
 ### 准备 Python 开发环境
 
-1. 安装 Python 3.8
+1. 安装 Python 3.11
 
 我们推荐使用 [pyenv](https://github.com/pyenv/pyenv) 管理本地的 python 环境
 
 - 依照 [相关指引](https://github.com/pyenv/pyenv#getting-pyenv) 安装 pyenv
 
-- 使用 pyenv 安装 Python 3.8
+- 使用 pyenv 安装 Python 3.11
 
 ```shell
-❯ pyenv install 3.8.13
+❯ pyenv install 3.11.10
 ```
 
 2. 安装项目依赖
@@ -62,11 +62,12 @@ apiserver 项目的管理端（Admin42）使用 Nodejs 进行开发, 如需开
 1. 安装 [Nodejs](https://github.com/nodejs)，推荐使用 v14.21.1 版本
 
 我们推荐使用 [nvm](https://github.com/nvm-sh/nvm) 管理本地的 nodejs 环境
+
 - 依照 [相关指引](https://github.com/nvm-sh/nvm#installing-and-updating) 安装 nvm
 - 使用 nvm 安装 nodejs 14
 
 ```shell
-❯ nvm install 14 
+❯ nvm install 14
 ```
 
 2. 安装项目依赖
@@ -185,17 +186,17 @@ Nodejs 组件开发模式与常规的 Nodejs 项目无异, 但为了更方便地
 本项目未使用任何 `JavaScript 模块化技术`, 即所有组件都需要自行往 `window` 对象挂载, 例如:
 
 ```javascript
-import Vue from 'vue'
+import Vue from "vue";
 
-window.Vue = Vue
+window.Vue = Vue;
 ```
 
 否则, `Django Template` 将无法直接使用 Nodejs 中的组件。
 
 #### Template 页面开发指引
 
 Template 页面开发模式与常规的 Django 项目无异, 但是使用了 [Vuejs](https://cn.vuejs.org/)
-和 [MagicBox Vue组件库](https://magicbox.bk.tencent.com/static_api/v3/components_vue/2.0/example/index.html#/)
+和 [MagicBox Vue 组件库](https://magicbox.bk.tencent.com/static_api/v3/components_vue/2.0/example/index.html#/)
 完成前端的功能开发。
 
 在开发新的 Template 模板时应该遵循以下规范:
@@ -242,7 +243,7 @@ class SysBkPluginLogsViewset(viewsets.ViewSet):
 要点如下：
 
 1. 使用 `@ForceAllowAuthedApp.mark_view_set` 装饰视图类后，如果请求携带了经认证的有效应用身份（经由 API 网关完成认证与权限校验），平台将自动创建一个角色为 `SYSTEM_API_BASIC_READER` 的系统账号，由它完成请求。
-    - 后续如需要调整该账号的角色，可在 PaaS Admin 中完成。
+   - 后续如需要调整该账号的角色，可在 PaaS Admin 中完成。
 2. 使用 `@site_perm_required` 装饰视图函数，以保证请求只允许那些拥有系统级权限的账号访问（**非常重要，因为系统 API 一般都是用户无关，极容易发生越权问题。**）
 
 ## FAQ
@@ -251,16 +252,6 @@ class SysBkPluginLogsViewset(viewsets.ViewSet):
 
 如果在安装 docker 时, 安装了 docker-compose-plugin, 需要修改'blueking-paas/apiserver/dev_utils/bundle/start.sh' 中的 docker-compose 改为 docker compose
 
-### poetry install 时 hash 值对不上问题 
-
-先执行
-
-```shell
-poetry config experimental.new-installer false
-```
-
-再重新执行 poetry install 即可
-
 ### admin42 页面 403 问题
 
 需要进入数据库执行以下命令

apiserver/dev_utils/unittest/Dockerfile.devops.unittest

@@ -22,41 +22,30 @@ ADD ./configs ./configs
 RUN EDITION=${EDITION} npm run build
 
 ################# PaaS #################
-FROM python:3.8.13-slim-buster
+FROM python:3.11.10-slim-bullseye
 USER root
 
-RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim 
+RUN apt-get update && apt-get install -y gcc subversion ssh default-libmysqlclient-dev pkg-config vim git
 
-# Add buster-backports to sources.list
-RUN echo "deb http://archive.debian.org/debian buster-backports main" >> /etc/apt/sources.list
-# Install git from backports, because the version(git:v2.20.1) in buster will leak usernames from the url
-# And this bug is fixed in v2.22.0, so we should install git from buster-backports, which is v2.30.2-1
-# See more info at: https://packages.debian.org/buster-backports/git
-# 
-# Update(2024-05-07): The GitClient class has added a new logic to remove sensitive information
-# in the git command output, so a newer git version is no longer required to fix the username leakage.
-RUN apt-get update && apt-get -y install -t buster-backports git
-
-RUN mkdir ~/.pip &&  printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf
+RUN mkdir ~/.pip && printf '[global]\nindex-url = https://mirrors.cloud.tencent.com/pypi/simple/\n' > ~/.pip/pip.conf
 
 ENV LC_ALL=C.UTF-8 \
     LANG=C.UTF-8
 
+RUN pip install --upgrade 'pip<24.1'
+
+RUN pip install poetry==1.8.3
+
 # Change security level of openssl to lower value in order to avoid "CA_MD_TOO_WEAK" error
 # See https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep?rq=1
 RUN sed -i "s/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=0/g" /etc/ssl/openssl.cnf
 
-RUN pip install --upgrade pip
-RUN pip install poetry==1.3.2
-
 WORKDIR /app
 
 ADD ./pyproject.toml .
 ADD ./poetry.lock .
 
-# Disable "new installer" to fix https://github.com/python-poetry/poetry/issues/6301
-RUN poetry config virtualenvs.create false && poetry config experimental.new-installer false && poetry install
-
+RUN poetry config virtualenvs.create false && poetry install
 
 WORKDIR /app
 ADD ./paasng ./paasng

apiserver/paasng/conf.yaml.tpl

@@ -3,7 +3,7 @@
 ## 用于加密数据库内容的 Secret
 # BKKRILL_ENCRYPT_SECRET_KEY: ''
 
-## 选择加密数据库内容的算法，可选择：'SHANGMI' , 'CLASSIC'，分别对应 'SM4CTR'和'Fernet' 算法
+## 选择加密数据库内容的算法，可选值：'SHANGMI', 'CLASSIC'，分别对应 'SM4CTR' 和 'FernetCipher' 算法
 # BK_CRYPTO_TYPE : ''
 
 ## （Django）特定 Django 安装的密钥。用于提供 加密签名，默认值为：${BKKRILL_ENCRYPT_SECRET_KEY}

apiserver/paasng/paas_wl/bk_app/applications/constants.py

@@ -15,10 +15,10 @@
 # We undertake not to change the open source license (MIT license) applicable
 # to the current version of the project delivered to anyone in the future.
 
-from blue_krill.data_types.enum import EnumField, StructuredEnum
+from blue_krill.data_types.enum import EnumField, StrStructuredEnum
 
 
-class WlAppType(str, StructuredEnum):
+class WlAppType(StrStructuredEnum):
     """type of workloads app"""
 
     DEFAULT = EnumField("default")  # 默认类型：无任何定制逻辑
@@ -28,7 +28,7 @@ class WlAppType(str, StructuredEnum):
     CLOUD_NATIVE = EnumField("cloud_native")
 
 
-class ArtifactType(str, StructuredEnum):
+class ArtifactType(StrStructuredEnum):
     """type of build artifact"""
 
     SLUG = EnumField("slug")

apiserver/paasng/paas_wl/bk_app/cnative/specs/constants.py

@@ -15,7 +15,7 @@
 # We undertake not to change the open source license (MIT license) applicable
 # to the current version of the project delivered to anyone in the future.
 
-from blue_krill.data_types.enum import EnumField, StructuredEnum
+from blue_krill.data_types.enum import EnumField, StrStructuredEnum
 from django.utils.translation import gettext_lazy as _
 
 # Default resource limitations for each process
@@ -66,14 +66,14 @@
 PROC_SERVICES_ENABLED_ANNOTATION_KEY = "bkapp.paas.bk.tencent.com/proc-services-feature-enabled"
 
 
-class ApiVersion(str, StructuredEnum):
+class ApiVersion(StrStructuredEnum):
     """Kubernetes CRD API versions"""
 
     V1ALPHA1 = "paas.bk.tencent.com/v1alpha1"
     V1ALPHA2 = "paas.bk.tencent.com/v1alpha2"
 
 
-class DeployStatus(str, StructuredEnum):
+class DeployStatus(StrStructuredEnum):
     """Cloud-native app's deployment statuses"""
 
     PENDING = EnumField("pending", label=_("待实施"))
@@ -90,79 +90,67 @@ def is_stable(cls, val: "DeployStatus") -> bool:
         return val in [DeployStatus.READY, DeployStatus.ERROR]
 
 
-class DomainGroupSource(str, StructuredEnum):
+class DomainGroupSource(StrStructuredEnum):
     """The source types for DomainGroup data"""
 
     SUBDOMAIN = "subdomain"
     SUBPATH = "subpath"
     CUSTOM = "custom"
 
 
-class MResConditionType(str, StructuredEnum):
+class MResConditionType(StrStructuredEnum):
     APP_AVAILABLE = EnumField("AppAvailable")
     APP_PROGRESSING = EnumField("AppProgressing")
     ADDONS_PROVISIONED = EnumField("AddOnsProvisioned")
     HOOKS_FINISHED = EnumField("HooksFinished")
 
 
-class ConditionStatus(str, StructuredEnum):
+class ConditionStatus(StrStructuredEnum):
     """k8s metav1.ConditionStatus"""
 
     TRUE = EnumField("True")
     FALSE = EnumField("False")
     UNKNOWN = EnumField("Unknown")
 
 
-class MResPhaseType(str, StructuredEnum):
+class MResPhaseType(StrStructuredEnum):
     """a label for the condition of a BkApp at the current time."""
 
     AppPending = EnumField("Pending")
     AppRunning = EnumField("Running")
     AppFailed = EnumField("Failed")
 
 
-class ScalingPolicy(str, StructuredEnum):
+class ScalingPolicy(StrStructuredEnum):
     """ScalingPolicy is used to specify which policy should be used while scaling"""
 
     # the default autoscaling policy (cpu utilization 85%)
     DEFAULT = EnumField("default")
 
-    # simulate `ReprEnum` behavior to work well with DRF serializer
-    # see also:
-    # - https://docs.python.org/3/library/enum.html#enum.ReprEnum
-    # - https://docs.python.org/3/library/enum.html#enum.Enum.__str__
-    __str__ = str.__str__
 
-
-class ResQuotaPlan(str, StructuredEnum):
+class ResQuotaPlan(StrStructuredEnum):
     """ResQuotaPlan is used to specify process resource quota"""
 
     P_DEFAULT = EnumField("default", label="default")
     P_4C1G = EnumField("4C1G", label="4C1G")
     P_4C2G = EnumField("4C2G", label="4C2G")
     P_4C4G = EnumField("4C4G", label="4C4G")
 
-    # simulate `ReprEnum` behavior to work well with DRF serializer
-    # see also:
-    # - https://docs.python.org/3/library/enum.html#enum.ReprEnum
-    # - https://docs.python.org/3/library/enum.html#enum.Enum.__str__
-    __str__ = str.__str__
-
 
-class MountEnvName(str, StructuredEnum):
+class MountEnvName(StrStructuredEnum):
     """Environment name for managing mount volume"""
 
     STAG = EnumField("stag", label="仅测试环境")
     PROD = EnumField("prod", label="仅生产环境")
     GLOBAL = EnumField("_global_", label="所有环境")
 
 
-class VolumeSourceType(str, StructuredEnum):
+class VolumeSourceType(StrStructuredEnum):
     ConfigMap = EnumField("ConfigMap")
     PersistentStorage = EnumField("PersistentStorage")
 
 
-class PersistentStorageSize(str, StructuredEnum):
+class PersistentStorageSize(StrStructuredEnum):
     P_1G = EnumField("1Gi")
     P_2G = EnumField("2Gi")
     P_4G = EnumField("4Gi")

apiserver/paasng/paas_wl/bk_app/dev_sandbox/entities.py

@@ -18,12 +18,12 @@
 from dataclasses import dataclass, field
 from typing import Dict, List, Optional
 
-from blue_krill.data_types.enum import EnumField, StructuredEnum
+from blue_krill.data_types.enum import EnumField, StrStructuredEnum
 
 from paas_wl.workloads.release_controller.constants import ImagePullPolicy
 
 
-class HealthPhase(str, StructuredEnum):
+class HealthPhase(StrStructuredEnum):
     HEALTHY = EnumField("Healthy")
     PROGRESSING = EnumField("Progressing")
     UNHEALTHY = EnumField("Unhealthy")

apiserver/paasng/paas_wl/bk_app/monitoring/bklog/constants.py

@@ -15,7 +15,7 @@
 # We undertake not to change the open source license (MIT license) applicable
 # to the current version of the project delivered to anyone in the future.
 
-from blue_krill.data_types.enum import EnumField, StructuredEnum
+from blue_krill.data_types.enum import EnumField, StrStructuredEnum
 
 # 注解或标签中存储应用名称的键名
 BKAPP_NAME_ANNO_KEY = "bkapp.paas.bk.tencent.com/name"
@@ -29,7 +29,7 @@
 WLAPP_NAME_ANNO_KEY = "bkapp.paas.bk.tencent.com/wl-app-name"
 
 
-class BkLogConfigType(str, StructuredEnum):
+class BkLogConfigType(StrStructuredEnum):
     STD_LOG = EnumField("std_log_config", label="标准输出日志")
     CONTAINER_LOG = EnumField("container_log_config", label="容器日志")
     NODE_LOG = EnumField("node_log_config", label="节点日志")