feat: update svc-bkrepo to python 3.11 & Django 4.2

svc-bkrepo/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.8.13-slim-buster
+FROM python:3.11.10-slim-bullseye
 USER root
 
 RUN apt-get update && apt-get install gcc curl procps -y
@@ -9,7 +9,7 @@ ENV LC_ALL=C.UTF-8 \
     LANG=C.UTF-8
 
 RUN pip install --upgrade pip
-RUN pip install poetry==1.3.2
+RUN pip install poetry==1.8.3
 
 # Change security level of openssl to lower value in order to avoid "CA_MD_TOO_WEAK" error
 # See https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep?rq=1
@@ -21,8 +21,7 @@ WORKDIR /app
 ADD ./pyproject.toml .
 ADD ./poetry.lock .
 # Install dependecies in system
-# Disable "new installer" to fix https://github.com/python-poetry/poetry/issues/6301
-RUN poetry config virtualenvs.create false && poetry config experimental.new-installer false && poetry install --no-root -vvv
+RUN poetry config virtualenvs.create false && poetry install --no-root -vvv
 
 ADD ./data ./data
 ADD ./svc_bk_repo ./svc_bk_repo
@@ -32,8 +31,9 @@ ADD ./start.sh ./start.sh
 ADD ./prometheus_data ./prometheus_data
 
 ENV TINI_VERSION v0.19.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini tini
-RUN chmod +x tini start.sh
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
+RUN chmod +x /tini start.sh
+
 ENV DJANGO_SETTINGS_MODULE svc_bk_repo.settings
 
 EXPOSE 80

svc-bkrepo/pyproject.toml

@@ -5,27 +5,27 @@ description = ""
 authors = ["blueking <blueking@tencent.com>"]
 
 [tool.poetry.dependencies]
-python = ">=3.8,<3.11"
-cryptography = "42.0.5"
-django = "3.2.25"
-djangorestframework = "3.12.4"
+python = ">=3.11,<3.12"
+django = "4.2.16"
+pymysql = "1.1.1"
+gunicorn = "22.0.0"
+paas-service = "2.0.0"
+djangorestframework = "3.15.2"
+requests = "2.32.3"
 gevent = "24.2.1"
-gunicorn = "20.1.0"
-prometheus-client = "0.14.1"
-pymysql = "1.0.2"
-requests = "2.31.0"
+cryptography = "43.0.3"
 jsonfield = "=3.1.0"
 whitenoise = "5.3.0"
 sentry_sdk = "0.19.4"
-paas-service = "1.1.6"
-blue-krill = "2.0.3"
+blue-krill = "2.0.7"
+bkpaas-auth = "3.0.0"
+prometheus-client = "0.14.1"
 pydantic = "1.10.15"
-bkpaas_auth = ">=2.0.2"
 curlify = "^2.2.1"
 django-environ = "0.8.1"
 apscheduler = "^3.9.1"
 filelock = "^3.7.1"
-urllib3 = "1.26.18"
+urllib3 = "1.26.20"
 pyjwt = "2.4.0"
 
 [tool.poetry.dev-dependencies]

svc-bkrepo/svc_bk_repo/settings/__init__.py

@@ -16,36 +16,241 @@
 We undertake not to change the open source license (MIT license) applicable
 to the current version of the project delivered to anyone in the future.
 """
-"""
-Django settings for svc_mysql project.
-
-Generated by 'django-admin startproject' using Django 1.11.16.
 
-For more information on this file, see
-https://docs.djangoproject.com/en/1.11/topics/settings/
-
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.11/ref/settings/
-"""
 import logging
+import os
+from pathlib import Path
 
+import environ
 import pymysql
 import sentry_sdk
+import urllib3
+from django.db.backends.mysql.features import DatabaseFeatures
+from django.utils.functional import cached_property
 from sentry_sdk.integrations.django import DjangoIntegration
 from sentry_sdk.integrations.logging import LoggingIntegration
 
-from .default import *  # isort:skip # noqa
+# Patch the SSL module for compatibility with legacy CA credentials.
+# https://stackoverflow.com/questions/72479812/how-to-change-tweak-python-3-10-default-ssl-settings-for-requests-sslv3-alert
+urllib3.util.ssl_.DEFAULT_CIPHERS = "ALL:@SECLEVEL=1"
+
+
+class PatchFeatures:
+    """Patched Django Features"""
+
+    @cached_property
+    def minimum_database_version(self):
+        if self.connection.mysql_is_mariadb:  # noqa
+            return (10, 4)
+        else:
+            return (5, 7)
+
+
+# Django 4.2+ 不再官方支持 Mysql 5.7，但目前 Django 仅是对 5.7 做了软性的不兼容改动，
+# 在没有使用 8.0 特异的功能时，对 5.7 版本的使用无影响，为兼容存量的 Mysql 5.7 DB 做此 Patch
+DatabaseFeatures.minimum_database_version = PatchFeatures.minimum_database_version  # noqa
 
 pymysql.install_as_MySQLdb()
-# Patch version info to forcely pass Django client check
-setattr(pymysql, "version_info", (1, 4, 2, "final", 0))
+# Patch version info to force pass Django client check
+setattr(pymysql, "version_info", (1, 4, 6, "final", 0))
+
+
+env = environ.Env(
+    # set casting, default value
+    DEBUG=(bool, False)
+)
+
+env.read_env()
+
+# Build paths inside the project like this: BASE_DIR / ...
+BASE_DIR = Path(__file__).parents[2].absolute()
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = env.str("SECRET_KEY", default="ot08tcs_&u(&fb~bgny!6+(b07ch*@nj")
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = env("DEBUG")
+
+# 允许访问的域名
+ALLOWED_HOSTS = ["*"]
+
+# Application definition
+
+INSTALLED_APPS = [
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.staticfiles",
+    "rest_framework",
+    "paas_service",
+    "svc_bk_repo.vendor",
+    "bkpaas_auth",
+    "svc_bk_repo.monitoring",
+]
+
+MIDDLEWARE = [
+    "django.middleware.security.SecurityMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "bkpaas_auth.middlewares.CookieLoginMiddleware",
+    # Append middlewares from paas_service to make client auth works
+    "paas_service.auth.middleware.VerifiedClientMiddleware",
+    "whitenoise.middleware.WhiteNoiseMiddleware",
+]
+
+# Static files (CSS, JavaScript, Images)
+STATIC_URL = "/static/"
+REMOTE_STATIC_URL = "/static/"
+
+STATIC_ROOT = "staticfiles"
+
+STATICFILES_DIRS = [
+    str(BASE_DIR / "static"),
+]
+
+ROOT_URLCONF = "svc_bk_repo.urls"
+
+TEMPLATES = [
+    {
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": [str(BASE_DIR / "svc_bk_repo/templates")],
+        "APP_DIRS": True,
+        "OPTIONS": {
+            "context_processors": [
+                "django.template.context_processors.debug",
+                "django.template.context_processors.request",
+                "django.contrib.auth.context_processors.auth",
+                "django.contrib.messages.context_processors.messages",
+                "svc_bk_repo.middleware.context_processors",
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = "svc_bk_repo.wsgi.application"
+
+# Database
+
+if os.getenv("DATABASE_URL"):
+    DATABASES = {"default": env.db()}
+else:
+    DATABASES = {
+        "default": {
+            "ENGINE": "django.db.backends.mysql",
+            "NAME": env("MYSQL_NAME", default="svc_bkrepo"),
+            "USER": env("MYSQL_USER", default="svc_bkrepo"),
+            "PASSWORD": env("MYSQL_PASSWORD", default="blueking"),
+            "HOST": env("MYSQL_HOST", default="127.0.0.1"),
+            "PORT": env("MYSQL_PORT", default=3306),
+        }
+    }
+
+# Password validation
 
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]
+
+# Internationalization
+
+LANGUAGE_CODE = "zh-cn"
+
+LANGUAGES = [("zh-cn", "简体中文"), ("en", "English")]
+
+TIME_ZONE = "UTC"
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+LOGGING_LEVEL = "DEBUG"
+
+
+def get_logging_config(log_level="DEBUG"):
+    default_handlers = ["console"]
+    handlers = {
+        "null": {
+            "level": "DEBUG",
+            "class": "logging.NullHandler",
+        },
+        "console": {
+            "level": log_level,
+            "class": "logging.StreamHandler",
+            "formatter": "verbose",
+        },
+    }
+
+    return {
+        "version": 1,
+        "disable_existing_loggers": False,
+        "formatters": {
+            "verbose": {
+                "format": "%(levelname)s [%(asctime)s] %(name)s(ln:%(lineno)d): %(message)s",  # noqa
+                "datefmt": "%Y-%m-%d %H:%M:%S",
+            },
+            "simple": {"format": "%(levelname)s %(message)s"},
+        },
+        "handlers": handlers,
+        "loggers": {
+            "root": {
+                "handlers": default_handlers,
+                "level": "INFO",
+                "propagate": True,
+            },
+            "svc_bk_repo": {
+                "handlers": default_handlers,
+                "level": "DEBUG",
+                "propagate": True,
+            },
+            "django.request": {
+                "handlers": default_handlers,
+                "level": "ERROR",
+                "propagate": False,
+            },
+        },
+    }
+
+
+LOGGING = get_logging_config(LOGGING_LEVEL)
+
+BKKRILL_ENCRYPT_SECRET_KEY = env.str(
+    "BKKRILL_ENCRYPT_SECRET_KEY", default="U2ViQ1dRc0FiSU9jaFBhd0p0emhZQmhxRHpDdGdxU1k="
+).encode()
+
+METRIC_CLIENT_TOKEN_DICT = {
+    "monitoring": env.str("METRIC_CLIENT_TOKEN", "2892bd51-9a21-29f2-be21-ab6278108317"),
+}
+
+BKREPO_COLLECT_INTERVAL_MINUTES = env.int("BKREPO_COLLECT_INTERVAL_MINUTES", default=30)
+
+SENTRY_DSN = env.str("SENTRY_DSN", default="")
 
 # 接入 sentry
 # All of this is already happening by default!
 sentry_logging = LoggingIntegration(
     level=logging.INFO,
-    event_level=logging.ERROR,  # Capture info and above as breadcrumbs  # Send errors as events
+    # Capture info and above as breadcrumbs
+    # Send errors as events
+    event_level=logging.ERROR,
 )
 
 if SENTRY_DSN:
@@ -57,8 +262,49 @@
         send_default_pii=True,
     )
 
-STATIC_ROOT = "staticfiles"
+# 增强服务供应商类
+PAAS_SERVICE_PROVIDER_CLS = "svc_bk_repo.vendor.provider.Provider"
+# 增强服务实例信息渲染函数
+PAAS_SERVICE_SVC_INSTANCE_RENDER_FUNC = "svc_bk_repo.vendor.render.render_instance_data"
 
-LOGGING = get_logging_config(LOGGING_LEVEL)
+PAAS_SERVICE_JWT_CLIENTS = [
+    {
+        "iss": "paas-v3",
+        "key": env.str("PAAS_SERVICE_JWT_CLIENTS_KEY"),
+        "algorithm": "HS256",
+    },
+]
 
-ALLOWED_HOSTS = ["*"]
+# 是否开启管理端功能
+ENABLE_ADMIN = env.bool("ENABLE_ADMIN", False)
+
+# 跳转回应用首页的 url 模板
+DEVELOPER_CENTER_APP_URL_TEMPLATE = "http://your-paas3.0-host/developer-center/apps/{app_code}/{module}/summary"
+
+# bkrepo 默认配额, 单位字节
+BKREPO_DEFAULT_QUOTA = env.int("BKREPO_DEFAULT_QUOTA", None)
+
+# bkrepo 扩容最大容量限制, 10g, 单位 bytes
+EXTEND_CONFIG_MAX_SIZE_ALLOWED = 2**30 * 10
+
+# bkrepo 扩容步长, 1g, 单位 bytes
+EXTEND_CONFIG_EXTRA_SIZE_BYTES = 2**30
+
+BKAUTH_DEFAULT_PROVIDER_TYPE = env("BKAUTH_DEFAULT_PROVIDER_TYPE", default="BK")
+# 蓝鲸登录票据在Cookie中的名称，权限中心 API 未接入 APIGW，访问时需要提供登录态信息
+BKAUTH_BACKEND_TYPE = env("BKAUTH_BACKEND_TYPE", default="bk_token")
+
+LOGIN_URL = env.str("BK_LOGIN_API_URL", default="http://paasee.blueking-fake.com/login")
+
+BKAUTH_USER_COOKIE_VERIFY_URL = LOGIN_URL + env.str("BK_LOGIN_VERIFY_API_PATH", default="/api/v3/is_login/")
+
+AUTHENTICATION_BACKENDS = [
+    # [推荐] 使用内置的虚拟用户类型，不依赖于数据库表.
+    # 'bkpaas_auth.backends.UniversalAuthBackend',
+    # 如果项目需要保留使用数据库表的方式来设计用户模型, 则需要使用 DjangoAuthUserCompatibleBackend
+    "bkpaas_auth.backends.DjangoAuthUserCompatibleBackend",
+]
+
+# 选择加密数据库内容的算法，可选择：'SHANGMI' , 'CLASSIC'
+BK_CRYPTO_TYPE = env.str("BK_CRYPTO_TYPE", default="CLASSIC")
+ENCRYPT_CIPHER_TYPE = "SM4CTR" if BK_CRYPTO_TYPE == "SHANGMI" else "FernetCipher"