Skip to content

K
kubesphere

KubeSphere / kubesphere

通知 144
Star 32
Fork 5
K
kubesphere

体验新版 GitCode,发现更多精彩内容 >>

未验证 提交 bafeecfe 编写于 作者: H hongming
浏览文件
操作

add tenant resource API 

Signed-off-by: Nhongming <talonwan@yunify.com>
上级 0316223f
隐藏空白更改
内联 并排
Showing with 346 addition and 317 deletion
pkg/kapis/iam/v1alpha2/handler.go
浏览文件 @ bafeecfe
......@@ -156,11 +156,6 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
namespace, err := h.resolveNamespace(request.PathParameter("namespace"), request.PathParameter("devops"))
if err != nil {
// if role binding not exist return empty list
if errors.IsNotFound(err) {
response.WriteEntity([]interface{}{})
return
}
api.HandleInternalError(response, request, err)
return
}
......@@ -168,6 +163,11 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
role, err := h.am.GetNamespaceRoleOfUser(username, namespace)
if err != nil {
// if role binding not exist return empty list
if errors.IsNotFound(err) {
response.WriteEntity([]interface{}{})
return
}
api.HandleInternalError(response, request, err)
return
}
......@@ -208,13 +208,11 @@ func (h *iamHandler) ListUsers(request *restful.Request, response *restful.Respo
}
if globalRole != nil {
if user.Annotations == nil {
user.Annotations = make(map[string]string, 0)
}
user.Annotations[iamv1alpha2.GlobalRoleAnnotation] = globalRole.Name
}
result.Items[i] = user
}
response.WriteEntity(result)
......@@ -226,11 +224,7 @@ func (h *iamHandler) ListRoles(request *restful.Request, response *restful.Respo
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -269,11 +263,7 @@ func (h *iamHandler) ListNamespaceMembers(request *restful.Request, response *re
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -295,11 +285,7 @@ func (h *iamHandler) DescribeNamespaceMember(request *restful.Request, response
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -408,15 +394,7 @@ func (h *iamHandler) UpdateWorkspaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -440,11 +418,7 @@ func (h *iamHandler) CreateWorkspaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -459,11 +433,7 @@ func (h *iamHandler) DeleteWorkspaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -486,40 +456,22 @@ func (h *iamHandler) CreateUser(request *restful.Request, response *restful.Resp
if globalRole != "" {
if _, err = h.am.GetGlobalRole(globalRole); err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
}
created, err := h.im.CreateUser(&user)
if err != nil {
klog.Error(err)
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
if errors.IsAlreadyExists(err) {
api.HandleConflict(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
if globalRole != "" {
if err := h.am.CreateOrUpdateGlobalRoleBinding(user.Name, globalRole); err != nil {
if errors.IsNotFound(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
if err := h.am.CreateGlobalRoleBinding(user.Name, globalRole); err != nil {
klog.Error(err)
handleError(request, response, err)
return
}
}
......@@ -554,29 +506,16 @@ func (h *iamHandler) UpdateUser(request *restful.Request, response *restful.Resp
delete(user.Annotations, iamv1alpha2.GlobalRoleAnnotation)
updated, err := h.im.UpdateUser(&user)
if err != nil {
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
klog.Error(err)
handleError(request, response, err)
return
}
if globalRole != "" {
if err := h.am.CreateOrUpdateGlobalRoleBinding(user.Name, globalRole); err != nil {
if errors.IsNotFound(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
if err := h.am.CreateGlobalRoleBinding(user.Name, globalRole); err != nil {
klog.Error(err)
handleError(request, response, err)
return
}
}
......@@ -591,11 +530,8 @@ func (h *iamHandler) DeleteUser(request *restful.Request, response *restful.Resp
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
response.WriteEntity(servererr.None)
......@@ -617,11 +553,7 @@ func (h *iamHandler) CreateGlobalRole(request *restful.Request, response *restfu
if err != nil {
klog.Error(err)
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -635,11 +567,7 @@ func (h *iamHandler) DeleteGlobalRole(request *restful.Request, response *restfu
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -670,11 +598,7 @@ func (h *iamHandler) UpdateGlobalRole(request *restful.Request, response *restfu
if err != nil {
klog.Error(err)
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -686,11 +610,7 @@ func (h *iamHandler) DescribeGlobalRole(request *restful.Request, response *rest
globalRole, err := h.am.GetGlobalRole(globalRoleName)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -712,11 +632,7 @@ func (h *iamHandler) CreateClusterRole(request *restful.Request, response *restf
if err != nil {
klog.Error(err)
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -730,11 +646,7 @@ func (h *iamHandler) DeleteClusterRole(request *restful.Request, response *restf
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -765,15 +677,7 @@ func (h *iamHandler) UpdateClusterRole(request *restful.Request, response *restf
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -785,11 +689,7 @@ func (h *iamHandler) DescribeClusterRole(request *restful.Request, response *res
clusterRole, err := h.am.GetClusterRole(clusterRoleName)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -802,11 +702,7 @@ func (h *iamHandler) DescribeWorkspaceRole(request *restful.Request, response *r
workspaceRole, err := h.am.GetWorkspaceRole(workspace, workspaceRoleName)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -819,11 +715,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -841,11 +733,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -859,11 +747,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -871,11 +755,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -889,11 +769,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -918,15 +794,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -947,14 +815,10 @@ func (h *iamHandler) CreateWorkspaceMembers(request *restful.Request, response *
}
for _, member := range members {
err := h.am.CreateOrUpdateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef)
err := h.am.CreateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
}
......@@ -970,11 +834,7 @@ func (h *iamHandler) RemoveWorkspaceMember(request *restful.Request, response *r
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1002,18 +862,10 @@ func (h *iamHandler) UpdateWorkspaceMember(request *restful.Request, response *r
return
}
err = h.am.CreateOrUpdateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef)
err = h.am.CreateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1026,11 +878,7 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response *
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1045,14 +893,10 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response *
}
for _, member := range members {
err := h.am.CreateOrUpdateNamespaceRoleBinding(member.Username, namespace, member.RoleRef)
err := h.am.CreateNamespaceRoleBinding(member.Username, namespace, member.RoleRef)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
}
......@@ -1066,11 +910,7 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1091,18 +931,10 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r
return
}
err = h.am.CreateOrUpdateNamespaceRoleBinding(member.Username, namespace, member.RoleRef)
err = h.am.CreateNamespaceRoleBinding(member.Username, namespace, member.RoleRef)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1115,11 +947,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1127,11 +955,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1150,14 +974,10 @@ func (h *iamHandler) CreateClusterMembers(request *restful.Request, response *re
}
for _, member := range members {
err := h.am.CreateOrUpdateClusterRoleBinding(member.Username, member.RoleRef)
err := h.am.CreateClusterRoleBinding(member.Username, member.RoleRef)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
}
......@@ -1172,11 +992,7 @@ func (h *iamHandler) RemoveClusterMember(request *restful.Request, response *res
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1203,18 +1019,10 @@ func (h *iamHandler) UpdateClusterMember(request *restful.Request, response *res
return
}
err = h.am.CreateOrUpdateClusterRoleBinding(member.Username, member.RoleRef)
err = h.am.CreateClusterRoleBinding(member.Username, member.RoleRef)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1266,11 +1074,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1278,11 +1082,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
handleError(request, response, err)
return
}
......@@ -1296,3 +1096,15 @@ func (h *iamHandler) resolveNamespace(namespace string, devops string) (string,
}
return h.am.GetControlledNamespace(devops)
}
func handleError(request *restful.Request, response *restful.Response, err error) {
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
} else if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
} else if errors.IsAlreadyExists(err) {
api.HandleConflict(response, request, err)
} else {
api.HandleInternalError(response, request, err)
}
}
pkg/kapis/tenant/v1alpha2/handler.go
浏览文件 @ bafeecfe
......@@ -185,7 +185,6 @@ func (h *tenantHandler) UpdateWorkspace(request *restful.Request, response *rest
}
response.WriteEntity(updated)
}
func (h *tenantHandler) DescribeWorkspace(request *restful.Request, response *restful.Response) {
......@@ -310,3 +309,151 @@ func (h *tenantHandler) Auditing(req *restful.Request, resp *restful.Response) {
_ = resp.WriteEntity(result)
}
func (h *tenantHandler) DescribeNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
ns, err := h.tenant.DescribeNamespace(workspaceName, namespaceName)
if err != nil {
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(ns)
}
func (h *tenantHandler) DeleteNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
err := h.tenant.DeleteNamespace(workspaceName, namespaceName)
if err != nil {
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(servererr.None)
}
func (h *tenantHandler) UpdateNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
var namespace corev1.Namespace
err := request.ReadEntity(&namespace)
if err != nil {
klog.Error(err)
api.HandleBadRequest(response, request, err)
return
}
if namespaceName != namespace.Name {
err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", namespace.Name, namespaceName)
klog.Errorf("%+v", err)
api.HandleBadRequest(response, request, err)
return
}
updated, err := h.tenant.UpdateNamespace(workspaceName, &namespace)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(updated)
}
func (h *tenantHandler) PatchNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
var namespace corev1.Namespace
err := request.ReadEntity(&namespace)
if err != nil {
klog.Error(err)
api.HandleBadRequest(response, request, err)
return
}
if namespaceName != namespace.Name {
err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", namespace.Name, namespaceName)
klog.Errorf("%+v", err)
api.HandleBadRequest(response, request, err)
return
}
patched, err := h.tenant.PatchNamespace(workspaceName, &namespace)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(patched)
}
func (h *tenantHandler) PatchWorkspace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
var workspace tenantv1alpha2.WorkspaceTemplate
err := request.ReadEntity(&workspace)
if err != nil {
klog.Error(err)
api.HandleBadRequest(response, request, err)
return
}
if workspaceName != workspace.Name {
err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", workspace.Name, workspaceName)
klog.Errorf("%+v", err)
api.HandleBadRequest(response, request, err)
return
}
patched, err := h.tenant.PatchWorkspace(&workspace)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(patched)
}
pkg/kapis/tenant/v1alpha2/register.go
浏览文件 @ bafeecfe
......@@ -46,6 +46,8 @@ const (
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8sclient kubernetes.Interface, ksclient kubesphere.Interface, evtsClient events.Client, loggingClient logging.Interface, auditingclient auditing.Client) error {
mimePatch := []string{restful.MIME_JSON, runtime.MimeMergePatchJson, runtime.MimeJsonPatchJson}
ws := runtime.NewWebService(GroupVersion)
handler := newTenantHandler(factory, k8sclient, ksclient, evtsClient, loggingClient, auditingclient)
......@@ -66,6 +68,13 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Returns(http.StatusOK, api.StatusOK, tenantv1alpha2.WorkspaceTemplate{}).
Doc("Update workspace.").
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.PATCH("/workspaces/{workspace}").
To(handler.PatchWorkspace).
Consumes(mimePatch...).
Reads(tenantv1alpha2.WorkspaceTemplate{}).
Returns(http.StatusOK, api.StatusOK, tenantv1alpha2.WorkspaceTemplate{}).
Doc("Update workspace.").
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.GET("/workspaces").
To(handler.ListWorkspaces).
Returns(http.StatusOK, api.StatusOK, models.PageableResponse{}).
......@@ -94,6 +103,18 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Doc("List the namespaces of the specified workspace for the current user").
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.GET("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.DescribeNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("Retrieve namespace details.").
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.DELETE("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.DeleteNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("Delete namespace.").
Returns(http.StatusOK, api.StatusOK, errors.None).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.POST("/workspaces/{workspace}/namespaces").
To(handler.CreateNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
......@@ -101,6 +122,19 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Reads(corev1.Namespace{}).
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.PUT("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.UpdateNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Reads(corev1.Namespace{}).
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.PATCH("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.PatchNamespace).
Consumes(mimePatch...).
Param(ws.PathParameter("workspace", "workspace name")).
Reads(corev1.Namespace{}).
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.GET("/events").
To(handler.Events).
......
pkg/models/iam/am/am.go
浏览文件 @ bafeecfe
......@@ -44,16 +44,14 @@ type AccessManagementInterface interface {
ListClusterRoles(query *query.Query) (*api.ListResult, error)
ListWorkspaceRoles(query *query.Query) (*api.ListResult, error)
ListGlobalRoles(query *query.Query) (*api.ListResult, error)
ListGlobalRoleBindings(username string) ([]*iamv1alpha2.GlobalRoleBinding, error)
ListClusterRoleBindings(username string) ([]*rbacv1.ClusterRoleBinding, error)
ListWorkspaceRoleBindings(username, workspace string) ([]*iamv1alpha2.WorkspaceRoleBinding, error)
ListRoleBindings(username, namespace string) ([]*rbacv1.RoleBinding, error)
GetRoleReferenceRules(roleRef rbacv1.RoleRef, namespace string) (string, []rbacv1.PolicyRule, error)
GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole, error)
GetWorkspaceRole(workspace string, name string) (*iamv1alpha2.WorkspaceRole, error)
CreateOrUpdateGlobalRoleBinding(username string, globalRole string) error
CreateGlobalRoleBinding(username string, globalRole string) error
CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error)
CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRole) (*iamv1alpha2.GlobalRole, error)
DeleteWorkspaceRole(workspace string, name string) error
......@@ -64,11 +62,11 @@ type AccessManagementInterface interface {
GetNamespaceRole(namespace string, name string) (*rbacv1.Role, error)
CreateOrUpdateNamespaceRole(namespace string, role *rbacv1.Role) (*rbacv1.Role, error)
DeleteNamespaceRole(namespace string, name string) error
CreateOrUpdateWorkspaceRoleBinding(username string, workspace string, role string) error
CreateWorkspaceRoleBinding(username string, workspace string, role string) error
RemoveUserFromWorkspace(username string, workspace string) error
CreateOrUpdateNamespaceRoleBinding(username string, namespace string, role string) error
CreateNamespaceRoleBinding(username string, namespace string, role string) error
RemoveUserFromNamespace(username string, namespace string) error
CreateOrUpdateClusterRoleBinding(username string, role string) error
CreateClusterRoleBinding(username string, role string) error
RemoveUserFromCluster(username string) error
GetControlledNamespace(devops string) (string, error)
GetControlledWorkspace(namespace string) (string, error)
......@@ -371,7 +369,7 @@ func (am *amOperator) GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole,
return obj.(*iamv1alpha2.GlobalRole), nil
}
func (am *amOperator) CreateOrUpdateGlobalRoleBinding(username string, globalRole string) error {
func (am *amOperator) CreateGlobalRoleBinding(username string, globalRole string) error {
_, err := am.GetGlobalRole(globalRole)
......@@ -428,11 +426,9 @@ func (am *amOperator) CreateOrUpdateGlobalRoleBinding(username string, globalRol
}
func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error) {
if workspaceRole.Labels == nil {
workspaceRole.Labels = make(map[string]string, 0)
}
workspaceRole.Labels[tenantv1alpha1.WorkspaceLabel] = workspace
workspaceRole.Rules = make([]rbacv1.PolicyRule, 0)
......@@ -452,15 +448,10 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol
}
}
old, err := am.GetWorkspaceRole("", workspaceRole.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *iamv1alpha2.WorkspaceRole
if old != nil {
var err error
if workspaceRole.ResourceVersion != "" {
created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Update(workspaceRole)
} else {
created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Create(workspaceRole)
......@@ -469,7 +460,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol
return created, err
}
func (am *amOperator) CreateOrUpdateWorkspaceRoleBinding(username string, workspace string, role string) error {
func (am *amOperator) CreateWorkspaceRoleBinding(username string, workspace string, role string) error {
_, err := am.GetWorkspaceRole(workspace, role)
......@@ -526,7 +517,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRoleBinding(username string, worksp
return nil
}
func (am *amOperator) CreateOrUpdateClusterRoleBinding(username string, role string) error {
func (am *amOperator) CreateClusterRoleBinding(username string, role string) error {
_, err := am.GetClusterRole(role)
......@@ -582,7 +573,7 @@ func (am *amOperator) CreateOrUpdateClusterRoleBinding(username string, role str
return nil
}
func (am *amOperator) CreateOrUpdateNamespaceRoleBinding(username string, namespace string, role string) error {
func (am *amOperator) CreateNamespaceRoleBinding(username string, namespace string, role string) error {
_, err := am.GetNamespaceRole(namespace, role)
......@@ -727,15 +718,10 @@ func (am *amOperator) CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRol
}
}
old, err := am.GetGlobalRole(globalRole.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *iamv1alpha2.GlobalRole
if old != nil {
var err error
if globalRole.ResourceVersion != "" {
created, err = am.ksclient.IamV1alpha2().GlobalRoles().Update(globalRole)
} else {
created, err = am.ksclient.IamV1alpha2().GlobalRoles().Create(globalRole)
......@@ -763,16 +749,9 @@ func (am *amOperator) CreateOrUpdateClusterRole(clusterRole *rbacv1.ClusterRole)
clusterRole.Rules = append(clusterRole.Rules, role.Rules...)
}
}
old, err := am.GetClusterRole(clusterRole.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *rbacv1.ClusterRole
if old != nil {
var err error
if clusterRole.ResourceVersion != "" {
created, err = am.k8sclient.RbacV1().ClusterRoles().Update(clusterRole)
} else {
created, err = am.k8sclient.RbacV1().ClusterRoles().Create(clusterRole)
......@@ -801,16 +780,9 @@ func (am *amOperator) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1
role.Rules = append(role.Rules, role.Rules...)
}
}
old, err := am.GetNamespaceRole(namespace, role.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *rbacv1.Role
if old != nil {
var err error
if role.ResourceVersion != "" {
created, err = am.k8sclient.RbacV1().Roles(namespace).Update(role)
} else {
created, err = am.k8sclient.RbacV1().Roles(namespace).Create(role)
......
pkg/models/tenant/tenant.go
浏览文件 @ bafeecfe
......@@ -17,12 +17,14 @@ limitations under the License.
package tenant
import (
"encoding/json"
"fmt"
"io"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/client-go/kubernetes"
"k8s.io/klog"
......@@ -36,6 +38,7 @@ import (
"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizer"
"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizerfactory"
"kubesphere.io/kubesphere/pkg/apiserver/query"
"kubesphere.io/kubesphere/pkg/apiserver/request"
kubesphere "kubesphere.io/kubesphere/pkg/client/clientset/versioned"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models/auditing"
......@@ -61,11 +64,15 @@ type Interface interface {
UpdateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
DescribeWorkspace(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error)
ListWorkspaceClusters(workspace string) (*api.ListResult, error)
Events(user user.Info, queryParam *eventsv1alpha1.Query) (*eventsv1alpha1.APIResponse, error)
QueryLogs(user user.Info, query *loggingv1alpha2.Query) (*loggingv1alpha2.APIResponse, error)
ExportLogs(user user.Info, query *loggingv1alpha2.Query, writer io.Writer) error
Auditing(user user.Info, queryParam *auditingv1alpha1.Query) (*auditingv1alpha1.APIResponse, error)
DescribeNamespace(workspace, namespace string) (*corev1.Namespace, error)
DeleteNamespace(workspace, namespace string) error
UpdateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error)
PatchNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error)
PatchWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
}
type tenantOperator struct {
......@@ -99,10 +106,10 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
listWS := authorizer.AttributesRecord{
User: user,
Verb: "list",
APIGroup: "tenant.kubesphere.io",
APIVersion: "v1alpha2",
APIGroup: "*",
Resource: "workspaces",
ResourceRequest: true,
ResourceScope: request.GlobalScope,
}
decision, _, err := t.authorizer.Authorize(listWS)
......@@ -154,9 +161,9 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
}
result := resources.DefaultList(workspaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha1.Workspace).ObjectMeta, right.(*tenantv1alpha1.Workspace).ObjectMeta, field)
return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, right.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, field)
}, func(workspace runtime.Object, filter query.Filter) bool {
return resources.DefaultObjectMetaFilter(workspace.(*tenantv1alpha1.Workspace).ObjectMeta, filter)
return resources.DefaultObjectMetaFilter(workspace.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, filter)
})
return result, nil
......@@ -167,11 +174,10 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
listNSInWS := authorizer.AttributesRecord{
User: user,
Verb: "list",
APIGroup: "",
APIVersion: "v1",
Workspace: workspace,
Resource: "namespaces",
ResourceRequest: true,
ResourceScope: request.WorkspaceScope,
}
decision, _, err := t.authorizer.Authorize(listNSInWS)
......@@ -238,20 +244,78 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
}
func (t *tenantOperator) CreateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) {
_, err := t.resourceGetter.Get(tenantv1alpha1.ResourcePluralWorkspace, "", workspace)
if err != nil {
return nil, err
}
namespace = appendWorkspaceLabel(namespace, workspace)
return t.k8sclient.CoreV1().Namespaces().Create(namespace)
}
func appendWorkspaceLabel(namespace *corev1.Namespace, workspace string) *corev1.Namespace {
if namespace.Labels == nil {
namespace.Labels = make(map[string]string, 0)
}
namespace.Labels[tenantv1alpha1.WorkspaceLabel] = workspace
return namespace
}
func (t *tenantOperator) DescribeNamespace(workspace, namespace string) (*corev1.Namespace, error) {
obj, err := t.resourceGetter.Get("namespaces", "", namespace)
if err != nil {
return nil, err
}
ns := obj.(*corev1.Namespace)
if ns.Labels[tenantv1alpha1.WorkspaceLabel] != workspace {
err := errors.NewNotFound(corev1.Resource("namespace"), namespace)
klog.Error(err)
return nil, err
}
return ns, nil
}
if namespace.Annotations == nil {
namespace.Annotations = make(map[string]string, 0)
func (t *tenantOperator) DeleteNamespace(workspace, namespace string) error {
_, err := t.DescribeNamespace(workspace, namespace)
if err != nil {
return err
}
return t.k8sclient.CoreV1().Namespaces().Delete(namespace, metav1.NewDeleteOptions(0))
}
namespace.Annotations[tenantv1alpha1.WorkspaceLabel] = workspace
func (t *tenantOperator) UpdateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) {
_, err := t.DescribeNamespace(workspace, namespace.Namespace)
if err != nil {
return nil, err
}
namespace = appendWorkspaceLabel(namespace, workspace)
return t.k8sclient.CoreV1().Namespaces().Update(namespace)
}
return t.k8sclient.CoreV1().Namespaces().Create(namespace)
func (t *tenantOperator) PatchNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) {
_, err := t.DescribeNamespace(workspace, namespace.Name)
if err != nil {
return nil, err
}
if namespace.Labels != nil {
namespace.Labels[tenantv1alpha1.WorkspaceLabel] = workspace
}
data, err := json.Marshal(namespace)
if err != nil {
return nil, err
}
return t.k8sclient.CoreV1().Namespaces().Patch(namespace.Name, types.MergePatchType, data)
}
func (t *tenantOperator) PatchWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {
_, err := t.DescribeWorkspace(workspace.Name)
if err != nil {
return nil, err
}
data, err := json.Marshal(workspace)
if err != nil {
return nil, err
}
return t.ksclient.TenantV1alpha2().WorkspaceTemplates().Patch(workspace.Name, types.MergePatchType, data)
}
func (t *tenantOperator) CreateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册