Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
KubeSphere
kubesphere
提交
bafeecfe
K
kubesphere
项目概览
KubeSphere
/
kubesphere
通知
144
Star
32
Fork
5
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
2
Wiki
分析
仓库
DevOps
项目成员
Pages
K
kubesphere
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
2
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
bafeecfe
编写于
6月 11, 2020
作者:
H
hongming
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
add tenant resource API
Signed-off-by:
N
hongming
<
talonwan@yunify.com
>
上级
0316223f
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
346 addition
and
317 deletion
+346
-317
pkg/kapis/iam/v1alpha2/handler.go
pkg/kapis/iam/v1alpha2/handler.go
+70
-258
pkg/kapis/tenant/v1alpha2/handler.go
pkg/kapis/tenant/v1alpha2/handler.go
+148
-1
pkg/kapis/tenant/v1alpha2/register.go
pkg/kapis/tenant/v1alpha2/register.go
+34
-0
pkg/models/iam/am/am.go
pkg/models/iam/am/am.go
+18
-46
pkg/models/tenant/tenant.go
pkg/models/tenant/tenant.go
+76
-12
未找到文件。
pkg/kapis/iam/v1alpha2/handler.go
浏览文件 @
bafeecfe
...
...
@@ -156,11 +156,6 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
namespace
,
err
:=
h
.
resolveNamespace
(
request
.
PathParameter
(
"namespace"
),
request
.
PathParameter
(
"devops"
))
if
err
!=
nil
{
// if role binding not exist return empty list
if
errors
.
IsNotFound
(
err
)
{
response
.
WriteEntity
([]
interface
{}{})
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
return
}
...
...
@@ -168,6 +163,11 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
role
,
err
:=
h
.
am
.
GetNamespaceRoleOfUser
(
username
,
namespace
)
if
err
!=
nil
{
// if role binding not exist return empty list
if
errors
.
IsNotFound
(
err
)
{
response
.
WriteEntity
([]
interface
{}{})
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
return
}
...
...
@@ -208,13 +208,11 @@ func (h *iamHandler) ListUsers(request *restful.Request, response *restful.Respo
}
if
globalRole
!=
nil
{
if
user
.
Annotations
==
nil
{
user
.
Annotations
=
make
(
map
[
string
]
string
,
0
)
}
user
.
Annotations
[
iamv1alpha2
.
GlobalRoleAnnotation
]
=
globalRole
.
Name
}
result
.
Items
[
i
]
=
user
}
response
.
WriteEntity
(
result
)
...
...
@@ -226,11 +224,7 @@ func (h *iamHandler) ListRoles(request *restful.Request, response *restful.Respo
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -269,11 +263,7 @@ func (h *iamHandler) ListNamespaceMembers(request *restful.Request, response *re
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -295,11 +285,7 @@ func (h *iamHandler) DescribeNamespaceMember(request *restful.Request, response
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -408,15 +394,7 @@ func (h *iamHandler) UpdateWorkspaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -440,11 +418,7 @@ func (h *iamHandler) CreateWorkspaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -459,11 +433,7 @@ func (h *iamHandler) DeleteWorkspaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -486,40 +456,22 @@ func (h *iamHandler) CreateUser(request *restful.Request, response *restful.Resp
if
globalRole
!=
""
{
if
_
,
err
=
h
.
am
.
GetGlobalRole
(
globalRole
);
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
}
created
,
err
:=
h
.
im
.
CreateUser
(
&
user
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
if
errors
.
IsAlreadyExists
(
err
)
{
api
.
HandleConflict
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
if
globalRole
!=
""
{
if
err
:=
h
.
am
.
CreateOrUpdateGlobalRoleBinding
(
user
.
Name
,
globalRole
);
err
!=
nil
{
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
if
err
:=
h
.
am
.
CreateGlobalRoleBinding
(
user
.
Name
,
globalRole
);
err
!=
nil
{
klog
.
Error
(
err
)
handleError
(
request
,
response
,
err
)
return
}
}
...
...
@@ -554,29 +506,16 @@ func (h *iamHandler) UpdateUser(request *restful.Request, response *restful.Resp
delete
(
user
.
Annotations
,
iamv1alpha2
.
GlobalRoleAnnotation
)
updated
,
err
:=
h
.
im
.
UpdateUser
(
&
user
)
if
err
!=
nil
{
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
klog
.
Error
(
err
)
handleError
(
request
,
response
,
err
)
return
}
if
globalRole
!=
""
{
if
err
:=
h
.
am
.
CreateOrUpdateGlobalRoleBinding
(
user
.
Name
,
globalRole
);
err
!=
nil
{
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
if
err
:=
h
.
am
.
CreateGlobalRoleBinding
(
user
.
Name
,
globalRole
);
err
!=
nil
{
klog
.
Error
(
err
)
handleError
(
request
,
response
,
err
)
return
}
}
...
...
@@ -591,11 +530,8 @@ func (h *iamHandler) DeleteUser(request *restful.Request, response *restful.Resp
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
response
.
WriteEntity
(
servererr
.
None
)
...
...
@@ -617,11 +553,7 @@ func (h *iamHandler) CreateGlobalRole(request *restful.Request, response *restfu
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -635,11 +567,7 @@ func (h *iamHandler) DeleteGlobalRole(request *restful.Request, response *restfu
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -670,11 +598,7 @@ func (h *iamHandler) UpdateGlobalRole(request *restful.Request, response *restfu
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -686,11 +610,7 @@ func (h *iamHandler) DescribeGlobalRole(request *restful.Request, response *rest
globalRole
,
err
:=
h
.
am
.
GetGlobalRole
(
globalRoleName
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -712,11 +632,7 @@ func (h *iamHandler) CreateClusterRole(request *restful.Request, response *restf
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -730,11 +646,7 @@ func (h *iamHandler) DeleteClusterRole(request *restful.Request, response *restf
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -765,15 +677,7 @@ func (h *iamHandler) UpdateClusterRole(request *restful.Request, response *restf
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -785,11 +689,7 @@ func (h *iamHandler) DescribeClusterRole(request *restful.Request, response *res
clusterRole
,
err
:=
h
.
am
.
GetClusterRole
(
clusterRoleName
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -802,11 +702,7 @@ func (h *iamHandler) DescribeWorkspaceRole(request *restful.Request, response *r
workspaceRole
,
err
:=
h
.
am
.
GetWorkspaceRole
(
workspace
,
workspaceRoleName
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -819,11 +715,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -841,11 +733,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -859,11 +747,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -871,11 +755,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -889,11 +769,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -918,15 +794,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -947,14 +815,10 @@ func (h *iamHandler) CreateWorkspaceMembers(request *restful.Request, response *
}
for
_
,
member
:=
range
members
{
err
:=
h
.
am
.
Create
OrUpdate
WorkspaceRoleBinding
(
member
.
Username
,
workspace
,
member
.
RoleRef
)
err
:=
h
.
am
.
CreateWorkspaceRoleBinding
(
member
.
Username
,
workspace
,
member
.
RoleRef
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
}
...
...
@@ -970,11 +834,7 @@ func (h *iamHandler) RemoveWorkspaceMember(request *restful.Request, response *r
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1002,18 +862,10 @@ func (h *iamHandler) UpdateWorkspaceMember(request *restful.Request, response *r
return
}
err
=
h
.
am
.
Create
OrUpdate
WorkspaceRoleBinding
(
member
.
Username
,
workspace
,
member
.
RoleRef
)
err
=
h
.
am
.
CreateWorkspaceRoleBinding
(
member
.
Username
,
workspace
,
member
.
RoleRef
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1026,11 +878,7 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response *
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1045,14 +893,10 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response *
}
for
_
,
member
:=
range
members
{
err
:=
h
.
am
.
Create
OrUpdate
NamespaceRoleBinding
(
member
.
Username
,
namespace
,
member
.
RoleRef
)
err
:=
h
.
am
.
CreateNamespaceRoleBinding
(
member
.
Username
,
namespace
,
member
.
RoleRef
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
}
...
...
@@ -1066,11 +910,7 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1091,18 +931,10 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r
return
}
err
=
h
.
am
.
Create
OrUpdate
NamespaceRoleBinding
(
member
.
Username
,
namespace
,
member
.
RoleRef
)
err
=
h
.
am
.
CreateNamespaceRoleBinding
(
member
.
Username
,
namespace
,
member
.
RoleRef
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1115,11 +947,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1127,11 +955,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1150,14 +974,10 @@ func (h *iamHandler) CreateClusterMembers(request *restful.Request, response *re
}
for
_
,
member
:=
range
members
{
err
:=
h
.
am
.
Create
OrUpdate
ClusterRoleBinding
(
member
.
Username
,
member
.
RoleRef
)
err
:=
h
.
am
.
CreateClusterRoleBinding
(
member
.
Username
,
member
.
RoleRef
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
}
...
...
@@ -1172,11 +992,7 @@ func (h *iamHandler) RemoveClusterMember(request *restful.Request, response *res
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1203,18 +1019,10 @@ func (h *iamHandler) UpdateClusterMember(request *restful.Request, response *res
return
}
err
=
h
.
am
.
Create
OrUpdate
ClusterRoleBinding
(
member
.
Username
,
member
.
RoleRef
)
err
=
h
.
am
.
CreateClusterRoleBinding
(
member
.
Username
,
member
.
RoleRef
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1266,11 +1074,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1278,11 +1082,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
handleError
(
request
,
response
,
err
)
return
}
...
...
@@ -1296,3 +1096,15 @@ func (h *iamHandler) resolveNamespace(namespace string, devops string) (string,
}
return
h
.
am
.
GetControlledNamespace
(
devops
)
}
func
handleError
(
request
*
restful
.
Request
,
response
*
restful
.
Response
,
err
error
)
{
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
}
else
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
}
else
if
errors
.
IsAlreadyExists
(
err
)
{
api
.
HandleConflict
(
response
,
request
,
err
)
}
else
{
api
.
HandleInternalError
(
response
,
request
,
err
)
}
}
pkg/kapis/tenant/v1alpha2/handler.go
浏览文件 @
bafeecfe
...
...
@@ -185,7 +185,6 @@ func (h *tenantHandler) UpdateWorkspace(request *restful.Request, response *rest
}
response
.
WriteEntity
(
updated
)
}
func
(
h
*
tenantHandler
)
DescribeWorkspace
(
request
*
restful
.
Request
,
response
*
restful
.
Response
)
{
...
...
@@ -310,3 +309,151 @@ func (h *tenantHandler) Auditing(req *restful.Request, resp *restful.Response) {
_
=
resp
.
WriteEntity
(
result
)
}
func
(
h
*
tenantHandler
)
DescribeNamespace
(
request
*
restful
.
Request
,
response
*
restful
.
Response
)
{
workspaceName
:=
request
.
PathParameter
(
"workspace"
)
namespaceName
:=
request
.
PathParameter
(
"namespace"
)
ns
,
err
:=
h
.
tenant
.
DescribeNamespace
(
workspaceName
,
namespaceName
)
if
err
!=
nil
{
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
return
}
response
.
WriteEntity
(
ns
)
}
func
(
h
*
tenantHandler
)
DeleteNamespace
(
request
*
restful
.
Request
,
response
*
restful
.
Response
)
{
workspaceName
:=
request
.
PathParameter
(
"workspace"
)
namespaceName
:=
request
.
PathParameter
(
"namespace"
)
err
:=
h
.
tenant
.
DeleteNamespace
(
workspaceName
,
namespaceName
)
if
err
!=
nil
{
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
return
}
response
.
WriteEntity
(
servererr
.
None
)
}
func
(
h
*
tenantHandler
)
UpdateNamespace
(
request
*
restful
.
Request
,
response
*
restful
.
Response
)
{
workspaceName
:=
request
.
PathParameter
(
"workspace"
)
namespaceName
:=
request
.
PathParameter
(
"namespace"
)
var
namespace
corev1
.
Namespace
err
:=
request
.
ReadEntity
(
&
namespace
)
if
err
!=
nil
{
klog
.
Error
(
err
)
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
if
namespaceName
!=
namespace
.
Name
{
err
:=
fmt
.
Errorf
(
"the name of the object (%s) does not match the name on the URL (%s)"
,
namespace
.
Name
,
namespaceName
)
klog
.
Errorf
(
"%+v"
,
err
)
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
updated
,
err
:=
h
.
tenant
.
UpdateNamespace
(
workspaceName
,
&
namespace
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
return
}
response
.
WriteEntity
(
updated
)
}
func
(
h
*
tenantHandler
)
PatchNamespace
(
request
*
restful
.
Request
,
response
*
restful
.
Response
)
{
workspaceName
:=
request
.
PathParameter
(
"workspace"
)
namespaceName
:=
request
.
PathParameter
(
"namespace"
)
var
namespace
corev1
.
Namespace
err
:=
request
.
ReadEntity
(
&
namespace
)
if
err
!=
nil
{
klog
.
Error
(
err
)
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
if
namespaceName
!=
namespace
.
Name
{
err
:=
fmt
.
Errorf
(
"the name of the object (%s) does not match the name on the URL (%s)"
,
namespace
.
Name
,
namespaceName
)
klog
.
Errorf
(
"%+v"
,
err
)
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
patched
,
err
:=
h
.
tenant
.
PatchNamespace
(
workspaceName
,
&
namespace
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
return
}
response
.
WriteEntity
(
patched
)
}
func
(
h
*
tenantHandler
)
PatchWorkspace
(
request
*
restful
.
Request
,
response
*
restful
.
Response
)
{
workspaceName
:=
request
.
PathParameter
(
"workspace"
)
var
workspace
tenantv1alpha2
.
WorkspaceTemplate
err
:=
request
.
ReadEntity
(
&
workspace
)
if
err
!=
nil
{
klog
.
Error
(
err
)
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
if
workspaceName
!=
workspace
.
Name
{
err
:=
fmt
.
Errorf
(
"the name of the object (%s) does not match the name on the URL (%s)"
,
workspace
.
Name
,
workspaceName
)
klog
.
Errorf
(
"%+v"
,
err
)
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
patched
,
err
:=
h
.
tenant
.
PatchWorkspace
(
&
workspace
)
if
err
!=
nil
{
klog
.
Error
(
err
)
if
errors
.
IsNotFound
(
err
)
{
api
.
HandleNotFound
(
response
,
request
,
err
)
return
}
if
errors
.
IsBadRequest
(
err
)
{
api
.
HandleBadRequest
(
response
,
request
,
err
)
return
}
api
.
HandleInternalError
(
response
,
request
,
err
)
return
}
response
.
WriteEntity
(
patched
)
}
pkg/kapis/tenant/v1alpha2/register.go
浏览文件 @
bafeecfe
...
...
@@ -46,6 +46,8 @@ const (
var
GroupVersion
=
schema
.
GroupVersion
{
Group
:
GroupName
,
Version
:
"v1alpha2"
}
func
AddToContainer
(
c
*
restful
.
Container
,
factory
informers
.
InformerFactory
,
k8sclient
kubernetes
.
Interface
,
ksclient
kubesphere
.
Interface
,
evtsClient
events
.
Client
,
loggingClient
logging
.
Interface
,
auditingclient
auditing
.
Client
)
error
{
mimePatch
:=
[]
string
{
restful
.
MIME_JSON
,
runtime
.
MimeMergePatchJson
,
runtime
.
MimeJsonPatchJson
}
ws
:=
runtime
.
NewWebService
(
GroupVersion
)
handler
:=
newTenantHandler
(
factory
,
k8sclient
,
ksclient
,
evtsClient
,
loggingClient
,
auditingclient
)
...
...
@@ -66,6 +68,13 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
tenantv1alpha2
.
WorkspaceTemplate
{})
.
Doc
(
"Update workspace."
)
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
PATCH
(
"/workspaces/{workspace}"
)
.
To
(
handler
.
PatchWorkspace
)
.
Consumes
(
mimePatch
...
)
.
Reads
(
tenantv1alpha2
.
WorkspaceTemplate
{})
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
tenantv1alpha2
.
WorkspaceTemplate
{})
.
Doc
(
"Update workspace."
)
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
GET
(
"/workspaces"
)
.
To
(
handler
.
ListWorkspaces
)
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
models
.
PageableResponse
{})
.
...
...
@@ -94,6 +103,18 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Doc
(
"List the namespaces of the specified workspace for the current user"
)
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
[]
corev1
.
Namespace
{})
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
GET
(
"/workspaces/{workspace}/namespaces/{namespace}"
)
.
To
(
handler
.
DescribeNamespace
)
.
Param
(
ws
.
PathParameter
(
"workspace"
,
"workspace name"
))
.
Doc
(
"Retrieve namespace details."
)
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
[]
corev1
.
Namespace
{})
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
DELETE
(
"/workspaces/{workspace}/namespaces/{namespace}"
)
.
To
(
handler
.
DeleteNamespace
)
.
Param
(
ws
.
PathParameter
(
"workspace"
,
"workspace name"
))
.
Doc
(
"Delete namespace."
)
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
errors
.
None
)
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
POST
(
"/workspaces/{workspace}/namespaces"
)
.
To
(
handler
.
CreateNamespace
)
.
Param
(
ws
.
PathParameter
(
"workspace"
,
"workspace name"
))
.
...
...
@@ -101,6 +122,19 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Reads
(
corev1
.
Namespace
{})
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
[]
corev1
.
Namespace
{})
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
PUT
(
"/workspaces/{workspace}/namespaces/{namespace}"
)
.
To
(
handler
.
UpdateNamespace
)
.
Param
(
ws
.
PathParameter
(
"workspace"
,
"workspace name"
))
.
Reads
(
corev1
.
Namespace
{})
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
[]
corev1
.
Namespace
{})
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
PATCH
(
"/workspaces/{workspace}/namespaces/{namespace}"
)
.
To
(
handler
.
PatchNamespace
)
.
Consumes
(
mimePatch
...
)
.
Param
(
ws
.
PathParameter
(
"workspace"
,
"workspace name"
))
.
Reads
(
corev1
.
Namespace
{})
.
Returns
(
http
.
StatusOK
,
api
.
StatusOK
,
[]
corev1
.
Namespace
{})
.
Metadata
(
restfulspec
.
KeyOpenAPITags
,
[]
string
{
constants
.
TenantResourcesTag
}))
ws
.
Route
(
ws
.
GET
(
"/events"
)
.
To
(
handler
.
Events
)
.
...
...
pkg/models/iam/am/am.go
浏览文件 @
bafeecfe
...
...
@@ -44,16 +44,14 @@ type AccessManagementInterface interface {
ListClusterRoles
(
query
*
query
.
Query
)
(
*
api
.
ListResult
,
error
)
ListWorkspaceRoles
(
query
*
query
.
Query
)
(
*
api
.
ListResult
,
error
)
ListGlobalRoles
(
query
*
query
.
Query
)
(
*
api
.
ListResult
,
error
)
ListGlobalRoleBindings
(
username
string
)
([]
*
iamv1alpha2
.
GlobalRoleBinding
,
error
)
ListClusterRoleBindings
(
username
string
)
([]
*
rbacv1
.
ClusterRoleBinding
,
error
)
ListWorkspaceRoleBindings
(
username
,
workspace
string
)
([]
*
iamv1alpha2
.
WorkspaceRoleBinding
,
error
)
ListRoleBindings
(
username
,
namespace
string
)
([]
*
rbacv1
.
RoleBinding
,
error
)
GetRoleReferenceRules
(
roleRef
rbacv1
.
RoleRef
,
namespace
string
)
(
string
,
[]
rbacv1
.
PolicyRule
,
error
)
GetGlobalRole
(
globalRole
string
)
(
*
iamv1alpha2
.
GlobalRole
,
error
)
GetWorkspaceRole
(
workspace
string
,
name
string
)
(
*
iamv1alpha2
.
WorkspaceRole
,
error
)
Create
OrUpdate
GlobalRoleBinding
(
username
string
,
globalRole
string
)
error
CreateGlobalRoleBinding
(
username
string
,
globalRole
string
)
error
CreateOrUpdateWorkspaceRole
(
workspace
string
,
workspaceRole
*
iamv1alpha2
.
WorkspaceRole
)
(
*
iamv1alpha2
.
WorkspaceRole
,
error
)
CreateOrUpdateGlobalRole
(
globalRole
*
iamv1alpha2
.
GlobalRole
)
(
*
iamv1alpha2
.
GlobalRole
,
error
)
DeleteWorkspaceRole
(
workspace
string
,
name
string
)
error
...
...
@@ -64,11 +62,11 @@ type AccessManagementInterface interface {
GetNamespaceRole
(
namespace
string
,
name
string
)
(
*
rbacv1
.
Role
,
error
)
CreateOrUpdateNamespaceRole
(
namespace
string
,
role
*
rbacv1
.
Role
)
(
*
rbacv1
.
Role
,
error
)
DeleteNamespaceRole
(
namespace
string
,
name
string
)
error
Create
OrUpdate
WorkspaceRoleBinding
(
username
string
,
workspace
string
,
role
string
)
error
CreateWorkspaceRoleBinding
(
username
string
,
workspace
string
,
role
string
)
error
RemoveUserFromWorkspace
(
username
string
,
workspace
string
)
error
Create
OrUpdate
NamespaceRoleBinding
(
username
string
,
namespace
string
,
role
string
)
error
CreateNamespaceRoleBinding
(
username
string
,
namespace
string
,
role
string
)
error
RemoveUserFromNamespace
(
username
string
,
namespace
string
)
error
Create
OrUpdate
ClusterRoleBinding
(
username
string
,
role
string
)
error
CreateClusterRoleBinding
(
username
string
,
role
string
)
error
RemoveUserFromCluster
(
username
string
)
error
GetControlledNamespace
(
devops
string
)
(
string
,
error
)
GetControlledWorkspace
(
namespace
string
)
(
string
,
error
)
...
...
@@ -371,7 +369,7 @@ func (am *amOperator) GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole,
return
obj
.
(
*
iamv1alpha2
.
GlobalRole
),
nil
}
func
(
am
*
amOperator
)
Create
OrUpdate
GlobalRoleBinding
(
username
string
,
globalRole
string
)
error
{
func
(
am
*
amOperator
)
CreateGlobalRoleBinding
(
username
string
,
globalRole
string
)
error
{
_
,
err
:=
am
.
GetGlobalRole
(
globalRole
)
...
...
@@ -428,11 +426,9 @@ func (am *amOperator) CreateOrUpdateGlobalRoleBinding(username string, globalRol
}
func
(
am
*
amOperator
)
CreateOrUpdateWorkspaceRole
(
workspace
string
,
workspaceRole
*
iamv1alpha2
.
WorkspaceRole
)
(
*
iamv1alpha2
.
WorkspaceRole
,
error
)
{
if
workspaceRole
.
Labels
==
nil
{
workspaceRole
.
Labels
=
make
(
map
[
string
]
string
,
0
)
}
workspaceRole
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
]
=
workspace
workspaceRole
.
Rules
=
make
([]
rbacv1
.
PolicyRule
,
0
)
...
...
@@ -452,15 +448,10 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol
}
}
old
,
err
:=
am
.
GetWorkspaceRole
(
""
,
workspaceRole
.
Name
)
if
err
!=
nil
&&
!
errors
.
IsNotFound
(
err
)
{
klog
.
Error
(
err
)
return
nil
,
err
}
var
created
*
iamv1alpha2
.
WorkspaceRole
if
old
!=
nil
{
var
err
error
if
workspaceRole
.
ResourceVersion
!=
""
{
created
,
err
=
am
.
ksclient
.
IamV1alpha2
()
.
WorkspaceRoles
()
.
Update
(
workspaceRole
)
}
else
{
created
,
err
=
am
.
ksclient
.
IamV1alpha2
()
.
WorkspaceRoles
()
.
Create
(
workspaceRole
)
...
...
@@ -469,7 +460,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol
return
created
,
err
}
func
(
am
*
amOperator
)
Create
OrUpdate
WorkspaceRoleBinding
(
username
string
,
workspace
string
,
role
string
)
error
{
func
(
am
*
amOperator
)
CreateWorkspaceRoleBinding
(
username
string
,
workspace
string
,
role
string
)
error
{
_
,
err
:=
am
.
GetWorkspaceRole
(
workspace
,
role
)
...
...
@@ -526,7 +517,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRoleBinding(username string, worksp
return
nil
}
func
(
am
*
amOperator
)
Create
OrUpdate
ClusterRoleBinding
(
username
string
,
role
string
)
error
{
func
(
am
*
amOperator
)
CreateClusterRoleBinding
(
username
string
,
role
string
)
error
{
_
,
err
:=
am
.
GetClusterRole
(
role
)
...
...
@@ -582,7 +573,7 @@ func (am *amOperator) CreateOrUpdateClusterRoleBinding(username string, role str
return
nil
}
func
(
am
*
amOperator
)
Create
OrUpdate
NamespaceRoleBinding
(
username
string
,
namespace
string
,
role
string
)
error
{
func
(
am
*
amOperator
)
CreateNamespaceRoleBinding
(
username
string
,
namespace
string
,
role
string
)
error
{
_
,
err
:=
am
.
GetNamespaceRole
(
namespace
,
role
)
...
...
@@ -727,15 +718,10 @@ func (am *amOperator) CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRol
}
}
old
,
err
:=
am
.
GetGlobalRole
(
globalRole
.
Name
)
if
err
!=
nil
&&
!
errors
.
IsNotFound
(
err
)
{
klog
.
Error
(
err
)
return
nil
,
err
}
var
created
*
iamv1alpha2
.
GlobalRole
if
old
!=
nil
{
var
err
error
if
globalRole
.
ResourceVersion
!=
""
{
created
,
err
=
am
.
ksclient
.
IamV1alpha2
()
.
GlobalRoles
()
.
Update
(
globalRole
)
}
else
{
created
,
err
=
am
.
ksclient
.
IamV1alpha2
()
.
GlobalRoles
()
.
Create
(
globalRole
)
...
...
@@ -763,16 +749,9 @@ func (am *amOperator) CreateOrUpdateClusterRole(clusterRole *rbacv1.ClusterRole)
clusterRole
.
Rules
=
append
(
clusterRole
.
Rules
,
role
.
Rules
...
)
}
}
old
,
err
:=
am
.
GetClusterRole
(
clusterRole
.
Name
)
if
err
!=
nil
&&
!
errors
.
IsNotFound
(
err
)
{
klog
.
Error
(
err
)
return
nil
,
err
}
var
created
*
rbacv1
.
ClusterRole
if
old
!=
nil
{
var
err
error
if
clusterRole
.
ResourceVersion
!=
""
{
created
,
err
=
am
.
k8sclient
.
RbacV1
()
.
ClusterRoles
()
.
Update
(
clusterRole
)
}
else
{
created
,
err
=
am
.
k8sclient
.
RbacV1
()
.
ClusterRoles
()
.
Create
(
clusterRole
)
...
...
@@ -801,16 +780,9 @@ func (am *amOperator) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1
role
.
Rules
=
append
(
role
.
Rules
,
role
.
Rules
...
)
}
}
old
,
err
:=
am
.
GetNamespaceRole
(
namespace
,
role
.
Name
)
if
err
!=
nil
&&
!
errors
.
IsNotFound
(
err
)
{
klog
.
Error
(
err
)
return
nil
,
err
}
var
created
*
rbacv1
.
Role
if
old
!=
nil
{
var
err
error
if
role
.
ResourceVersion
!=
""
{
created
,
err
=
am
.
k8sclient
.
RbacV1
()
.
Roles
(
namespace
)
.
Update
(
role
)
}
else
{
created
,
err
=
am
.
k8sclient
.
RbacV1
()
.
Roles
(
namespace
)
.
Create
(
role
)
...
...
pkg/models/tenant/tenant.go
浏览文件 @
bafeecfe
...
...
@@ -17,12 +17,14 @@ limitations under the License.
package
tenant
import
(
"encoding/json"
"fmt"
"io"
corev1
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1
"k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/client-go/kubernetes"
"k8s.io/klog"
...
...
@@ -36,6 +38,7 @@ import (
"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizer"
"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizerfactory"
"kubesphere.io/kubesphere/pkg/apiserver/query"
"kubesphere.io/kubesphere/pkg/apiserver/request"
kubesphere
"kubesphere.io/kubesphere/pkg/client/clientset/versioned"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models/auditing"
...
...
@@ -61,11 +64,15 @@ type Interface interface {
UpdateWorkspace
(
workspace
*
tenantv1alpha2
.
WorkspaceTemplate
)
(
*
tenantv1alpha2
.
WorkspaceTemplate
,
error
)
DescribeWorkspace
(
workspace
string
)
(
*
tenantv1alpha2
.
WorkspaceTemplate
,
error
)
ListWorkspaceClusters
(
workspace
string
)
(
*
api
.
ListResult
,
error
)
Events
(
user
user
.
Info
,
queryParam
*
eventsv1alpha1
.
Query
)
(
*
eventsv1alpha1
.
APIResponse
,
error
)
QueryLogs
(
user
user
.
Info
,
query
*
loggingv1alpha2
.
Query
)
(
*
loggingv1alpha2
.
APIResponse
,
error
)
ExportLogs
(
user
user
.
Info
,
query
*
loggingv1alpha2
.
Query
,
writer
io
.
Writer
)
error
Auditing
(
user
user
.
Info
,
queryParam
*
auditingv1alpha1
.
Query
)
(
*
auditingv1alpha1
.
APIResponse
,
error
)
DescribeNamespace
(
workspace
,
namespace
string
)
(
*
corev1
.
Namespace
,
error
)
DeleteNamespace
(
workspace
,
namespace
string
)
error
UpdateNamespace
(
workspace
string
,
namespace
*
corev1
.
Namespace
)
(
*
corev1
.
Namespace
,
error
)
PatchNamespace
(
workspace
string
,
namespace
*
corev1
.
Namespace
)
(
*
corev1
.
Namespace
,
error
)
PatchWorkspace
(
workspace
*
tenantv1alpha2
.
WorkspaceTemplate
)
(
*
tenantv1alpha2
.
WorkspaceTemplate
,
error
)
}
type
tenantOperator
struct
{
...
...
@@ -99,10 +106,10 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
listWS
:=
authorizer
.
AttributesRecord
{
User
:
user
,
Verb
:
"list"
,
APIGroup
:
"tenant.kubesphere.io"
,
APIVersion
:
"v1alpha2"
,
APIGroup
:
"*"
,
Resource
:
"workspaces"
,
ResourceRequest
:
true
,
ResourceScope
:
request
.
GlobalScope
,
}
decision
,
_
,
err
:=
t
.
authorizer
.
Authorize
(
listWS
)
...
...
@@ -154,9 +161,9 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
}
result
:=
resources
.
DefaultList
(
workspaces
,
queryParam
,
func
(
left
runtime
.
Object
,
right
runtime
.
Object
,
field
query
.
Field
)
bool
{
return
resources
.
DefaultObjectMetaCompare
(
left
.
(
*
tenantv1alpha
1
.
Workspace
)
.
ObjectMeta
,
right
.
(
*
tenantv1alpha1
.
Workspac
e
)
.
ObjectMeta
,
field
)
return
resources
.
DefaultObjectMetaCompare
(
left
.
(
*
tenantv1alpha
2
.
WorkspaceTemplate
)
.
ObjectMeta
,
right
.
(
*
tenantv1alpha2
.
WorkspaceTemplat
e
)
.
ObjectMeta
,
field
)
},
func
(
workspace
runtime
.
Object
,
filter
query
.
Filter
)
bool
{
return
resources
.
DefaultObjectMetaFilter
(
workspace
.
(
*
tenantv1alpha
1
.
Workspac
e
)
.
ObjectMeta
,
filter
)
return
resources
.
DefaultObjectMetaFilter
(
workspace
.
(
*
tenantv1alpha
2
.
WorkspaceTemplat
e
)
.
ObjectMeta
,
filter
)
})
return
result
,
nil
...
...
@@ -167,11 +174,10 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
listNSInWS
:=
authorizer
.
AttributesRecord
{
User
:
user
,
Verb
:
"list"
,
APIGroup
:
""
,
APIVersion
:
"v1"
,
Workspace
:
workspace
,
Resource
:
"namespaces"
,
ResourceRequest
:
true
,
ResourceScope
:
request
.
WorkspaceScope
,
}
decision
,
_
,
err
:=
t
.
authorizer
.
Authorize
(
listNSInWS
)
...
...
@@ -238,20 +244,78 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
}
func
(
t
*
tenantOperator
)
CreateNamespace
(
workspace
string
,
namespace
*
corev1
.
Namespace
)
(
*
corev1
.
Namespace
,
error
)
{
_
,
err
:=
t
.
resourceGetter
.
Get
(
tenantv1alpha1
.
ResourcePluralWorkspace
,
""
,
workspace
)
if
err
!=
nil
{
return
nil
,
err
}
namespace
=
appendWorkspaceLabel
(
namespace
,
workspace
)
return
t
.
k8sclient
.
CoreV1
()
.
Namespaces
()
.
Create
(
namespace
)
}
func
appendWorkspaceLabel
(
namespace
*
corev1
.
Namespace
,
workspace
string
)
*
corev1
.
Namespace
{
if
namespace
.
Labels
==
nil
{
namespace
.
Labels
=
make
(
map
[
string
]
string
,
0
)
}
namespace
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
]
=
workspace
return
namespace
}
func
(
t
*
tenantOperator
)
DescribeNamespace
(
workspace
,
namespace
string
)
(
*
corev1
.
Namespace
,
error
)
{
obj
,
err
:=
t
.
resourceGetter
.
Get
(
"namespaces"
,
""
,
namespace
)
if
err
!=
nil
{
return
nil
,
err
}
ns
:=
obj
.
(
*
corev1
.
Namespace
)
if
ns
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
]
!=
workspace
{
err
:=
errors
.
NewNotFound
(
corev1
.
Resource
(
"namespace"
),
namespace
)
klog
.
Error
(
err
)
return
nil
,
err
}
return
ns
,
nil
}
if
namespace
.
Annotations
==
nil
{
namespace
.
Annotations
=
make
(
map
[
string
]
string
,
0
)
func
(
t
*
tenantOperator
)
DeleteNamespace
(
workspace
,
namespace
string
)
error
{
_
,
err
:=
t
.
DescribeNamespace
(
workspace
,
namespace
)
if
err
!=
nil
{
return
err
}
return
t
.
k8sclient
.
CoreV1
()
.
Namespaces
()
.
Delete
(
namespace
,
metav1
.
NewDeleteOptions
(
0
))
}
namespace
.
Annotations
[
tenantv1alpha1
.
WorkspaceLabel
]
=
workspace
func
(
t
*
tenantOperator
)
UpdateNamespace
(
workspace
string
,
namespace
*
corev1
.
Namespace
)
(
*
corev1
.
Namespace
,
error
)
{
_
,
err
:=
t
.
DescribeNamespace
(
workspace
,
namespace
.
Namespace
)
if
err
!=
nil
{
return
nil
,
err
}
namespace
=
appendWorkspaceLabel
(
namespace
,
workspace
)
return
t
.
k8sclient
.
CoreV1
()
.
Namespaces
()
.
Update
(
namespace
)
}
return
t
.
k8sclient
.
CoreV1
()
.
Namespaces
()
.
Create
(
namespace
)
func
(
t
*
tenantOperator
)
PatchNamespace
(
workspace
string
,
namespace
*
corev1
.
Namespace
)
(
*
corev1
.
Namespace
,
error
)
{
_
,
err
:=
t
.
DescribeNamespace
(
workspace
,
namespace
.
Name
)
if
err
!=
nil
{
return
nil
,
err
}
if
namespace
.
Labels
!=
nil
{
namespace
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
]
=
workspace
}
data
,
err
:=
json
.
Marshal
(
namespace
)
if
err
!=
nil
{
return
nil
,
err
}
return
t
.
k8sclient
.
CoreV1
()
.
Namespaces
()
.
Patch
(
namespace
.
Name
,
types
.
MergePatchType
,
data
)
}
func
(
t
*
tenantOperator
)
PatchWorkspace
(
workspace
*
tenantv1alpha2
.
WorkspaceTemplate
)
(
*
tenantv1alpha2
.
WorkspaceTemplate
,
error
)
{
_
,
err
:=
t
.
DescribeWorkspace
(
workspace
.
Name
)
if
err
!=
nil
{
return
nil
,
err
}
data
,
err
:=
json
.
Marshal
(
workspace
)
if
err
!=
nil
{
return
nil
,
err
}
return
t
.
ksclient
.
TenantV1alpha2
()
.
WorkspaceTemplates
()
.
Patch
(
workspace
.
Name
,
types
.
MergePatchType
,
data
)
}
func
(
t
*
tenantOperator
)
CreateWorkspace
(
workspace
*
tenantv1alpha2
.
WorkspaceTemplate
)
(
*
tenantv1alpha2
.
WorkspaceTemplate
,
error
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录