diff --git a/pkg/kapis/iam/v1alpha2/handler.go b/pkg/kapis/iam/v1alpha2/handler.go index 9711cd22092bc4ff474f03bd4435763d94c7c550..3238aa4cdb335e8e410baf4e68b7e8f155a45854 100644 --- a/pkg/kapis/iam/v1alpha2/handler.go +++ b/pkg/kapis/iam/v1alpha2/handler.go @@ -156,11 +156,6 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo namespace, err := h.resolveNamespace(request.PathParameter("namespace"), request.PathParameter("devops")) if err != nil { - // if role binding not exist return empty list - if errors.IsNotFound(err) { - response.WriteEntity([]interface{}{}) - return - } api.HandleInternalError(response, request, err) return } @@ -168,6 +163,11 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo role, err := h.am.GetNamespaceRoleOfUser(username, namespace) if err != nil { + // if role binding not exist return empty list + if errors.IsNotFound(err) { + response.WriteEntity([]interface{}{}) + return + } api.HandleInternalError(response, request, err) return } @@ -208,13 +208,11 @@ func (h *iamHandler) ListUsers(request *restful.Request, response *restful.Respo } if globalRole != nil { - if user.Annotations == nil { user.Annotations = make(map[string]string, 0) } user.Annotations[iamv1alpha2.GlobalRoleAnnotation] = globalRole.Name } - result.Items[i] = user } response.WriteEntity(result) @@ -226,11 +224,7 @@ func (h *iamHandler) ListRoles(request *restful.Request, response *restful.Respo if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -269,11 +263,7 @@ func (h *iamHandler) ListNamespaceMembers(request *restful.Request, response *re if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -295,11 +285,7 @@ func (h *iamHandler) DescribeNamespaceMember(request *restful.Request, response if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -408,15 +394,7 @@ func (h *iamHandler) UpdateWorkspaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -440,11 +418,7 @@ func (h *iamHandler) CreateWorkspaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -459,11 +433,7 @@ func (h *iamHandler) DeleteWorkspaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -486,40 +456,22 @@ func (h *iamHandler) CreateUser(request *restful.Request, response *restful.Resp if globalRole != "" { if _, err = h.am.GetGlobalRole(globalRole); err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } } created, err := h.im.CreateUser(&user) - if err != nil { klog.Error(err) - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - if errors.IsAlreadyExists(err) { - api.HandleConflict(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } if globalRole != "" { - if err := h.am.CreateOrUpdateGlobalRoleBinding(user.Name, globalRole); err != nil { - - if errors.IsNotFound(err) { - api.HandleBadRequest(response, request, err) - return - } - - api.HandleInternalError(response, request, err) + if err := h.am.CreateGlobalRoleBinding(user.Name, globalRole); err != nil { + klog.Error(err) + handleError(request, response, err) return } } @@ -554,29 +506,16 @@ func (h *iamHandler) UpdateUser(request *restful.Request, response *restful.Resp delete(user.Annotations, iamv1alpha2.GlobalRoleAnnotation) updated, err := h.im.UpdateUser(&user) - if err != nil { - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + klog.Error(err) + handleError(request, response, err) return } if globalRole != "" { - if err := h.am.CreateOrUpdateGlobalRoleBinding(user.Name, globalRole); err != nil { - - if errors.IsNotFound(err) { - api.HandleBadRequest(response, request, err) - return - } - - api.HandleInternalError(response, request, err) + if err := h.am.CreateGlobalRoleBinding(user.Name, globalRole); err != nil { + klog.Error(err) + handleError(request, response, err) return } } @@ -591,11 +530,8 @@ func (h *iamHandler) DeleteUser(request *restful.Request, response *restful.Resp if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) + return } response.WriteEntity(servererr.None) @@ -617,11 +553,7 @@ func (h *iamHandler) CreateGlobalRole(request *restful.Request, response *restfu if err != nil { klog.Error(err) - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -635,11 +567,7 @@ func (h *iamHandler) DeleteGlobalRole(request *restful.Request, response *restfu if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -670,11 +598,7 @@ func (h *iamHandler) UpdateGlobalRole(request *restful.Request, response *restfu if err != nil { klog.Error(err) - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -686,11 +610,7 @@ func (h *iamHandler) DescribeGlobalRole(request *restful.Request, response *rest globalRole, err := h.am.GetGlobalRole(globalRoleName) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -712,11 +632,7 @@ func (h *iamHandler) CreateClusterRole(request *restful.Request, response *restf if err != nil { klog.Error(err) - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -730,11 +646,7 @@ func (h *iamHandler) DeleteClusterRole(request *restful.Request, response *restf if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -765,15 +677,7 @@ func (h *iamHandler) UpdateClusterRole(request *restful.Request, response *restf if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -785,11 +689,7 @@ func (h *iamHandler) DescribeClusterRole(request *restful.Request, response *res clusterRole, err := h.am.GetClusterRole(clusterRoleName) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -802,11 +702,7 @@ func (h *iamHandler) DescribeWorkspaceRole(request *restful.Request, response *r workspaceRole, err := h.am.GetWorkspaceRole(workspace, workspaceRoleName) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -819,11 +715,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -841,11 +733,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -859,11 +747,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -871,11 +755,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -889,11 +769,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -918,15 +794,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -947,14 +815,10 @@ func (h *iamHandler) CreateWorkspaceMembers(request *restful.Request, response * } for _, member := range members { - err := h.am.CreateOrUpdateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef) + err := h.am.CreateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } } @@ -970,11 +834,7 @@ func (h *iamHandler) RemoveWorkspaceMember(request *restful.Request, response *r if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1002,18 +862,10 @@ func (h *iamHandler) UpdateWorkspaceMember(request *restful.Request, response *r return } - err = h.am.CreateOrUpdateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef) + err = h.am.CreateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1026,11 +878,7 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response * if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1045,14 +893,10 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response * } for _, member := range members { - err := h.am.CreateOrUpdateNamespaceRoleBinding(member.Username, namespace, member.RoleRef) + err := h.am.CreateNamespaceRoleBinding(member.Username, namespace, member.RoleRef) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } } @@ -1066,11 +910,7 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1091,18 +931,10 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r return } - err = h.am.CreateOrUpdateNamespaceRoleBinding(member.Username, namespace, member.RoleRef) + err = h.am.CreateNamespaceRoleBinding(member.Username, namespace, member.RoleRef) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1115,11 +947,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1127,11 +955,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1150,14 +974,10 @@ func (h *iamHandler) CreateClusterMembers(request *restful.Request, response *re } for _, member := range members { - err := h.am.CreateOrUpdateClusterRoleBinding(member.Username, member.RoleRef) + err := h.am.CreateClusterRoleBinding(member.Username, member.RoleRef) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } } @@ -1172,11 +992,7 @@ func (h *iamHandler) RemoveClusterMember(request *restful.Request, response *res if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1203,18 +1019,10 @@ func (h *iamHandler) UpdateClusterMember(request *restful.Request, response *res return } - err = h.am.CreateOrUpdateClusterRoleBinding(member.Username, member.RoleRef) + err = h.am.CreateClusterRoleBinding(member.Username, member.RoleRef) if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - if errors.IsBadRequest(err) { - api.HandleBadRequest(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1266,11 +1074,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1278,11 +1082,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r if err != nil { klog.Error(err) - if errors.IsNotFound(err) { - api.HandleNotFound(response, request, err) - return - } - api.HandleInternalError(response, request, err) + handleError(request, response, err) return } @@ -1296,3 +1096,15 @@ func (h *iamHandler) resolveNamespace(namespace string, devops string) (string, } return h.am.GetControlledNamespace(devops) } + +func handleError(request *restful.Request, response *restful.Response, err error) { + if errors.IsBadRequest(err) { + api.HandleBadRequest(response, request, err) + } else if errors.IsNotFound(err) { + api.HandleNotFound(response, request, err) + } else if errors.IsAlreadyExists(err) { + api.HandleConflict(response, request, err) + } else { + api.HandleInternalError(response, request, err) + } +} diff --git a/pkg/kapis/tenant/v1alpha2/handler.go b/pkg/kapis/tenant/v1alpha2/handler.go index 927639055ad42993a7e0989174f26d56b003fcf8..45c5183fbac20534bba4256a9c78a047fd4abab8 100644 --- a/pkg/kapis/tenant/v1alpha2/handler.go +++ b/pkg/kapis/tenant/v1alpha2/handler.go @@ -185,7 +185,6 @@ func (h *tenantHandler) UpdateWorkspace(request *restful.Request, response *rest } response.WriteEntity(updated) - } func (h *tenantHandler) DescribeWorkspace(request *restful.Request, response *restful.Response) { @@ -310,3 +309,151 @@ func (h *tenantHandler) Auditing(req *restful.Request, resp *restful.Response) { _ = resp.WriteEntity(result) } + +func (h *tenantHandler) DescribeNamespace(request *restful.Request, response *restful.Response) { + workspaceName := request.PathParameter("workspace") + namespaceName := request.PathParameter("namespace") + ns, err := h.tenant.DescribeNamespace(workspaceName, namespaceName) + + if err != nil { + if errors.IsNotFound(err) { + api.HandleNotFound(response, request, err) + return + } + api.HandleInternalError(response, request, err) + return + } + + response.WriteEntity(ns) +} + +func (h *tenantHandler) DeleteNamespace(request *restful.Request, response *restful.Response) { + workspaceName := request.PathParameter("workspace") + namespaceName := request.PathParameter("namespace") + + err := h.tenant.DeleteNamespace(workspaceName, namespaceName) + + if err != nil { + if errors.IsNotFound(err) { + api.HandleNotFound(response, request, err) + return + } + api.HandleInternalError(response, request, err) + return + } + + response.WriteEntity(servererr.None) +} + +func (h *tenantHandler) UpdateNamespace(request *restful.Request, response *restful.Response) { + workspaceName := request.PathParameter("workspace") + namespaceName := request.PathParameter("namespace") + + var namespace corev1.Namespace + err := request.ReadEntity(&namespace) + if err != nil { + klog.Error(err) + api.HandleBadRequest(response, request, err) + return + } + + if namespaceName != namespace.Name { + err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", namespace.Name, namespaceName) + klog.Errorf("%+v", err) + api.HandleBadRequest(response, request, err) + return + } + + updated, err := h.tenant.UpdateNamespace(workspaceName, &namespace) + + if err != nil { + klog.Error(err) + if errors.IsNotFound(err) { + api.HandleNotFound(response, request, err) + return + } + if errors.IsBadRequest(err) { + api.HandleBadRequest(response, request, err) + return + } + api.HandleInternalError(response, request, err) + return + } + + response.WriteEntity(updated) +} + +func (h *tenantHandler) PatchNamespace(request *restful.Request, response *restful.Response) { + workspaceName := request.PathParameter("workspace") + namespaceName := request.PathParameter("namespace") + + var namespace corev1.Namespace + err := request.ReadEntity(&namespace) + if err != nil { + klog.Error(err) + api.HandleBadRequest(response, request, err) + return + } + + if namespaceName != namespace.Name { + err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", namespace.Name, namespaceName) + klog.Errorf("%+v", err) + api.HandleBadRequest(response, request, err) + return + } + + patched, err := h.tenant.PatchNamespace(workspaceName, &namespace) + + if err != nil { + klog.Error(err) + if errors.IsNotFound(err) { + api.HandleNotFound(response, request, err) + return + } + if errors.IsBadRequest(err) { + api.HandleBadRequest(response, request, err) + return + } + api.HandleInternalError(response, request, err) + return + } + + response.WriteEntity(patched) +} + +func (h *tenantHandler) PatchWorkspace(request *restful.Request, response *restful.Response) { + workspaceName := request.PathParameter("workspace") + + var workspace tenantv1alpha2.WorkspaceTemplate + err := request.ReadEntity(&workspace) + if err != nil { + klog.Error(err) + api.HandleBadRequest(response, request, err) + return + } + + if workspaceName != workspace.Name { + err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", workspace.Name, workspaceName) + klog.Errorf("%+v", err) + api.HandleBadRequest(response, request, err) + return + } + + patched, err := h.tenant.PatchWorkspace(&workspace) + + if err != nil { + klog.Error(err) + if errors.IsNotFound(err) { + api.HandleNotFound(response, request, err) + return + } + if errors.IsBadRequest(err) { + api.HandleBadRequest(response, request, err) + return + } + api.HandleInternalError(response, request, err) + return + } + + response.WriteEntity(patched) +} diff --git a/pkg/kapis/tenant/v1alpha2/register.go b/pkg/kapis/tenant/v1alpha2/register.go index e9d100d60a04774dd432745ad0276a5f9f4189dc..48ab479ce5af4378aa18b1a28bdce65eb94aa5b6 100644 --- a/pkg/kapis/tenant/v1alpha2/register.go +++ b/pkg/kapis/tenant/v1alpha2/register.go @@ -46,6 +46,8 @@ const ( var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"} func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8sclient kubernetes.Interface, ksclient kubesphere.Interface, evtsClient events.Client, loggingClient logging.Interface, auditingclient auditing.Client) error { + mimePatch := []string{restful.MIME_JSON, runtime.MimeMergePatchJson, runtime.MimeJsonPatchJson} + ws := runtime.NewWebService(GroupVersion) handler := newTenantHandler(factory, k8sclient, ksclient, evtsClient, loggingClient, auditingclient) @@ -66,6 +68,13 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s Returns(http.StatusOK, api.StatusOK, tenantv1alpha2.WorkspaceTemplate{}). Doc("Update workspace."). Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) + ws.Route(ws.PATCH("/workspaces/{workspace}"). + To(handler.PatchWorkspace). + Consumes(mimePatch...). + Reads(tenantv1alpha2.WorkspaceTemplate{}). + Returns(http.StatusOK, api.StatusOK, tenantv1alpha2.WorkspaceTemplate{}). + Doc("Update workspace."). + Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) ws.Route(ws.GET("/workspaces"). To(handler.ListWorkspaces). Returns(http.StatusOK, api.StatusOK, models.PageableResponse{}). @@ -94,6 +103,18 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s Doc("List the namespaces of the specified workspace for the current user"). Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) + ws.Route(ws.GET("/workspaces/{workspace}/namespaces/{namespace}"). + To(handler.DescribeNamespace). + Param(ws.PathParameter("workspace", "workspace name")). + Doc("Retrieve namespace details."). + Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}). + Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) + ws.Route(ws.DELETE("/workspaces/{workspace}/namespaces/{namespace}"). + To(handler.DeleteNamespace). + Param(ws.PathParameter("workspace", "workspace name")). + Doc("Delete namespace."). + Returns(http.StatusOK, api.StatusOK, errors.None). + Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) ws.Route(ws.POST("/workspaces/{workspace}/namespaces"). To(handler.CreateNamespace). Param(ws.PathParameter("workspace", "workspace name")). @@ -101,6 +122,19 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s Reads(corev1.Namespace{}). Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}). Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) + ws.Route(ws.PUT("/workspaces/{workspace}/namespaces/{namespace}"). + To(handler.UpdateNamespace). + Param(ws.PathParameter("workspace", "workspace name")). + Reads(corev1.Namespace{}). + Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}). + Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) + ws.Route(ws.PATCH("/workspaces/{workspace}/namespaces/{namespace}"). + To(handler.PatchNamespace). + Consumes(mimePatch...). + Param(ws.PathParameter("workspace", "workspace name")). + Reads(corev1.Namespace{}). + Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}). + Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) ws.Route(ws.GET("/events"). To(handler.Events). diff --git a/pkg/models/iam/am/am.go b/pkg/models/iam/am/am.go index 1d22f211baeb84972b982c1e97d6290a46207fdd..517b2806a0b1d5434f07afc9ccfab22c5d650ca0 100644 --- a/pkg/models/iam/am/am.go +++ b/pkg/models/iam/am/am.go @@ -44,16 +44,14 @@ type AccessManagementInterface interface { ListClusterRoles(query *query.Query) (*api.ListResult, error) ListWorkspaceRoles(query *query.Query) (*api.ListResult, error) ListGlobalRoles(query *query.Query) (*api.ListResult, error) - ListGlobalRoleBindings(username string) ([]*iamv1alpha2.GlobalRoleBinding, error) ListClusterRoleBindings(username string) ([]*rbacv1.ClusterRoleBinding, error) ListWorkspaceRoleBindings(username, workspace string) ([]*iamv1alpha2.WorkspaceRoleBinding, error) ListRoleBindings(username, namespace string) ([]*rbacv1.RoleBinding, error) - GetRoleReferenceRules(roleRef rbacv1.RoleRef, namespace string) (string, []rbacv1.PolicyRule, error) GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole, error) GetWorkspaceRole(workspace string, name string) (*iamv1alpha2.WorkspaceRole, error) - CreateOrUpdateGlobalRoleBinding(username string, globalRole string) error + CreateGlobalRoleBinding(username string, globalRole string) error CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error) CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRole) (*iamv1alpha2.GlobalRole, error) DeleteWorkspaceRole(workspace string, name string) error @@ -64,11 +62,11 @@ type AccessManagementInterface interface { GetNamespaceRole(namespace string, name string) (*rbacv1.Role, error) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1.Role) (*rbacv1.Role, error) DeleteNamespaceRole(namespace string, name string) error - CreateOrUpdateWorkspaceRoleBinding(username string, workspace string, role string) error + CreateWorkspaceRoleBinding(username string, workspace string, role string) error RemoveUserFromWorkspace(username string, workspace string) error - CreateOrUpdateNamespaceRoleBinding(username string, namespace string, role string) error + CreateNamespaceRoleBinding(username string, namespace string, role string) error RemoveUserFromNamespace(username string, namespace string) error - CreateOrUpdateClusterRoleBinding(username string, role string) error + CreateClusterRoleBinding(username string, role string) error RemoveUserFromCluster(username string) error GetControlledNamespace(devops string) (string, error) GetControlledWorkspace(namespace string) (string, error) @@ -371,7 +369,7 @@ func (am *amOperator) GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole, return obj.(*iamv1alpha2.GlobalRole), nil } -func (am *amOperator) CreateOrUpdateGlobalRoleBinding(username string, globalRole string) error { +func (am *amOperator) CreateGlobalRoleBinding(username string, globalRole string) error { _, err := am.GetGlobalRole(globalRole) @@ -428,11 +426,9 @@ func (am *amOperator) CreateOrUpdateGlobalRoleBinding(username string, globalRol } func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error) { - if workspaceRole.Labels == nil { workspaceRole.Labels = make(map[string]string, 0) } - workspaceRole.Labels[tenantv1alpha1.WorkspaceLabel] = workspace workspaceRole.Rules = make([]rbacv1.PolicyRule, 0) @@ -452,15 +448,10 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol } } - old, err := am.GetWorkspaceRole("", workspaceRole.Name) - - if err != nil && !errors.IsNotFound(err) { - klog.Error(err) - return nil, err - } - var created *iamv1alpha2.WorkspaceRole - if old != nil { + var err error + + if workspaceRole.ResourceVersion != "" { created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Update(workspaceRole) } else { created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Create(workspaceRole) @@ -469,7 +460,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol return created, err } -func (am *amOperator) CreateOrUpdateWorkspaceRoleBinding(username string, workspace string, role string) error { +func (am *amOperator) CreateWorkspaceRoleBinding(username string, workspace string, role string) error { _, err := am.GetWorkspaceRole(workspace, role) @@ -526,7 +517,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRoleBinding(username string, worksp return nil } -func (am *amOperator) CreateOrUpdateClusterRoleBinding(username string, role string) error { +func (am *amOperator) CreateClusterRoleBinding(username string, role string) error { _, err := am.GetClusterRole(role) @@ -582,7 +573,7 @@ func (am *amOperator) CreateOrUpdateClusterRoleBinding(username string, role str return nil } -func (am *amOperator) CreateOrUpdateNamespaceRoleBinding(username string, namespace string, role string) error { +func (am *amOperator) CreateNamespaceRoleBinding(username string, namespace string, role string) error { _, err := am.GetNamespaceRole(namespace, role) @@ -727,15 +718,10 @@ func (am *amOperator) CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRol } } - old, err := am.GetGlobalRole(globalRole.Name) - - if err != nil && !errors.IsNotFound(err) { - klog.Error(err) - return nil, err - } - var created *iamv1alpha2.GlobalRole - if old != nil { + var err error + + if globalRole.ResourceVersion != "" { created, err = am.ksclient.IamV1alpha2().GlobalRoles().Update(globalRole) } else { created, err = am.ksclient.IamV1alpha2().GlobalRoles().Create(globalRole) @@ -763,16 +749,9 @@ func (am *amOperator) CreateOrUpdateClusterRole(clusterRole *rbacv1.ClusterRole) clusterRole.Rules = append(clusterRole.Rules, role.Rules...) } } - - old, err := am.GetClusterRole(clusterRole.Name) - - if err != nil && !errors.IsNotFound(err) { - klog.Error(err) - return nil, err - } - var created *rbacv1.ClusterRole - if old != nil { + var err error + if clusterRole.ResourceVersion != "" { created, err = am.k8sclient.RbacV1().ClusterRoles().Update(clusterRole) } else { created, err = am.k8sclient.RbacV1().ClusterRoles().Create(clusterRole) @@ -801,16 +780,9 @@ func (am *amOperator) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1 role.Rules = append(role.Rules, role.Rules...) } } - - old, err := am.GetNamespaceRole(namespace, role.Name) - - if err != nil && !errors.IsNotFound(err) { - klog.Error(err) - return nil, err - } - var created *rbacv1.Role - if old != nil { + var err error + if role.ResourceVersion != "" { created, err = am.k8sclient.RbacV1().Roles(namespace).Update(role) } else { created, err = am.k8sclient.RbacV1().Roles(namespace).Create(role) diff --git a/pkg/models/tenant/tenant.go b/pkg/models/tenant/tenant.go index b5b3aa3ec0e4b40953819ce5be1cf36d68c93a77..324b01e300546e600214801d847b7e233dc2aeca 100644 --- a/pkg/models/tenant/tenant.go +++ b/pkg/models/tenant/tenant.go @@ -17,12 +17,14 @@ limitations under the License. package tenant import ( + "encoding/json" "fmt" "io" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" "k8s.io/apiserver/pkg/authentication/user" "k8s.io/client-go/kubernetes" "k8s.io/klog" @@ -36,6 +38,7 @@ import ( "kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizer" "kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizerfactory" "kubesphere.io/kubesphere/pkg/apiserver/query" + "kubesphere.io/kubesphere/pkg/apiserver/request" kubesphere "kubesphere.io/kubesphere/pkg/client/clientset/versioned" "kubesphere.io/kubesphere/pkg/informers" "kubesphere.io/kubesphere/pkg/models/auditing" @@ -61,11 +64,15 @@ type Interface interface { UpdateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) DescribeWorkspace(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error) ListWorkspaceClusters(workspace string) (*api.ListResult, error) - Events(user user.Info, queryParam *eventsv1alpha1.Query) (*eventsv1alpha1.APIResponse, error) QueryLogs(user user.Info, query *loggingv1alpha2.Query) (*loggingv1alpha2.APIResponse, error) ExportLogs(user user.Info, query *loggingv1alpha2.Query, writer io.Writer) error Auditing(user user.Info, queryParam *auditingv1alpha1.Query) (*auditingv1alpha1.APIResponse, error) + DescribeNamespace(workspace, namespace string) (*corev1.Namespace, error) + DeleteNamespace(workspace, namespace string) error + UpdateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) + PatchNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) + PatchWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) } type tenantOperator struct { @@ -99,10 +106,10 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query) listWS := authorizer.AttributesRecord{ User: user, Verb: "list", - APIGroup: "tenant.kubesphere.io", - APIVersion: "v1alpha2", + APIGroup: "*", Resource: "workspaces", ResourceRequest: true, + ResourceScope: request.GlobalScope, } decision, _, err := t.authorizer.Authorize(listWS) @@ -154,9 +161,9 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query) } result := resources.DefaultList(workspaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool { - return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha1.Workspace).ObjectMeta, right.(*tenantv1alpha1.Workspace).ObjectMeta, field) + return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, right.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, field) }, func(workspace runtime.Object, filter query.Filter) bool { - return resources.DefaultObjectMetaFilter(workspace.(*tenantv1alpha1.Workspace).ObjectMeta, filter) + return resources.DefaultObjectMetaFilter(workspace.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, filter) }) return result, nil @@ -167,11 +174,10 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP listNSInWS := authorizer.AttributesRecord{ User: user, Verb: "list", - APIGroup: "", - APIVersion: "v1", Workspace: workspace, Resource: "namespaces", ResourceRequest: true, + ResourceScope: request.WorkspaceScope, } decision, _, err := t.authorizer.Authorize(listNSInWS) @@ -238,20 +244,78 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP } func (t *tenantOperator) CreateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) { - _, err := t.resourceGetter.Get(tenantv1alpha1.ResourcePluralWorkspace, "", workspace) + if err != nil { + return nil, err + } + namespace = appendWorkspaceLabel(namespace, workspace) + return t.k8sclient.CoreV1().Namespaces().Create(namespace) +} + +func appendWorkspaceLabel(namespace *corev1.Namespace, workspace string) *corev1.Namespace { + if namespace.Labels == nil { + namespace.Labels = make(map[string]string, 0) + } + namespace.Labels[tenantv1alpha1.WorkspaceLabel] = workspace + return namespace +} +func (t *tenantOperator) DescribeNamespace(workspace, namespace string) (*corev1.Namespace, error) { + obj, err := t.resourceGetter.Get("namespaces", "", namespace) if err != nil { return nil, err } + ns := obj.(*corev1.Namespace) + if ns.Labels[tenantv1alpha1.WorkspaceLabel] != workspace { + err := errors.NewNotFound(corev1.Resource("namespace"), namespace) + klog.Error(err) + return nil, err + } + return ns, nil +} - if namespace.Annotations == nil { - namespace.Annotations = make(map[string]string, 0) +func (t *tenantOperator) DeleteNamespace(workspace, namespace string) error { + _, err := t.DescribeNamespace(workspace, namespace) + if err != nil { + return err } + return t.k8sclient.CoreV1().Namespaces().Delete(namespace, metav1.NewDeleteOptions(0)) +} - namespace.Annotations[tenantv1alpha1.WorkspaceLabel] = workspace +func (t *tenantOperator) UpdateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) { + _, err := t.DescribeNamespace(workspace, namespace.Namespace) + if err != nil { + return nil, err + } + namespace = appendWorkspaceLabel(namespace, workspace) + return t.k8sclient.CoreV1().Namespaces().Update(namespace) +} - return t.k8sclient.CoreV1().Namespaces().Create(namespace) +func (t *tenantOperator) PatchNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) { + _, err := t.DescribeNamespace(workspace, namespace.Name) + if err != nil { + return nil, err + } + if namespace.Labels != nil { + namespace.Labels[tenantv1alpha1.WorkspaceLabel] = workspace + } + data, err := json.Marshal(namespace) + if err != nil { + return nil, err + } + return t.k8sclient.CoreV1().Namespaces().Patch(namespace.Name, types.MergePatchType, data) +} + +func (t *tenantOperator) PatchWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) { + _, err := t.DescribeWorkspace(workspace.Name) + if err != nil { + return nil, err + } + data, err := json.Marshal(workspace) + if err != nil { + return nil, err + } + return t.ksclient.TenantV1alpha2().WorkspaceTemplates().Patch(workspace.Name, types.MergePatchType, data) } func (t *tenantOperator) CreateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {