Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
水淹萌龙
kubesphere
提交
22e4a30c
K
kubesphere
项目概览
水淹萌龙
/
kubesphere
与 Fork 源项目一致
Fork自
KubeSphere / kubesphere
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
kubesphere
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
未验证
提交
22e4a30c
编写于
8月 15, 2019
作者:
H
hongming
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix: mistakenly delete workspace role binding
Signed-off-by:
N
hongming
<
talonwan@yunify.com
>
上级
8a2ee1bd
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
11 addition
and
6 deletion
+11
-6
pkg/models/iam/im.go
pkg/models/iam/im.go
+11
-6
未找到文件。
pkg/models/iam/im.go
浏览文件 @
22e4a30c
...
...
@@ -46,7 +46,7 @@ import (
"github.com/dgrijalva/jwt-go"
"github.com/go-ldap/ldap"
"github.com/golang/glog"
"k8s.io/api/rbac/v1"
rbacv1
"k8s.io/api/rbac/v1"
meta_v1
"k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
ldapclient
"kubesphere.io/kubesphere/pkg/simple/client/ldap"
...
...
@@ -635,7 +635,7 @@ func deleteRoleBindings(username string) error {
length1
:=
len
(
roleBinding
.
Subjects
)
for
index
,
subject
:=
range
roleBinding
.
Subjects
{
if
subject
.
Kind
==
v1
.
UserKind
&&
subject
.
Name
==
username
{
if
subject
.
Kind
==
rbac
v1
.
UserKind
&&
subject
.
Name
==
username
{
roleBinding
.
Subjects
=
append
(
roleBinding
.
Subjects
[
:
index
],
roleBinding
.
Subjects
[
index
+
1
:
]
...
)
index
--
}
...
...
@@ -667,7 +667,7 @@ func deleteRoleBindings(username string) error {
length1
:=
len
(
clusterRoleBinding
.
Subjects
)
for
index
,
subject
:=
range
clusterRoleBinding
.
Subjects
{
if
subject
.
Kind
==
v1
.
UserKind
&&
subject
.
Name
==
username
{
if
subject
.
Kind
==
rbac
v1
.
UserKind
&&
subject
.
Name
==
username
{
clusterRoleBinding
.
Subjects
=
append
(
clusterRoleBinding
.
Subjects
[
:
index
],
clusterRoleBinding
.
Subjects
[
index
+
1
:
]
...
)
index
--
}
...
...
@@ -675,7 +675,8 @@ func deleteRoleBindings(username string) error {
length2
:=
len
(
clusterRoleBinding
.
Subjects
)
if
length2
==
0
{
if
groups
:=
regexp
.
MustCompile
(
fmt
.
Sprintf
(
`^system:(\S+):(%s)$`
,
strings
.
Join
(
constants
.
WorkSpaceRoles
,
"|"
)))
.
FindStringSubmatch
(
clusterRoleBinding
.
RoleRef
.
Name
);
len
(
groups
)
==
3
{
// delete if it's not workspace role binding
if
isWorkspaceRoleBinding
(
clusterRoleBinding
)
{
_
,
err
=
k8s
.
Client
()
.
RbacV1
()
.
ClusterRoleBindings
()
.
Update
(
clusterRoleBinding
)
}
else
{
deletePolicy
:=
meta_v1
.
DeletePropagationForeground
...
...
@@ -697,6 +698,10 @@ func deleteRoleBindings(username string) error {
return
nil
}
func
isWorkspaceRoleBinding
(
clusterRoleBinding
*
rbacv1
.
ClusterRoleBinding
)
bool
{
return
k8sutil
.
IsControlledBy
(
clusterRoleBinding
.
OwnerReferences
,
"Workspace"
,
""
)
}
func
UserCreateCheck
(
check
string
)
(
exist
bool
,
err
error
)
{
// bind root DN
...
...
@@ -1201,7 +1206,7 @@ func WorkspaceUsersTotalCount(workspace string) (int, error) {
for
_
,
roleBinding
:=
range
workspaceRoleBindings
{
for
_
,
subject
:=
range
roleBinding
.
Subjects
{
if
subject
.
Kind
==
v1
.
UserKind
&&
!
k8sutil
.
ContainsUser
(
users
,
subject
.
Name
)
{
if
subject
.
Kind
==
rbac
v1
.
UserKind
&&
!
k8sutil
.
ContainsUser
(
users
,
subject
.
Name
)
{
users
=
append
(
users
,
subject
.
Name
)
}
}
...
...
@@ -1222,7 +1227,7 @@ func ListWorkspaceUsers(workspace string, conditions *params.Conditions, orderBy
for
_
,
roleBinding
:=
range
workspaceRoleBindings
{
for
_
,
subject
:=
range
roleBinding
.
Subjects
{
if
subject
.
Kind
==
v1
.
UserKind
&&
!
k8sutil
.
ContainsUser
(
users
,
subject
.
Name
)
{
if
subject
.
Kind
==
rbac
v1
.
UserKind
&&
!
k8sutil
.
ContainsUser
(
users
,
subject
.
Name
)
{
user
,
err
:=
GetUserInfo
(
subject
.
Name
)
if
err
!=
nil
{
return
nil
,
err
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录