From 69a27e40aa9307354acc246f436d9ba9f26e483d Mon Sep 17 00:00:00 2001
From: yuswift <yuswiftli@yunify.com>
Date: Mon, 16 Nov 2020 12:19:07 +0800
Subject: [PATCH] Feat: support runnig ks-controller-manager without ldap
 option

Signed-off-by: yuswift <yuswiftli@yunify.com>
---
 cmd/controller-manager/app/server.go           |  7 ++++---
 .../authenticators/jwttoken/jwt_token.go       |  1 +
 pkg/controller/user/user_controller.go         | 18 ++++++++++++------
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/cmd/controller-manager/app/server.go b/cmd/controller-manager/app/server.go
index 335e26a8..bec2ed6b 100644
--- a/cmd/controller-manager/app/server.go
+++ b/cmd/controller-manager/app/server.go
@@ -118,9 +118,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 	}
 
 	var ldapClient ldapclient.Interface
-	if s.LdapOptions == nil || len(s.LdapOptions.Host) == 0 {
-		return fmt.Errorf("ldap service address MUST not be empty")
-	} else {
+	// when there is no ldapOption, we set ldapClient as nil, which means we don't need to sync user info into ldap.
+	if s.LdapOptions != nil && len(s.LdapOptions.Host) != 0 {
 		if s.LdapOptions.Host == ldapclient.FAKE_HOST { // for debug only
 			ldapClient = ldapclient.NewSimpleLdap()
 		} else {
@@ -129,6 +128,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 				return fmt.Errorf("failed to connect to ldap service, please check ldap status, error: %v", err)
 			}
 		}
+	} else {
+		klog.Info("Kubesphere-controller-manager starts without ldap option, it will not sync user into ldap")
 	}
 
 	var openpitrixClient openpitrix.Client
diff --git a/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go b/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
index a75734fd..09c55cb1 100644
--- a/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
+++ b/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
@@ -22,6 +22,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/klog"
+
 	iamv1alpha2listers "kubesphere.io/kubesphere/pkg/client/listers/iam/v1alpha2"
 	"kubesphere.io/kubesphere/pkg/models/iam/im"
 )
diff --git a/pkg/controller/user/user_controller.go b/pkg/controller/user/user_controller.go
index 4409d526..59638a44 100644
--- a/pkg/controller/user/user_controller.go
+++ b/pkg/controller/user/user_controller.go
@@ -287,9 +287,12 @@ func (c *Controller) reconcile(key string) error {
 		if sliceutil.HasString(user.ObjectMeta.Finalizers, finalizer) {
 
 			klog.V(4).Infof("delete user %s", key)
-			if err = c.ldapClient.Delete(key); err != nil && err != ldapclient.ErrUserNotExists {
-				klog.Error(err)
-				return err
+			// we do not need to delete the user from ldapServer when ldapClient is nil
+			if c.ldapClient != nil {
+				if err = c.ldapClient.Delete(key); err != nil && err != ldapclient.ErrUserNotExists {
+					klog.Error(err)
+					return err
+				}
 			}
 
 			if err = c.deleteRoleBindings(user); err != nil {
@@ -329,9 +332,12 @@ func (c *Controller) reconcile(key string) error {
 		return nil
 	}
 
-	if err = c.ldapSync(user); err != nil {
-		klog.Error(err)
-		return err
+	// we do not need to sync ldap info when ldapClient is nil
+	if c.ldapClient != nil {
+		if err = c.ldapSync(user); err != nil {
+			klog.Error(err)
+			return err
+		}
 	}
 
 	if user, err = c.ensurePasswordIsEncrypted(user); err != nil {
-- 
GitLab