Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
水淹萌龙
kubesphere
提交
b030e9c2
K
kubesphere
项目概览
水淹萌龙
/
kubesphere
与 Fork 源项目一致
Fork自
KubeSphere / kubesphere
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
kubesphere
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
未验证
提交
b030e9c2
编写于
8月 04, 2020
作者:
K
KubeSphere CI Bot
提交者:
GitHub
8月 04, 2020
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #2760 from wansir/tenant
fix labelSelector not working
上级
1cfac372
1d9c9bc0
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
33 addition
and
64 deletion
+33
-64
pkg/models/tenant/tenant.go
pkg/models/tenant/tenant.go
+33
-64
未找到文件。
pkg/models/tenant/tenant.go
浏览文件 @
b030e9c2
...
...
@@ -118,53 +118,49 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
}
decision
,
_
,
err
:=
t
.
authorizer
.
Authorize
(
listWS
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
// allowed to list all workspaces
if
decision
==
authorizer
.
DecisionAllow
{
result
,
err
:=
t
.
resourceGetter
.
List
(
tenantv1alpha2
.
ResourcePluralWorkspaceTemplate
,
""
,
queryParam
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
return
result
,
nil
}
// retrieving associated resources through role binding
workspaceRoleBindings
,
err
:=
t
.
am
.
ListWorkspaceRoleBindings
(
user
.
GetName
(),
""
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
workspaces
:=
make
([]
runtime
.
Object
,
0
)
for
_
,
roleBinding
:=
range
workspaceRoleBindings
{
workspaceName
:=
roleBinding
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
]
workspace
,
err
:=
t
.
resourceGetter
.
Get
(
tenantv1alpha2
.
ResourcePluralWorkspaceTemplate
,
""
,
workspaceName
)
obj
,
err
:=
t
.
resourceGetter
.
Get
(
tenantv1alpha2
.
ResourcePluralWorkspaceTemplate
,
""
,
workspaceName
)
if
errors
.
IsNotFound
(
err
)
{
klog
.
Warningf
(
"workspace role binding: %+v found but workspace not exist"
,
roleBinding
.
ObjectMeta
.
String
()
)
klog
.
Warningf
(
"workspace role binding: %+v found but workspace not exist"
,
roleBinding
.
Name
)
continue
}
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
if
!
contains
(
workspaces
,
workspace
)
{
workspace
:=
obj
.
(
*
tenantv1alpha2
.
WorkspaceTemplate
)
// label matching selector, remove duplicate entity
if
queryParam
.
Selector
()
.
Matches
(
labels
.
Set
(
workspace
.
Labels
))
&&
!
contains
(
workspaces
,
workspace
)
{
workspaces
=
append
(
workspaces
,
workspace
)
}
}
// use default pagination search logic
result
:=
resources
.
DefaultList
(
workspaces
,
queryParam
,
func
(
left
runtime
.
Object
,
right
runtime
.
Object
,
field
query
.
Field
)
bool
{
return
resources
.
DefaultObjectMetaCompare
(
left
.
(
*
tenantv1alpha2
.
WorkspaceTemplate
)
.
ObjectMeta
,
right
.
(
*
tenantv1alpha2
.
WorkspaceTemplate
)
.
ObjectMeta
,
field
)
},
func
(
workspace
runtime
.
Object
,
filter
query
.
Filter
)
bool
{
...
...
@@ -175,9 +171,12 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
}
func
(
t
*
tenantOperator
)
ListFederatedNamespaces
(
user
user
.
Info
,
workspace
string
,
queryParam
*
query
.
Query
)
(
*
api
.
ListResult
,
error
)
{
nsScope
:=
request
.
ClusterScope
if
workspace
!=
""
{
nsScope
=
request
.
WorkspaceScope
// filter by workspace
queryParam
.
Filters
[
query
.
FieldLabel
]
=
query
.
Value
(
fmt
.
Sprintf
(
"%s=%s"
,
tenantv1alpha1
.
WorkspaceLabel
,
workspace
))
}
listNS
:=
authorizer
.
AttributesRecord
{
...
...
@@ -190,39 +189,31 @@ func (t *tenantOperator) ListFederatedNamespaces(user user.Info, workspace strin
}
decision
,
_
,
err
:=
t
.
authorizer
.
Authorize
(
listNS
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
// allowed to list all namespaces in the specified scope
if
decision
==
authorizer
.
DecisionAllow
{
if
workspace
!=
""
{
queryParam
.
Filters
[
query
.
FieldLabel
]
=
query
.
Value
(
fmt
.
Sprintf
(
"%s=%s"
,
tenantv1alpha1
.
WorkspaceLabel
,
workspace
))
}
result
,
err
:=
t
.
resourceGetter
.
List
(
typesv1beta1
.
ResourcePluralFederatedNamespace
,
""
,
queryParam
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
return
result
,
nil
}
// retrieving associated resources through role binding
roleBindings
,
err
:=
t
.
am
.
ListRoleBindings
(
user
.
GetName
(),
""
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
namespaces
:=
make
([]
runtime
.
Object
,
0
)
for
_
,
roleBinding
:=
range
roleBindings
{
namespace
,
err
:=
t
.
resourceGetter
.
Get
(
typesv1beta1
.
ResourcePluralFederatedNamespace
,
roleBinding
.
Namespace
,
roleBinding
.
Namespace
)
obj
,
err
:=
t
.
resourceGetter
.
Get
(
typesv1beta1
.
ResourcePluralFederatedNamespace
,
roleBinding
.
Namespace
,
roleBinding
.
Namespace
)
if
err
!=
nil
{
if
errors
.
IsNotFound
(
err
)
{
continue
...
...
@@ -230,28 +221,21 @@ func (t *tenantOperator) ListFederatedNamespaces(user user.Info, workspace strin
klog
.
Error
(
err
)
return
nil
,
err
}
// skip if not controlled by the specified workspace
if
ns
:=
namespace
.
(
*
typesv1beta1
.
FederatedNamespace
);
workspace
!=
""
&&
ns
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
]
!=
workspace
{
continue
}
if
!
contains
(
namespaces
,
namespace
)
{
namespace
:=
obj
.
(
*
typesv1beta1
.
FederatedNamespace
)
// label matching selector, remove duplicate entity
if
queryParam
.
Selector
()
.
Matches
(
labels
.
Set
(
namespace
.
Labels
))
&&
!
contains
(
namespaces
,
namespace
)
{
namespaces
=
append
(
namespaces
,
namespace
)
}
}
// use default pagination search logic
result
:=
resources
.
DefaultList
(
namespaces
,
queryParam
,
func
(
left
runtime
.
Object
,
right
runtime
.
Object
,
field
query
.
Field
)
bool
{
return
resources
.
DefaultObjectMetaCompare
(
left
.
(
*
typesv1beta1
.
FederatedNamespace
)
.
ObjectMeta
,
right
.
(
*
typesv1beta1
.
FederatedNamespace
)
.
ObjectMeta
,
field
)
},
func
(
object
runtime
.
Object
,
filter
query
.
Filter
)
bool
{
namespace
:=
object
.
(
*
typesv1beta1
.
FederatedNamespace
)
.
ObjectMeta
if
workspace
!=
""
{
if
workspaceLabel
,
ok
:=
namespace
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
];
!
ok
||
workspaceLabel
!=
workspace
{
return
false
}
}
return
resources
.
DefaultObjectMetaFilter
(
namespace
,
filter
)
return
resources
.
DefaultObjectMetaFilter
(
object
.
(
*
typesv1beta1
.
FederatedNamespace
)
.
ObjectMeta
,
filter
)
})
return
result
,
nil
}
...
...
@@ -259,6 +243,8 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
nsScope
:=
request
.
ClusterScope
if
workspace
!=
""
{
nsScope
=
request
.
WorkspaceScope
// filter by workspace
queryParam
.
Filters
[
query
.
FieldLabel
]
=
query
.
Value
(
fmt
.
Sprintf
(
"%s=%s"
,
tenantv1alpha1
.
WorkspaceLabel
,
workspace
))
}
listNS
:=
authorizer
.
AttributesRecord
{
...
...
@@ -271,65 +257,48 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
}
decision
,
_
,
err
:=
t
.
authorizer
.
Authorize
(
listNS
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
// allowed to list all namespaces in the specified scope
if
decision
==
authorizer
.
DecisionAllow
{
if
workspace
!=
""
{
queryParam
.
Filters
[
query
.
FieldLabel
]
=
query
.
Value
(
fmt
.
Sprintf
(
"%s=%s"
,
tenantv1alpha1
.
WorkspaceLabel
,
workspace
))
}
result
,
err
:=
t
.
resourceGetter
.
List
(
"namespaces"
,
""
,
queryParam
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
return
result
,
nil
}
// retrieving associated resources through role binding
roleBindings
,
err
:=
t
.
am
.
ListRoleBindings
(
user
.
GetName
(),
""
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
namespaces
:=
make
([]
runtime
.
Object
,
0
)
for
_
,
roleBinding
:=
range
roleBindings
{
namespace
,
err
:=
t
.
resourceGetter
.
Get
(
"namespaces"
,
""
,
roleBinding
.
Namespace
)
obj
,
err
:=
t
.
resourceGetter
.
Get
(
"namespaces"
,
""
,
roleBinding
.
Namespace
)
if
err
!=
nil
{
klog
.
Error
(
err
)
return
nil
,
err
}
// skip if not controlled by the specified workspace
if
ns
:=
namespace
.
(
*
corev1
.
Namespace
);
workspace
!=
""
&&
ns
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
]
!=
workspace
{
continue
}
if
!
contains
(
namespaces
,
namespace
)
{
namespace
:=
obj
.
(
*
corev1
.
Namespace
)
// label matching selector, remove duplicate entity
if
queryParam
.
Selector
()
.
Matches
(
labels
.
Set
(
namespace
.
Labels
))
&&
!
contains
(
namespaces
,
namespace
)
{
namespaces
=
append
(
namespaces
,
namespace
)
}
}
// use default pagination search logic
result
:=
resources
.
DefaultList
(
namespaces
,
queryParam
,
func
(
left
runtime
.
Object
,
right
runtime
.
Object
,
field
query
.
Field
)
bool
{
return
resources
.
DefaultObjectMetaCompare
(
left
.
(
*
corev1
.
Namespace
)
.
ObjectMeta
,
right
.
(
*
corev1
.
Namespace
)
.
ObjectMeta
,
field
)
},
func
(
object
runtime
.
Object
,
filter
query
.
Filter
)
bool
{
namespace
:=
object
.
(
*
corev1
.
Namespace
)
.
ObjectMeta
if
workspace
!=
""
{
if
workspaceLabel
,
ok
:=
namespace
.
Labels
[
tenantv1alpha1
.
WorkspaceLabel
];
!
ok
||
workspaceLabel
!=
workspace
{
return
false
}
}
return
resources
.
DefaultObjectMetaFilter
(
namespace
,
filter
)
return
resources
.
DefaultObjectMetaFilter
(
object
.
(
*
corev1
.
Namespace
)
.
ObjectMeta
,
filter
)
})
return
result
,
nil
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录