admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): support multiple identity provider associations (#6299)

Browse Source 
Signed-off-by: hongming <coder.scala@gmail.com>
This commit is contained in:
hongming
2025-02-28 16:48:36 +08:00
committed by GitHub
parent 99d2408c34
commit 018f6045ee
12 changed files with 177 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/controller/user/user_controller.go
View File

@@ -268,34 +268,6 @@ func (r *Reconciler) reconcileUserStatus(ctx context.Context, user *iamv1beta1.U
return nil
}
if user.Spec.EncryptedPassword == "" {
if user.Labels[iamv1beta1.IdentifyProviderLabel] != "" {
// mapped user from another identity provider always active until disabled
if user.Status.State != iamv1beta1.UserActive {
user.Status = iamv1beta1.UserStatus{
State: iamv1beta1.UserActive,
LastTransitionTime: &metav1.Time{Time: time.Now()},
}
if err := r.Update(ctx, user, &client.UpdateOptions{}); err != nil {
return err
}
}
} else {
// empty password is not allowed for normal user
if user.Status.State != iamv1beta1.UserDisabled {
user.Status = iamv1beta1.UserStatus{
State: iamv1beta1.UserDisabled,
LastTransitionTime: &metav1.Time{Time: time.Now()},
}
if err := r.Update(ctx, user, &client.UpdateOptions{}); err != nil {
return err
}
}
}
// skip auth limit check
return nil
}
// becomes active after password encrypted
if user.Status.State == "" && isEncrypted(user.Spec.EncryptedPassword) {
user.Status = iamv1beta1.UserStatus{