add rolebinding api

Signed-off-by: Roland.Ma <rolandma@yunify.com>
2020-11-23 02:59:48 +00:00
parent 343b2e60f4
commit 079b43e301
4 changed files with 379 additions and 22 deletions
--- a/pkg/kapis/iam/v1alpha2/handler.go
+++ b/pkg/kapis/iam/v1alpha2/handler.go
@@ -167,7 +167,7 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
 			api.HandleInternalError(response, request, err)
 			return
 		}
-		templateRoles := make(map[string]*rbacv1.Role)
+		templateRoles := make(map[string]*iamv1alpha2.WorkspaceRole)
 		for _, role := range workspaceRoles {
 			// merge template Role
 			result, err := h.am.ListWorkspaceRoles(&query.Query{
@@ -183,12 +183,12 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
 			}

 			for _, obj := range result.Items {
-				templateRole := obj.(*rbacv1.Role)
+				templateRole := obj.(*iamv1alpha2.WorkspaceRole)
 				templateRoles[templateRole.Name] = templateRole
 			}
 		}

-		results := make([]*rbacv1.Role, 0, len(templateRoles))
+		results := make([]*iamv1alpha2.WorkspaceRole, 0, len(templateRoles))
 		for _, value := range templateRoles {
 			results = append(results, value)
 		}
@@ -1494,12 +1494,131 @@ func (h *iamHandler) ListGroupBindings(request *restful.Request, response *restf
 	response.WriteEntity(result)
 }

-func (h *iamHandler) ListGroupsRoleBinding(request *restful.Request, response *restful.Response) {
-	//todo
+func (h *iamHandler) ListGroupRoleBindings(request *restful.Request, response *restful.Response) {
+	workspaceName := request.PathParameter("workspace")
+	groupName := request.PathParameter("group")
+	result, err := h.am.ListGroupRoleBindings(workspaceName, groupName)
+
+	if err != nil {
+		klog.Error(err)
+		api.HandleInternalError(response, request, err)
+		return
+	}
+
+	response.WriteEntity(result)
 }

-func (h *iamHandler) ListGroupsWorkspaceRoleBinding(request *restful.Request, response *restful.Response) {
-	//todo
+func (h *iamHandler) ListGroupDevOpsRoleBindings(request *restful.Request, response *restful.Response) {
+	workspaceName := request.PathParameter("workspace")
+	groupName := request.PathParameter("group")
+	result, err := h.am.ListGroupDevOpsRoleBindings(workspaceName, groupName)
+
+	if err != nil {
+		klog.Error(err)
+		api.HandleInternalError(response, request, err)
+		return
+	}
+
+	response.WriteEntity(result)
+}
+
+func (h *iamHandler) CreateRoleBinding(request *restful.Request, response *restful.Response) {
+	namespace := request.PathParameter("namespace")
+	var roleBindings []rbacv1.RoleBinding
+	err := request.ReadEntity(&roleBindings)
+	if err != nil {
+		klog.Error(err)
+		api.HandleBadRequest(response, request, err)
+		return
+	}
+
+	results := []rbacv1.RoleBinding{}
+	for _, item := range roleBindings {
+		r, err := h.am.CreateRoleBindings(namespace, &item)
+		if err != nil {
+			klog.Error(err)
+			handleError(request, response, err)
+			return
+		}
+		results = append(results, *r)
+	}
+
+	response.WriteEntity(results)
+}
+
+func (h *iamHandler) DeleteRoleBinding(request *restful.Request, response *restful.Response) {
+	name := request.PathParameter("rolebinding")
+	namespace := request.PathParameter("namespace")
+
+	err := h.am.DeleteRoleBindings(namespace, name)
+
+	if err != nil {
+		if errors.IsNotFound(err) {
+			api.HandleNotFound(response, request, err)
+			return
+		}
+		api.HandleInternalError(response, request, err)
+		return
+	}
+
+	response.WriteEntity(servererr.None)
+}
+
+func (h *iamHandler) ListGroupWorkspaceRoleBindings(request *restful.Request, response *restful.Response) {
+	workspaceName := request.PathParameter("workspace")
+	groupName := request.PathParameter("group")
+	result, err := h.am.ListGroupWorkspaceRoleBindings(workspaceName, groupName)
+
+	if err != nil {
+		klog.Error(err)
+		api.HandleInternalError(response, request, err)
+		return
+	}
+
+	response.WriteEntity(result)
+}
+
+func (h *iamHandler) CreateWorkspaceRoleBinding(request *restful.Request, response *restful.Response) {
+	workspaceName := request.PathParameter("workspace")
+
+	var roleBindings []iamv1alpha2.WorkspaceRoleBinding
+	err := request.ReadEntity(&roleBindings)
+	if err != nil {
+		klog.Error(err)
+		api.HandleBadRequest(response, request, err)
+		return
+	}
+
+	results := []iamv1alpha2.WorkspaceRoleBinding{}
+	for _, item := range roleBindings {
+		r, err := h.am.CreateWorkspaceRoleBindings(workspaceName, &item)
+		if err != nil {
+			klog.Error(err)
+			handleError(request, response, err)
+			return
+		}
+		results = append(results, *r)
+	}
+
+	response.WriteEntity(results)
+}
+
+func (h *iamHandler) DeleteWorkspaceRoleBinding(request *restful.Request, response *restful.Response) {
+	workspaceName := request.PathParameter("workspace")
+	name := request.PathParameter("rolebinding")
+
+	err := h.am.DeleteWorkspaceRoleBindings(workspaceName, name)
+
+	if err != nil {
+		if errors.IsNotFound(err) {
+			api.HandleNotFound(response, request, err)
+			return
+		}
+		api.HandleInternalError(response, request, err)
+		return
+	}
+
+	response.WriteEntity(servererr.None)
 }

 func (h *iamHandler) CreateGroupBinding(request *restful.Request, response *restful.Response) {
@@ -1514,16 +1633,19 @@ func (h *iamHandler) CreateGroupBinding(request *restful.Request, response *rest
 		return
 	}

+	results := []iamv1alpha2.GroupBinding{}
+
 	for _, item := range members {
-		err := h.group.CreateGroupBinding(workspace, item.GroupName, item.UserName)
+		b, err := h.group.CreateGroupBinding(workspace, item.GroupName, item.UserName)
 		if err != nil {
 			klog.Error(err)
 			handleError(request, response, err)
 			return
 		}
+		results = append(results, *b)
 	}

-	response.WriteEntity(members)
+	response.WriteEntity(results)
 }

 func (h *iamHandler) DeleteGroupBinding(request *restful.Request, response *restful.Response) {
--- a/pkg/kapis/iam/v1alpha2/register.go
+++ b/pkg/kapis/iam/v1alpha2/register.go
@@ -22,6 +22,7 @@ import (
 	"github.com/emicklei/go-restful"
 	restfulspec "github.com/emicklei/go-restful-openapi"
 	rbacv1 "k8s.io/api/rbac/v1"
+	v1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"kubesphere.io/kubesphere/pkg/api"
 	"kubesphere.io/kubesphere/pkg/api/iam"
@@ -527,21 +528,29 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf
 		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))

 	ws.Route(ws.GET("/workspaces/{workspace}/groups/{group}/rolebindings").
-		To(handler.ListGroupsRoleBinding).
+		To(handler.ListGroupRoleBindings).
 		Param(ws.PathParameter("workspace", "workspace name")).
 		Param(ws.PathParameter("group", "group name")).
 		Doc("Retrieve group's rolebindings of all projects in the workspace.").
 		Returns(http.StatusOK, api.StatusOK, api.ListResult{}).
 		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))

-	ws.Route(ws.GET("/workspaces/{workspace}/groups/{group}/workspacerolebinding").
-		To(handler.ListGroupsWorkspaceRoleBinding).
+	ws.Route(ws.GET("/workspaces/{workspace}/groups/{group}/workspacerolebindings").
+		To(handler.ListGroupWorkspaceRoleBindings).
 		Param(ws.PathParameter("workspace", "workspace name")).
 		Param(ws.PathParameter("group", "group name")).
 		Doc("Retrieve group's workspacerolebindings of the workspace.").
 		Returns(http.StatusOK, api.StatusOK, api.ListResult{}).
 		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))

+	ws.Route(ws.GET("/workspaces/{workspace}/groups/{group}/devopsrolebindings").
+		To(handler.ListGroupDevOpsRoleBindings).
+		Param(ws.PathParameter("workspace", "workspace name")).
+		Param(ws.PathParameter("group", "group name")).
+		Doc("Retrieve group's rolebindings of all devops projects in the workspace.").
+		Returns(http.StatusOK, api.StatusOK, api.ListResult{}).
+		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))
+
 	ws.Route(ws.DELETE("/workspaces/{workspace}/groupbindings/{groupbinding}").
 		To(handler.DeleteGroupBinding).
 		Param(ws.PathParameter("workspace", "workspace name")).
@@ -558,6 +567,41 @@ func AddToContainer(container *restful.Container, im im.IdentityManagementInterf
 		Returns(http.StatusOK, api.StatusOK, iamv1alpha2.GroupBinding{}).
 		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))

+	// namespace rolebinding
+	ws.Route(ws.POST("/namespaces/{namespace}/rolebindings").
+		To(handler.CreateRoleBinding).
+		Doc("Create rolebinding in the specified namespace.").
+		Reads([]v1.RoleBinding{}).
+		Param(ws.PathParameter("namespace", "namespace")).
+		Returns(http.StatusOK, api.StatusOK, []v1.RoleBinding{}).
+		Metadata(restfulspec.KeyOpenAPITags, []string{constants.NamespaceRoleTag}))
+
+	ws.Route(ws.DELETE("/namespace/{namespace}/rolebindings/{rolebinding}").
+		To(handler.DeleteRoleBinding).
+		Param(ws.PathParameter("workspace", "workspace name")).
+		Param(ws.PathParameter("namespace", "groupbinding name")).
+		Param(ws.PathParameter("rolebinding", "groupbinding name")).
+		Doc("Delete rolebinding under namespace.").
+		Returns(http.StatusOK, api.StatusOK, errors.None).
+		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))
+
+	// workspace rolebinding
+	ws.Route(ws.POST("/workspaces/{workspace}/workspacerolebindings").
+		To(handler.CreateWorkspaceRoleBinding).
+		Param(ws.PathParameter("workspace", "workspace name")).
+		Reads([]iamv1alpha2.WorkspaceRoleBinding{}).
+		Doc("Create group's workspacerolebindings of the workspace.").
+		Returns(http.StatusOK, api.StatusOK, []iamv1alpha2.WorkspaceRoleBinding{}).
+		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))
+
+	ws.Route(ws.DELETE("/workspaces/{workspace}/workspacerolebindings/{rolebinding}").
+		To(handler.DeleteWorkspaceRoleBinding).
+		Param(ws.PathParameter("workspace", "workspace name")).
+		Param(ws.PathParameter("rolebinding", "groupbinding name")).
+		Doc("Delete workspacerolebinding.").
+		Returns(http.StatusOK, api.StatusOK, errors.None).
+		Metadata(restfulspec.KeyOpenAPITags, []string{constants.GroupTag}))
+
 	container.Add(ws)
 	return nil
 }