fix somme error in controller-manager

Signed-off-by: hongming <talonwan@yunify.com>

pkg/controller/namespace/namespace_controller.go

@@ -24,7 +24,6 @@ import (
 	"github.com/golang/protobuf/ptypes/wrappers"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	rbac "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -44,22 +43,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/source"
 )
 
-const (
-	adminDescription    = "Allows admin access to perform any action on any resource, it gives full control over every resource in the namespace."
-	operatorDescription = "The maintainer of the namespace who can manage resources other than users and roles in the namespace."
-	viewerDescription   = "Allows viewer access to view all resources in the namespace."
-)
-
-var (
-	admin    = rbac.Role{ObjectMeta: metav1.ObjectMeta{Name: "admin", Annotations: map[string]string{constants.DescriptionAnnotationKey: adminDescription, constants.CreatorAnnotationKey: constants.System}}, Rules: []rbac.PolicyRule{{Verbs: []string{"*"}, APIGroups: []string{"*"}, Resources: []string{"*"}}}}
-	operator = rbac.Role{ObjectMeta: metav1.ObjectMeta{Name: "operator", Annotations: map[string]string{constants.DescriptionAnnotationKey: operatorDescription, constants.CreatorAnnotationKey: constants.System}}, Rules: []rbac.PolicyRule{{Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"*"}, Resources: []string{"*"}},
-		{Verbs: []string{"*"}, APIGroups: []string{"apps", "extensions", "batch", "logging.kubesphere.io", "monitoring.kubesphere.io", "iam.kubesphere.io", "autoscaling", "alerting.kubesphere.io", "openpitrix.io", "app.k8s.io", "servicemesh.kubesphere.io", "operations.kubesphere.io", "devops.kubesphere.io"}, Resources: []string{"*"}},
-		{Verbs: []string{"*"}, APIGroups: []string{"", "resources.kubesphere.io"}, Resources: []string{"jobs", "cronjobs", "daemonsets", "deployments", "horizontalpodautoscalers", "ingresses", "endpoints", "configmaps", "events", "persistentvolumeclaims", "pods", "podtemplates", "pods", "secrets", "services"}},
-	}}
-	viewer       = rbac.Role{ObjectMeta: metav1.ObjectMeta{Name: "viewer", Annotations: map[string]string{constants.DescriptionAnnotationKey: viewerDescription, constants.CreatorAnnotationKey: constants.System}}, Rules: []rbac.PolicyRule{{Verbs: []string{"get", "list", "watch"}, APIGroups: []string{"*"}, Resources: []string{"*"}}}}
-	defaultRoles = []rbac.Role{admin, operator, viewer}
-)
-
 /**
 * USER ACTION REQUIRED: This is a scaffold file intended for the user to modify with their own Controller
 * business logic.  Delete these comments after modifying this file.*
@@ -164,19 +147,6 @@ func (r *ReconcileNamespace) Reconcile(request reconcile.Request) (reconcile.Res
 		return reconcile.Result{}, nil
 	}
 
-	controlledByWorkspace, err := r.isControlledByWorkspace(instance)
-
-	if err != nil {
-		return reconcile.Result{}, err
-	}
-
-	if !controlledByWorkspace {
-
-		err = r.deleteRoleBindings(instance)
-
-		return reconcile.Result{}, err
-	}
-
 	if err = r.checkAndBindWorkspace(instance); err != nil {
 		return reconcile.Result{}, err
 	}
@@ -357,24 +327,3 @@ func (r *ReconcileNamespace) deleteRouter(namespace string) error {
 	return nil
 
 }
-
-func (r *ReconcileNamespace) deleteRoleBindings(namespace *corev1.Namespace) error {
-	klog.V(4).Info("deleting role bindings namespace: ", namespace.Name)
-	adminBinding := &rbac.RoleBinding{}
-	adminBinding.Name = admin.Name
-	adminBinding.Namespace = namespace.Name
-	err := r.Delete(context.TODO(), adminBinding)
-	if err != nil && !errors.IsNotFound(err) {
-		klog.Errorf("deleting role binding namespace: %s, role binding: %s,error: %s", namespace.Name, adminBinding.Name, err)
-		return err
-	}
-	viewerBinding := &rbac.RoleBinding{}
-	viewerBinding.Name = viewer.Name
-	viewerBinding.Namespace = namespace.Name
-	err = r.Delete(context.TODO(), viewerBinding)
-	if err != nil && !errors.IsNotFound(err) {
-		klog.Errorf("deleting role binding namespace: %s,role binding: %s,error: %s", namespace.Name, viewerBinding.Name, err)
-		return err
-	}
-	return nil
-}

pkg/controller/user/user_controller.go

@@ -66,7 +66,6 @@ type Controller struct {
 func NewController(kubeclientset kubernetes.Interface,
 	kubesphereklientset kubesphereclient.Interface,
 	userInformer userinformer.UserInformer) *Controller {
-
 	// Create event broadcaster
 	// Add sample-controller types to the default Kubernetes Scheme so Events can be
 	// logged for sample-controller types.
@@ -180,7 +179,7 @@ func (c *Controller) processNextWorkItem() bool {
 		// Finally, if no error occurs we Forget this item so it does not
 		// get queued again until another change happens.
 		c.workqueue.Forget(obj)
-		klog.Info("Successfully synced", "key", key)
+		klog.Infof("Successfully synced %s:%s", "key", key)
 		return nil
 	}(obj)
 
@@ -206,11 +205,11 @@ func (c *Controller) reconcile(key string) error {
 			utilruntime.HandleError(fmt.Errorf("user '%s' in work queue no longer exists", key))
 			return nil
 		}
-
 		return err
 	}
 
 	err = c.updateUserStatus(user)
+
 	if err != nil {
 		return err
 	}
@@ -220,9 +219,12 @@ func (c *Controller) reconcile(key string) error {
 }
 
 func (c *Controller) updateUserStatus(user *iamv1alpha2.User) error {
-
 	userCopy := user.DeepCopy()
-	userCopy.Status.Phase = iamv1alpha2.UserActive
+	userCopy.Status.State = iamv1alpha2.UserActive
 	_, err := c.kubesphereClientset.IamV1alpha2().Users().Update(userCopy)
 	return err
 }
+
+func (c *Controller) Start(stopCh <-chan struct{}) error {
+	return c.Run(4, stopCh)
+}

pkg/controller/user/user_controller_test.go

@@ -219,7 +219,7 @@ func filterInformerActions(actions []core.Action) []core.Action {
 
 func (f *fixture) expectUpdateUserStatusAction(user *iamv1alpha2.User) {
 	expect := user.DeepCopy()
-	expect.Status.Phase = iamv1alpha2.UserActive
+	expect.Status.State = iamv1alpha2.UserActive
 	action := core.NewUpdateAction(schema.GroupVersionResource{Resource: "users"}, "", expect)
 	f.actions = append(f.actions, action)
 }