From 182c4acbbb92cfde7dbabab0f86e731a150a67e2 Mon Sep 17 00:00:00 2001 From: rick <1450685+LinuxSuRen@users.noreply.github.com> Date: Thu, 23 Sep 2021 14:52:40 +0800 Subject: [PATCH] Fix the devopsProjectLister is nil Signed-off-by: rick <1450685+LinuxSuRen@users.noreply.github.com> --- pkg/apiserver/apiserver.go | 2 +- pkg/apiserver/authorization/rbac/rbac_test.go | 2 +- pkg/models/iam/am/am.go | 15 ++++++++------- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 694092cd2..e5e591e37 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -322,7 +322,7 @@ func (s *APIServer) buildHandlerChain(stopCh <-chan struct{}) { case authorization.RBAC: excludedPaths := []string{"/oauth/*", "/kapis/config.kubesphere.io/*", "/kapis/version", "/kapis/metrics"} pathAuthorizer, _ := path.NewAuthorizer(excludedPaths) - amOperator := am.NewReadOnlyOperator(s.InformerFactory) + amOperator := am.NewReadOnlyOperator(s.InformerFactory, s.DevopsClient) authorizers = unionauthorizer.New(pathAuthorizer, rbac.NewRBACAuthorizer(amOperator)) } diff --git a/pkg/apiserver/authorization/rbac/rbac_test.go b/pkg/apiserver/authorization/rbac/rbac_test.go index b3582f276..2110c0a83 100644 --- a/pkg/apiserver/authorization/rbac/rbac_test.go +++ b/pkg/apiserver/authorization/rbac/rbac_test.go @@ -920,7 +920,7 @@ func newMockRBACAuthorizer(staticRoles *StaticRoles) (*RBACAuthorizer, error) { return nil, err } } - return NewRBACAuthorizer(am.NewReadOnlyOperator(fakeInformerFactory)), nil + return NewRBACAuthorizer(am.NewReadOnlyOperator(fakeInformerFactory, nil)), nil } func TestAppliesTo(t *testing.T) { diff --git a/pkg/models/iam/am/am.go b/pkg/models/iam/am/am.go index 12929507c..f0b79e214 100644 --- a/pkg/models/iam/am/am.go +++ b/pkg/models/iam/am/am.go @@ -114,8 +114,8 @@ type amOperator struct { k8sclient kubernetes.Interface } -func NewReadOnlyOperator(factory informers.InformerFactory) AccessManagementInterface { - return &amOperator{ +func NewReadOnlyOperator(factory informers.InformerFactory, devopsClient devops.Interface) AccessManagementInterface { + operator := &amOperator{ globalRoleBindingGetter: globalrolebinding.New(factory.KubeSphereSharedInformerFactory()), workspaceRoleBindingGetter: workspacerolebinding.New(factory.KubeSphereSharedInformerFactory()), clusterRoleBindingGetter: clusterrolebinding.New(factory.KubernetesSharedInformerFactory()), @@ -126,16 +126,17 @@ func NewReadOnlyOperator(factory informers.InformerFactory) AccessManagementInte roleGetter: role.New(factory.KubernetesSharedInformerFactory()), namespaceLister: factory.KubernetesSharedInformerFactory().Core().V1().Namespaces().Lister(), } + // no more CRDs of devopsprojects if the DevOps module was disabled + if devopsClient != nil { + operator.devopsProjectLister = factory.KubeSphereSharedInformerFactory().Devops().V1alpha3().DevOpsProjects().Lister() + } + return operator } func NewOperator(ksClient kubesphere.Interface, k8sClient kubernetes.Interface, factory informers.InformerFactory, devopsClient devops.Interface) AccessManagementInterface { - amOperator := NewReadOnlyOperator(factory).(*amOperator) + amOperator := NewReadOnlyOperator(factory, devopsClient).(*amOperator) amOperator.ksclient = ksClient amOperator.k8sclient = k8sClient - // no more CRDs of devopsprojects if the DevOps module was disabled - if devopsClient != nil { - amOperator.devopsProjectLister = factory.KubeSphereSharedInformerFactory().Devops().V1alpha3().DevOpsProjects().Lister() - } return amOperator }