admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix labelSelector not working

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2020-08-04 00:03:51 +08:00
parent 2d60c57942
commit 1d9c9bc0c2
1 changed files with 33 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
pkg/models/tenant/tenant.go
View File

@@ -118,53 +118,49 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
} }
decision, _, err := t.authorizer.Authorize(listWS) decision, _, err := t.authorizer.Authorize(listWS)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
// allowed to list all workspaces
if decision == authorizer.DecisionAllow { if decision == authorizer.DecisionAllow {
result, err := t.resourceGetter.List(tenantv1alpha2.ResourcePluralWorkspaceTemplate, "", queryParam) result, err := t.resourceGetter.List(tenantv1alpha2.ResourcePluralWorkspaceTemplate, "", queryParam)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
return result, nil return result, nil
} }
// retrieving associated resources through role binding
workspaceRoleBindings, err := t.am.ListWorkspaceRoleBindings(user.GetName(), "") workspaceRoleBindings, err := t.am.ListWorkspaceRoleBindings(user.GetName(), "")
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
workspaces := make([]runtime.Object, 0) workspaces := make([]runtime.Object, 0)
for _, roleBinding := range workspaceRoleBindings { for _, roleBinding := range workspaceRoleBindings {
workspaceName := roleBinding.Labels[tenantv1alpha1.WorkspaceLabel] workspaceName := roleBinding.Labels[tenantv1alpha1.WorkspaceLabel]
workspace, err := t.resourceGetter.Get(tenantv1alpha2.ResourcePluralWorkspaceTemplate, "", workspaceName) obj, err := t.resourceGetter.Get(tenantv1alpha2.ResourcePluralWorkspaceTemplate, "", workspaceName)
if errors.IsNotFound(err) { if errors.IsNotFound(err) {
klog.Warningf("workspace role binding: %+v found but workspace not exist", roleBinding.ObjectMeta.String()) klog.Warningf("workspace role binding: %+v found but workspace not exist", roleBinding.Name)
continue continue
} }
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
workspace := obj.(*tenantv1alpha2.WorkspaceTemplate)
if !contains(workspaces, workspace) { // label matching selector, remove duplicate entity
if queryParam.Selector().Matches(labels.Set(workspace.Labels)) &&
!contains(workspaces, workspace) {
workspaces = append(workspaces, workspace) workspaces = append(workspaces, workspace)
} }
} }
// use default pagination search logic
result := resources.DefaultList(workspaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool { result := resources.DefaultList(workspaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, right.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, field) return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, right.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, field)
}, func(workspace runtime.Object, filter query.Filter) bool { }, func(workspace runtime.Object, filter query.Filter) bool {
@@ -175,9 +171,12 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
} }
func (t *tenantOperator) ListFederatedNamespaces(user user.Info, workspace string, queryParam *query.Query) (*api.ListResult, error) { func (t *tenantOperator) ListFederatedNamespaces(user user.Info, workspace string, queryParam *query.Query) (*api.ListResult, error) {
nsScope := request.ClusterScope nsScope := request.ClusterScope
if workspace != "" { if workspace != "" {
nsScope = request.WorkspaceScope nsScope = request.WorkspaceScope
// filter by workspace
queryParam.Filters[query.FieldLabel] = query.Value(fmt.Sprintf("%s=%s", tenantv1alpha1.WorkspaceLabel, workspace))
} }
listNS := authorizer.AttributesRecord{ listNS := authorizer.AttributesRecord{
@@ -190,39 +189,31 @@ func (t *tenantOperator) ListFederatedNamespaces(user user.Info, workspace strin
} }
decision, _, err := t.authorizer.Authorize(listNS) decision, _, err := t.authorizer.Authorize(listNS)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
// allowed to list all namespaces in the specified scope
if decision == authorizer.DecisionAllow { if decision == authorizer.DecisionAllow {
if workspace != "" {
queryParam.Filters[query.FieldLabel] = query.Value(fmt.Sprintf("%s=%s", tenantv1alpha1.WorkspaceLabel, workspace))
}
result, err := t.resourceGetter.List(typesv1beta1.ResourcePluralFederatedNamespace, "", queryParam) result, err := t.resourceGetter.List(typesv1beta1.ResourcePluralFederatedNamespace, "", queryParam)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
return result, nil return result, nil
} }
// retrieving associated resources through role binding
roleBindings, err := t.am.ListRoleBindings(user.GetName(), "") roleBindings, err := t.am.ListRoleBindings(user.GetName(), "")
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
namespaces := make([]runtime.Object, 0) namespaces := make([]runtime.Object, 0)
for _, roleBinding := range roleBindings { for _, roleBinding := range roleBindings {
namespace, err := t.resourceGetter.Get(typesv1beta1.ResourcePluralFederatedNamespace, roleBinding.Namespace, roleBinding.Namespace) obj, err := t.resourceGetter.Get(typesv1beta1.ResourcePluralFederatedNamespace, roleBinding.Namespace, roleBinding.Namespace)
if err != nil { if err != nil {
if errors.IsNotFound(err) { if errors.IsNotFound(err) {
continue continue
@@ -230,28 +221,21 @@ func (t *tenantOperator) ListFederatedNamespaces(user user.Info, workspace strin
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
namespace := obj.(*typesv1beta1.FederatedNamespace)
// skip if not controlled by the specified workspace // label matching selector, remove duplicate entity
if ns := namespace.(*typesv1beta1.FederatedNamespace); workspace != "" && ns.Labels[tenantv1alpha1.WorkspaceLabel] != workspace { if queryParam.Selector().Matches(labels.Set(namespace.Labels)) &&
continue !contains(namespaces, namespace) {
}
if !contains(namespaces, namespace) {
namespaces = append(namespaces, namespace) namespaces = append(namespaces, namespace)
} }
} }
// use default pagination search logic
result := resources.DefaultList(namespaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool { result := resources.DefaultList(namespaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
return resources.DefaultObjectMetaCompare(left.(*typesv1beta1.FederatedNamespace).ObjectMeta, right.(*typesv1beta1.FederatedNamespace).ObjectMeta, field) return resources.DefaultObjectMetaCompare(left.(*typesv1beta1.FederatedNamespace).ObjectMeta, right.(*typesv1beta1.FederatedNamespace).ObjectMeta, field)
}, func(object runtime.Object, filter query.Filter) bool { }, func(object runtime.Object, filter query.Filter) bool {
namespace := object.(*typesv1beta1.FederatedNamespace).ObjectMeta return resources.DefaultObjectMetaFilter(object.(*typesv1beta1.FederatedNamespace).ObjectMeta, filter)
if workspace != "" {
if workspaceLabel, ok := namespace.Labels[tenantv1alpha1.WorkspaceLabel]; !ok || workspaceLabel != workspace {
return false
}
}
return resources.DefaultObjectMetaFilter(namespace, filter)
}) })
return result, nil return result, nil
} }
@@ -259,6 +243,8 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
nsScope := request.ClusterScope nsScope := request.ClusterScope
if workspace != "" { if workspace != "" {
nsScope = request.WorkspaceScope nsScope = request.WorkspaceScope
// filter by workspace
queryParam.Filters[query.FieldLabel] = query.Value(fmt.Sprintf("%s=%s", tenantv1alpha1.WorkspaceLabel, workspace))
} }
listNS := authorizer.AttributesRecord{ listNS := authorizer.AttributesRecord{
@@ -271,65 +257,48 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
} }
decision, _, err := t.authorizer.Authorize(listNS) decision, _, err := t.authorizer.Authorize(listNS)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
// allowed to list all namespaces in the specified scope
if decision == authorizer.DecisionAllow { if decision == authorizer.DecisionAllow {
if workspace != "" {
queryParam.Filters[query.FieldLabel] = query.Value(fmt.Sprintf("%s=%s", tenantv1alpha1.WorkspaceLabel, workspace))
}
result, err := t.resourceGetter.List("namespaces", "", queryParam) result, err := t.resourceGetter.List("namespaces", "", queryParam)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
return result, nil return result, nil
} }
// retrieving associated resources through role binding
roleBindings, err := t.am.ListRoleBindings(user.GetName(), "") roleBindings, err := t.am.ListRoleBindings(user.GetName(), "")
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
namespaces := make([]runtime.Object, 0) namespaces := make([]runtime.Object, 0)
for _, roleBinding := range roleBindings { for _, roleBinding := range roleBindings {
namespace, err := t.resourceGetter.Get("namespaces", "", roleBinding.Namespace) obj, err := t.resourceGetter.Get("namespaces", "", roleBinding.Namespace)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
return nil, err return nil, err
} }
namespace := obj.(*corev1.Namespace)
// skip if not controlled by the specified workspace // label matching selector, remove duplicate entity
if ns := namespace.(*corev1.Namespace); workspace != "" && ns.Labels[tenantv1alpha1.WorkspaceLabel] != workspace { if queryParam.Selector().Matches(labels.Set(namespace.Labels)) &&
continue !contains(namespaces, namespace) {
}
if !contains(namespaces, namespace) {
namespaces = append(namespaces, namespace) namespaces = append(namespaces, namespace)
} }
} }
// use default pagination search logic
result := resources.DefaultList(namespaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool { result := resources.DefaultList(namespaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
return resources.DefaultObjectMetaCompare(left.(*corev1.Namespace).ObjectMeta, right.(*corev1.Namespace).ObjectMeta, field) return resources.DefaultObjectMetaCompare(left.(*corev1.Namespace).ObjectMeta, right.(*corev1.Namespace).ObjectMeta, field)
}, func(object runtime.Object, filter query.Filter) bool { }, func(object runtime.Object, filter query.Filter) bool {
namespace := object.(*corev1.Namespace).ObjectMeta return resources.DefaultObjectMetaFilter(object.(*corev1.Namespace).ObjectMeta, filter)
if workspace != "" {
if workspaceLabel, ok := namespace.Labels[tenantv1alpha1.WorkspaceLabel]; !ok || workspaceLabel != workspace {
return false
}
}
return resources.DefaultObjectMetaFilter(namespace, filter)
}) })
return result, nil return result, nil