login record CRD (#2565)

* Signed-off-by: hongming <talonwan@yunify.com> support ldap identity provider Signed-off-by: hongming <talonwan@yunify.com> * add login record Signed-off-by: Jeff <zw0948@gmail.com> Co-authored-by: hongming <talonwan@yunify.com>
2020-07-23 22:10:39 +08:00
parent 50a6c7b2b5
commit 3d74bb0589
51 changed files with 2163 additions and 548 deletions
--- a/cmd/controller-manager/app/controllers.go
+++ b/cmd/controller-manager/app/controllers.go
@@ -22,6 +22,7 @@ import (
 	"k8s.io/klog"
 	iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
 	tenantv1alpha2 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha2"
+	authoptions "kubesphere.io/kubesphere/pkg/apiserver/authentication/options"
 	"kubesphere.io/kubesphere/pkg/controller/application"
 	"kubesphere.io/kubesphere/pkg/controller/certificatesigningrequest"
 	"kubesphere.io/kubesphere/pkg/controller/cluster"
@@ -61,6 +62,7 @@ func addControllers(
 	devopsClient devops.Interface,
 	s3Client s3.Interface,
 	ldapClient ldapclient.Interface,
+	authenticationOptions *authoptions.AuthenticationOptions,
 	openpitrixClient openpitrix.Client,
 	multiClusterEnabled bool,
 	networkPolicyEnabled bool,
@@ -207,10 +209,18 @@ func addControllers(
 		go fedWorkspaceRoleBindingCacheController.Run(stopCh)
 	}

-	userController := user.NewController(client.Kubernetes(), client.KubeSphere(), client.Config(),
+	userController := user.NewUserController(client.Kubernetes(), client.KubeSphere(), client.Config(),
 		kubesphereInformer.Iam().V1alpha2().Users(),
 		fedUserCache, fedUserCacheController,
-		kubernetesInformer.Core().V1().ConfigMaps(), ldapClient, multiClusterEnabled)
+		kubesphereInformer.Iam().V1alpha2().LoginRecords(),
+		kubernetesInformer.Core().V1().ConfigMaps(),
+		ldapClient, authenticationOptions, multiClusterEnabled)
+
+	loginRecordController := user.NewLoginRecordController(
+		client.Kubernetes(),
+		client.KubeSphere(),
+		kubesphereInformer.Iam().V1alpha2().LoginRecords(),
+		authenticationOptions)

 	csrController := certificatesigningrequest.NewController(client.Kubernetes(),
 		kubernetesInformer.Certificates().V1beta1().CertificateSigningRequests(),
@@ -282,6 +292,7 @@ func addControllers(
 		"storagecapability-controller":    storageCapabilityController,
 		"volumeexpansion-controller":      volumeExpansionController,
 		"user-controller":                 userController,
+		"loginrecord-controller":          loginRecordController,
 		"cluster-controller":              clusterController,
 		"nsnp-controller":                 nsnpController,
 		"csr-controller":                  csrController,
--- a/cmd/controller-manager/app/server.go
+++ b/cmd/controller-manager/app/server.go
@@ -183,10 +183,18 @@ func Run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})

 		// TODO(jeff): refactor config with CRD
 		servicemeshEnabled := s.ServiceMeshOptions != nil && len(s.ServiceMeshOptions.IstioPilotHost) != 0
-		if err = addControllers(mgr, kubernetesClient, informerFactory,
-			devopsClient, s3Client, ldapClient, openpitrixClient,
-			s.MultiClusterOptions.Enable, s.NetworkOptions.EnableNetworkPolicy,
-			servicemeshEnabled, s.AuthenticationOptions.KubectlImage, stopCh); err != nil {
+		if err = addControllers(mgr,
+			kubernetesClient,
+			informerFactory,
+			devopsClient,
+			s3Client,
+			ldapClient,
+			s.AuthenticationOptions,
+			openpitrixClient,
+			s.MultiClusterOptions.Enable,
+			s.NetworkOptions.EnableNetworkPolicy,
+			servicemeshEnabled,
+			s.AuthenticationOptions.KubectlImage, stopCh); err != nil {
 			klog.Fatalf("unable to register controllers to the manager: %v", err)
 		}