[release-3.4] Validate clusterRole when adding a cluster (#5961)

Validate clusterRole when adding a cluster Co-authored-by: Xinzhao Xu <z2d@jifangcheng.com>
2023-10-30 17:45:30 +08:00
parent 6e5ea024b6
commit 3e0493a1c5
3 changed files with 14 additions and 14 deletions
--- a/pkg/kapis/cluster/v1alpha1/handler.go
+++ b/pkg/kapis/cluster/v1alpha1/handler.go
@@ -49,6 +49,7 @@ import (
 	"kubesphere.io/kubesphere/pkg/client/informers/externalversions"
 	clusterlister "kubesphere.io/kubesphere/pkg/client/listers/cluster/v1alpha1"
 	"kubesphere.io/kubesphere/pkg/constants"
+	"kubesphere.io/kubesphere/pkg/simple/client/multicluster"
 	"kubesphere.io/kubesphere/pkg/utils/k8sutil"
 	"kubesphere.io/kubesphere/pkg/version"
 )
@@ -447,16 +448,17 @@ func (h *handler) validateMemberClusterConfiguration(clientSet kubernetes.Interf
 	if err != nil {
 		return err
 	}
-
 	mConfig, err := h.getMemberClusterConfig(clientSet)
 	if err != nil {
 		return err
 	}

+	if mConfig.MultiClusterOptions.ClusterRole != multicluster.ClusterRoleMember {
+		return fmt.Errorf("the clusterRole of the member cluster must be 'member'")
+	}
 	if hConfig.AuthenticationOptions.JwtSecret != mConfig.AuthenticationOptions.JwtSecret {
 		return fmt.Errorf("hostcluster Jwt is not equal to member cluster jwt, please edit the member cluster cluster config")
 	}
-
 	return nil
 }

--- a/pkg/kapis/cluster/v1alpha1/handler_test.go
+++ b/pkg/kapis/cluster/v1alpha1/handler_test.go
@@ -96,6 +96,8 @@ authentication:
  oauthOptions:
    accessTokenMaxAge: 0s
    accessTokenInactivityTimeout: 0s
+multicluster:
+  clusterRole: host
 `,
 }

@@ -104,10 +106,12 @@ var memberMap = map[string]string{
 monitoring:
  endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
 authentication:
-  jwtSecret: sQh3JOqNbmci6Gu94TeV10AY7ipltwj
+  jwtSecret: sQh3JOqNbmci6Gu94TeV10AY7ipltwjp
  oauthOptions:
    accessTokenMaxAge: 0s
    accessTokenInactivityTimeout: 0s
+multicluster:
+  clusterRole: member
 `,
 }

@@ -437,19 +441,10 @@ func TestValidateMemberClusterConfiguration(t *testing.T) {
 		t.Fatal(err)
 	}

-	addMemberClusterResource(hostCm, t)
-
-	err = h.validateMemberClusterConfiguration(clientSet)
-	if err != nil {
+	addMemberClusterResource(memberCm, t)
+	if err = h.validateMemberClusterConfiguration(clientSet); err != nil {
 		t.Fatal(err)
 	}
-
-	addMemberClusterResource(memberCm, t)
-	err = h.validateMemberClusterConfiguration(clientSet)
-	if err == nil {
-		t.Fatal()
-	}
-	t.Log(err)
 }

 func addMemberClusterResource(targetCm *corev1.ConfigMap, t *testing.T) {
--- a/pkg/simple/client/multicluster/options.go
+++ b/pkg/simple/client/multicluster/options.go
@@ -27,6 +27,9 @@ import (
 const (
 	DefaultResyncPeriod    = 120 * time.Second
 	DefaultHostClusterName = "host"
+
+	ClusterRoleHost   = "host"
+	ClusterRoleMember = "member"
 )

 type Options struct {