admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[release-3.4] Validate clusterRole when adding a cluster (#5961)

Browse Source 
Validate clusterRole when adding a cluster

Co-authored-by: Xinzhao Xu <z2d@jifangcheng.com>
This commit is contained in:
KubeSphere CI Bot
2023-10-30 17:45:30 +08:00
committed by GitHub
parent 6e5ea024b6
commit 3e0493a1c5
3 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kapis/cluster/v1alpha1/handler.go
View File

@@ -49,6 +49,7 @@ import (
"kubesphere.io/kubesphere/pkg/client/informers/externalversions" "kubesphere.io/kubesphere/pkg/client/informers/externalversions"
clusterlister "kubesphere.io/kubesphere/pkg/client/listers/cluster/v1alpha1" clusterlister "kubesphere.io/kubesphere/pkg/client/listers/cluster/v1alpha1"
"kubesphere.io/kubesphere/pkg/constants" "kubesphere.io/kubesphere/pkg/constants"
"kubesphere.io/kubesphere/pkg/simple/client/multicluster"
"kubesphere.io/kubesphere/pkg/utils/k8sutil" "kubesphere.io/kubesphere/pkg/utils/k8sutil"
"kubesphere.io/kubesphere/pkg/version" "kubesphere.io/kubesphere/pkg/version"
) )
@@ -447,16 +448,17 @@ func (h *handler) validateMemberClusterConfiguration(clientSet kubernetes.Interf
if err != nil { if err != nil {
return err return err
} }
mConfig, err := h.getMemberClusterConfig(clientSet) mConfig, err := h.getMemberClusterConfig(clientSet)
if err != nil { if err != nil {
return err return err
} }
if mConfig.MultiClusterOptions.ClusterRole != multicluster.ClusterRoleMember {
return fmt.Errorf("the clusterRole of the member cluster must be 'member'")
}
if hConfig.AuthenticationOptions.JwtSecret != mConfig.AuthenticationOptions.JwtSecret { if hConfig.AuthenticationOptions.JwtSecret != mConfig.AuthenticationOptions.JwtSecret {
return fmt.Errorf("hostcluster Jwt is not equal to member cluster jwt, please edit the member cluster cluster config") return fmt.Errorf("hostcluster Jwt is not equal to member cluster jwt, please edit the member cluster cluster config")
} }
return nil return nil
} }

19
pkg/kapis/cluster/v1alpha1/handler_test.go
View File

@@ -96,6 +96,8 @@ authentication:
oauthOptions: oauthOptions:
accessTokenMaxAge: 0s accessTokenMaxAge: 0s
accessTokenInactivityTimeout: 0s accessTokenInactivityTimeout: 0s
multicluster:
clusterRole: host
`, `,
} }
@@ -104,10 +106,12 @@ var memberMap = map[string]string{
monitoring: monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
authentication: authentication:
jwtSecret: sQh3JOqNbmci6Gu94TeV10AY7ipltwj jwtSecret: sQh3JOqNbmci6Gu94TeV10AY7ipltwjp
oauthOptions: oauthOptions:
accessTokenMaxAge: 0s accessTokenMaxAge: 0s
accessTokenInactivityTimeout: 0s accessTokenInactivityTimeout: 0s
multicluster:
clusterRole: member
`, `,
} }
@@ -437,19 +441,10 @@ func TestValidateMemberClusterConfiguration(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
addMemberClusterResource(hostCm, t) addMemberClusterResource(memberCm, t)
if err = h.validateMemberClusterConfiguration(clientSet); err != nil {
err = h.validateMemberClusterConfiguration(clientSet)
if err != nil {
t.Fatal(err) t.Fatal(err)
} }
addMemberClusterResource(memberCm, t)
err = h.validateMemberClusterConfiguration(clientSet)
if err == nil {
t.Fatal()
}
t.Log(err)
} }
func addMemberClusterResource(targetCm *corev1.ConfigMap, t *testing.T) { func addMemberClusterResource(targetCm *corev1.ConfigMap, t *testing.T) {

3
pkg/simple/client/multicluster/options.go
View File

@@ -27,6 +27,9 @@ import (
const ( const (
DefaultResyncPeriod = 120 * time.Second DefaultResyncPeriod = 120 * time.Second
DefaultHostClusterName = "host" DefaultHostClusterName = "host"
ClusterRoleHost = "host"
ClusterRoleMember = "member"
) )
type Options struct { type Options struct {