change web kubectl to use sa
This commit is contained in:
Jeff
@@ -42,6 +42,7 @@ type ServerRunOptions struct {
|
||||
JWTSecret string
|
||||
AuthRateLimit string
|
||||
EnableMultiLogin bool
|
||||
GenerateKubeConfig bool
|
||||
}
|
||||
|
||||
func NewServerRunOptions() *ServerRunOptions {
|
||||
@@ -66,6 +67,7 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
|
||||
fs.StringVar(&s.JWTSecret, "jwt-secret", "", "jwt secret")
|
||||
fs.StringVar(&s.AuthRateLimit, "auth-rate-limit", "5/30m", "specifies the maximum number of authentication attempts permitted and time interval,valid time units are \"s\",\"m\",\"h\"")
|
||||
fs.BoolVar(&s.EnableMultiLogin, "enable-multi-login", false, "allow one account to have multiple sessions")
|
||||
fs.BoolVar(&s.GenerateKubeConfig, "generate-kubeconfig", true, "generate kubeconfig for new users, kubeconfig is required in devops pipeline, set to false if you don't need devops.")
|
||||
|
||||
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"))
|
||||
s.LdapOptions.AddFlags(fss.FlagSet("ldap"))
|
||||
|
||||
@@ -94,7 +94,7 @@ func Run(s *options.ServerRunOptions, stopChan <-chan struct{}) error {
|
||||
|
||||
waitForResourceSync(stopChan)
|
||||
|
||||
err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin)
|
||||
err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin, s.GenerateKubeConfig)
|
||||
|
||||
jwtutil.Setup(s.JWTSecret)
|
||||
|
||||
|
||||
@@ -51,13 +51,14 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
adminEmail string
|
||||
adminPassword string
|
||||
tokenIdleTimeout time.Duration
|
||||
maxAuthFailed int
|
||||
authTimeInterval time.Duration
|
||||
initUsers []initUser
|
||||
enableMultiLogin bool
|
||||
adminEmail string
|
||||
adminPassword string
|
||||
tokenIdleTimeout time.Duration
|
||||
maxAuthFailed int
|
||||
authTimeInterval time.Duration
|
||||
initUsers []initUser
|
||||
enableMultiLogin bool
|
||||
generateKubeConfig bool
|
||||
)
|
||||
|
||||
type initUser struct {
|
||||
@@ -72,12 +73,13 @@ const (
|
||||
defaultAuthTimeInterval = 30 * time.Minute
|
||||
)
|
||||
|
||||
func Init(email, password, authRateLimit string, idleTimeout time.Duration, multiLogin bool) error {
|
||||
func Init(email, password, authRateLimit string, idleTimeout time.Duration, multiLogin bool, isGeneratingKubeConfig bool) error {
|
||||
adminEmail = email
|
||||
adminPassword = password
|
||||
tokenIdleTimeout = idleTimeout
|
||||
maxAuthFailed, authTimeInterval = parseAuthRateLimit(authRateLimit)
|
||||
enableMultiLogin = multiLogin
|
||||
generateKubeConfig = isGeneratingKubeConfig
|
||||
|
||||
err := checkAndCreateDefaultUser()
|
||||
|
||||
@@ -1005,9 +1007,11 @@ func CreateUser(user *models.User) (*models.User, error) {
|
||||
userCreateRequest.Attribute("description", []string{user.Description}) // RFC4519: descriptive information
|
||||
}
|
||||
|
||||
if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
|
||||
klog.Errorln("create user kubeconfig failed", user.Username, err)
|
||||
return nil, err
|
||||
if generateKubeConfig {
|
||||
if err = kubeconfig.CreateKubeConfig(user.Username); err != nil {
|
||||
klog.Errorln("create user kubeconfig failed", user.Username, err)
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
err = conn.Add(userCreateRequest)
|
||||
|
||||
Reference in New Issue
Block a user