From 443e37d8bddd0463683d8dcbb585e72b33f931e7 Mon Sep 17 00:00:00 2001 From: Jeff Date: Sat, 9 Nov 2019 16:22:45 +0800 Subject: [PATCH] change web kubectl to use sa --- cmd/ks-iam/app/options/options.go | 2 ++ cmd/ks-iam/app/server.go | 2 +- pkg/models/iam/im.go | 26 +++++++++++++++----------- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/cmd/ks-iam/app/options/options.go b/cmd/ks-iam/app/options/options.go index d986db334..07a7529dd 100644 --- a/cmd/ks-iam/app/options/options.go +++ b/cmd/ks-iam/app/options/options.go @@ -42,6 +42,7 @@ type ServerRunOptions struct { JWTSecret string AuthRateLimit string EnableMultiLogin bool + GenerateKubeConfig bool } func NewServerRunOptions() *ServerRunOptions { @@ -66,6 +67,7 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) { fs.StringVar(&s.JWTSecret, "jwt-secret", "", "jwt secret") fs.StringVar(&s.AuthRateLimit, "auth-rate-limit", "5/30m", "specifies the maximum number of authentication attempts permitted and time interval,valid time units are \"s\",\"m\",\"h\"") fs.BoolVar(&s.EnableMultiLogin, "enable-multi-login", false, "allow one account to have multiple sessions") + fs.BoolVar(&s.GenerateKubeConfig, "generate-kubeconfig", true, "generate kubeconfig for new users, kubeconfig is required in devops pipeline, set to false if you don't need devops.") s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes")) s.LdapOptions.AddFlags(fss.FlagSet("ldap")) diff --git a/cmd/ks-iam/app/server.go b/cmd/ks-iam/app/server.go index 502714860..4a745ab86 100644 --- a/cmd/ks-iam/app/server.go +++ b/cmd/ks-iam/app/server.go @@ -94,7 +94,7 @@ func Run(s *options.ServerRunOptions, stopChan <-chan struct{}) error { waitForResourceSync(stopChan) - err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin) + err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin, s.GenerateKubeConfig) jwtutil.Setup(s.JWTSecret) diff --git a/pkg/models/iam/im.go b/pkg/models/iam/im.go index 5ab351032..4a1c02c40 100644 --- a/pkg/models/iam/im.go +++ b/pkg/models/iam/im.go @@ -51,13 +51,14 @@ import ( ) var ( - adminEmail string - adminPassword string - tokenIdleTimeout time.Duration - maxAuthFailed int - authTimeInterval time.Duration - initUsers []initUser - enableMultiLogin bool + adminEmail string + adminPassword string + tokenIdleTimeout time.Duration + maxAuthFailed int + authTimeInterval time.Duration + initUsers []initUser + enableMultiLogin bool + generateKubeConfig bool ) type initUser struct { @@ -72,12 +73,13 @@ const ( defaultAuthTimeInterval = 30 * time.Minute ) -func Init(email, password, authRateLimit string, idleTimeout time.Duration, multiLogin bool) error { +func Init(email, password, authRateLimit string, idleTimeout time.Duration, multiLogin bool, isGeneratingKubeConfig bool) error { adminEmail = email adminPassword = password tokenIdleTimeout = idleTimeout maxAuthFailed, authTimeInterval = parseAuthRateLimit(authRateLimit) enableMultiLogin = multiLogin + generateKubeConfig = isGeneratingKubeConfig err := checkAndCreateDefaultUser() @@ -1005,9 +1007,11 @@ func CreateUser(user *models.User) (*models.User, error) { userCreateRequest.Attribute("description", []string{user.Description}) // RFC4519: descriptive information } - if err := kubeconfig.CreateKubeConfig(user.Username); err != nil { - klog.Errorln("create user kubeconfig failed", user.Username, err) - return nil, err + if generateKubeConfig { + if err = kubeconfig.CreateKubeConfig(user.Username); err != nil { + klog.Errorln("create user kubeconfig failed", user.Username, err) + return nil, err + } } err = conn.Add(userCreateRequest)