Merge pull request #112 from wansir/master

Refine default role name.
2018-06-25 09:30:55 +08:00
parent e0e53b9790 5b4146af64
commit 5c762e48c3
2 changed files with 29 additions and 18 deletions
--- a/pkg/apis/v1alpha/iam/policy.go
+++ b/pkg/apis/v1alpha/iam/policy.go
@@ -25,8 +25,10 @@ import (
 	"k8s.io/api/rbac/v1"
 )
-const rulesConfigPath = "/etc/kubesphere/rules.json"
+const (
-const clusterRulesConfigPath = "/etc/kubesphere/clusterrules.json"
+	rulesConfigPath        = "/etc/kubesphere/rules/rules.json"
 	clusterRulesConfigPath = "/etc/kubesphere/rules/clusterrules.json"
 )
 type roleList struct {
 	ClusterRoles []v1.ClusterRole `json:"clusterRoles" protobuf:"bytes,2,rep,name=clusterRoles"`
@@ -577,6 +579,15 @@ var (
 					},
 				},
 			},
 			{Name: "scale",
 				Rules: []v1.PolicyRule{
 					{
 						Verbs:     []string{"patch"},
 						APIGroups: []string{"apps"},
 						Resources: []string{"statefulsets"},
 					},
 				},
 			},
 		},
 	}
--- a/pkg/models/controllers/namespaces.go
+++ b/pkg/models/controllers/namespaces.go
@@ -40,16 +40,16 @@ import (
 const (
 	provider           = "kubernetes"
 	admin              = "admin"
-	normal             = "normal"
+	editor             = "editor"
-	view               = "view"
+	viewer             = "viewer"
 	kubectlNamespace   = "kubesphere"
 	kubectlConfigKey   = "config"
 	openpitrix_runtime = "openpitrix_runtime"
 )
-var adminRules = []rbac.PolicyRule{rbac.PolicyRule{Verbs: []string{"*"}, APIGroups: []string{"*"}, Resources: []string{"*"}}}
+var adminRules = []rbac.PolicyRule{{Verbs: []string{"*"}, APIGroups: []string{"*"}, Resources: []string{"*"}}}
-var normalRules = []rbac.PolicyRule{rbac.PolicyRule{Verbs: []string{"*"}, APIGroups: []string{"", "apps", "extensions"}, Resources: []string{"*"}}}
+var editorRules = []rbac.PolicyRule{{Verbs: []string{"*"}, APIGroups: []string{"", "apps", "extensions"}, Resources: []string{"*"}}}
-var viewRules = []rbac.PolicyRule{rbac.PolicyRule{Verbs: []string{"list", "get"}, APIGroups: []string{"", "apps", "extensions"}, Resources: []string{"*"}}}
+var viewerRules = []rbac.PolicyRule{{Verbs: []string{"list", "get"}, APIGroups: []string{"", "apps", "extensions"}, Resources: []string{"*"}}}
 type runTime struct {
 	RuntimeId         string `json:"runtime_id"`
@@ -114,10 +114,10 @@ func (ctl *NamespaceCtl) deleteOpRuntime(item v1.Namespace) {
 	makeHttpRequest("DELETE", url, string(body))
 }
-func (ctl *NamespaceCtl) createOpRuntime(namespace, user string) ([]byte, error) {
+func (ctl *NamespaceCtl) createOpRuntime(namespace string) ([]byte, error) {
 	zone := namespace
 	name := namespace
-	kubeConfig, err := ctl.getKubeConfig(user)
+	kubeConfig, err := ctl.getKubeConfig("admin")
 	if err != nil {
 		glog.Error(err)
 		return nil, err
@@ -156,8 +156,8 @@ func (ctl *NamespaceCtl) createDefaultRoleBinding(ns, user string) error {
 func (ctl *NamespaceCtl) createDefaultRole(ns string) error {
 	adminRole := &rbac.Role{ObjectMeta: metaV1.ObjectMeta{Name: admin, Namespace: ns}, Rules: adminRules}
-	normalRole := &rbac.Role{ObjectMeta: metaV1.ObjectMeta{Name: normal, Namespace: ns}, Rules: normalRules}
+	editorRole := &rbac.Role{ObjectMeta: metaV1.ObjectMeta{Name: editor, Namespace: ns}, Rules: editorRules}
-	viewRole := &rbac.Role{ObjectMeta: metaV1.ObjectMeta{Name: view, Namespace: ns}, Rules: viewRules}
+	viewerRole := &rbac.Role{ObjectMeta: metaV1.ObjectMeta{Name: viewer, Namespace: ns}, Rules: viewerRules}
 	role, _ := ctl.K8sClient.RbacV1().Roles(ns).Get(admin, metaV1.GetOptions{})
@@ -169,20 +169,20 @@ func (ctl *NamespaceCtl) createDefaultRole(ns string) error {
 		}
 	}
-	role, _ = ctl.K8sClient.RbacV1().Roles(ns).Get(normal, metaV1.GetOptions{})
+	role, _ = ctl.K8sClient.RbacV1().Roles(ns).Get(editor, metaV1.GetOptions{})
-	if role.Name != normal {
+	if role.Name != editor {
-		_, err := ctl.K8sClient.RbacV1().Roles(ns).Create(normalRole)
+		_, err := ctl.K8sClient.RbacV1().Roles(ns).Create(editorRole)
 		if err != nil {
 			glog.Error(err)
 			return err
 		}
 	}
-	role, _ = ctl.K8sClient.RbacV1().Roles(ns).Get(view, metaV1.GetOptions{})
+	role, _ = ctl.K8sClient.RbacV1().Roles(ns).Get(viewer, metaV1.GetOptions{})
-	if role.Name != view {
+	if role.Name != viewer {
-		_, err := ctl.K8sClient.RbacV1().Roles(ns).Create(viewRole)
+		_, err := ctl.K8sClient.RbacV1().Roles(ns).Create(viewerRole)
 		if err != nil {
 			glog.Error(err)
 			return err
@@ -206,7 +206,7 @@ func (ctl *NamespaceCtl) createRoleAndRuntime(item v1.Namespace) {
 			return
 		}
-		resp, err := ctl.createOpRuntime(ns, user)
+		resp, err := ctl.createOpRuntime(ns)
 		if err != nil {
 			glog.Error(err)
 			return