Merge pull request #288 from wansir/advanced-2.0-dev

add ks-iam and ks-apigateway

.travis.yml

@@ -17,9 +17,11 @@ before_install:
 before_script:
   - dep ensure -v
   - docker --version
+  - git clone --single-branch -b v0.11.4 -q https://github.com/mholt/caddy $GOPATH/src/github.com/mholt/caddy
 
 script:
-  - make all && make test
+  - make test
+  - bash hack/docker_build.sh
 
 deploy:
   skip_cleanup: true

Gopkg.lock

@@ -2,57 +2,82 @@
 
 
 [[projects]]
+  digest = "1:4d6f036ea3fe636bcb2e89850bcdc62a771354e157cd51b8b22a2de8562bf663"
   name = "cloud.google.com/go"
   packages = ["compute/metadata"]
+  pruneopts = "UT"
   revision = "c9474f2f8deb81759839474b6bd1726bbfe1c1c4"
   version = "v0.36.0"
 
 [[projects]]
+  digest = "1:f9ae348e1f793dcf9ed930ed47136a67343dbd6809c5c91391322267f4476892"
   name = "github.com/Microsoft/go-winio"
   packages = ["."]
-  revision = "7da180ee92d8bd8bb8c37fc560e673e6557c392f"
+  pruneopts = "UT"
-  version = "v0.4.7"
+  revision = "1a8911d1ed007260465c3bfbbc785ac6915a0bb8"
+  version = "v0.4.12"
 
 [[projects]]
+  digest = "1:a2682518d905d662d984ef9959984ef87cecb777d379bfa9d9fe40e78069b3e4"
   name = "github.com/PuerkitoBio/purell"
   packages = ["."]
-  revision = "0bcb03f4b4d0a9428594752bd2a3b9aa0a9d4bd4"
+  pruneopts = "UT"
-  version = "v1.1.0"
+  revision = "44968752391892e1b0d0b821ee79e9a85fa13049"
+  version = "v1.1.1"
 
 [[projects]]
   branch = "master"
+  digest = "1:c739832d67eb1e9cc478a19cc1a1ccd78df0397bf8a32978b759152e205f644b"
   name = "github.com/PuerkitoBio/urlesc"
   packages = ["."]
+  pruneopts = "UT"
   revision = "de5bf2ad457846296e2031421a34e2568e304e35"
 
 [[projects]]
+  digest = "1:87c2e02fb01c27060ccc5ba7c5a407cc91147726f8f40b70cceeedbc52b1f3a8"
   name = "github.com/Sirupsen/logrus"
   packages = ["."]
-  revision = "c155da19408a8799da419ed3eeb0cb5db0ad5dbc"
+  pruneopts = "UT"
-  version = "v1.0.5"
+  revision = "e1e72e9de974bd926e5c56f83753fba2df402ce5"
+  version = "v1.3.0"
 
 [[projects]]
   branch = "master"
+  digest = "1:d6afaeed1502aa28e80a4ed0981d570ad91b2579193404256ce672ed0a609e0d"
   name = "github.com/beorn7/perks"
   packages = ["quantile"]
+  pruneopts = "UT"
   revision = "3a771d992973f24aa725d07868b467d1ddfceafb"
 
 [[projects]]
+  digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec"
   name = "github.com/davecgh/go-spew"
   packages = ["spew"]
-  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
+  pruneopts = "UT"
-  version = "v1.1.0"
+  revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"
+  version = "v1.1.1"
+
+[[projects]]
+  digest = "1:76dc72490af7174349349838f2fe118996381b31ea83243812a97e5a0fd5ed55"
+  name = "github.com/dgrijalva/jwt-go"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e"
+  version = "v3.2.0"
 
 [[projects]]
   branch = "master"
+  digest = "1:4c7d169280debf9f36b84a0f682094889cccc5dc0db8657f9cffc93b21975a57"
   name = "github.com/docker/distribution"
   packages = [
     "digestset",
-    "reference"
+    "reference",
   ]
-  revision = "749f6afb4572201e3c37325d0ffedb6f32be8950"
+  pruneopts = "UT"
+  revision = "6d62eb1d4a3515399431b713fde3ce5a9b40e8d5"
 
 [[projects]]
+  digest = "1:ec821dda59d7dd340498d74f798aa218b2c782bba54a690e866dc4f520d900d5"
   name = "github.com/docker/docker"
   packages = [
     "api",
@@ -74,338 +99,466 @@
     "pkg/ioutils",
     "pkg/longpath",
     "pkg/system",
-    "pkg/tlsconfig"
+    "pkg/tlsconfig",
   ]
+  pruneopts = "UT"
   revision = "90d35abf7b3535c1c319c872900fbd76374e521c"
   version = "v17.05.0-ce-rc3"
 
 [[projects]]
   branch = "master"
+  digest = "1:02f8f4889e53a6adbc7bf3f2b9007ce8aecb0b79686fc9f99265246c88063f10"
   name = "github.com/docker/go-connections"
   packages = [
     "nat",
     "sockets",
-    "tlsconfig"
+    "tlsconfig",
   ]
-  revision = "7395e3f8aa162843a74ed6d48e79627d9792ac55"
+  pruneopts = "UT"
+  revision = "97c2040d34dfae1d1b1275fa3a78dbdd2f41cf7e"
 
 [[projects]]
+  digest = "1:6f82cacd0af5921e99bf3f46748705239b36489464f4529a1589bc895764fb18"
   name = "github.com/docker/go-units"
   packages = ["."]
+  pruneopts = "UT"
   revision = "47565b4f722fb6ceae66b95f853feed578a4a51c"
   version = "v0.3.3"
 
 [[projects]]
   branch = "master"
+  digest = "1:4841e14252a2cecf11840bd05230412ad469709bbacfc12467e2ce5ad07f339b"
   name = "github.com/docker/libtrust"
   packages = ["."]
+  pruneopts = "UT"
   revision = "aabc10ec26b754e797f9028f4589c5b7bd90dc20"
 
 [[projects]]
+  digest = "1:8ee7b41ace3ba875c17e38ba7780e7cf0d29882338637861e9f13f04f60ecc5c"
   name = "github.com/emicklei/go-restful"
   packages = [
     ".",
-    "log"
+    "log",
   ]
-  revision = "3658237ded108b4134956c1b3050349d93e7b895"
+  pruneopts = "UT"
-  version = "v2.7.1"
+  revision = "85d198d05a92d31823b852b4a5928114912e8949"
+  version = "v2.9.0"
 
 [[projects]]
+  digest = "1:8ba45daa43acfd9364068b118a6884cb82bc1ef0569dc05260f3b464907e07d9"
   name = "github.com/emicklei/go-restful-openapi"
   packages = ["."]
-  revision = "51bf251d405ad1e23511fef0a2dbe40bc70ce2c6"
+  pruneopts = "UT"
-  version = "v0.11.0"
+  revision = "b7062368c258c9e8f8cbe9dd2e6aebfa1b747be6"
+  version = "v1.0.0"
 
 [[projects]]
+  digest = "1:2cd7915ab26ede7d95b8749e6b1f933f1c6d5398030684e6505940a10f31cfda"
   name = "github.com/ghodss/yaml"
   packages = ["."]
+  pruneopts = "UT"
   revision = "0ca9ea5df5451ffdf184b4428c902747c2c11cd7"
   version = "v1.0.0"
 
 [[projects]]
-  branch = "master"
+  digest = "1:2a792dde3ae5dc95000d4dee312523504ea875b097a2b119a2f55d1d1d32ed61"
-  name = "github.com/go-logr/logr"
+  name = "github.com/go-ldap/ldap"
   packages = ["."]
-  revision = "9fb12b3b21c5415d16ac18dc5cd42c1cfdd40c4e"
+  pruneopts = "UT"
+  revision = "729c20c2694d870bcd631f0dadaecd088bd7ccbc"
+  version = "v3.0.2"
 
 [[projects]]
-  name = "github.com/go-logr/zapr"
+  digest = "1:edd2fa4578eb086265db78a9201d15e76b298dfd0d5c379da83e9c61712cf6df"
+  name = "github.com/go-logr/logr"
   packages = ["."]
-  revision = "7536572e8d55209135cd5e7ccf7fce43dca217ab"
+  pruneopts = "UT"
+  revision = "9fb12b3b21c5415d16ac18dc5cd42c1cfdd40c4e"
   version = "v0.1.0"
 
 [[projects]]
-  branch = "master"
+  digest = "1:d81dfed1aa731d8e4a45d87154ec15ef18da2aa80fa9a2f95bec38577a244a99"
+  name = "github.com/go-logr/zapr"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "03f06a783fbb7dfaf3f629c7825480e43a7105e6"
+  version = "v0.1.1"
+
+[[projects]]
+  digest = "1:953a2628e4c5c72856b53f5470ed5e071c55eccf943d798d42908102af2a610f"
   name = "github.com/go-openapi/jsonpointer"
   packages = ["."]
-  revision = "3a0015ad55fa9873f41605d3e8f28cd279c32ab2"
+  pruneopts = "UT"
+  revision = "ef5f0afec364d3b9396b7b77b43dbe26bf1f8004"
+  version = "v0.18.0"
 
 [[projects]]
-  branch = "master"
+  digest = "1:81210e0af657a0fb3638932ec68e645236bceefa4c839823db0c4d918f080895"
   name = "github.com/go-openapi/jsonreference"
   packages = ["."]
-  revision = "3fb327e6747da3043567ee86abd02bb6376b6be2"
+  pruneopts = "UT"
+  revision = "8483a886a90412cd6858df4ea3483dce9c8e35a3"
+  version = "v0.18.0"
 
 [[projects]]
-  branch = "master"
+  digest = "1:08656ef9c5a45ddccb7f206ca2d67e12e9fcda4122a83dc0544b5c967267cefa"
   name = "github.com/go-openapi/spec"
   packages = ["."]
-  revision = "bce47c9386f9ecd6b86f450478a80103c3fe1402"
+  pruneopts = "UT"
+  revision = "5b6cdde3200976e3ecceb2868706ee39b6aff3e4"
+  version = "v0.18.0"
 
 [[projects]]
-  branch = "master"
+  digest = "1:0005186c6608dd542239ac8e4f4f1e2e7c24d493e999113c46b93332f0362fc0"
   name = "github.com/go-openapi/swag"
   packages = ["."]
-  revision = "2b0bd4f193d011c203529df626a65d63cb8a79e8"
+  pruneopts = "UT"
+  revision = "1d29f06aebd59ccdf11ae04aa0334ded96e2d909"
+  version = "v0.18.0"
 
 [[projects]]
+  digest = "1:33082c63746b464db3d1c2c07a1396d860484d97fe857ef9e8668a9b406db09f"
+  name = "github.com/go-redis/redis"
+  packages = [
+    ".",
+    "internal",
+    "internal/consistenthash",
+    "internal/hashtag",
+    "internal/pool",
+    "internal/proto",
+    "internal/util",
+  ]
+  pruneopts = "UT"
+  revision = "d22fde8721cc915a55aeb6b00944a76a92bfeb6e"
+  version = "v6.15.2"
+
+[[projects]]
+  digest = "1:ec6f9bf5e274c833c911923c9193867f3f18788c461f76f05f62bb1510e0ae65"
   name = "github.com/go-sql-driver/mysql"
   packages = ["."]
-  revision = "d523deb1b23d913de5bdada721a6071e71283618"
+  pruneopts = "UT"
-  version = "v1.4.0"
+  revision = "72cd26f257d44c1114970e19afddcd812016007e"
+  version = "v1.4.1"
 
 [[projects]]
+  digest = "1:4d02824a56d268f74a6b6fdd944b20b58a77c3d70e81008b3ee0c4f1a6777340"
   name = "github.com/gogo/protobuf"
   packages = [
     "proto",
-    "sortkeys"
+    "sortkeys",
   ]
-  revision = "1adfc126b41513cc696b209667c8656ea7aac67c"
+  pruneopts = "UT"
-  version = "v1.0.0"
+  revision = "ba06b47c162d49f2af050fb4c75bcbc86a159d5c"
+  version = "v1.2.1"
 
 [[projects]]
   branch = "master"
+  digest = "1:1ba1d79f2810270045c328ae5d674321db34e3aae468eb4233883b473c5c0467"
   name = "github.com/golang/glog"
   packages = ["."]
+  pruneopts = "UT"
   revision = "23def4e6c14b4da8ac2ed8007337bc5eb5007998"
 
 [[projects]]
   branch = "master"
+  digest = "1:b7cb6054d3dff43b38ad2e92492f220f57ae6087ee797dca298139776749ace8"
   name = "github.com/golang/groupcache"
   packages = ["lru"]
+  pruneopts = "UT"
   revision = "5b532d6fd5efaf7fa130d4e859a2fde0fc3a9e1b"
 
 [[projects]]
+  digest = "1:239c4c7fd2159585454003d9be7207167970194216193a8a210b8d29576f19c9"
   name = "github.com/golang/protobuf"
   packages = [
     "proto",
     "ptypes",
     "ptypes/any",
     "ptypes/duration",
-    "ptypes/timestamp"
+    "ptypes/timestamp",
   ]
-  revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265"
+  pruneopts = "UT"
-  version = "v1.1.0"
+  revision = "c823c79ea1570fb5ff454033735a8e68575d1d0f"
+  version = "v1.3.0"
 
 [[projects]]
   branch = "master"
+  digest = "1:0bfbe13936953a98ae3cfe8ed6670d396ad81edf069a806d2f6515d7bb6950df"
   name = "github.com/google/btree"
   packages = ["."]
+  pruneopts = "UT"
   revision = "4030bb1f1f0c35b30ca7009e9ebd06849dd45306"
 
 [[projects]]
   branch = "master"
+  digest = "1:3ee90c0d94da31b442dde97c99635aaafec68d0b8a3c12ee2075c6bdabeec6bb"
   name = "github.com/google/gofuzz"
   packages = ["."]
+  pruneopts = "UT"
   revision = "24818f796faf91cd76ec7bddd72458fbced7a6c1"
 
 [[projects]]
+  digest = "1:582b704bebaa06b48c29b0cec224a6058a09c86883aaddabde889cd1a5f73e1b"
   name = "github.com/google/uuid"
   packages = ["."]
-  revision = "9b3b1e0f5f99ae461456d768e7d301a7acdaa2d8"
+  pruneopts = "UT"
-  version = "v1.1.0"
+  revision = "0cd6bf5da1e1c83f8b45653022c74f71af0538a4"
+  version = "v1.1.1"
 
 [[projects]]
+  digest = "1:65c4414eeb350c47b8de71110150d0ea8a281835b1f386eacaa3ad7325929c21"
   name = "github.com/googleapis/gnostic"
   packages = [
     "OpenAPIv2",
     "compiler",
-    "extensions"
+    "extensions",
   ]
+  pruneopts = "UT"
   revision = "7c663266750e7d82587642f65e60bc4083f1f84e"
   version = "v0.2.0"
 
 [[projects]]
   branch = "master"
+  digest = "1:b4395b2a4566c24459af3d04009b39cc21762fc77ec7bf7a1aa905c91e8f018d"
   name = "github.com/gregjones/httpcache"
   packages = [
     ".",
-    "diskcache"
+    "diskcache",
   ]
+  pruneopts = "UT"
   revision = "3befbb6ad0cc97d4c25d851e9528915809e1a22f"
 
 [[projects]]
-  branch = "master"
+  digest = "1:d15ee511aa0f56baacc1eb4c6b922fa1c03b38413b6be18166b996d82a0156ea"
   name = "github.com/hashicorp/golang-lru"
   packages = [
     ".",
-    "simplelru"
+    "simplelru",
   ]
-  revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3"
+  pruneopts = "UT"
+  revision = "7087cb70de9f7a8bc0a10c375cb0d2280a8edf9c"
+  version = "v0.5.1"
 
 [[projects]]
+  digest = "1:a0cefd27d12712af4b5018dc7046f245e1e3b5760e2e848c30b171b570708f9b"
   name = "github.com/imdario/mergo"
   packages = ["."]
-  revision = "9316a62528ac99aaecb4e47eadd6dc8aa6533d58"
+  pruneopts = "UT"
-  version = "v0.3.5"
+  revision = "7c29201646fa3de8506f701213473dd407f19646"
+  version = "v0.3.7"
 
 [[projects]]
+  digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be"
   name = "github.com/inconshreveable/mousetrap"
   packages = ["."]
+  pruneopts = "UT"
   revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75"
   version = "v1.0"
 
 [[projects]]
+  digest = "1:d4e6e8584d0a94ce567d237e19192dae44d57d2767ac7e1d7fbf5626d176381a"
   name = "github.com/jinzhu/gorm"
   packages = ["."]
-  revision = "6ed508ec6a4ecb3531899a69cbc746ccf65a4166"
+  pruneopts = "UT"
-  version = "v1.9.1"
+  revision = "472c70caa40267cb89fd8facb07fe6454b578626"
+  version = "v1.9.2"
 
 [[projects]]
   branch = "master"
+  digest = "1:fd97437fbb6b7dce04132cf06775bd258cce305c44add58eb55ca86c6c325160"
   name = "github.com/jinzhu/inflection"
   packages = ["."]
+  pruneopts = "UT"
   revision = "04140366298a54a039076d798123ffa108fff46c"
 
 [[projects]]
   branch = "master"
+  digest = "1:f5a2051c55d05548d2d4fd23d244027b59fbd943217df8aa3b5e170ac2fd6e1b"
   name = "github.com/json-iterator/go"
   packages = ["."]
-  revision = "5bc93205020f6311d7e4a34f82c5616a18ec35e5"
+  pruneopts = "UT"
+  revision = "0ff49de124c6f76f8494e194af75bde0f1a49a29"
+
+[[projects]]
+  digest = "1:31e761d97c76151dde79e9d28964a812c46efc5baee4085b86f68f0c654450de"
+  name = "github.com/konsorten/go-windows-terminal-sequences"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "f55edac94c9bbba5d6182a4be46d86a2c9b5b50e"
+  version = "v1.0.2"
 
 [[projects]]
   branch = "master"
+  digest = "1:84a5a2b67486d5d67060ac393aa255d05d24ed5ee41daecd5635ec22657b6492"
   name = "github.com/mailru/easyjson"
   packages = [
     "buffer",
     "jlexer",
-    "jwriter"
+    "jwriter",
   ]
-  revision = "3fdea8d05856a0c8df22ed4bc71b3219245e4485"
+  pruneopts = "UT"
+  revision = "6243d8e04c3f819e79757e8bc3faa15c3cb27003"
 
 [[projects]]
   branch = "master"
+  digest = "1:fc2b04b0069d6b10bdef96d278fe20c345794009685ed3c8c7f1a6dc023eefec"
   name = "github.com/mattbaird/jsonpatch"
   packages = ["."]
+  pruneopts = "UT"
   revision = "81af80346b1a01caae0cbc27fd3c1ba5b11e189f"
 
 [[projects]]
+  digest = "1:ff5ebae34cfbf047d505ee150de27e60570e8c394b3b8fdbb720ff6ac71985fc"
   name = "github.com/matttproud/golang_protobuf_extensions"
   packages = ["pbutil"]
+  pruneopts = "UT"
   revision = "c12348ce28de40eed0136aa2b644d0ee0650e56c"
   version = "v1.0.1"
 
 [[projects]]
+  digest = "1:5d231480e1c64a726869bc4142d270184c419749d34f167646baa21008eb0a79"
   name = "github.com/mitchellh/go-homedir"
   packages = ["."]
+  pruneopts = "UT"
   revision = "af06845cf3004701891bf4fdb884bfe4920b3727"
   version = "v1.1.0"
 
 [[projects]]
+  digest = "1:33422d238f147d247752996a26574ac48dcf472976eda7f5134015f06bf16563"
   name = "github.com/modern-go/concurrent"
   packages = ["."]
+  pruneopts = "UT"
   revision = "bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94"
   version = "1.0.3"
 
 [[projects]]
+  digest = "1:e32bdbdb7c377a07a9a46378290059822efdce5c8d96fe71940d87cb4f918855"
   name = "github.com/modern-go/reflect2"
   packages = ["."]
+  pruneopts = "UT"
   revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd"
   version = "1.0.1"
 
 [[projects]]
+  digest = "1:ee4d4af67d93cc7644157882329023ce9a7bcfce956a079069a9405521c7cc8d"
   name = "github.com/opencontainers/go-digest"
   packages = ["."]
+  pruneopts = "UT"
   revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf"
   version = "v1.0.0-rc1"
 
 [[projects]]
+  digest = "1:e5d0bd87abc2781d14e274807a470acd180f0499f8bf5bb18606e9ec22ad9de9"
   name = "github.com/pborman/uuid"
   packages = ["."]
+  pruneopts = "UT"
   revision = "adf5a7427709b9deb95d29d3fa8a2bf9cfd388f1"
   version = "v1.2"
 
 [[projects]]
   branch = "master"
+  digest = "1:3bf17a6e6eaa6ad24152148a631d18662f7212e21637c2699bff3369b7f00fa2"
   name = "github.com/petar/GoLLRB"
   packages = ["llrb"]
+  pruneopts = "UT"
   revision = "53be0d36a84c2a886ca057d34b6aa4468df9ccb4"
 
 [[projects]]
+  digest = "1:0e7775ebbcf00d8dd28ac663614af924411c868dca3d5aa762af0fae3808d852"
   name = "github.com/peterbourgon/diskv"
   packages = ["."]
+  pruneopts = "UT"
   revision = "5f041e8faa004a95c88a202771f4cc3e991971e6"
   version = "v2.0.1"
 
 [[projects]]
+  digest = "1:cf31692c14422fa27c83a05292eb5cbe0fb2775972e8f1f8446a71549bd8980b"
   name = "github.com/pkg/errors"
   packages = ["."]
-  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
+  pruneopts = "UT"
-  version = "v0.8.0"
+  revision = "ba968bfe8b2f7e042a574c888954fccecfa385b4"
+  version = "v0.8.1"
 
 [[projects]]
+  digest = "1:93a746f1060a8acbcf69344862b2ceced80f854170e1caae089b2834c5fbf7f4"
   name = "github.com/prometheus/client_golang"
   packages = [
     "prometheus",
     "prometheus/internal",
-    "prometheus/promhttp"
+    "prometheus/promhttp",
   ]
+  pruneopts = "UT"
   revision = "505eaef017263e299324067d40ca2c48f6a2cf50"
   version = "v0.9.2"
 
 [[projects]]
   branch = "master"
+  digest = "1:2d5cd61daa5565187e1d96bae64dbbc6080dacf741448e9629c64fd93203b0d4"
   name = "github.com/prometheus/client_model"
   packages = ["go"]
+  pruneopts = "UT"
   revision = "fd36f4220a901265f90734c3183c5f0c91daa0b8"
 
 [[projects]]
+  digest = "1:35cf6bdf68db765988baa9c4f10cc5d7dda1126a54bd62e252dbcd0b1fc8da90"
   name = "github.com/prometheus/common"
   packages = [
     "expfmt",
     "internal/bitbucket.org/ww/goautoneg",
-    "model"
+    "model",
   ]
+  pruneopts = "UT"
   revision = "cfeb6f9992ffa54aaa4f2170ade4067ee478b250"
   version = "v0.2.0"
 
 [[projects]]
   branch = "master"
+  digest = "1:01cd0cd47758f04c5604daa3be4637e2afa1e0c15af7e08289e95360369e4f48"
   name = "github.com/prometheus/procfs"
   packages = [
     ".",
     "internal/util",
     "iostats",
     "nfs",
-    "xfs"
+    "xfs",
   ]
-  revision = "bbced9601137e764853b2fad7ec3e2dc4c504e02"
+  pruneopts = "UT"
+  revision = "d0f344d83b0c80a1bc03b547a2374a9ec6711144"
 
 [[projects]]
+  digest = "1:645cabccbb4fa8aab25a956cbcbdf6a6845ca736b2c64e197ca7cbb9d210b939"
   name = "github.com/spf13/cobra"
   packages = ["."]
+  pruneopts = "UT"
   revision = "ef82de70bb3f60c65fb8eebacbb2d122ef517385"
   version = "v0.0.3"
 
 [[projects]]
+  digest = "1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2"
   name = "github.com/spf13/pflag"
   packages = ["."]
-  revision = "583c0c0531f06d5278b7d917446061adc344b5cd"
+  pruneopts = "UT"
-  version = "v1.0.1"
+  revision = "298182f68c66c05229eb03ac171abe6e309ee79a"
+  version = "v1.0.3"
 
 [[projects]]
+  digest = "1:3c1a69cdae3501bf75e76d0d86dc6f2b0a7421bc205c0cb7b96b19eed464a34d"
   name = "go.uber.org/atomic"
   packages = ["."]
+  pruneopts = "UT"
   revision = "1ea20fb1cbb1cc08cbd0d913a96dead89aa18289"
   version = "v1.3.2"
 
 [[projects]]
+  digest = "1:60bf2a5e347af463c42ed31a493d817f8a72f102543060ed992754e689805d1a"
   name = "go.uber.org/multierr"
   packages = ["."]
+  pruneopts = "UT"
   revision = "3c4937480c32f4c13a875a1829af76c98ca3d40a"
   version = "v1.1.0"
 
 [[projects]]
+  digest = "1:c52caf7bd44f92e54627a31b85baf06a68333a196b3d8d241480a774733dcf8b"
   name = "go.uber.org/zap"
   packages = [
     ".",
@@ -413,19 +566,23 @@
     "internal/bufferpool",
     "internal/color",
     "internal/exit",
-    "zapcore"
+    "zapcore",
   ]
+  pruneopts = "UT"
   revision = "ff33455a0e382e8a81d14dd7c922020b6b5e7982"
   version = "v1.9.1"
 
 [[projects]]
   branch = "master"
+  digest = "1:058e9504b9a79bfe86092974d05bb3298d2aa0c312d266d43148de289a5065d9"
   name = "golang.org/x/crypto"
   packages = ["ssh/terminal"]
-  revision = "7f39a6fea4fe9364fb61e1def6a268a51b4f3a06"
+  pruneopts = "UT"
+  revision = "c2843e01d9a2bc60bb26ad24e09734fdc2d9ec58"
 
 [[projects]]
   branch = "master"
+  digest = "1:348e38852dac5030f8ce455e1b8d7a5727bbe0af43c0664efd89ec32414093c0"
   name = "golang.org/x/net"
   packages = [
     "context",
@@ -435,32 +592,38 @@
     "http2/hpack",
     "idna",
     "internal/socks",
-    "proxy"
+    "proxy",
   ]
-  revision = "db08ff08e8622530d9ed3a0e8ac279f6d4c02196"
+  pruneopts = "UT"
+  revision = "56fb01167e7d1e1d17dd87993d34c963f4356e87"
 
 [[projects]]
   branch = "master"
+  digest = "1:5e9f22cf754ab20a5dff0ae04b12516b112c5b81cd44dccccde148865084d730"
   name = "golang.org/x/oauth2"
   packages = [
     ".",
     "google",
     "internal",
     "jws",
-    "jwt"
+    "jwt",
   ]
-  revision = "9b3c75971fc92dd27c6436a37c05c831498658f1"
+  pruneopts = "UT"
+  revision = "e64efc72b421e893cbf63f17ba2221e7d6d0b0f3"
 
 [[projects]]
   branch = "master"
+  digest = "1:85cd5224b89829559e8327ba2e52e0df72638d33cf3082b066ea9dea34391e2f"
   name = "golang.org/x/sys"
   packages = [
     "unix",
-    "windows"
+    "windows",
   ]
-  revision = "fc8bd948cf46f9c7af0f07d34151ce25fe90e477"
+  pruneopts = "UT"
+  revision = "10058d7d4faa7dd5ef860cbd31af00903076e7b8"
 
 [[projects]]
+  digest = "1:0c56024909189aee3364b7f21a95a27459f718aa7c199a5c111c36cfffd9eaef"
   name = "golang.org/x/text"
   packages = [
     "collate",
@@ -477,24 +640,30 @@
     "unicode/cldr",
     "unicode/norm",
     "unicode/rangetable",
-    "width"
+    "width",
   ]
+  pruneopts = "UT"
   revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
   version = "v0.3.0"
 
 [[projects]]
   branch = "master"
+  digest = "1:9fdc2b55e8e0fafe4b41884091e51e77344f7dc511c5acedcfd98200003bff90"
   name = "golang.org/x/time"
   packages = ["rate"]
-  revision = "fbb02b2291d28baffd63558aa44b4b56f178d650"
+  pruneopts = "UT"
+  revision = "9d24e82272b4f38b78bc8cff74fa936d31ccd8ef"
 
 [[projects]]
   branch = "master"
+  digest = "1:6bb2e1cbcf253307a88a531a75aa4d38fecb8d56a0dc9e837e288fe3189954f6"
   name = "golang.org/x/tools"
   packages = ["container/intsets"]
-  revision = "44bee7e801e4a70b5fc9a91ff23830ab4df55d5e"
+  pruneopts = "UT"
+  revision = "00c44ba9c14f88ffdd4fb5bfae57fe8dd6d6afb1"
 
 [[projects]]
+  digest = "1:7bc25c2efff76b31f146caf630c617be9b666c6164f0632050466fbec0500125"
   name = "google.golang.org/appengine"
   packages = [
     ".",
@@ -507,24 +676,38 @@
     "internal/modules",
     "internal/remote_api",
     "internal/urlfetch",
-    "urlfetch"
+    "urlfetch",
   ]
-  revision = "b1f26356af11148e710935ed1ac8a7f5702c7612"
+  pruneopts = "UT"
-  version = "v1.1.0"
+  revision = "e9657d882bb81064595ca3b56cbe2546bbabf7b1"
+  version = "v1.4.0"
 
 [[projects]]
+  digest = "1:af07c44dc04418be522bfd4e21ca9130d58169ea084e3a883e23772003a381c4"
+  name = "gopkg.in/asn1-ber.v1"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "f715ec2f112d1e4195b827ad68cf44017a3ef2b1"
+  version = "v1.3"
+
+[[projects]]
+  digest = "1:2d1fbdc6777e5408cabeb02bf336305e724b925ff4546ded0fa8715a7267922a"
   name = "gopkg.in/inf.v0"
   packages = ["."]
+  pruneopts = "UT"
   revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf"
   version = "v0.9.1"
 
 [[projects]]
+  digest = "1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96"
   name = "gopkg.in/yaml.v2"
   packages = ["."]
-  revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183"
+  pruneopts = "UT"
-  version = "v2.2.1"
+  revision = "51d6538a90f86fe93ac480b35f37b2be17fef232"
+  version = "v2.2.2"
 
 [[projects]]
+  digest = "1:26a67eb988225c6a0600c1af0b35e795ac4d23a9c40a7aa178fa2adc0670f1f7"
   name = "k8s.io/api"
   packages = [
     "admission/v1beta1",
@@ -558,12 +741,14 @@
     "settings/v1alpha1",
     "storage/v1",
     "storage/v1alpha1",
-    "storage/v1beta1"
+    "storage/v1beta1",
   ]
+  pruneopts = "UT"
   revision = "b503174bad5991eb66f18247f52e41c3258f6348"
   version = "kubernetes-1.12.3"
 
 [[projects]]
+  digest = "1:3c38a27df3152aa083018cb7a8d7b5bd5af5e808733ebbc6ae5b5fe10f8b0f84"
   name = "k8s.io/apimachinery"
   packages = [
     "pkg/api/errors",
@@ -609,12 +794,27 @@
     "pkg/version",
     "pkg/watch",
     "third_party/forked/golang/json",
-    "third_party/forked/golang/reflect"
+    "third_party/forked/golang/reflect",
   ]
+  pruneopts = "UT"
   revision = "eddba98df674a16931d2d4ba75edc3a389bf633a"
   version = "kubernetes-1.12.3"
 
 [[projects]]
+  branch = "release-1.10"
+  digest = "1:89837c4f0a1aa35aa5993bd0ee002ed0073e505c08bcb716c9941059e1df3da6"
+  name = "k8s.io/apiserver"
+  packages = [
+    "pkg/apis/audit",
+    "pkg/authentication/user",
+    "pkg/authorization/authorizer",
+    "pkg/endpoints/request",
+  ]
+  pruneopts = "UT"
+  revision = "30d6a91f580b7a2a240dccebc1a35bff2a6940f6"
+
+[[projects]]
+  digest = "1:7b85a80c96c7294b896204fca216c35d10e63fd0a021b23c5b5fe00f68932420"
   name = "k8s.io/client-go"
   packages = [
     "discovery",
@@ -754,36 +954,30 @@
     "util/integer",
     "util/jsonpath",
     "util/retry",
-    "util/workqueue"
+    "util/workqueue",
   ]
+  pruneopts = "UT"
   revision = "d082d5923d3cc0bfbb066ee5fbdea3d0ca79acf8"
   version = "kubernetes-1.12.3"
 
 [[projects]]
   branch = "master"
-  name = "k8s.io/component-base"
+  digest = "1:20ca56a1299fe3787b1cf86c3a0388fbc11d08604783b32a258eca7a947a7fdb"
-  packages = ["logs"]
-  revision = "1925c57e3358154fd54383773de0c0c7710a9196"
-
-[[projects]]
-  name = "k8s.io/klog"
-  packages = ["."]
-  revision = "71442cd4037d612096940ceb0f3fec3f7fff66e0"
-  version = "v0.2.0"
-
-[[projects]]
-  branch = "master"
   name = "k8s.io/kube-openapi"
   packages = ["pkg/util/proto"]
-  revision = "d50a959ae76a85c7c262a9767ef29f37093c2b8a"
+  pruneopts = "UT"
+  revision = "15615b16d372105f0c69ff47dfe7402926a65aaa"
 
 [[projects]]
+  digest = "1:ceff1906e568c23d7a337fdda89900d6155aaf93db7cb6da73488ffb649641e1"
   name = "k8s.io/kubernetes"
   packages = ["pkg/util/slice"]
-  revision = "721bfa751924da8d1680787490c54b9179b1fed0"
+  pruneopts = "UT"
-  version = "v1.13.3"
+  revision = "c27b913fddd1a6c480c229191a087698aa92f0b1"
+  version = "v1.13.4"
 
 [[projects]]
+  digest = "1:3c56f356b5cb581860246ca0c08c7a35aa21b2c071b20c428a53b2c3c13c87fd"
   name = "sigs.k8s.io/controller-runtime"
   packages = [
     "pkg/cache",
@@ -803,14 +997,68 @@
     "pkg/webhook/admission",
     "pkg/webhook/admission/types",
     "pkg/webhook/internal/metrics",
-    "pkg/webhook/types"
+    "pkg/webhook/types",
   ]
+  pruneopts = "UT"
   revision = "f6f0bc9611363b43664d08fb097ab13243ef621d"
   version = "v0.1.9"
 
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "af7a1befccf91a9979c7710cf95e61ccb7dc4131fd0cc22e585e2e3b8034f92f"
+  input-imports = [
+    "github.com/dgrijalva/jwt-go",
+    "github.com/docker/docker/api/types",
+    "github.com/docker/docker/client",
+    "github.com/emicklei/go-restful",
+    "github.com/emicklei/go-restful-openapi",
+    "github.com/go-ldap/ldap",
+    "github.com/go-openapi/spec",
+    "github.com/go-redis/redis",
+    "github.com/go-sql-driver/mysql",
+    "github.com/golang/glog",
+    "github.com/jinzhu/gorm",
+    "github.com/json-iterator/go",
+    "github.com/mitchellh/go-homedir",
+    "github.com/spf13/cobra",
+    "github.com/spf13/pflag",
+    "golang.org/x/tools/container/intsets",
+    "gopkg.in/yaml.v2",
+    "k8s.io/api/apps/v1",
+    "k8s.io/api/apps/v1beta2",
+    "k8s.io/api/batch/v1",
+    "k8s.io/api/batch/v1beta1",
+    "k8s.io/api/core/v1",
+    "k8s.io/api/extensions/v1beta1",
+    "k8s.io/api/policy/v1beta1",
+    "k8s.io/api/rbac/v1",
+    "k8s.io/api/storage/v1",
+    "k8s.io/apimachinery/pkg/api/errors",
+    "k8s.io/apimachinery/pkg/api/resource",
+    "k8s.io/apimachinery/pkg/apis/meta/v1",
+    "k8s.io/apimachinery/pkg/labels",
+    "k8s.io/apimachinery/pkg/runtime",
+    "k8s.io/apimachinery/pkg/runtime/schema",
+    "k8s.io/apimachinery/pkg/types",
+    "k8s.io/apimachinery/pkg/util/runtime",
+    "k8s.io/apimachinery/pkg/util/wait",
+    "k8s.io/apiserver/pkg/authorization/authorizer",
+    "k8s.io/apiserver/pkg/endpoints/request",
+    "k8s.io/client-go/informers",
+    "k8s.io/client-go/informers/core/v1",
+    "k8s.io/client-go/informers/rbac/v1",
+    "k8s.io/client-go/kubernetes",
+    "k8s.io/client-go/kubernetes/scheme",
+    "k8s.io/client-go/plugin/pkg/client/auth/gcp",
+    "k8s.io/client-go/rest",
+    "k8s.io/client-go/tools/cache",
+    "k8s.io/client-go/tools/clientcmd",
+    "k8s.io/client-go/util/workqueue",
+    "k8s.io/kubernetes/pkg/util/slice",
+    "sigs.k8s.io/controller-runtime/pkg/client/config",
+    "sigs.k8s.io/controller-runtime/pkg/manager",
+    "sigs.k8s.io/controller-runtime/pkg/runtime/log",
+    "sigs.k8s.io/controller-runtime/pkg/runtime/signals",
+  ]
   solver-name = "gps-cdcl"
   solver-version = 1

Gopkg.toml

@@ -24,6 +24,8 @@
 #   go-tests = true
 #   unused-packages = true
 
+ignored = ["github.com/mholt/caddy","github.com/mholt/caddy/caddyfile","github.com/mholt/caddy/caddyhttp/httpserver","github.com/mholt/caddy/caddyhttp/staticfiles","github.com/mholt/caddy/caddytls","github.com/mholt/caddy/telemetry"]
+
 [[constraint]]
   name = "github.com/docker/docker"
   version = "v17.05.0-ce"

build/ks-apigateway/Dockerfile

@@ -0,0 +1,28 @@
+# Copyright 2018 The KubeSphere Authors. All rights reserved.
+# Use of this source code is governed by a Apache license
+# that can be found in the LICENSE file.
+
+# Copyright 2018 The KubeSphere Authors. All rights reserved.
+# Use of this source code is governed by a Apache license
+# that can be found in the LICENSE file.
+
+FROM golang:1.10.3 as ks-apigateway-builder
+
+COPY / /go/src/kubesphere.io/kubesphere
+RUN git clone --single-branch -b v0.11.4 -q https://github.com/mholt/caddy /go/src/github.com/mholt/caddy
+WORKDIR /go/src/github.com/mholt/caddy
+RUN sed -i "/\/\/ This is where other plugins get plugged in (imported)/a\\\t\
+    _ \"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/authenticate\"\n\t\
+    _ \"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/authentication\"\n\t\
+    _ \"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/swagger\""\
+    caddy/caddymain/run.go && \
+    sed -i "/\/\/ github.com\/BTBurke\/caddy-jwt/a\\\t\"authenticate\",\n\t\"authentication\",\n\t\"swagger\","\
+    caddyhttp/httpserver/plugin.go && \
+    go install ./caddy && \
+    go run /go/src/kubesphere.io/kubesphere/tools/cmd/doc-gen/main.go --output=/go/src/kubesphere.io/kubesphere/install/swagger-ui/api.json
+
+FROM alpine:3.7
+RUN apk add --update ca-certificates && update-ca-certificates
+COPY --from=ks-apigateway-builder /go/bin/* /usr/local/bin/
+COPY --from=ks-apigateway-builder /go/src/kubesphere.io/kubesphere/install/swagger-ui /var/static/swagger-ui
+CMD ["sh"]

build/ks-apiserver/Dockerfile

@@ -0,0 +1,18 @@
+# Copyright 2018 The KubeSphere Authors. All rights reserved.
+# Use of this source code is governed by a Apache license
+# that can be found in the LICENSE file.
+
+# Copyright 2018 The KubeSphere Authors. All rights reserved.
+# Use of this source code is governed by a Apache license
+# that can be found in the LICENSE file.
+FROM golang:1.10.3 as ks-apiserver-builder
+
+COPY / /go/src/kubesphere.io/kubesphere
+WORKDIR /go/src/kubesphere.io/kubesphere
+
+RUN go build -o ks-apiserver cmd/ks-apiserver/apiserver.go
+
+FROM alpine:3.7
+RUN apk add --update ca-certificates && update-ca-certificates
+COPY --from=ks-apiserver-builder /go/src/kubesphere.io/kubesphere/ks-apiserver /usr/local/bin/
+CMD ["sh"]

build/ks-iam/Dockerfile

@@ -0,0 +1,18 @@
+# Copyright 2018 The KubeSphere Authors. All rights reserved.
+# Use of this source code is governed by a Apache license
+# that can be found in the LICENSE file.
+
+# Copyright 2018 The KubeSphere Authors. All rights reserved.
+# Use of this source code is governed by a Apache license
+# that can be found in the LICENSE file.
+FROM golang:1.10.3 as ks-iam-builder
+
+COPY / /go/src/kubesphere.io/kubesphere
+WORKDIR /go/src/kubesphere.io/kubesphere
+
+RUN go build -o ks-iam cmd/ks-iam/main.go
+
+FROM alpine:3.7
+RUN apk add --update ca-certificates && update-ca-certificates
+COPY --from=ks-iam-builder /go/src/kubesphere.io/kubesphere/ks-iam /usr/local/bin/
+CMD ["sh"]

cmd/ks-apiserver/apiserver.go

@@ -1,12 +1,28 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
 package main
 
 import (
-	"fmt"
 	"kubesphere.io/kubesphere/cmd/ks-apiserver/app"
-	"os"
+	"log"
-
 	// Install apis
 	_ "kubesphere.io/kubesphere/pkg/apis/metrics/install"
+	_ "kubesphere.io/kubesphere/pkg/apis/monitoring/install"
 	_ "kubesphere.io/kubesphere/pkg/apis/operations/install"
 	_ "kubesphere.io/kubesphere/pkg/apis/resources/install"
 )
@@ -16,7 +32,6 @@ func main() {
 	cmd := app.NewAPIServerCommand()
 
 	if err := cmd.Execute(); err != nil {
-		fmt.Fprintf(os.Stderr, "error: %v\n", err)
+		log.Fatalln(err)
-		os.Exit(1)
 	}
 }

cmd/ks-apiserver/app/options/options.go

@@ -1,67 +0,0 @@
-package options
-
-import (
-	"fmt"
-	"github.com/spf13/pflag"
-	"os"
-)
-
-type ServerRunOptions struct {
-
-	// server bind address
-	BindAddress string
-
-	// insecure port number
-	InsecurePort int
-
-	// secure port number
-	SecurePort int
-
-	// OpenPitrix api gateway service url
-	OpenPitrixAddress string
-
-	// database connection string in MySQL like
-	// user:password@tcp(host)/dbname?charset=utf8&parseTime=True
-	DatabaseConnectionString string
-
-	// tls cert file
-	TlsCertFile string
-
-	// tls private key file
-	TlsPrivateKey string
-
-	// host openapi doc
-	ApiDoc bool
-
-	// kubeconfig file path
-	KubeConfig string
-}
-
-func NewServerRunOptions() *ServerRunOptions {
-	// create default server run options
-	s := ServerRunOptions{
-		BindAddress:              "0.0.0.0",
-		InsecurePort:             9090,
-		SecurePort:               0,
-		OpenPitrixAddress:        "openpitrix-api-gateway.openpitrix-system.svc",
-		DatabaseConnectionString: "",
-		TlsCertFile:              "",
-		TlsPrivateKey:            "",
-		ApiDoc:                   true,
-	}
-
-	return &s
-}
-
-func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
-
-	fs.StringVar(&s.BindAddress, "bind-address", "0.0.0.0", "server bind address")
-	fs.IntVar(&s.InsecurePort, "insecure-port", 9090, "insecure port number")
-	fs.IntVar(&s.SecurePort, "secure-port", 0, "secure port number")
-	fs.StringVar(&s.OpenPitrixAddress, "openpitrix", "openpitrix-api-gateway.openpitrix-system.svc", "openpitrix api gateway address")
-	fs.StringVar(&s.DatabaseConnectionString, "database-connection", "", "database connection string")
-	fs.StringVar(&s.TlsCertFile, "tls-cert-file", "", "tls cert file")
-	fs.StringVar(&s.TlsPrivateKey, "tls-private-key", "", "tls private key")
-	fs.BoolVar(&s.ApiDoc, "api-doc", true, "host OpenAPI doc")
-	fs.StringVar(&s.KubeConfig, "kubeconfig", fmt.Sprintf("%s/.kube/config", os.Getenv("HOME")), "path to kubeconfig file")
-}

cmd/ks-apiserver/app/server.go

@@ -1,21 +1,38 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
 package app
 
 import (
+	goflag "flag"
 	"fmt"
-	"github.com/emicklei/go-restful-openapi"
+	"github.com/golang/glog"
 	"github.com/spf13/cobra"
-	"kubesphere.io/kubesphere/cmd/ks-apiserver/app/options"
 	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
-	"kubesphere.io/kubesphere/pkg/client"
 	"kubesphere.io/kubesphere/pkg/filter"
 	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/options"
 	"kubesphere.io/kubesphere/pkg/signals"
 	"log"
 	"net/http"
 )
 
 func NewAPIServerCommand() *cobra.Command {
-	s := options.NewServerRunOptions()
+	s := options.SharedOptions
 
 	cmd := &cobra.Command{
 		Use: "ks-apiserver",
@@ -23,15 +40,13 @@ func NewAPIServerCommand() *cobra.Command {
 for the api objects. The API Server services REST operations and provides the frontend to the
 cluster's shared state through which all other components interact.`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-
-			//s.AddFlags(cmd.Flags())
-
 			return Run(s)
 		},
 	}
 
-	s.AddFlags(cmd.Flags())
+	cmd.Flags().AddFlagSet(s.CommandLine)
-
+	cmd.Flags().AddGoFlagSet(goflag.CommandLine)
+	glog.CopyStandardLogTo("INFO")
 	return cmd
 }
 
@@ -39,26 +54,11 @@ func Run(s *options.ServerRunOptions) error {
 
 	var err error
 
-	stopChan := signals.SetupSignalHandler()
+	waitForResourceSync()
-	informers.SharedInformerFactory().Start(stopChan)
-	informers.SharedInformerFactory().WaitForCacheSync(stopChan)
-	log.Println("resources sync success")
 
 	container := runtime.Container
 	container.Filter(filter.Logging)
 
-	if len(s.KubeConfig) > 0 {
-		client.KubeConfigFile = s.KubeConfig
-	}
-
-	if s.ApiDoc {
-		config := restfulspec.Config{
-			WebServices: container.RegisteredWebServices(),
-			APIPath:     "/apidoc.json",
-		}
-		container.Add(restfulspec.NewOpenAPIService(config))
-	}
-
 	log.Printf("Server listening on %d.", s.InsecurePort)
 
 	if s.InsecurePort != 0 {
@@ -71,3 +71,36 @@ func Run(s *options.ServerRunOptions) error {
 
 	return err
 }
+
+func waitForResourceSync() {
+	stopChan := signals.SetupSignalHandler()
+
+	informerFactory := informers.SharedInformerFactory()
+	informerFactory.Rbac().V1().Roles().Lister()
+	informerFactory.Rbac().V1().RoleBindings().Lister()
+	informerFactory.Rbac().V1().ClusterRoles().Lister()
+	informerFactory.Rbac().V1().ClusterRoleBindings().Lister()
+
+	informerFactory.Storage().V1().StorageClasses().Lister()
+
+	informerFactory.Core().V1().Namespaces().Lister()
+	informerFactory.Core().V1().Nodes().Lister()
+	informerFactory.Core().V1().ResourceQuotas().Lister()
+	informerFactory.Core().V1().Pods().Lister()
+	informerFactory.Core().V1().Services().Lister()
+	informerFactory.Core().V1().PersistentVolumeClaims().Lister()
+	informerFactory.Core().V1().Secrets().Lister()
+	informerFactory.Core().V1().ConfigMaps().Lister()
+
+	informerFactory.Apps().V1().ControllerRevisions().Lister()
+	informerFactory.Apps().V1().StatefulSets().Lister()
+	informerFactory.Apps().V1().Deployments().Lister()
+	informerFactory.Apps().V1().DaemonSets().Lister()
+
+	informerFactory.Batch().V1().Jobs().Lister()
+	informerFactory.Batch().V1beta1().CronJobs()
+
+	informerFactory.Start(stopChan)
+	informerFactory.WaitForCacheSync(stopChan)
+	log.Println("resources sync success")
+}

cmd/ks-iam/apiserver.go

@@ -15,12 +15,20 @@
  limitations under the License.
 
 */
-package v1alpha2
+package main
 
 import (
-	"kubesphere.io/kubesphere/pkg/monitoring/v1alpha2/monitoring"
+	"kubesphere.io/kubesphere/cmd/ks-iam/app"
+	"log"
+	// Install apis
+	_ "kubesphere.io/kubesphere/pkg/apis/iam/install"
 )
 
-func init() {
+func main() {
-	addToWebServiceFuncs = append(addToWebServiceFuncs, monitoring.Route)
+
+	cmd := app.NewAPIServerCommand()
+
+	if err := cmd.Execute(); err != nil {
+		log.Fatalln(err)
+	}
 }

cmd/ks-iam/app/server.go

@@ -0,0 +1,95 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package app
+
+import (
+	goflag "flag"
+	"fmt"
+	"github.com/golang/glog"
+	"github.com/spf13/cobra"
+	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
+	"kubesphere.io/kubesphere/pkg/filter"
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/models/iam"
+	"kubesphere.io/kubesphere/pkg/options"
+	"kubesphere.io/kubesphere/pkg/signals"
+	"log"
+	"net/http"
+)
+
+func NewAPIServerCommand() *cobra.Command {
+	s := options.SharedOptions
+
+	cmd := &cobra.Command{
+		Use: "ks-iam",
+		Long: `The KubeSphere API server validates and configures data
+for the api objects. The API Server services REST operations and provides the frontend to the
+cluster's shared state through which all other components interact.`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return Run(s)
+		},
+	}
+	cmd.Flags().AddFlagSet(s.CommandLine)
+	cmd.Flags().AddGoFlagSet(goflag.CommandLine)
+	glog.CopyStandardLogTo("INFO")
+	return cmd
+}
+
+func Run(s *options.ServerRunOptions) error {
+
+	var err error
+
+	err = iam.DatabaseInit()
+
+	if err != nil {
+		return err
+	}
+
+	waitForResourceSync()
+
+	container := runtime.Container
+	container.Filter(filter.Logging)
+
+	log.Printf("Server listening on %d.", s.InsecurePort)
+
+	if s.InsecurePort != 0 {
+		err = http.ListenAndServe(fmt.Sprintf("%s:%d", s.BindAddress, s.InsecurePort), container)
+	}
+
+	if s.SecurePort != 0 && len(s.TlsCertFile) > 0 && len(s.TlsPrivateKey) > 0 {
+		err = http.ListenAndServeTLS(fmt.Sprintf("%s:%d", s.BindAddress, s.SecurePort), s.TlsCertFile, s.TlsPrivateKey, container)
+	}
+
+	return err
+}
+
+func waitForResourceSync() {
+	stopChan := signals.SetupSignalHandler()
+
+	informerFactory := informers.SharedInformerFactory()
+	informerFactory.Rbac().V1().Roles().Lister()
+	informerFactory.Rbac().V1().RoleBindings().Lister()
+	informerFactory.Rbac().V1().ClusterRoles().Lister()
+	informerFactory.Rbac().V1().ClusterRoleBindings().Lister()
+
+	informerFactory.Core().V1().Namespaces().Lister()
+
+	informerFactory.Start(stopChan)
+	informerFactory.WaitForCacheSync(stopChan)
+	log.Println("resources sync success")
+}

hack/docker_build.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+ docker build -f build/ks-apigateway/Dockerfile -t kubespheredev/ks-apigateway:latest .
+ docker build -f build/ks-apiserver/Dockerfile -t kubespheredev/ks-apiserver:latest .

hack/docker_push.sh

@@ -3,4 +3,5 @@
 # Push image to dockerhub, need to support multiple push
 
 echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+docker push kubespheredev/ks-apigateway:latest
 docker push kubespheredev/ks-apiserver:latest

pkg/apigateway/caddy-plugin/authenticate/authenticate.go

@@ -0,0 +1,172 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package authenticate
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/dgrijalva/jwt-go"
+	"github.com/mholt/caddy/caddyhttp/httpserver"
+)
+
+type Auth struct {
+	Rule Rule
+	Next httpserver.Handler
+}
+
+type Rule struct {
+	Secret       []byte
+	Path         string
+	ExceptedPath []string
+}
+
+type User struct {
+	Username string                  `json:"username"`
+	UID      string                  `json:"uid"`
+	Groups   *[]string               `json:"groups,omitempty"`
+	Extra    *map[string]interface{} `json:"extra,omitempty"`
+}
+
+func (h Auth) ServeHTTP(resp http.ResponseWriter, req *http.Request) (int, error) {
+	for _, path := range h.Rule.ExceptedPath {
+		if httpserver.Path(req.URL.Path).Matches(path) {
+			return h.Next.ServeHTTP(resp, req)
+		}
+	}
+
+	if httpserver.Path(req.URL.Path).Matches(h.Rule.Path) {
+
+		uToken, err := h.ExtractToken(req)
+
+		if err != nil {
+			return h.HandleUnauthorized(resp, err), nil
+		}
+
+		token, err := h.Validate(uToken)
+
+		if err != nil {
+			return h.HandleUnauthorized(resp, err), nil
+		}
+
+		req, err = h.InjectContext(req, token)
+
+		if err != nil {
+			return h.HandleUnauthorized(resp, err), nil
+		}
+	}
+
+	return h.Next.ServeHTTP(resp, req)
+}
+
+func (h Auth) InjectContext(req *http.Request, token *jwt.Token) (*http.Request, error) {
+
+	payLoad, ok := token.Claims.(jwt.MapClaims)
+
+	if !ok {
+		return nil, errors.New("invalid payload")
+	}
+
+	for header := range req.Header {
+		if strings.HasPrefix(header, "X-Token-") {
+			req.Header.Del(header)
+		}
+	}
+
+	username, ok := payLoad["username"].(string)
+
+	if ok && username != "" {
+		req.Header.Set("X-Token-Username", username)
+	}
+
+	uid := payLoad["uid"]
+
+	if uid != nil {
+		switch uid.(type) {
+		case int:
+			req.Header.Set("X-Token-UID", strconv.Itoa(uid.(int)))
+			break
+		case string:
+			req.Header.Set("X-Token-UID", uid.(string))
+			break
+		}
+	}
+
+	groups, ok := payLoad["groups"].([]string)
+
+	if ok && len(groups) > 0 {
+		req.Header.Set("X-Token-Groups", strings.Join(groups, ","))
+	}
+
+	return req, nil
+}
+
+func (h Auth) Validate(uToken string) (*jwt.Token, error) {
+
+	if len(uToken) == 0 {
+		return nil, fmt.Errorf("token length is zero")
+	}
+
+	token, err := jwt.Parse(uToken, h.ProvideKey)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return token, nil
+}
+
+func (h Auth) HandleUnauthorized(w http.ResponseWriter, err error) int {
+	message := fmt.Sprintf("Unauthorized,%v", err)
+	w.Header().Add("WWW-Authenticate", message)
+	return http.StatusUnauthorized
+}
+
+func (h Auth) ExtractToken(r *http.Request) (string, error) {
+
+	jwtHeader := strings.Split(r.Header.Get("Authorization"), " ")
+
+	if jwtHeader[0] == "Bearer" && len(jwtHeader) == 2 {
+		return jwtHeader[1], nil
+	}
+
+	jwtCookie, err := r.Cookie("token")
+
+	if err == nil {
+		return jwtCookie.Value, nil
+	}
+
+	jwtQuery := r.URL.Query().Get("token")
+
+	if jwtQuery != "" {
+		return jwtQuery, nil
+	}
+
+	return "", fmt.Errorf("no token found")
+}
+
+func (h Auth) ProvideKey(token *jwt.Token) (interface{}, error) {
+	if _, ok := token.Method.(*jwt.SigningMethodHMAC); ok {
+		return h.Rule.Secret, nil
+	} else {
+		return nil, fmt.Errorf("expect token signed with HMAC but got %v", token.Header["alg"])
+	}
+}

pkg/apigateway/caddy-plugin/authenticate/auto_load.go

@@ -0,0 +1,110 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package authenticate
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/mholt/caddy"
+	"github.com/mholt/caddy/caddyhttp/httpserver"
+)
+
+func init() {
+	caddy.RegisterPlugin("authenticate", caddy.Plugin{
+		ServerType: "http",
+		Action:     Setup,
+	})
+}
+
+func Setup(c *caddy.Controller) error {
+
+	rule, err := parse(c)
+
+	if err != nil {
+		return err
+	}
+
+	c.OnStartup(func() error {
+		fmt.Println("Authenticate middleware is initiated")
+		return nil
+	})
+
+	httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
+		return &Auth{Next: next, Rule: rule}
+	})
+
+	return nil
+}
+func parse(c *caddy.Controller) (Rule, error) {
+
+	rule := Rule{ExceptedPath: make([]string, 0)}
+
+	if c.Next() {
+		args := c.RemainingArgs()
+		switch len(args) {
+		case 0:
+			for c.NextBlock() {
+				switch c.Val() {
+				case "path":
+					if !c.NextArg() {
+						return rule, c.ArgErr()
+					}
+
+					rule.Path = c.Val()
+
+					if c.NextArg() {
+						return rule, c.ArgErr()
+					}
+				case "secret":
+					if !c.NextArg() {
+						return rule, c.ArgErr()
+					}
+
+					rule.Secret = []byte(c.Val())
+
+					if c.NextArg() {
+						return rule, c.ArgErr()
+					}
+				case "except":
+					if !c.NextArg() {
+						return rule, c.ArgErr()
+					}
+
+					rule.ExceptedPath = strings.Split(c.Val(), ",")
+
+					for i := 0; i < len(rule.ExceptedPath); i++ {
+						rule.ExceptedPath[i] = strings.TrimSpace(rule.ExceptedPath[i])
+					}
+
+					if c.NextArg() {
+						return rule, c.ArgErr()
+					}
+				}
+			}
+		default:
+			return rule, c.ArgErr()
+		}
+	}
+
+	if c.Next() {
+		return rule, c.ArgErr()
+	}
+
+	return rule, nil
+}

pkg/apigateway/caddy-plugin/authentication/authentication.go

@@ -0,0 +1,300 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package authentication
+
+import (
+	"errors"
+	"fmt"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+	"k8s.io/apiserver/pkg/endpoints/request"
+	"net/http"
+	"strings"
+
+	"github.com/mholt/caddy/caddyhttp/httpserver"
+	"k8s.io/api/rbac/v1"
+	k8serr "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/kubernetes/pkg/util/slice"
+	"kubesphere.io/kubesphere/pkg/informers"
+	sliceutils "kubesphere.io/kubesphere/pkg/utils"
+)
+
+type Authentication struct {
+	Rule Rule
+	Next httpserver.Handler
+}
+
+type Rule struct {
+	Path         string
+	ExceptedPath []string
+}
+
+func (c Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
+
+	if httpserver.Path(r.URL.Path).Matches(c.Rule.Path) {
+
+		for _, path := range c.Rule.ExceptedPath {
+			if httpserver.Path(r.URL.Path).Matches(path) {
+				return c.Next.ServeHTTP(w, r)
+			}
+		}
+
+		attrs, err := getAuthorizerAttributes(r.Context())
+
+		if err != nil {
+			return http.StatusInternalServerError, err
+		}
+
+		permitted, err := permissionValidate(attrs)
+
+		if err != nil {
+			return http.StatusInternalServerError, err
+		}
+
+		if !permitted {
+			err = k8serr.NewForbidden(schema.GroupResource{Group: attrs.GetAPIGroup(), Resource: attrs.GetResource()}, attrs.GetName(), fmt.Errorf("permission undefined"))
+			return handleForbidden(w, err), nil
+		}
+	}
+
+	return c.Next.ServeHTTP(w, r)
+
+}
+
+func handleForbidden(w http.ResponseWriter, err error) int {
+	message := fmt.Sprintf("Forbidden,%s", err.Error())
+	w.Header().Add("WWW-Authenticate", message)
+	return http.StatusForbidden
+}
+
+func permissionValidate(attrs authorizer.Attributes) (bool, error) {
+
+	permitted, err := clusterRoleValidate(attrs)
+
+	if err != nil {
+		return false, err
+	}
+
+	if permitted {
+		return true, nil
+	}
+
+	if attrs.GetNamespace() != "" {
+		permitted, err = roleValidate(attrs)
+
+		if err != nil {
+			return false, err
+		}
+
+		if permitted {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+func roleValidate(attrs authorizer.Attributes) (bool, error) {
+	roleBindingLister := informers.SharedInformerFactory().Rbac().V1().RoleBindings().Lister()
+	roleLister := informers.SharedInformerFactory().Rbac().V1().Roles().Lister()
+	roleBindings, err := roleBindingLister.RoleBindings(attrs.GetNamespace()).List(labels.Everything())
+
+	if err != nil {
+		return false, err
+	}
+
+	fullSource := attrs.GetResource()
+
+	if attrs.GetSubresource() != "" {
+		fullSource = fullSource + "/" + attrs.GetSubresource()
+	}
+
+	for _, roleBinding := range roleBindings {
+
+		for _, subj := range roleBinding.Subjects {
+
+			if (subj.Kind == v1.UserKind && subj.Name == attrs.GetUser().GetName()) ||
+				(subj.Kind == v1.GroupKind && slice.ContainsString(attrs.GetUser().GetGroups(), subj.Name, nil)) {
+				role, err := roleLister.Roles(attrs.GetNamespace()).Get(roleBinding.RoleRef.Name)
+
+				if err != nil {
+					return false, err
+				}
+
+				for _, rule := range role.Rules {
+					if ruleMatchesRequest(rule, attrs.GetAPIGroup(), "", attrs.GetResource(), attrs.GetSubresource(), attrs.GetName(), attrs.GetVerb()) {
+						return true, nil
+					}
+				}
+			}
+		}
+	}
+
+	return false, nil
+}
+
+func clusterRoleValidate(attrs authorizer.Attributes) (bool, error) {
+	clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
+	clusterRoleBindings, err := clusterRoleBindingLister.List(labels.Everything())
+	clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
+	if err != nil {
+		return false, err
+	}
+
+	for _, clusterRoleBinding := range clusterRoleBindings {
+
+		for _, subject := range clusterRoleBinding.Subjects {
+
+			if (subject.Kind == v1.UserKind && subject.Name == attrs.GetUser().GetName()) ||
+				(subject.Kind == v1.GroupKind && sliceutils.HasString(attrs.GetUser().GetGroups(), subject.Name)) {
+
+				clusterRole, err := clusterRoleLister.Get(clusterRoleBinding.RoleRef.Name)
+
+				if err != nil {
+					return false, err
+				}
+
+				for _, rule := range clusterRole.Rules {
+					if attrs.IsResourceRequest() {
+						if ruleMatchesRequest(rule, attrs.GetAPIGroup(), "", attrs.GetResource(), attrs.GetSubresource(), attrs.GetName(), attrs.GetVerb()) {
+							return true, nil
+						}
+					} else {
+						if ruleMatchesRequest(rule, "", attrs.GetPath(), "", "", "", attrs.GetVerb()) {
+							return true, nil
+						}
+					}
+
+				}
+
+			}
+		}
+	}
+
+	return false, nil
+}
+
+func ruleMatchesResources(rule v1.PolicyRule, apiGroup string, resource string, subresource string, resourceName string) bool {
+
+	if resource == "" {
+		return false
+	}
+
+	if !sliceutils.HasString(rule.APIGroups, apiGroup) && !sliceutils.HasString(rule.APIGroups, v1.ResourceAll) {
+		return false
+	}
+
+	if len(rule.ResourceNames) > 0 && !sliceutils.HasString(rule.ResourceNames, resourceName) {
+		return false
+	}
+
+	combinedResource := resource
+
+	if subresource != "" {
+		combinedResource = combinedResource + "/" + subresource
+	}
+
+	for _, res := range rule.Resources {
+
+		// match "*"
+		if res == v1.ResourceAll || res == combinedResource {
+			return true
+		}
+
+		// match "*/subresource"
+		if len(subresource) > 0 && strings.HasPrefix(res, "*/") && subresource == strings.TrimLeft(res, "*/") {
+			return true
+		}
+		// match "resource/*"
+		if strings.HasSuffix(res, "/*") && resource == strings.TrimRight(res, "/*") {
+			return true
+		}
+	}
+
+	return false
+}
+
+func ruleMatchesRequest(rule v1.PolicyRule, apiGroup string, nonResourceURL string, resource string, subresource string, resourceName string, verb string) bool {
+
+	if !sliceutils.HasString(rule.Verbs, verb) && !sliceutils.HasString(rule.Verbs, v1.VerbAll) {
+		return false
+	}
+
+	if nonResourceURL == "" {
+		return ruleMatchesResources(rule, apiGroup, resource, subresource, resourceName)
+	} else {
+		return ruleMatchesNonResource(rule, nonResourceURL)
+	}
+}
+
+func ruleMatchesNonResource(rule v1.PolicyRule, nonResourceURL string) bool {
+
+	if nonResourceURL == "" {
+		return false
+	}
+
+	for _, spec := range rule.NonResourceURLs {
+		if pathMatches(nonResourceURL, spec) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func pathMatches(path, spec string) bool {
+	if spec == "*" {
+		return true
+	}
+	if spec == path {
+		return true
+	}
+	if strings.HasSuffix(spec, "*") && strings.HasPrefix(path, strings.TrimRight(spec, "*")) {
+		return true
+	}
+	return false
+}
+
+func getAuthorizerAttributes(ctx request.Context) (authorizer.Attributes, error) {
+	attribs := authorizer.AttributesRecord{}
+
+	user, ok := request.UserFrom(ctx)
+	if ok {
+		attribs.User = user
+	}
+
+	requestInfo, found := request.RequestInfoFrom(ctx)
+	if !found {
+		return nil, errors.New("no RequestInfo found in the context")
+	}
+
+	// Start with common attributes that apply to resource and non-resource requests
+	attribs.ResourceRequest = requestInfo.IsResourceRequest
+	attribs.Path = requestInfo.Path
+	attribs.Verb = requestInfo.Verb
+
+	attribs.APIGroup = requestInfo.APIGroup
+	attribs.APIVersion = requestInfo.APIVersion
+	attribs.Resource = requestInfo.Resource
+	attribs.Subresource = requestInfo.Subresource
+	attribs.Namespace = requestInfo.Namespace
+	attribs.Name = requestInfo.Name
+
+	return &attribs, nil
+}

pkg/apigateway/caddy-plugin/authentication/auto_load.go

@@ -0,0 +1,119 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package authentication
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/mholt/caddy"
+	"github.com/mholt/caddy/caddyhttp/httpserver"
+
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/signals"
+)
+
+func init() {
+	caddy.RegisterPlugin("authentication", caddy.Plugin{
+		ServerType: "http",
+		Action:     Setup,
+	})
+}
+
+// Setup is called by Caddy to parse the config block
+func Setup(c *caddy.Controller) error {
+
+	rule, err := parse(c)
+
+	if err != nil {
+		return err
+	}
+
+	if err != nil {
+		return err
+	}
+
+	c.OnStartup(func() error {
+		stopChan := signals.SetupSignalHandler()
+		informers.SharedInformerFactory().Start(stopChan)
+		informers.SharedInformerFactory().WaitForCacheSync(stopChan)
+		fmt.Println("Authentication middleware is initiated")
+		return nil
+	})
+
+	httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
+		return &Authentication{Next: next, Rule: rule}
+	})
+	return nil
+}
+
+func parse(c *caddy.Controller) (Rule, error) {
+
+	rule := Rule{ExceptedPath: make([]string, 0)}
+
+	if c.Next() {
+		args := c.RemainingArgs()
+		switch len(args) {
+		case 0:
+			for c.NextBlock() {
+				switch c.Val() {
+				case "path":
+					if !c.NextArg() {
+						return rule, c.ArgErr()
+					}
+
+					rule.Path = c.Val()
+
+					if c.NextArg() {
+						return rule, c.ArgErr()
+					}
+
+					break
+				case "except":
+					if !c.NextArg() {
+						return rule, c.ArgErr()
+					}
+
+					rule.ExceptedPath = strings.Split(c.Val(), ",")
+
+					for i := 0; i < len(rule.ExceptedPath); i++ {
+						rule.ExceptedPath[i] = strings.TrimSpace(rule.ExceptedPath[i])
+					}
+
+					if c.NextArg() {
+						return rule, c.ArgErr()
+					}
+					break
+				}
+			}
+		case 1:
+			rule.Path = args[0]
+			if c.NextBlock() {
+				return rule, c.ArgErr()
+			}
+		default:
+			return rule, c.ArgErr()
+		}
+	}
+
+	if c.Next() {
+		return rule, c.ArgErr()
+	}
+
+	return rule, nil
+}

pkg/apigateway/caddy-plugin/swagger/auto_load.go

@@ -0,0 +1,100 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package authenticate
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/mholt/caddy"
+	"github.com/mholt/caddy/caddyhttp/httpserver"
+)
+
+func init() {
+	caddy.RegisterPlugin("swagger", caddy.Plugin{
+		ServerType: "http",
+		Action:     Setup,
+	})
+}
+
+func Setup(c *caddy.Controller) error {
+
+	handler, err := parse(c)
+
+	if err != nil {
+		return err
+	}
+
+	c.OnStartup(func() error {
+		fmt.Println("Swagger middleware is initiated")
+		return nil
+	})
+
+	httpserver.GetConfig(c).AddMiddleware(func(next httpserver.Handler) httpserver.Handler {
+		return &Swagger{Next: next, Handler: handler}
+	})
+
+	return nil
+}
+func parse(c *caddy.Controller) (Handler, error) {
+
+	handler := Handler{URL: "/swagger-ui", FilePath: "/var/static/swagger-ui"}
+
+	if c.Next() {
+		args := c.RemainingArgs()
+		switch len(args) {
+		case 0:
+			for c.NextBlock() {
+				switch c.Val() {
+				case "url":
+					if !c.NextArg() {
+						return handler, c.ArgErr()
+					}
+
+					handler.URL = c.Val()
+
+					if c.NextArg() {
+						return handler, c.ArgErr()
+					}
+				case "filePath":
+					if !c.NextArg() {
+						return handler, c.ArgErr()
+					}
+
+					handler.FilePath = c.Val()
+
+					if c.NextArg() {
+						return handler, c.ArgErr()
+					}
+				default:
+					return handler, c.ArgErr()
+				}
+			}
+		default:
+			return handler, c.ArgErr()
+		}
+	}
+
+	if c.Next() {
+		return handler, c.ArgErr()
+	}
+
+	handler.Handler = http.StripPrefix(handler.URL, http.FileServer(http.Dir(handler.FilePath)))
+
+	return handler, nil
+}

pkg/apigateway/caddy-plugin/swagger/swagger.go

@@ -0,0 +1,45 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package authenticate
+
+import (
+	"net/http"
+
+	"github.com/mholt/caddy/caddyhttp/httpserver"
+)
+
+type Swagger struct {
+	Handler Handler
+	Next    httpserver.Handler
+}
+
+type Handler struct {
+	URL      string
+	FilePath string
+	Handler  http.Handler
+}
+
+func (h Swagger) ServeHTTP(resp http.ResponseWriter, req *http.Request) (int, error) {
+
+	if httpserver.Path(req.URL.Path).Matches(h.Handler.URL) {
+		h.Handler.Handler.ServeHTTP(resp, req)
+		return http.StatusOK, nil
+	}
+
+	return h.Next.ServeHTTP(resp, req)
+}

pkg/apis/iam/install/install.go

@@ -15,17 +15,19 @@
  limitations under the License.
 
 */
-package monitoring
+package install
 
 import (
 	"github.com/emicklei/go-restful"
-
+	urlruntime "k8s.io/apimachinery/pkg/util/runtime"
-	"kubesphere.io/kubesphere/pkg/monitoring/v1alpha2"
+	iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
+	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
 )
 
-const apiGroup = "monitoring.kubesphere.io"
+func init() {
-
+	Install(runtime.Container)
-func AddToContainer(container *restful.Container) error {
+}
-	container.Add(v1alpha2.WebService(apiGroup))
+
-	return nil
+func Install(container *restful.Container) {
+	urlruntime.Must(iamv1alpha2.AddToContainer(container))
 }

pkg/apis/iam/v1alpha2/register.go

@@ -0,0 +1,214 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package v1alpha2
+
+import (
+	"github.com/emicklei/go-restful"
+	"github.com/emicklei/go-restful-openapi"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"kubesphere.io/kubesphere/pkg/apiserver/iam"
+	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
+	"kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models"
+)
+
+const GroupName = "iam.kubesphere.io"
+
+var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
+
+var (
+	WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
+	AddToContainer    = WebServiceBuilder.AddToContainer
+)
+
+func addWebService(c *restful.Container) error {
+	tags := []string{"IAM"}
+	ws := runtime.NewWebService(GroupVersion)
+
+	ws.Route(ws.POST("/authenticate").
+		To(iam.TokenReviewHandler).
+		Doc("Token review").
+		Reads(iam.TokenReview{}).
+		Writes(iam.TokenReview{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.POST("/login").
+		To(iam.LoginHandler).
+		Doc("User login").
+		Reads(iam.LoginRequest{}).
+		Writes(models.Token{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/users/{name}").
+		To(iam.UserDetail).
+		Doc("User detail").
+		Writes(models.User{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.POST("/users").
+		To(iam.CreateUser).
+		Reads(models.User{}).
+		Writes(errors.Error{}).
+		Doc("Create user").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.DELETE("/users/{name}").
+		To(iam.DeleteUser).
+		Doc("Delete user").
+		Writes(errors.Error{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.PUT("/users/{name}").
+		To(iam.UpdateUser).
+		Reads(models.User{}).
+		Writes(errors.Error{}).
+		Doc("Update user").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/users/{name}/log").
+		To(iam.UserLoginLog).
+		Doc("User login log").
+		Writes([]map[string]string{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/users").
+		To(iam.UserList).
+		Doc("User list").
+		Writes(models.PageableResponse{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/groups").
+		To(iam.RootGroupList).
+		Writes([]models.Group{}).
+		Doc("User group list").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/groups/{path}").
+		To(iam.GroupDetail).
+		Doc("User group detail").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/groups/{path}/users").
+		To(iam.GroupUsers).
+		Doc("Group user list").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.POST("/groups").
+		To(iam.CreateGroup).
+		Reads(models.Group{}).
+		Doc("Create user group").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.DELETE("/groups/{path}").
+		To(iam.DeleteGroup).
+		Doc("Delete user group").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.PUT("/groups/{path}").
+		To(iam.UpdateGroup).
+		Doc("Update user group").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/users/{username}/roles").
+		To(iam.UserRoles).
+		Doc("Get user role list").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/namespaces/{namespace}/roles/{role}/users").
+		To(iam.RoleUsers).
+		Doc("Get user list by role").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/namespaces/{namespace}/roles/{role}/rules").
+		To(iam.RoleRules).
+		Doc("Get role detail").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/namespaces/{namespace}/users").
+		To(iam.NamespaceUsers).
+		Doc("Get user list by namespace").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/clusterroles/{clusterrole}/users").
+		To(iam.ClusterRoleUsers).
+		Doc("Get user list by cluster role").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/clusterroles/{clusterrole}/rules").
+		To(iam.ClusterRoleRules).
+		Doc("Get cluster role detail").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/rulesmapping/clusterroles").
+		To(iam.ClusterRulesMappingHandler).
+		Doc("Get cluster role policy rules mapping").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/rulesmapping/roles").
+		To(iam.RulesMappingHandler).
+		Doc("Get role policy rules mapping").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/workspaces/{workspace}/rules").
+		To(iam.WorkspaceRulesHandler).
+		Doc("Get workspace level policy rules").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/workspaces/{workspace}/members").
+		To(iam.WorkspaceMemberList).
+		Doc("Get workspace member list").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/namespaces/{namespace}/rules").
+		To(iam.NamespacesRulesHandler).
+		Doc("Get namespace level policy rules").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/devops/{devops}/rules").
+		To(iam.DevopsRulesHandler).
+		Doc("Get devops project level policy rules").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	tags = []string{"Workspace"}
+
+	ws.Route(ws.GET("/workspaces").
+		To(iam.UserWorkspaceListHandler).
+		Doc("Get workspace list").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Writes([]models.Workspace{}))
+	ws.Route(ws.POST("/workspaces").
+		To(iam.WorkspaceCreateHandler).
+		Doc("Create workspace").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Writes(models.Workspace{}))
+	ws.Route(ws.DELETE("/workspaces/{name}").
+		To(iam.DeleteWorkspaceHandler).
+		Doc("Delete workspace").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Writes(errors.Error{}))
+	ws.Route(ws.GET("/workspaces/{name}").
+		To(iam.WorkspaceDetailHandler).
+		Doc("Get workspace detail").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Writes(models.Workspace{}))
+	ws.Route(ws.PUT("/workspaces/{name}").
+		To(iam.WorkspaceEditHandler).
+		Doc("Update workspace").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Writes(models.Workspace{}))
+
+	ws.Route(ws.GET("/workspaces/{name}/members/{member}").
+		To(iam.WorkspaceMemberDetail).
+		Doc("Get workspace member detail").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.GET("/workspaces/{name}/roles").
+		To(iam.WorkspaceRoles).
+		Doc("Get workspace roles").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.POST("/workspaces/{name}/members").
+		To(iam.WorkspaceMemberInvite).
+		Doc("Add user to workspace").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	ws.Route(ws.DELETE("/workspaces/{name}/members").
+		To(iam.WorkspaceMemberRemove).
+		Doc("Delete user from workspace").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	c.Add(ws)
+	return nil
+}

pkg/apis/metrics/group.go

@@ -1,18 +0,0 @@
-/*
-
- Copyright 2019 The KubeSphere Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/
-package metrics

pkg/apis/metrics/v1alpha2/register.go

@@ -19,6 +19,7 @@ package v1alpha2
 
 import (
 	"github.com/emicklei/go-restful"
+	"github.com/emicklei/go-restful-openapi"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"kubesphere.io/kubesphere/pkg/apiserver/metrics"
 	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
@@ -36,8 +37,20 @@ var (
 func addWebService(c *restful.Container) error {
 	webservice := runtime.NewWebService(GroupVersion)
 
-	webservice.Route(webservice.GET("/storageclasses/{storageclass}").To(metrics.GetScMetrics))
+	tags := []string{"metrics"}
-	webservice.Route(webservice.GET("/metrics/storageclass").To(metrics.GetScMetricsList))
+
+	webservice.Route(webservice.GET("/storageclasses/{storageclass}").
+		To(metrics.GetScMetrics).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("").
+		Param(webservice.PathParameter("storageclass", "storageclass's name")).
+		Writes(metrics.ScMetricsItem{}))
+
+	webservice.Route(webservice.GET("/storageclasses").
+		To(metrics.GetScMetricsList).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("").
+		Writes([]metrics.ScMetricsItem{}))
 
 	c.Add(webservice)
 

pkg/apis/monitoring/install/install.go

@@ -15,22 +15,19 @@
  limitations under the License.
 
 */
-package v1alpha2
+package install
 
 import (
 	"github.com/emicklei/go-restful"
+	urlruntime "k8s.io/apimachinery/pkg/util/runtime"
+	monitoringv1alpha2 "kubesphere.io/kubesphere/pkg/apis/monitoring/v1alpha2"
+	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
 )
 
-const apiVersion = "v1alpha2"
+func init() {
-
+	Install(runtime.Container)
-var addToWebServiceFuncs []func(ws *restful.WebService)
-
-func WebService(apiGroup string) *restful.WebService {
-	ws := new(restful.WebService)
-	ws.Path("/apis/" + apiGroup + "/" + apiVersion).
-		Produces(restful.MIME_JSON).Consumes(restful.MIME_JSON)
-	for _, f := range addToWebServiceFuncs {
-		f(ws)
 }
-	return ws
+
+func Install(container *restful.Container) {
+	urlruntime.Must(monitoringv1alpha2.AddToContainer(container))
 }

pkg/apis/monitoring/v1alpha2/register.go

@@ -0,0 +1,207 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package v1alpha2
+
+import (
+	"github.com/emicklei/go-restful"
+	"github.com/emicklei/go-restful-openapi"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"kubesphere.io/kubesphere/pkg/apiserver/monitoring"
+	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
+)
+
+const GroupName = "monitoring.kubesphere.io"
+
+var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
+
+var (
+	WebServiceBuilder = runtime.NewContainerBuilder(addWebService)
+	AddToContainer    = WebServiceBuilder.AddToContainer
+)
+
+func addWebService(c *restful.Container) error {
+	ws := runtime.NewWebService(GroupVersion)
+
+	tags := []string{"Monitoring"}
+
+	ws.Route(ws.GET("/clusters").To(monitoring.MonitorCluster).
+		Doc("monitor cluster level metrics").
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("cluster_cpu_utilisation")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/nodes").To(monitoring.MonitorNode).
+		Doc("monitor nodes level metrics").
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("node_cpu_utilisation")).
+		Param(ws.QueryParameter("nodes_filter", "node re2 expression filter").Required(false).DefaultValue("")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/nodes/{node}").To(monitoring.MonitorNode).
+		Doc("monitor specific node level metrics").
+		Param(ws.PathParameter("node", "specific node").Required(true).DefaultValue("")).
+		Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").Required(true).DefaultValue("node_cpu_utilisation")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces").To(monitoring.MonitorNamespace).
+		Doc("monitor namespaces level metrics").
+		Param(ws.QueryParameter("namespaces_filter", "namespaces re2 expression filter").Required(false).DefaultValue("")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("namespace_memory_utilisation")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces/{namespace}").To(monitoring.MonitorNamespace).
+		Doc("monitor specific namespace level metrics").
+		Param(ws.PathParameter("namespace", "specific namespace").Required(true).DefaultValue("monitoring")).
+		Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").Required(true).DefaultValue("namespace_memory_utilisation")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces/{namespace}/pods").To(monitoring.MonitorPod).
+		Doc("monitor pods level metrics").
+		Param(ws.PathParameter("namespace", "specific namespace").Required(true).DefaultValue("monitoring")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("pod_memory_utilisation_wo_cache")).
+		Param(ws.QueryParameter("pods_filter", "pod re2 expression filter").Required(false).DefaultValue("")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}").To(monitoring.MonitorPod).
+		Doc("monitor specific pod level metrics").
+		Param(ws.PathParameter("namespace", "specific namespace").Required(true).DefaultValue("monitoring")).
+		Param(ws.PathParameter("pod", "specific pod").Required(true).DefaultValue("")).
+		Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").Required(true).DefaultValue("pod_memory_utilisation_wo_cache")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/nodes/{node}/pods").To(monitoring.MonitorPod).
+		Doc("monitor pods level metrics by nodeid").
+		Param(ws.PathParameter("node", "specific node").Required(true).DefaultValue("i-k89a62il")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("pod_memory_utilisation_wo_cache")).
+		Param(ws.QueryParameter("pods_filter", "pod re2 expression filter").Required(false).DefaultValue("openpitrix.*")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/nodes/{node}/pods/{pod}").To(monitoring.MonitorPod).
+		Doc("monitor specific pod level metrics by nodeid").
+		Param(ws.PathParameter("node", "specific node").Required(true).DefaultValue("i-k89a62il")).
+		Param(ws.PathParameter("pod", "specific pod").Required(true).DefaultValue("")).
+		Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").Required(true).DefaultValue("pod_memory_utilisation_wo_cache")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/nodes/{node}/pods/{pod}/containers").To(monitoring.MonitorContainer).
+		Doc("monitor specific pod level metrics by nodeid").
+		Param(ws.PathParameter("node", "specific node").Required(true)).
+		Param(ws.PathParameter("pod", "specific pod").Required(true)).
+		Param(ws.QueryParameter("containers_filter", "container re2 expression filter").Required(false).DefaultValue("")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").Required(false)).
+		Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").Required(true).DefaultValue("pod_memory_utilisation_wo_cache")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Param(ws.QueryParameter("type", "rank, statistic").Required(false).DefaultValue("rank")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}/containers").To(monitoring.MonitorContainer).
+		Doc("monitor containers level metrics").
+		Param(ws.PathParameter("namespace", "specific namespace").Required(true).DefaultValue("monitoring")).
+		Param(ws.PathParameter("pod", "specific pod").Required(true).DefaultValue("")).
+		Param(ws.QueryParameter("containers_filter", "container re2 expression filter").Required(false).DefaultValue("")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").Required(false)).
+		Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").Required(true).DefaultValue("container_memory_utilisation_wo_cache")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Param(ws.QueryParameter("type", "rank, statistic").Required(false).DefaultValue("rank")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces/{namespace}/pods/{pod}/containers/{container}").To(monitoring.MonitorContainer).
+		Doc("monitor specific container level metrics").
+		Param(ws.PathParameter("namespace", "specific namespace").Required(true).DefaultValue("monitoring")).
+		Param(ws.PathParameter("pod", "specific pod").Required(true).DefaultValue("")).
+		Param(ws.PathParameter("container", "specific container").Required(true).DefaultValue("")).
+		Param(ws.QueryParameter("metrics_name", "metrics name cpu memory...").Required(true).DefaultValue("container_memory_utilisation_wo_cache")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces/{namespace}/workloads/{workload_kind}").To(monitoring.MonitorWorkload).
+		Doc("monitor specific workload level metrics").
+		Param(ws.PathParameter("namespace", "namespace").Required(true).DefaultValue("kube-system")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").Required(false)).
+		Param(ws.PathParameter("workload_kind", "workload kind").Required(false).DefaultValue("daemonset")).
+		Param(ws.QueryParameter("workload_name", "workload name").Required(true).DefaultValue("")).
+		Param(ws.QueryParameter("pods_filter", "pod re2 expression filter").Required(false).DefaultValue("openpitrix.*")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "max metric items in a page").Required(false).DefaultValue("4")).
+		Param(ws.QueryParameter("type", "rank, statistic").Required(false).DefaultValue("rank")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/namespaces/{namespace}/workloads").To(monitoring.MonitorWorkload).
+		Doc("monitor all workload level metrics").
+		Param(ws.PathParameter("namespace", "namespace").Required(true).DefaultValue("kube-system")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...").Required(false)).
+		Param(ws.QueryParameter("workloads_filter", "pod re2 expression filter").Required(false).DefaultValue("")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Param(ws.QueryParameter("type", "rank, statistic").Required(false).DefaultValue("rank")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	// list all namespace in this workspace by selected metrics
+	ws.Route(ws.GET("/workspaces/{workspace}").To(monitoring.MonitorOneWorkspace).
+		Doc("monitor workspaces level metrics").
+		Param(ws.PathParameter("workspace", "workspace name").Required(true)).
+		Param(ws.QueryParameter("namespaces_filter", "namespaces filter").Required(false).DefaultValue("k.*")).
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("namespace_memory_utilisation_wo_cache")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Param(ws.QueryParameter("type", "rank, statistic").Required(false).DefaultValue("rank")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/workspaces").To(monitoring.MonitorAllWorkspaces).
+		Doc("monitor workspaces level metrics").
+		Param(ws.QueryParameter("metrics_filter", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("workspace_memory_utilisation")).
+		Param(ws.QueryParameter("workspaces_filter", "workspaces re2 expression filter").Required(false).DefaultValue(".*")).
+		Param(ws.QueryParameter("sort_metric", "sort metric").Required(false)).
+		Param(ws.QueryParameter("sort_type", "ascending descending order").Required(false)).
+		Param(ws.QueryParameter("page", "page number").Required(false).DefaultValue("1")).
+		Param(ws.QueryParameter("limit", "metrics name cpu memory...in re2 regex").Required(false).DefaultValue("4")).
+		Param(ws.QueryParameter("type", "rank, statistic").Required(false).DefaultValue("rank")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	ws.Route(ws.GET("/components").To(monitoring.MonitorComponentStatus).
+		Doc("monitor k8s components status").
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	c.Add(ws)
+	return nil
+}

pkg/apis/operations/group.go

@@ -1,18 +0,0 @@
-/*
-
- Copyright 2019 The KubeSphere Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/
-package operations

pkg/apis/operations/v1alpha2/register.go

@@ -23,6 +23,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"kubesphere.io/kubesphere/pkg/apiserver/operations"
 	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
+	"kubesphere.io/kubesphere/pkg/errors"
 )
 
 const GroupName = "operations.kubesphere.io"
@@ -36,20 +37,24 @@ var (
 
 func addWebService(c *restful.Container) error {
 
+	tags := []string{"Operations"}
+
 	webservice := runtime.NewWebService(GroupVersion)
 
-	webservice.Route(webservice.POST("/nodes/{node}/drainage").To(operations.DrainNode))
+	webservice.Route(webservice.POST("/nodes/{node}/drainage").
+		To(operations.DrainNode).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("").
+		Param(webservice.PathParameter("node", "node name")).
+		Writes(errors.Error{}))
 
 	webservice.Route(webservice.POST("/namespaces/{namespace}/jobs/{job}").
 		To(operations.RerunJob).
-		Metadata(restfulspec.KeyOpenAPITags, []string{"jobs"}).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
 		Doc("Handle job operation").
-		Param(webservice.PathParameter("job", "job name").
+		Param(webservice.PathParameter("job", "job name")).
-			DataType("string")).
+		Param(webservice.PathParameter("namespace", "job's namespace")).
-		Param(webservice.PathParameter("namespace", "job's namespace").
+		Param(webservice.QueryParameter("a", "action")).
-			DataType("string")).
-		Param(webservice.QueryParameter("a", "action").
-			DataType("string")).
 		Writes(""))
 
 	c.Add(webservice)

pkg/apis/resources/group.go

@@ -1,18 +0,0 @@
-/*
-
- Copyright 2019 The KubeSphere Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/
-package metrics

pkg/apis/resources/v1alpha2/register.go

@@ -20,9 +20,20 @@ package v1alpha2
 import (
 	"github.com/emicklei/go-restful"
 	"github.com/emicklei/go-restful-openapi"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"kubesphere.io/kubesphere/pkg/apiserver/components"
+	"kubesphere.io/kubesphere/pkg/apiserver/quotas"
+	"kubesphere.io/kubesphere/pkg/apiserver/registries"
 	"kubesphere.io/kubesphere/pkg/apiserver/resources"
+	"kubesphere.io/kubesphere/pkg/apiserver/revisions"
+	"kubesphere.io/kubesphere/pkg/apiserver/routers"
 	"kubesphere.io/kubesphere/pkg/apiserver/runtime"
+	"kubesphere.io/kubesphere/pkg/apiserver/workloadstatuses"
+	"kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models"
+	"kubesphere.io/kubesphere/pkg/params"
 )
 
 const GroupName = "resources.kubesphere.io"
@@ -38,18 +49,182 @@ func addWebService(c *restful.Container) error {
 
 	webservice := runtime.NewWebService(GroupVersion)
 
-	webservice.Route(webservice.GET("/namespaces/{namespace}/{resources}").To(resources.NamespaceResourceHandler))
+	tags := []string{"Namespace resources"}
 
-	webservice.Route(webservice.GET("/{resources}").To(resources.ClusterResourceHandler))
+	webservice.Route(webservice.GET("/namespaces/{namespace}/{resources}").
+		To(resources.NamespaceResourceHandler).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("Namespace level resource query").
+		Param(webservice.PathParameter("namespace", "which namespace")).
+		Param(webservice.PathParameter("resources", "namespace level resource type")).
+		Param(webservice.QueryParameter(params.ConditionsParam, "query conditions").
+			Required(false).
+			DataFormat("key=%s,key~%s")).
+		Param(webservice.QueryParameter(params.PagingParam, "page").
+			Required(false).
+			DataFormat("limit=%d,page=%d").
+			DefaultValue("limit=10,page=1")).
+		Writes(models.PageableResponse{}))
 
-	webservice.Route(webservice.GET("/storageclasses/{storageclass}/persistentvolumeclaims").To(resources.GetPvcListBySc))
+	tags = []string{"Cluster resources"}
-	webservice.Route(webservice.GET("/namespaces/{namespace}/persistentvolumeclaims/{pvc}/pods").To(resources.GetPodListByPvc))
 
-	tags := []string{"users"}
+	webservice.Route(webservice.GET("/{resources}").
-	webservice.Route(webservice.GET("/users/{username}/kubectl").Doc("get user's kubectl pod").Param(webservice.PathParameter("username",
+		To(resources.ClusterResourceHandler).
-		"username").DataType("string")).Metadata(restfulspec.KeyOpenAPITags, tags).To(resources.GetKubectl))
+		Writes(models.PageableResponse{}).
-	webservice.Route(webservice.GET("/users/{username}/kubeconfig").Doc("get users' kubeconfig").Param(webservice.PathParameter("username",
+		Metadata(restfulspec.KeyOpenAPITags, tags).
-		"username").DataType("string")).Metadata(restfulspec.KeyOpenAPITags, tags).To(resources.GetKubeconfig))
+		Doc("Cluster level resource query").
+		Param(webservice.PathParameter("resources", "cluster level resource type"))).
+		Param(webservice.QueryParameter(params.ConditionsParam, "query conditions").
+			Required(false).
+			DataFormat("key=value,key~value").
+			DefaultValue("")).
+		Param(webservice.QueryParameter(params.PagingParam, "page").
+			Required(false).
+			DataFormat("limit=%d,page=%d").
+			DefaultValue("limit=10,page=1"))
+
+	webservice.Route(webservice.GET("/storageclasses/{storageclass}/persistentvolumeclaims").
+		To(resources.GetPvcListBySc).
+		Doc("get user's kubectl pod").
+		Param(webservice.PathParameter("username", "username")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+	webservice.Route(webservice.GET("/namespaces/{namespace}/persistentvolumeclaims/{pvc}/pods").
+		To(resources.GetPodListByPvc))
+
+	tags = []string{"User resources"}
+
+	webservice.Route(webservice.GET("/users/{username}/kubectl").
+		To(resources.GetKubectl).
+		Doc("get user's kubectl pod").
+		Param(webservice.PathParameter("username", "username")).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Writes(models.PodInfo{}))
+
+	webservice.Route(webservice.GET("/users/{username}/kubeconfig").
+		To(resources.GetKubeconfig).
+		Doc("get users' kubeconfig").
+		Param(webservice.PathParameter("username", "username")).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	tags = []string{"Components"}
+
+	webservice.Route(webservice.GET("/components").
+		To(components.GetComponents).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("").
+		Writes(map[string]models.Component{}))
+	webservice.Route(webservice.GET("/components/{component}").
+		To(components.GetComponentStatus).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("").
+		Param(webservice.PathParameter("component", "component name")).
+		Writes(models.Component{}))
+	webservice.Route(webservice.GET("/health").
+		To(components.GetSystemHealthStatus).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("").
+		Writes(map[string]int{}))
+
+	tags = []string{"Quotas"}
+
+	webservice.Route(webservice.GET("/quotas").
+		To(quotas.GetClusterQuotas).
+		Doc("get whole cluster's resource usage").
+		Writes(models.ResourceQuota{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags))
+
+	webservice.Route(webservice.GET("/namespaces/{namespace}/quotas").
+		Doc("get specified namespace's resource quota and usage").
+		Param(webservice.PathParameter("namespace", "namespace's name")).
+		Writes(models.ResourceQuota{}).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		To(quotas.GetNamespaceQuotas))
+
+	tags = []string{"Registries"}
+
+	webservice.Route(webservice.POST("registries/verify").
+		To(registries.RegistryVerify).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("docker registry verify").
+		Writes(errors.Error{}))
+
+	tags = []string{"Revision"}
+
+	webservice.Route(webservice.GET("/namespaces/{namespace}/daemonsets/{daemonset}/revisions/{revision}").
+		To(revisions.GetDaemonSetRevision).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("Handle daemonset operation").
+		Param(webservice.PathParameter("daemonset", "daemonset's name")).
+		Param(webservice.PathParameter("namespace", "daemonset's namespace")).
+		Param(webservice.PathParameter("revision", "daemonset's revision")).
+		Writes(appsv1.DaemonSet{}))
+	webservice.Route(webservice.GET("/namespaces/{namespace}/deployments/{deployment}/revisions/{revision}").
+		To(revisions.GetDeployRevision).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("Handle deployment operation").
+		Param(webservice.PathParameter("deployment", "deployment's name")).
+		Param(webservice.PathParameter("namespace", "deployment's namespace")).
+		Param(webservice.PathParameter("revision", "deployment's revision")).
+		Writes(appsv1.ReplicaSet{}))
+	webservice.Route(webservice.GET("/namespaces/{namespace}/statefulsets/{statefulset}/revisions/{revision}").
+		To(revisions.GetStatefulSetRevision).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Doc("Handle statefulset operation").
+		Param(webservice.PathParameter("statefulset", "statefulset's name")).
+		Param(webservice.PathParameter("namespace", "statefulset's namespace")).
+		Param(webservice.PathParameter("revision", "statefulset's revision")).
+		Writes(appsv1.StatefulSet{}))
+
+	tags = []string{"Router"}
+
+	webservice.Route(webservice.GET("/routers").
+		To(routers.GetAllRouters).
+		Doc("Get all routers").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Writes(corev1.Service{}))
+
+	webservice.Route(webservice.GET("/users/{username}/routers").
+		To(routers.GetAllRoutersOfUser).
+		Doc("Get routers for user").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Param(webservice.PathParameter("username", "")).
+		Writes(corev1.Service{}))
+
+	webservice.Route(webservice.GET("/namespaces/{namespace}/router").
+		To(routers.GetRouter).
+		Doc("Get router of a specified project").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Param(webservice.PathParameter("namespace", "name of the project")))
+
+	webservice.Route(webservice.DELETE("/namespaces/{namespace}/router").
+		To(routers.DeleteRouter).
+		Doc("Get router of a specified project").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Param(webservice.PathParameter("namespace", "name of the project")))
+
+	webservice.Route(webservice.POST("/namespaces/{namespace}/router").
+		To(routers.CreateRouter).
+		Doc("Create a router for a specified project").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Param(webservice.PathParameter("namespace", "name of the project")))
+
+	webservice.Route(webservice.PUT("/namespaces/{namespace}/router").
+		To(routers.UpdateRouter).
+		Doc("Update a router for a specified project").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		Param(webservice.PathParameter("namespace", "name of the project")))
+
+	tags = []string{"WorkloadStatus"}
+
+	webservice.Route(webservice.GET("/workloadstatuses").
+		Doc("get abnormal workloads' count of whole cluster").
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		To(workloadstatuses.GetClusterResourceStatus))
+	webservice.Route(webservice.GET("/namespaces/{namespace}/workloadstatuses").
+		Doc("get abnormal workloads' count of specified namespace").
+		Param(webservice.PathParameter("namespace", "the name of namespace")).
+		Metadata(restfulspec.KeyOpenAPITags, tags).
+		To(workloadstatuses.GetNamespacesResourceStatus))
 
 	c.Add(webservice)
 

pkg/apiserver/components/components.go

@@ -22,18 +22,14 @@ import (
 	"github.com/emicklei/go-restful"
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/components"
+	"net/http"
 )
 
-func V1Alpha2(ws *restful.WebService) {
+func GetSystemHealthStatus(request *restful.Request, response *restful.Response) {
-	ws.Route(ws.GET("/components").To(getComponents))
+	result, err := components.GetSystemHealthStatus()
-	ws.Route(ws.GET("/components/{component}").To(getComponentStatus))
-	ws.Route(ws.GET("/health").To(getSystemHealthStatus))
-}
 
-func getSystemHealthStatus(request *restful.Request, response *restful.Response) {
+	if err != nil {
-	result, err := components.GetAllComponentsStatus()
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
-
-	if errors.HandlerError(err, response) {
 		return
 	}
 
@@ -41,12 +37,13 @@ func getSystemHealthStatus(request *restful.Request, response *restful.Response)
 }
 
 // get a specific component status
-func getComponentStatus(request *restful.Request, response *restful.Response) {
+func GetComponentStatus(request *restful.Request, response *restful.Response) {
 	component := request.PathParameter("component")
 
 	result, err := components.GetComponentStatus(component)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
@@ -54,11 +51,12 @@ func getComponentStatus(request *restful.Request, response *restful.Response) {
 }
 
 // get all componentsHandler
-func getComponents(request *restful.Request, response *restful.Response) {
+func GetComponents(request *restful.Request, response *restful.Response) {
 
 	result, err := components.GetAllComponentsStatus()
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/hpa/hpa.go

@@ -1,52 +0,0 @@
-/*
-
- Copyright 2019 The KubeSphere Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/
-
-package hpa
-
-import (
-	"github.com/emicklei/go-restful"
-	"github.com/emicklei/go-restful-openapi"
-	"k8s.io/api/autoscaling/v1"
-
-	"kubesphere.io/kubesphere/pkg/errors"
-	"kubesphere.io/kubesphere/pkg/models/hpa"
-)
-
-func V1Alpha2(ws *restful.WebService) {
-	ws.Route(ws.GET("/namespaces/{namespace}/horizontalpodautoscalers/{horizontalpodautoscaler}").
-		To(getHpa).
-		Metadata(restfulspec.KeyOpenAPITags, []string{"hpa"}).
-		Doc("get horizontalpodautoscalers").
-		Param(ws.PathParameter("namespace", "horizontalpodautoscalers's namespace").
-			DataType("string")).
-		Param(ws.PathParameter("horizontalpodautoscaler", "horizontalpodautoscaler's name")).
-		Writes(v1.HorizontalPodAutoscaler{}))
-}
-
-func getHpa(req *restful.Request, resp *restful.Response) {
-	name := req.PathParameter("horizontalpodautoscaler")
-	namespace := req.PathParameter("namespace")
-
-	result, err := hpa.GetHPA(namespace, name)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(result)
-}

pkg/apiserver/iam/am.go

@@ -0,0 +1,190 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import (
+	"github.com/emicklei/go-restful"
+	"k8s.io/api/rbac/v1"
+	"net/http"
+	"sort"
+
+	"kubesphere.io/kubesphere/pkg/constants"
+	"kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models/iam"
+	"kubesphere.io/kubesphere/pkg/models/iam/policy"
+)
+
+type roleList struct {
+	ClusterRoles []*v1.ClusterRole `json:"clusterRoles" protobuf:"bytes,2,rep,name=clusterRoles"`
+	Roles        []*v1.Role        `json:"roles" protobuf:"bytes,2,rep,name=roles"`
+}
+
+func RoleRules(req *restful.Request, resp *restful.Response) {
+	namespace := req.PathParameter("namespace")
+	roleName := req.PathParameter("role")
+
+	role, err := iam.GetRole(namespace, roleName)
+
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+
+	rules, err := iam.GetRoleSimpleRules([]*v1.Role{role}, namespace)
+
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+
+	resp.WriteAsJson(rules[namespace])
+}
+
+func RoleUsers(req *restful.Request, resp *restful.Response) {
+	roleName := req.PathParameter("role")
+	namespace := req.PathParameter("namespace")
+
+	users, err := iam.RoleUsers(namespace, roleName)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(users)
+}
+
+func NamespaceUsers(req *restful.Request, resp *restful.Response) {
+
+	namespace := req.PathParameter("namespace")
+
+	users, err := iam.NamespaceUsers(namespace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	sort.Slice(users, func(i, j int) bool {
+		return users[i].Username < users[j].Username
+	})
+
+	resp.WriteAsJson(users)
+}
+
+func UserRoles(req *restful.Request, resp *restful.Response) {
+
+	username := req.PathParameter("username")
+
+	roles, err := iam.GetRoles(username, "")
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	clusterRoles, err := iam.GetClusterRoles(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	roleList := roleList{}
+	roleList.Roles = roles
+	roleList.ClusterRoles = clusterRoles
+
+	resp.WriteAsJson(roleList)
+}
+
+func NamespaceRulesHandler(req *restful.Request, resp *restful.Response) {
+	namespace := req.PathParameter("namespace")
+	username := req.HeaderParameter(constants.UserNameHeader)
+
+	clusterRoles, err := iam.GetClusterRoles(username)
+
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+
+	roles, err := iam.GetRoles(username, namespace)
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+
+	for _, clusterRole := range clusterRoles {
+		role := new(v1.Role)
+		role.Name = clusterRole.Name
+		role.Labels = clusterRole.Labels
+		role.Namespace = namespace
+		role.Annotations = clusterRole.Annotations
+		role.Kind = "Role"
+		role.Rules = clusterRole.Rules
+		roles = append(roles, role)
+	}
+
+	rules, err := iam.GetRoleSimpleRules(roles, namespace)
+
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+
+	resp.WriteAsJson(rules[namespace])
+}
+
+func RulesMappingHandler(req *restful.Request, resp *restful.Response) {
+	rules := policy.RoleRuleMapping
+	resp.WriteAsJson(rules)
+}
+
+func ClusterRulesMappingHandler(req *restful.Request, resp *restful.Response) {
+	rules := policy.ClusterRoleRuleMapping
+	resp.WriteAsJson(rules)
+}
+
+func ClusterRoleRules(req *restful.Request, resp *restful.Response) {
+	clusterRoleName := req.PathParameter("clusterrole")
+	clusterRole, err := iam.GetClusterRole(clusterRoleName)
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+	rules, err := iam.GetClusterRoleSimpleRules([]*v1.ClusterRole{clusterRole})
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+
+	resp.WriteAsJson(rules)
+}
+
+func ClusterRoleUsers(req *restful.Request, resp *restful.Response) {
+	clusterRoleName := req.PathParameter("clusterrole")
+
+	users, err := iam.ClusterRoleUsers(clusterRoleName)
+
+	if err != nil {
+		resp.WriteError(http.StatusInternalServerError, err)
+		return
+	}
+
+	resp.WriteAsJson(users)
+}

pkg/apiserver/iam/auth.go

@@ -0,0 +1,142 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import (
+	"fmt"
+	"github.com/dgrijalva/jwt-go"
+	"github.com/emicklei/go-restful"
+	"kubesphere.io/kubesphere/pkg/models"
+	"net/http"
+
+	"kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models/iam"
+	"kubesphere.io/kubesphere/pkg/utils"
+	jwtutils "kubesphere.io/kubesphere/pkg/utils/jwt"
+)
+
+type Spec struct {
+	Token string `json:"token"`
+}
+
+type Status struct {
+	Authenticated bool                   `json:"authenticated"`
+	User          map[string]interface{} `json:"user,omitempty"`
+}
+
+type TokenReview struct {
+	APIVersion string  `json:"apiVersion"`
+	Kind       string  `json:"kind"`
+	Spec       *Spec   `json:"spec,omitempty"`
+	Status     *Status `json:"status,omitempty"`
+}
+
+type LoginRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+const (
+	APIVersion      = "authentication.k8s.io/v1beta1"
+	KindTokenReview = "TokenReview"
+)
+
+func LoginHandler(req *restful.Request, resp *restful.Response) {
+	var loginRequest LoginRequest
+
+	err := req.ReadEntity(&loginRequest)
+
+	if err != nil || loginRequest.Username == "" || loginRequest.Password == "" {
+		resp.WriteHeaderAndEntity(http.StatusUnauthorized, errors.Wrap(fmt.Errorf("incorrect username or password")))
+		return
+	}
+
+	ip := utils.RemoteIp(req.Request)
+
+	token, err := iam.Login(loginRequest.Username, loginRequest.Password, ip)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusUnauthorized, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(models.Token{Token: token})
+}
+
+// k8s token review
+func TokenReviewHandler(req *restful.Request, resp *restful.Response) {
+	var tokenReview TokenReview
+
+	err := req.ReadEntity(&tokenReview)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+
+	if tokenReview.Spec == nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("token must not be null")))
+		return
+	}
+
+	uToken := tokenReview.Spec.Token
+
+	token, err := jwtutils.ValidateToken(uToken)
+
+	if err != nil {
+		failed := TokenReview{APIVersion: APIVersion,
+			Kind: KindTokenReview,
+			Status: &Status{
+				Authenticated: false,
+			},
+		}
+		resp.WriteAsJson(failed)
+		return
+	}
+
+	claims := token.Claims.(jwt.MapClaims)
+
+	username := claims["username"].(string)
+
+	conn, err := iam.NewConnection()
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	defer conn.Close()
+
+	user, err := iam.UserDetail(username, conn)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	success := TokenReview{APIVersion: APIVersion,
+		Kind: KindTokenReview,
+		Status: &Status{
+			Authenticated: true,
+			User:          map[string]interface{}{"username": user.Username, "uid": user.Username, "groups": user.Groups},
+		},
+	}
+
+	resp.WriteAsJson(success)
+	return
+}

pkg/apiserver/iam/groups.go

@@ -0,0 +1,253 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import (
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/emicklei/go-restful"
+	"github.com/go-ldap/ldap"
+
+	"kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models"
+	"kubesphere.io/kubesphere/pkg/models/iam"
+)
+
+func CreateGroup(req *restful.Request, resp *restful.Response) {
+	//var json map[string]interface{}
+
+	var group models.Group
+
+	err := req.ReadEntity(&group)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+
+	if !regexp.MustCompile("[a-z0-9]([-a-z0-9]*[a-z0-9])?").MatchString(group.Name) {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, fmt.Errorf("incalid group name %s", group))
+		return
+	}
+
+	if group.Creator == "" {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, fmt.Errorf("creator should not be null"))
+		return
+	}
+
+	created, err := iam.CreateGroup(group)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(created)
+}
+
+func DeleteGroup(req *restful.Request, resp *restful.Response) {
+	path := req.PathParameter("path")
+
+	if path == "" {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("group path must not be null")))
+		return
+	}
+
+	err := iam.DeleteGroup(path)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+
+}
+
+func UpdateGroup(req *restful.Request, resp *restful.Response) {
+	groupPathInPath := req.PathParameter("path")
+
+	var group models.Group
+
+	req.ReadEntity(&group)
+
+	if groupPathInPath != group.Path {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("the path of group (%s) does not match the path on the URL (%s)", group.Path, groupPathInPath)))
+		return
+	}
+
+	edited, err := iam.UpdateGroup(&group)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(edited)
+
+}
+
+func GroupDetail(req *restful.Request, resp *restful.Response) {
+
+	path := req.PathParameter("path")
+
+	conn, err := iam.NewConnection()
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	defer conn.Close()
+
+	group, err := iam.GroupDetail(path, conn)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(group)
+
+}
+
+func GroupUsers(req *restful.Request, resp *restful.Response) {
+
+	path := req.PathParameter("path")
+
+	conn, err := iam.NewConnection()
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	defer conn.Close()
+
+	group, err := iam.GroupDetail(path, conn)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	users := make([]*models.User, 0)
+
+	modify := false
+
+	for i := 0; i < len(group.Members); i++ {
+		name := group.Members[i]
+		user, err := iam.UserDetail(name, conn)
+
+		if err != nil {
+			if ldap.IsErrorWithCode(err, 32) {
+				group.Members = append(group.Members[:i], group.Members[i+1:]...)
+				i--
+				modify = true
+				continue
+			} else {
+				resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+				return
+			}
+		}
+
+		clusterRoles, err := iam.GetClusterRoles(name)
+
+		if err != nil {
+			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+			return
+		}
+
+		for i := 0; i < len(clusterRoles); i++ {
+			if clusterRoles[i].Annotations["rbac.authorization.k8s.io/clusterrole"] == "true" {
+				user.ClusterRole = clusterRoles[i].Name
+				break
+			}
+		}
+
+		if group.Path == group.Name {
+			workspaceRole := iam.GetWorkspaceRole(clusterRoles, group.Name)
+			user.WorkspaceRole = workspaceRole
+		}
+
+		users = append(users, user)
+	}
+
+	if modify {
+		go iam.UpdateGroup(group)
+	}
+
+	resp.WriteAsJson(users)
+
+}
+
+func CountHandler(req *restful.Request, resp *restful.Response) {
+	count, err := iam.CountChild("")
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(map[string]int{"total_count": count})
+}
+
+func RootGroupList(req *restful.Request, resp *restful.Response) {
+
+	array := req.QueryParameter("path")
+
+	if array == "" {
+		groups, err := iam.ChildList("")
+
+		if err != nil {
+			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+			return
+		}
+
+		resp.WriteAsJson(groups)
+	} else {
+		paths := strings.Split(array, ",")
+
+		groups := make([]*models.Group, 0)
+
+		conn, err := iam.NewConnection()
+
+		if err != nil {
+			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+			return
+		}
+
+		defer conn.Close()
+
+		for _, v := range paths {
+			path := strings.TrimSpace(v)
+			group, err := iam.GroupDetail(path, conn)
+			if err != nil {
+				resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+				return
+			}
+			groups = append(groups, group)
+		}
+
+		resp.WriteAsJson(groups)
+	}
+
+}

pkg/apiserver/iam/users.go

@@ -0,0 +1,365 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import (
+	"fmt"
+	"net/http"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/emicklei/go-restful"
+	"github.com/go-ldap/ldap"
+
+	"kubesphere.io/kubesphere/pkg/constants"
+	"kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models"
+	"kubesphere.io/kubesphere/pkg/models/iam"
+)
+
+const (
+	emailRegex = "^[a-z0-9]+([._\\-]*[a-z0-9])*@([a-z0-9]+[-a-z0-9]*[a-z0-9]+.){1,63}[a-z0-9]+$"
+)
+
+func CreateUser(req *restful.Request, resp *restful.Response) {
+	var user models.User
+
+	err := req.ReadEntity(&user)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+
+	if user.Username == "" {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid username")))
+		return
+	}
+
+	if !regexp.MustCompile(emailRegex).MatchString(user.Email) {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid email")))
+		return
+	}
+
+	if len(user.Password) < 6 {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid password")))
+		return
+	}
+
+	err = iam.CreateUser(user)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+
+func DeleteUser(req *restful.Request, resp *restful.Response) {
+	username := req.PathParameter("name")
+
+	operator := req.HeaderParameter(constants.UserNameHeader)
+
+	if operator == username {
+		resp.WriteHeaderAndEntity(http.StatusForbidden, errors.Wrap(fmt.Errorf("cannot delete yourself")))
+		return
+	}
+
+	err := iam.DeleteUser(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+
+func UpdateUser(req *restful.Request, resp *restful.Response) {
+
+	usernameInPath := req.PathParameter("name")
+	username := req.HeaderParameter(constants.UserNameHeader)
+	var user models.User
+
+	err := req.ReadEntity(&user)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+
+	if usernameInPath != user.Username {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("the name of user (%s) does not match the name on the URL (%s)", user.Username, usernameInPath)))
+		return
+	}
+
+	if !regexp.MustCompile(emailRegex).MatchString(user.Email) {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid email")))
+		return
+	}
+
+	if user.Password != "" && len(user.Password) < 6 {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid password")))
+		return
+	}
+
+	if username == user.Username && user.Password != "" {
+		_, err = iam.Login(username, user.CurrentPassword, "")
+		if err != nil {
+			resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("incorrect current password")))
+			return
+		}
+	}
+
+	err = iam.UpdateUser(user)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+
+func UserLoginLog(req *restful.Request, resp *restful.Response) {
+	username := req.PathParameter("name")
+	logs, err := iam.LoginLog(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	result := make([]map[string]string, 0)
+
+	for _, v := range logs {
+		item := strings.Split(v, ",")
+		time := item[0]
+		var ip string
+		if len(item) > 1 {
+			ip = item[1]
+		}
+		result = append(result, map[string]string{"login_time": time, "login_ip": ip})
+	}
+
+	resp.WriteAsJson(result)
+}
+
+func CurrentUserDetail(req *restful.Request, resp *restful.Response) {
+
+	username := req.HeaderParameter(constants.UserNameHeader)
+
+	conn, err := iam.NewConnection()
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	defer conn.Close()
+
+	user, err := iam.UserDetail(username, conn)
+
+	if err != nil {
+		if ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) {
+			resp.WriteHeaderAndEntity(http.StatusForbidden, errors.Wrap(err))
+		} else {
+			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		}
+		return
+	}
+
+	clusterRoles, err := iam.GetClusterRoles(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	clusterRules, err := iam.GetClusterRoleSimpleRules(clusterRoles)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	for i := 0; i < len(clusterRoles); i++ {
+		if clusterRoles[i].Annotations["rbac.authorization.k8s.io/clusterrole"] == "true" {
+			user.ClusterRole = clusterRoles[i].Name
+			break
+		}
+	}
+
+	user.ClusterRules = clusterRules
+
+	resp.WriteAsJson(user)
+}
+
+func NamespacesListHandler(req *restful.Request, resp *restful.Response) {
+	username := req.PathParameter("name")
+
+	namespaces, err := iam.GetNamespaces(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(namespaces)
+}
+
+func UserDetail(req *restful.Request, resp *restful.Response) {
+	username := req.PathParameter("name")
+
+	conn, err := iam.NewConnection()
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	defer conn.Close()
+
+	user, err := iam.UserDetail(username, conn)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	clusterRoles, err := iam.GetClusterRoles(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	clusterRules, err := iam.GetClusterRoleSimpleRules(clusterRoles)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	workspaceRoles := iam.GetWorkspaceRoles(clusterRoles)
+
+	for i := 0; i < len(clusterRoles); i++ {
+		if clusterRoles[i].Annotations["rbac.authorization.k8s.io/clusterrole"] == "true" {
+			user.ClusterRole = clusterRoles[i].Name
+			break
+		}
+	}
+
+	user.ClusterRules = clusterRules
+
+	user.WorkspaceRoles = workspaceRoles
+
+	resp.WriteAsJson(user)
+}
+
+func UserList(req *restful.Request, resp *restful.Response) {
+
+	limit, err := strconv.Atoi(req.QueryParameter("limit"))
+	if err != nil {
+		limit = 65535
+	}
+	offset, err := strconv.Atoi(req.QueryParameter("offset"))
+	if err != nil {
+		offset = 0
+	}
+
+	if check := req.QueryParameter("check"); check != "" {
+		exist, err := iam.UserCreateCheck(check)
+		if err != nil {
+			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+			return
+		}
+
+		resp.WriteAsJson(map[string]bool{"exist": exist})
+		return
+	}
+
+	conn, err := iam.NewConnection()
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	defer conn.Close()
+
+	if query := req.QueryParameter("name"); query != "" {
+		names := strings.Split(query, ",")
+		users := make([]*models.User, 0)
+		for _, name := range names {
+			user, err := iam.UserDetail(name, conn)
+			if err != nil {
+				if ldap.IsErrorWithCode(err, 32) {
+					continue
+				} else {
+					resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+					return
+				}
+			}
+			users = append(users, user)
+		}
+
+		resp.WriteAsJson(users)
+		return
+	}
+
+	var total int
+	var users []models.User
+
+	if query := req.QueryParameter("search"); query != "" {
+		total, users, err = iam.Search(query, limit, offset)
+	} else if query := req.QueryParameter("keyword"); query != "" {
+		total, users, err = iam.Search(query, limit, offset)
+	} else {
+		total, users, err = iam.UserList(limit, offset)
+	}
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	for i := 0; i < len(users); i++ {
+		clusterRoles, err := iam.GetClusterRoles(users[i].Username)
+		if err != nil {
+			resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+			return
+		}
+		for j := 0; j < len(clusterRoles); j++ {
+			if clusterRoles[j].Annotations["rbac.authorization.k8s.io/clusterrole"] == "true" {
+				users[i].ClusterRole = clusterRoles[j].Name
+				break
+			}
+		}
+	}
+
+	items := make([]interface{}, 0)
+
+	for _, u := range users {
+		items = append(items, u)
+	}
+
+	resp.WriteAsJson(models.PageableResponse{Items: items, TotalCount: total})
+}

pkg/apiserver/iam/workspaces.go

@@ -0,0 +1,746 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import (
+	"fmt"
+	"net/http"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/emicklei/go-restful"
+	"github.com/go-ldap/ldap"
+	"k8s.io/api/core/v1"
+	rbac "k8s.io/api/rbac/v1"
+	apierror "k8s.io/apimachinery/pkg/api/errors"
+
+	"kubesphere.io/kubesphere/pkg/constants"
+	"kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models"
+	"kubesphere.io/kubesphere/pkg/models/iam"
+	"kubesphere.io/kubesphere/pkg/models/metrics"
+	"kubesphere.io/kubesphere/pkg/models/workspaces"
+	sliceutils "kubesphere.io/kubesphere/pkg/utils"
+)
+
+const UserNameHeader = "X-Token-Username"
+
+func WorkspaceRoles(req *restful.Request, resp *restful.Response) {
+
+	name := req.PathParameter("name")
+
+	workspace, err := workspaces.Detail(name)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	roles, err := workspaces.Roles(workspace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(roles)
+}
+
+func WorkspaceMemberQuery(req *restful.Request, resp *restful.Response) {
+	workspace := req.PathParameter("name")
+	keyword := req.QueryParameter("keyword")
+
+	users, err := workspaces.GetWorkspaceMembers(workspace, keyword)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(users)
+}
+
+func WorkspaceMemberDetail(req *restful.Request, resp *restful.Response) {
+	workspace := req.PathParameter("name")
+	username := req.PathParameter("member")
+
+	user, err := iam.GetUser(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	namespaces, err := workspaces.Namespaces(workspace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	user.WorkspaceRole = user.WorkspaceRoles[workspace]
+
+	roles := make(map[string]string)
+
+	for _, namespace := range namespaces {
+		if role := user.Roles[namespace.Name]; role != "" {
+			roles[namespace.Name] = role
+		}
+	}
+
+	user.Roles = roles
+	user.Rules = nil
+	user.WorkspaceRules = nil
+	user.WorkspaceRoles = nil
+	user.ClusterRules = nil
+	resp.WriteAsJson(user)
+}
+
+func WorkspaceMemberInvite(req *restful.Request, resp *restful.Response) {
+	var users []models.UserInvite
+	workspace := req.PathParameter("name")
+	err := req.ReadEntity(&users)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	err = workspaces.Invite(workspace, users)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+
+func WorkspaceMemberRemove(req *restful.Request, resp *restful.Response) {
+	query := req.QueryParameter("name")
+	workspace := req.PathParameter("name")
+
+	names := strings.Split(query, ",")
+
+	err := workspaces.RemoveMembers(workspace, names)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+
+func NamespaceCheckHandler(req *restful.Request, resp *restful.Response) {
+	namespace := req.PathParameter("namespace")
+
+	exist, err := workspaces.NamespaceExistCheck(namespace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(map[string]bool{"exist": exist})
+}
+
+func NamespaceDeleteHandler(req *restful.Request, resp *restful.Response) {
+	namespace := req.PathParameter("namespace")
+	workspace := req.PathParameter("name")
+
+	err := workspaces.DeleteNamespace(workspace, namespace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+
+func DevOpsProjectDeleteHandler(req *restful.Request, resp *restful.Response) {
+	devops := req.PathParameter("id")
+	workspace := req.PathParameter("name")
+	force := req.QueryParameter("force")
+	username := req.HeaderParameter(UserNameHeader)
+
+	err := workspaces.UnBindDevopsProject(workspace, devops)
+
+	if err != nil && force != "true" {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	err = workspaces.DeleteDevopsProject(username, devops)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+
+func DevOpsProjectCreateHandler(req *restful.Request, resp *restful.Response) {
+
+	workspace := req.PathParameter("name")
+	username := req.HeaderParameter(UserNameHeader)
+
+	var devops models.DevopsProject
+
+	err := req.ReadEntity(&devops)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+
+	project, err := workspaces.CreateDevopsProject(username, workspace, devops)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(project)
+
+}
+
+func NamespaceCreateHandler(req *restful.Request, resp *restful.Response) {
+	workspace := req.PathParameter("name")
+	username := req.HeaderParameter(UserNameHeader)
+
+	namespace := &v1.Namespace{}
+
+	err := req.ReadEntity(namespace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+
+	if namespace.Annotations == nil {
+		namespace.Annotations = make(map[string]string, 0)
+	}
+
+	namespace.Annotations["creator"] = username
+	namespace.Annotations["workspace"] = workspace
+
+	if namespace.Labels == nil {
+		namespace.Labels = make(map[string]string, 0)
+	}
+
+	namespace.Labels["kubesphere.io/workspace"] = workspace
+
+	namespace, err = workspaces.CreateNamespace(namespace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid workspace name")))
+		return
+	}
+
+	resp.WriteAsJson(namespace)
+}
+
+func DevOpsProjectHandler(req *restful.Request, resp *restful.Response) {
+
+	workspace := req.PathParameter("name")
+	username := req.PathParameter("username")
+	keyword := req.QueryParameter("keyword")
+
+	if username == "" {
+		username = req.HeaderParameter(UserNameHeader)
+	}
+
+	limit := 65535
+	offset := 0
+	orderBy := "createTime"
+	reverse := true
+
+	if groups := regexp.MustCompile(`^limit=(\d+),page=(\d+)$`).FindStringSubmatch(req.QueryParameter("paging")); len(groups) == 3 {
+		limit, _ = strconv.Atoi(groups[1])
+		page, _ := strconv.Atoi(groups[2])
+		offset = (page - 1) * limit
+	}
+
+	if groups := regexp.MustCompile(`^(createTime|name)$`).FindStringSubmatch(req.QueryParameter("order")); len(groups) == 2 {
+		orderBy = groups[1]
+		reverse = false
+	}
+
+	if q := req.QueryParameter("reverse"); q != "" {
+		b, err := strconv.ParseBool(q)
+		if err == nil {
+			reverse = b
+		}
+	}
+
+	total, devOpsProjects, err := workspaces.ListDevopsProjectsByUser(username, workspace, keyword, orderBy, reverse, limit, offset)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	result := models.PageableResponse{}
+	result.TotalCount = total
+	result.Items = make([]interface{}, 0)
+	for _, n := range devOpsProjects {
+		result.Items = append(result.Items, n)
+	}
+	resp.WriteAsJson(result)
+}
+
+func WorkspaceCreateHandler(req *restful.Request, resp *restful.Response) {
+	var workspace models.Workspace
+	username := req.HeaderParameter(UserNameHeader)
+	err := req.ReadEntity(&workspace)
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+	if workspace.Name == "" || strings.Contains(workspace.Name, ":") {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid workspace name")))
+		return
+	}
+
+	workspace.Path = workspace.Name
+	workspace.Members = nil
+
+	if workspace.Admin != "" {
+		workspace.Creator = workspace.Admin
+	} else {
+		workspace.Creator = username
+	}
+
+	created, err := workspaces.Create(&workspace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(created)
+
+}
+
+func DeleteWorkspaceHandler(req *restful.Request, resp *restful.Response) {
+	name := req.PathParameter("name")
+
+	if name == "" || strings.Contains(name, ":") {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid workspace name")))
+		return
+	}
+
+	workspace, err := workspaces.Detail(name)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	err = workspaces.Delete(workspace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(errors.None)
+}
+func WorkspaceEditHandler(req *restful.Request, resp *restful.Response) {
+	var workspace models.Workspace
+	name := req.PathParameter("name")
+	err := req.ReadEntity(&workspace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		return
+	}
+
+	if name != workspace.Name {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("the name of workspace (%s) does not match the name on the URL (%s)", workspace.Name, name)))
+		return
+	}
+
+	if workspace.Name == "" || strings.Contains(workspace.Name, ":") {
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid workspace name")))
+		return
+	}
+
+	workspace.Path = workspace.Name
+
+	workspace.Members = nil
+
+	edited, err := workspaces.Edit(&workspace)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(edited)
+}
+func WorkspaceDetailHandler(req *restful.Request, resp *restful.Response) {
+
+	name := req.PathParameter("name")
+
+	workspace, err := workspaces.Detail(name)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	resp.WriteAsJson(workspace)
+}
+
+// List all workspaces for the current user
+func UserWorkspaceListHandler(req *restful.Request, resp *restful.Response) {
+	keyword := req.QueryParameter("keyword")
+	username := req.HeaderParameter(constants.UserNameHeader)
+
+	ws, err := workspaces.ListWorkspaceByUser(username, keyword)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	sort.Slice(ws, func(i, j int) bool {
+		t1, err := ws[i].GetCreateTime()
+		if err != nil {
+			return false
+		}
+		t2, err := ws[j].GetCreateTime()
+		if err != nil {
+			return true
+		}
+		return t1.After(t2)
+	})
+
+	resp.WriteAsJson(ws)
+}
+
+func UserNamespaceListHandler(req *restful.Request, resp *restful.Response) {
+	withMetrics, err := strconv.ParseBool(req.QueryParameter("metrics"))
+
+	if err != nil {
+		withMetrics = false
+	}
+
+	username := req.PathParameter("username")
+	keyword := req.QueryParameter("keyword")
+	if username == "" {
+		username = req.HeaderParameter(UserNameHeader)
+	}
+	limit := 65535
+	offset := 0
+	orderBy := "createTime"
+	reverse := true
+
+	if groups := regexp.MustCompile(`^limit=(\d+),page=(\d+)$`).FindStringSubmatch(req.QueryParameter("paging")); len(groups) == 3 {
+		limit, _ = strconv.Atoi(groups[1])
+		page, _ := strconv.Atoi(groups[2])
+		if page < 0 {
+			page = 1
+		}
+		offset = (page - 1) * limit
+	}
+
+	if groups := regexp.MustCompile(`^(createTime|name)$`).FindStringSubmatch(req.QueryParameter("order")); len(groups) == 2 {
+		orderBy = groups[1]
+		reverse = false
+	}
+
+	if q := req.QueryParameter("reverse"); q != "" {
+		b, err := strconv.ParseBool(q)
+		if err == nil {
+			reverse = b
+		}
+	}
+
+	workspaceName := req.PathParameter("workspace")
+
+	total, namespaces, err := workspaces.ListNamespaceByUser(workspaceName, username, keyword, orderBy, reverse, limit, offset)
+
+	if withMetrics {
+		namespaces = metrics.GetNamespacesWithMetrics(namespaces)
+	}
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	result := models.PageableResponse{}
+	result.TotalCount = total
+	result.Items = make([]interface{}, 0)
+	for _, n := range namespaces {
+		result.Items = append(result.Items, n)
+	}
+
+	resp.WriteAsJson(result)
+}
+
+func DevopsRulesHandler(req *restful.Request, resp *restful.Response) {
+	//workspaceName := req.PathParameter("workspace")
+	username := req.HeaderParameter(constants.UserNameHeader)
+	devopsName := req.PathParameter("devops")
+
+	var rules []models.SimpleRule
+
+	role, err := iam.GetDevopsRole(devopsName, username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	switch role {
+	case "developer":
+		rules = []models.SimpleRule{
+			{Name: "pipelines", Actions: []string{"view", "trigger"}},
+			{Name: "roles", Actions: []string{"view"}},
+			{Name: "members", Actions: []string{"view"}},
+			{Name: "devops", Actions: []string{"view"}},
+		}
+		break
+	case "owner":
+		rules = []models.SimpleRule{
+			{Name: "pipelines", Actions: []string{"create", "edit", "view", "delete", "trigger"}},
+			{Name: "roles", Actions: []string{"view"}},
+			{Name: "members", Actions: []string{"create", "edit", "view", "delete"}},
+			{Name: "credentials", Actions: []string{"create", "edit", "view", "delete"}},
+			{Name: "devops", Actions: []string{"edit", "view", "delete"}},
+		}
+		break
+	case "maintainer":
+		rules = []models.SimpleRule{
+			{Name: "pipelines", Actions: []string{"create", "edit", "view", "delete", "trigger"}},
+			{Name: "roles", Actions: []string{"view"}},
+			{Name: "members", Actions: []string{"view"}},
+			{Name: "credentials", Actions: []string{"create", "edit", "view", "delete"}},
+			{Name: "devops", Actions: []string{"view"}},
+		}
+		break
+	case "reporter":
+		fallthrough
+	default:
+		rules = []models.SimpleRule{
+			{Name: "pipelines", Actions: []string{"view"}},
+			{Name: "roles", Actions: []string{"view"}},
+			{Name: "members", Actions: []string{"view"}},
+			{Name: "devops", Actions: []string{"view"}},
+		}
+		break
+	}
+
+	resp.WriteAsJson(rules)
+}
+
+func NamespacesRulesHandler(req *restful.Request, resp *restful.Response) {
+	workspaceName := req.PathParameter("workspace")
+	username := req.HeaderParameter(constants.UserNameHeader)
+	namespaceName := req.PathParameter("namespace")
+
+	namespace, err := iam.GetNamespace(namespaceName)
+
+	if err != nil {
+		if apierror.IsNotFound(err) {
+			resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("permission undefined")))
+		} else {
+			resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+		}
+		return
+	}
+
+	if namespace.Labels == nil || namespace.Labels["kubesphere.io/workspace"] != workspaceName {
+		resp.WriteHeaderAndEntity(http.StatusForbidden, errors.Wrap(fmt.Errorf("permission undefined")))
+		return
+	}
+
+	clusterRoles, err := iam.GetClusterRoles(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	roles, err := iam.GetRoles(username, namespaceName)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	for _, clusterRole := range clusterRoles {
+		role := new(rbac.Role)
+		role.Name = clusterRole.Name
+		role.Labels = clusterRole.Labels
+		role.Namespace = namespaceName
+		role.Annotations = clusterRole.Annotations
+		role.Kind = "Role"
+		role.Rules = clusterRole.Rules
+		roles = append(roles, role)
+	}
+
+	rules, err := iam.GetRoleSimpleRules(roles, namespaceName)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	if rules[namespaceName] == nil {
+		resp.WriteAsJson(make([]models.SimpleRule, 0))
+	} else {
+		resp.WriteAsJson(rules[namespaceName])
+	}
+}
+
+func WorkspaceRulesHandler(req *restful.Request, resp *restful.Response) {
+	workspace := req.PathParameter("workspace")
+
+	username := req.HeaderParameter(constants.UserNameHeader)
+
+	clusterRoles, err := iam.GetClusterRoles(username)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	rules := iam.GetWorkspaceSimpleRules(clusterRoles, workspace)
+
+	if rules[workspace] != nil {
+		resp.WriteAsJson(rules[workspace])
+	} else if rules["*"] != nil {
+		resp.WriteAsJson(rules["*"])
+	} else {
+		resp.WriteAsJson(make([]models.SimpleRule, 0))
+	}
+}
+
+func WorkspaceMemberList(req *restful.Request, resp *restful.Response) {
+	workspace := req.PathParameter("workspace")
+	limit, err := strconv.Atoi(req.QueryParameter("limit"))
+	if err != nil {
+		limit = 500
+	}
+	offset, err := strconv.Atoi(req.QueryParameter("offset"))
+	if err != nil {
+		offset = 0
+	}
+
+	conn, err := iam.NewConnection()
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	defer conn.Close()
+
+	group, err := iam.GroupDetail(workspace, conn)
+
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+		return
+	}
+
+	keyword := ""
+
+	if query := req.QueryParameter("keyword"); query != "" {
+		keyword = query
+	}
+
+	users := make([]*models.User, 0)
+
+	total := len(group.Members)
+
+	members := sliceutils.RemoveString(group.Members, func(item string) bool {
+		return keyword != "" && !strings.Contains(item, keyword)
+	})
+
+	for i := 0; i < len(members); i++ {
+		username := members[i]
+
+		if i < offset {
+			continue
+		}
+
+		if len(users) == limit {
+			break
+		}
+
+		user, err := iam.UserDetail(username, conn)
+
+		if err != nil {
+			if ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) {
+				group.Members = sliceutils.RemoveString(group.Members, func(item string) bool {
+					return item == username
+				})
+				continue
+			} else {
+				resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
+				return
+			}
+		}
+
+		clusterRoles, err := iam.GetClusterRoles(username)
+
+		for i := 0; i < len(clusterRoles); i++ {
+			if clusterRoles[i].Annotations["rbac.authorization.k8s.io/clusterrole"] == "true" {
+				user.ClusterRole = clusterRoles[i].Name
+				break
+			}
+		}
+
+		if group.Path == group.Name {
+
+			workspaceRole := iam.GetWorkspaceRole(clusterRoles, group.Name)
+
+			if err != nil {
+				resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
+				return
+			}
+
+			user.WorkspaceRole = workspaceRole
+		}
+
+		users = append(users, user)
+	}
+
+	if total > len(group.Members) {
+		go iam.UpdateGroup(group)
+	}
+	if req.QueryParameter("limit") != "" {
+		resp.WriteAsJson(map[string]interface{}{"items": users, "total_count": len(members)})
+	} else {
+		resp.WriteAsJson(users)
+	}
+}

pkg/apiserver/metrics/metrics.go

@@ -21,9 +21,10 @@ import (
 	"github.com/emicklei/go-restful"
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/storage"
+	"net/http"
 )
 
-type scMetricsItem struct {
+type ScMetricsItem struct {
 	Name    string             `json:"name"`
 	Metrics *storage.ScMetrics `json:"metrics"`
 }
@@ -35,11 +36,12 @@ func GetScMetrics(request *restful.Request, response *restful.Response) {
 
 	metrics, err := storage.GetScMetrics(scName)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
-	result := scMetricsItem{
+	result := ScMetricsItem{
 		Name: scName, Metrics: metrics,
 	}
 
@@ -51,21 +53,23 @@ func GetScMetrics(request *restful.Request, response *restful.Response) {
 func GetScMetricsList(request *restful.Request, response *restful.Response) {
 	scList, err := storage.GetScList()
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	// Set return value
-	items := make([]scMetricsItem, 0)
+	items := make([]ScMetricsItem, 0)
 
 	for _, v := range scList {
 		metrics, err := storage.GetScMetrics(v.GetName())
 
-		if errors.HandlerError(err, response) {
+		if err != nil {
+			response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 			return
 		}
 
-		item := scMetricsItem{
+		item := ScMetricsItem{
 			Name: v.GetName(), Metrics: metrics,
 		}
 

pkg/apiserver/monitoring/monitoring.go

@@ -0,0 +1,220 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package monitoring
+
+import (
+	"github.com/emicklei/go-restful"
+	"kubesphere.io/kubesphere/pkg/client"
+	"kubesphere.io/kubesphere/pkg/models/metrics"
+)
+
+func MonitorPod(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+	podName := requestParams.PodName
+	metricName := requestParams.MetricsName
+	if podName != "" {
+		// single pod single metric
+		queryType, params, nullRule := metrics.AssemblePodMetricRequestInfo(requestParams, metricName)
+		var res *metrics.FormatedMetric
+		if !nullRule {
+			res = metrics.GetMetric(queryType, params, metricName)
+		}
+		response.WriteAsJson(res)
+
+	} else {
+		// multiple
+		rawMetrics := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelPod)
+		// sorting
+		sortedMetrics, maxMetricCount := metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelPodName)
+		// paging
+		pagedMetrics := metrics.Page(requestParams.PageNum, requestParams.LimitNum, sortedMetrics, maxMetricCount)
+
+		response.WriteAsJson(pagedMetrics)
+	}
+}
+
+func MonitorContainer(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+	metricName := requestParams.MetricsName
+	if requestParams.MetricsFilter != "" {
+		rawMetrics := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelContainer)
+		// sorting
+		sortedMetrics, maxMetricCount := metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelContainerName)
+		// paging
+		pagedMetrics := metrics.Page(requestParams.PageNum, requestParams.LimitNum, sortedMetrics, maxMetricCount)
+
+		response.WriteAsJson(pagedMetrics)
+
+	} else {
+		res := metrics.MonitorContainer(requestParams, metricName)
+		response.WriteAsJson(res)
+	}
+
+}
+
+func MonitorWorkload(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+
+	rawMetrics := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelWorkload)
+
+	var sortedMetrics *metrics.FormatedLevelMetric
+	var maxMetricCount int
+
+	wlKind := requestParams.WorkloadKind
+
+	// sorting
+	if wlKind == "" {
+
+		sortedMetrics, maxMetricCount = metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelWorkload)
+	} else {
+
+		sortedMetrics, maxMetricCount = metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelPodName)
+	}
+
+	// paging
+	pagedMetrics := metrics.Page(requestParams.PageNum, requestParams.LimitNum, sortedMetrics, maxMetricCount)
+
+	response.WriteAsJson(pagedMetrics)
+
+}
+
+func MonitorAllWorkspaces(request *restful.Request, response *restful.Response) {
+
+	requestParams := client.ParseMonitoringRequestParams(request)
+
+	tp := requestParams.Tp
+	if tp == "_statistics" {
+		// merge multiple metric: all-devops, all-roles, all-projects...this api is designed for admin
+		res := metrics.MonitorAllWorkspacesStatistics()
+
+		response.WriteAsJson(res)
+
+	} else if tp == "rank" {
+		rawMetrics := metrics.MonitorAllWorkspaces(requestParams)
+		// sorting
+		sortedMetrics, maxMetricCount := metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelWorkspace)
+		// paging
+		pagedMetrics := metrics.Page(requestParams.PageNum, requestParams.LimitNum, sortedMetrics, maxMetricCount)
+
+		response.WriteAsJson(pagedMetrics)
+	} else {
+		res := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelWorkspace)
+		response.WriteAsJson(res)
+	}
+}
+
+func MonitorOneWorkspace(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+
+	tp := requestParams.Tp
+	if tp == "rank" {
+		// multiple
+		rawMetrics := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelWorkspace)
+		// sorting
+		sortedMetrics, maxMetricCount := metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelNamespace)
+		// paging
+		pagedMetrics := metrics.Page(requestParams.PageNum, requestParams.LimitNum, sortedMetrics, maxMetricCount)
+
+		response.WriteAsJson(pagedMetrics)
+
+	} else if tp == "_statistics" {
+		wsName := requestParams.WsName
+
+		// merge multiple metric: devops, roles, projects...
+		res := metrics.MonitorOneWorkspaceStatistics(wsName)
+		response.WriteAsJson(res)
+	} else {
+		res := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelWorkspace)
+		response.WriteAsJson(res)
+	}
+}
+
+func MonitorNamespace(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+	metricName := requestParams.MetricsName
+	nsName := requestParams.NsName
+	if nsName != "" {
+		// single
+		queryType, params := metrics.AssembleNamespaceMetricRequestInfo(requestParams, metricName)
+		res := metrics.GetMetric(queryType, params, metricName)
+		response.WriteAsJson(res)
+	} else {
+		// multiple
+		rawMetrics := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelNamespace)
+		// sorting
+		sortedMetrics, maxMetricCount := metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelNamespace)
+		// paging
+		pagedMetrics := metrics.Page(requestParams.PageNum, requestParams.LimitNum, sortedMetrics, maxMetricCount)
+
+		response.WriteAsJson(pagedMetrics)
+	}
+}
+
+func MonitorCluster(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+
+	metricName := requestParams.MetricsName
+	if metricName != "" {
+		// single
+		queryType, params := metrics.AssembleClusterMetricRequestInfo(requestParams, metricName)
+		res := metrics.GetMetric(queryType, params, metricName)
+
+		response.WriteAsJson(res)
+	} else {
+		// multiple
+		res := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelCluster)
+		response.WriteAsJson(res)
+	}
+}
+
+func MonitorNode(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+
+	metricName := requestParams.MetricsName
+	if metricName != "" {
+		// single
+		queryType, params := metrics.AssembleNodeMetricRequestInfo(requestParams, metricName)
+		res := metrics.GetMetric(queryType, params, metricName)
+		nodeAddress := metrics.GetNodeAddressInfo()
+		metrics.AddNodeAddressMetric(res, nodeAddress)
+		response.WriteAsJson(res)
+	} else {
+		// multiple
+		rawMetrics := metrics.MonitorAllMetrics(requestParams, metrics.MetricLevelNode)
+		nodeAddress := metrics.GetNodeAddressInfo()
+
+		for i := 0; i < len(rawMetrics.Results); i++ {
+			metrics.AddNodeAddressMetric(&rawMetrics.Results[i], nodeAddress)
+		}
+
+		// sorting
+		sortedMetrics, maxMetricCount := metrics.Sort(requestParams.SortMetricName, requestParams.SortType, rawMetrics, metrics.MetricLevelNode)
+		// paging
+		pagedMetrics := metrics.Page(requestParams.PageNum, requestParams.LimitNum, sortedMetrics, maxMetricCount)
+
+		response.WriteAsJson(pagedMetrics)
+	}
+}
+
+// k8s component(controller, scheduler, etcd) status
+func MonitorComponentStatus(request *restful.Request, response *restful.Response) {
+	requestParams := client.ParseMonitoringRequestParams(request)
+
+	status := metrics.MonitorComponentStatus(requestParams)
+	response.WriteAsJson(status)
+}

pkg/apiserver/operations/job.go

@@ -19,10 +19,9 @@
 package operations
 
 import (
-	"net/http"
-
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/workloads"
+	"net/http"
 
 	"github.com/emicklei/go-restful"
 
@@ -40,10 +39,11 @@ func RerunJob(req *restful.Request, resp *restful.Response) {
 	case "rerun":
 		err = workloads.JobReRun(namespace, job)
 	default:
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, fmt.Sprintf("invalid operation %s", action)))
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("invalid operation %s", action)))
 		return
 	}
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/operations/node.go

@@ -20,6 +20,7 @@ package operations
 
 import (
 	"github.com/emicklei/go-restful"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/nodes"
@@ -31,7 +32,8 @@ func DrainNode(request *restful.Request, response *restful.Response) {
 
 	err := nodes.DrainNode(nodeName)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/quotas/quotas.go

@@ -20,48 +20,30 @@ package quotas
 
 import (
 	"github.com/emicklei/go-restful"
-	"github.com/emicklei/go-restful-openapi"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 
 	"kubesphere.io/kubesphere/pkg/models/quotas"
 )
 
-func V1Alpha2(ws *restful.WebService) {
+func GetNamespaceQuotas(req *restful.Request, resp *restful.Response) {
-
-	tags := []string{"quotas"}
-
-	ws.Route(ws.GET("/quotas").
-		To(getClusterQuotas).
-		Doc("get whole cluster's resource usage").
-		Writes(quotas.ResourceQuota{}).
-		Metadata(restfulspec.KeyOpenAPITags, tags))
-
-	ws.Route(ws.GET("/namespaces/{namespace}/quotas").
-		Doc("get specified namespace's resource quota and usage").
-		Param(ws.PathParameter("namespace", "namespace's name").
-			DataType("string")).
-		Writes(quotas.ResourceQuota{}).
-		Metadata(restfulspec.KeyOpenAPITags, tags).
-		To(getNamespaceQuotas))
-
-}
-
-func getNamespaceQuotas(req *restful.Request, resp *restful.Response) {
 	namespace := req.PathParameter("namespace")
 	quota, err := quotas.GetNamespaceQuotas(namespace)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	resp.WriteAsJson(quota)
 }
 
-func getClusterQuotas(req *restful.Request, resp *restful.Response) {
+func GetClusterQuotas(req *restful.Request, resp *restful.Response) {
 	quota, err := quotas.GetClusterQuotas()
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/registries/registries.go

@@ -20,55 +20,29 @@ package registries
 
 import (
 	"github.com/emicklei/go-restful"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/registries"
 )
 
-func V1Alpha2(ws *restful.WebService) {
+func RegistryVerify(request *restful.Request, response *restful.Response) {
-
-	ws.Route(ws.POST("registries/verify").To(registryVerify))
-
-}
-
-func registryVerify(request *restful.Request, response *restful.Response) {
 
 	authInfo := registries.AuthInfo{}
 
 	err := request.ReadEntity(&authInfo)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	err = registries.RegistryVerify(authInfo)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	response.WriteAsJson(errors.None)
 }
-
-//func (c *registriesHandler) handlerImageSearch(request *restful.Request, response *restful.Response) {
-//
-//	registry := request.PathParameter("name")
-//	searchWord := request.PathParameter("searchWord")
-//	namespace := request.PathParameter("namespace")
-//
-//	res := c.registries.ImageSearch(namespace, registry, searchWord)
-//
-//	response.WriteAsJson(res)
-//
-//}
-//
-//func (c *registriesHandler) handlerGetImageTags(request *restful.Request, response *restful.Response) {
-//
-//	registry := request.PathParameter("name")
-//	image := request.QueryParameter("image")
-//	namespace := request.PathParameter("namespace")
-//
-//	res := c.registries.GetImageTags(namespace, registry, image)
-//
-//	response.WriteAsJson(res)
-//}

pkg/apiserver/resources/cluster_resources.go

@@ -19,6 +19,7 @@ package resources
 
 import (
 	"github.com/emicklei/go-restful"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/resources"
@@ -27,14 +28,15 @@ import (
 
 func ClusterResourceHandler(req *restful.Request, resp *restful.Response) {
 	resourceName := req.PathParameter("resources")
-	conditions := req.QueryParameter(params.Conditions)
+	conditions, err := params.ParseConditions(req)
-	orderBy := req.QueryParameter(params.OrderBy)
+	orderBy := req.QueryParameter(params.OrderByParam)
-	limit, offset := params.ParsePaging(req.QueryParameter(params.Paging))
+	limit, offset := params.ParsePaging(req)
-	reverse := params.ParseReserve(req.QueryParameter(params.Reserve))
+	reverse := params.ParseReverse(req)
 
 	result, err := resources.ListClusterResource(resourceName, conditions, orderBy, reverse, limit, offset)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/resources/namespace_resources.go

@@ -19,6 +19,7 @@ package resources
 
 import (
 	"github.com/emicklei/go-restful"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/resources"
@@ -28,14 +29,15 @@ import (
 func NamespaceResourceHandler(req *restful.Request, resp *restful.Response) {
 	namespace := req.PathParameter("namespace")
 	resourceName := req.PathParameter("resources")
-	conditions := req.QueryParameter(params.Conditions)
+	conditions, err := params.ParseConditions(req)
-	orderBy := req.QueryParameter(params.OrderBy)
+	orderBy := req.QueryParameter(params.OrderByParam)
-	limit, offset := params.ParsePaging(req.QueryParameter(params.Paging))
+	limit, offset := params.ParsePaging(req)
-	reverse := params.ParseReserve(req.QueryParameter(params.Reserve))
+	reverse := params.ParseReverse(req)
 
 	result, err := resources.ListNamespaceResource(namespace, resourceName, conditions, orderBy, reverse, limit, offset)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/resources/storage.go

@@ -20,6 +20,7 @@ package resources
 import (
 	"github.com/emicklei/go-restful"
 	"k8s.io/api/core/v1"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/storage"
@@ -43,7 +44,8 @@ func GetPodListByPvc(request *restful.Request, response *restful.Response) {
 	pvcName := request.PathParameter("pvc")
 	nsName := request.PathParameter("namespace")
 	pods, err := storage.GetPodListByPvc(pvcName, nsName)
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 	result := podListByPvc{Name: pvcName, Namespace: nsName, Pods: pods}
@@ -56,7 +58,8 @@ func GetPvcListBySc(request *restful.Request, response *restful.Response) {
 	scName := request.PathParameter("storageclass")
 	claims, err := storage.GetPvcListBySc(scName)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/resources/user.go

@@ -19,6 +19,7 @@ package resources
 
 import (
 	"github.com/emicklei/go-restful"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/kubeconfig"
@@ -31,7 +32,8 @@ func GetKubectl(req *restful.Request, resp *restful.Response) {
 
 	kubectlPod, err := kubectl.GetKubectlPod(user)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
@@ -44,7 +46,8 @@ func GetKubeconfig(req *restful.Request, resp *restful.Response) {
 
 	kubectlConfig, err := kubeconfig.GetKubeConfig(user)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/revisions/revisions.go

@@ -22,93 +22,59 @@ import (
 	"strconv"
 
 	"github.com/emicklei/go-restful"
-	"github.com/emicklei/go-restful-openapi"
-	"k8s.io/api/apps/v1"
-
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/revisions"
 )
 
-func V1Alpha2(ws *restful.WebService) {
+func GetDaemonSetRevision(req *restful.Request, resp *restful.Response) {
-	ws.Route(ws.GET("/namespaces/{namespace}/daemonsets/{daemonset}/revisions/{revision}").
-		To(getDaemonSetRevision).
-		Metadata(restfulspec.KeyOpenAPITags, []string{"daemonsets", "revision"}).
-		Doc("Handle daemonset operation").
-		Param(ws.PathParameter("daemonset", "daemonset's name").
-			DataType("string")).
-		Param(ws.PathParameter("namespace", "daemonset's namespace").
-			DataType("string")).
-		Param(ws.PathParameter("revision", "daemonset's revision")).
-		Writes(v1.DaemonSet{}))
-	ws.Route(ws.GET("/namespaces/{namespace}/deployments/{deployment}/revisions/{revision}").
-		To(getDeployRevision).
-		Metadata(restfulspec.KeyOpenAPITags, []string{"deployments", "revision"}).
-		Doc("Handle deployment operation").
-		Param(ws.PathParameter("deployment", "deployment's name").
-			DataType("string")).
-		Param(ws.PathParameter("namespace",
-			"deployment's namespace").
-			DataType("string")).
-		Param(ws.PathParameter("deployment", "deployment's name")).
-		Writes(v1.ReplicaSet{}))
-	ws.Route(ws.GET("/namespaces/{namespace}/statefulsets/{statefulset}/revisions/{revision}").
-		To(getStatefulSetRevision).
-		Metadata(restfulspec.KeyOpenAPITags, []string{"statefulsets", "revisions"}).
-		Doc("Handle statefulset operation").
-		Param(ws.PathParameter("statefulset", "statefulset's name").
-			DataType("string")).
-		Param(ws.PathParameter("namespace", "statefulset's namespace").
-			DataType("string")).
-		Param(ws.PathParameter("revision", "statefulset's revision")).
-		Writes(v1.StatefulSet{}))
-}
-
-func getDaemonSetRevision(req *restful.Request, resp *restful.Response) {
 	daemonset := req.PathParameter("daemonset")
 	namespace := req.PathParameter("namespace")
 	revision, err := strconv.Atoi(req.PathParameter("revision"))
 
 	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
 		return
 	}
 
 	result, err := revisions.GetDaemonSetRevision(namespace, daemonset, revision)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	resp.WriteAsJson(result)
 }
 
-func getDeployRevision(req *restful.Request, resp *restful.Response) {
+func GetDeployRevision(req *restful.Request, resp *restful.Response) {
 	deploy := req.PathParameter("deployment")
 	namespace := req.PathParameter("namespace")
 	revision := req.PathParameter("revision")
 
 	result, err := revisions.GetDeployRevision(namespace, deploy, revision)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	resp.WriteAsJson(result)
 }
 
-func getStatefulSetRevision(req *restful.Request, resp *restful.Response) {
+func GetStatefulSetRevision(req *restful.Request, resp *restful.Response) {
 	statefulset := req.PathParameter("statefulset")
 	namespace := req.PathParameter("namespace")
 	revision, err := strconv.Atoi(req.PathParameter("revision"))
 
 	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
+		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
 		return
 	}
 
 	result, err := revisions.GetStatefulSetRevision(namespace, statefulset, revision)
 
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 

pkg/apiserver/routers/routers.go

@@ -19,58 +19,31 @@
 package routers
 
 import (
+	"fmt"
 	"github.com/emicklei/go-restful"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 
-	"net/http"
 	"strings"
 
-	"github.com/golang/glog"
 	"k8s.io/api/core/v1"
 
 	"kubesphere.io/kubesphere/pkg/models/routers"
 )
 
-func V1Alpha2(ws *restful.WebService) {
-	ws.Route(ws.GET("/routers").To(getAllRouters).
-		Doc("Get all routers"))
-
-	ws.Route(ws.GET("/users/{username}/routers").To(getAllRoutersOfUser).
-		Doc("Get routers for user"))
-
-	ws.Route(ws.GET("/namespaces/{namespace}/router").To(getRouter).
-		Doc("Get router of a specified project").
-		Param(ws.PathParameter("namespace", "name of the project").
-			DataType("string")))
-
-	ws.Route(ws.DELETE("/namespaces/{namespace}/router").To(deleteRouter).
-		Doc("Get router of a specified project").
-		Param(ws.PathParameter("namespace", "name of the project").
-			DataType("string")))
-
-	ws.Route(ws.POST("/namespaces/{namespace}/router").To(createRouter).
-		Doc("Create a router for a specified project").
-		Param(ws.PathParameter("namespace", "name of the project").
-			DataType("string")))
-
-	ws.Route(ws.PUT("/namespaces/{namespace}/router").To(updateRouter).
-		Doc("Update a router for a specified project").
-		Param(ws.PathParameter("namespace", "name of the project").
-			DataType("string")))
-}
-
 type Router struct {
 	RouterType  string            `json:"type"`
 	Annotations map[string]string `json:"annotations"`
 }
 
 // Get all namespace ingress controller services
-func getAllRouters(request *restful.Request, response *restful.Response) {
+func GetAllRouters(request *restful.Request, response *restful.Response) {
 
 	routers, err := routers.GetAllRouters()
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
@@ -78,13 +51,14 @@ func getAllRouters(request *restful.Request, response *restful.Response) {
 }
 
 // Get all namespace ingress controller services for user
-func getAllRoutersOfUser(request *restful.Request, response *restful.Response) {
+func GetAllRoutersOfUser(request *restful.Request, response *restful.Response) {
 
 	username := request.PathParameter("username")
 
 	routers, err := routers.GetAllRoutersOfUser(username)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
@@ -92,12 +66,13 @@ func getAllRoutersOfUser(request *restful.Request, response *restful.Response) {
 }
 
 // Get ingress controller service for specified namespace
-func getRouter(request *restful.Request, response *restful.Response) {
+func GetRouter(request *restful.Request, response *restful.Response) {
 
 	namespace := request.PathParameter("namespace")
 	router, err := routers.GetRouter(namespace)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
@@ -105,7 +80,7 @@ func getRouter(request *restful.Request, response *restful.Response) {
 }
 
 // Create ingress controller and related services
-func createRouter(request *restful.Request, response *restful.Response) {
+func CreateRouter(request *restful.Request, response *restful.Response) {
 
 	namespace := request.PathParameter("namespace")
 
@@ -119,18 +94,17 @@ func createRouter(request *restful.Request, response *restful.Response) {
 
 	var router *v1.Service
 
-	serviceType, annotationMap, err := ParseParameter(newRouter)
+	serviceType, annotationMap, err := parseParameter(newRouter)
 
 	if err != nil {
-		glog.Error("Wrong annotations, missing key or value")
+		response.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(fmt.Errorf("wrong annotations, missing key or value")))
-		response.WriteHeaderAndEntity(http.StatusBadRequest,
-			errors.New(errors.InvalidArgument, "Wrong annotations, missing key or value"))
 		return
 	}
 
 	router, err = routers.CreateRouter(namespace, serviceType, annotationMap)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
@@ -138,19 +112,20 @@ func createRouter(request *restful.Request, response *restful.Response) {
 }
 
 // Delete ingress controller and services
-func deleteRouter(request *restful.Request, response *restful.Response) {
+func DeleteRouter(request *restful.Request, response *restful.Response) {
 	namespace := request.PathParameter("namespace")
 
 	router, err := routers.DeleteRouter(namespace)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	response.WriteAsJson(router)
 }
 
-func updateRouter(request *restful.Request, response *restful.Response) {
+func UpdateRouter(request *restful.Request, response *restful.Response) {
 
 	namespace := request.PathParameter("namespace")
 
@@ -158,23 +133,23 @@ func updateRouter(request *restful.Request, response *restful.Response) {
 	err := request.ReadEntity(&newRouter)
 
 	if err != nil {
-		glog.Error(err)
+		response.WriteHeaderAndEntity(http.StatusBadRequest, errors.Wrap(err))
-		response.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
 		return
 	}
 
-	serviceType, annotationMap, err := ParseParameter(newRouter)
+	serviceType, annotationMap, err := parseParameter(newRouter)
 
 	router, err := routers.UpdateRouter(namespace, serviceType, annotationMap)
 
-	if errors.HandlerError(err, response) {
+	if err != nil {
+		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
 	response.WriteAsJson(router)
 }
 
-func ParseParameter(router Router) (routerType v1.ServiceType, annotationMap map[string]string, err error) {
+func parseParameter(router Router) (routerType v1.ServiceType, annotationMap map[string]string, err error) {
 
 	routerType = v1.ServiceTypeNodePort
 

pkg/apiserver/runtime/runtime.go

@@ -35,7 +35,9 @@ type ContainerBuilder []func(c *restful.Container) error
 func NewWebService(gv schema.GroupVersion) *restful.WebService {
 	webservice := restful.WebService{}
 
-	webservice.Path(ApiRootPath + "/" + gv.String())
+	webservice.Path(ApiRootPath + "/" + gv.String()).
+		Consumes(restful.MIME_JSON).
+		Produces(restful.MIME_JSON)
 
 	return &webservice
 }

pkg/apiserver/workloadstatuses/workloadstatuses.go

@@ -20,39 +20,25 @@ package workloadstatuses
 
 import (
 	"github.com/emicklei/go-restful"
-	"github.com/emicklei/go-restful-openapi"
+	"net/http"
 
 	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/models/status"
 )
 
-func V1Alpha2(ws *restful.WebService) {
+func GetClusterResourceStatus(req *restful.Request, resp *restful.Response) {
-	tags := []string{"workloadStatus"}
-
-	ws.Route(ws.GET("/workloadstatuses").
-		Doc("get abnormal workloads' count of whole cluster").
-		Metadata(restfulspec.KeyOpenAPITags, tags).
-		To(getClusterResourceStatus))
-	ws.Route(ws.GET("/namespaces/{namespace}/workloadstatuses").
-		Doc("get abnormal workloads' count of specified namespace").
-		Param(ws.PathParameter("namespace", "the name of namespace").
-			DataType("string")).
-		Metadata(restfulspec.KeyOpenAPITags, tags).
-		To(getNamespacesResourceStatus))
-
-}
-
-func getClusterResourceStatus(req *restful.Request, resp *restful.Response) {
 	res, err := status.GetClusterResourceStatus()
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 	resp.WriteAsJson(res)
 }
 
-func getNamespacesResourceStatus(req *restful.Request, resp *restful.Response) {
+func GetNamespacesResourceStatus(req *restful.Request, resp *restful.Response) {
 	res, err := status.GetNamespacesResourceStatus(req.PathParameter("namespace"))
-	if errors.HandlerError(err, resp) {
+	if err != nil {
+		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 	resp.WriteAsJson(res)

pkg/apiserver/workspaces/workspaces.go

@@ -16,491 +16,3 @@
 
 */
 package workspaces
-
-import (
-	"net/http"
-
-	"kubesphere.io/kubesphere/pkg/errors"
-	"kubesphere.io/kubesphere/pkg/models"
-	"kubesphere.io/kubesphere/pkg/models/metrics"
-
-	"github.com/emicklei/go-restful"
-	"k8s.io/api/core/v1"
-
-	"fmt"
-	"strings"
-
-	"strconv"
-
-	"regexp"
-
-	"sort"
-
-	"kubesphere.io/kubesphere/pkg/models/iam"
-	"kubesphere.io/kubesphere/pkg/models/workspaces"
-)
-
-const UserNameHeader = "X-Token-Username"
-
-func V1Alpha2(ws *restful.WebService) {
-	ws.Route(ws.GET("/workspaces").To(UserWorkspaceListHandler))
-	ws.Route(ws.POST("/workspaces").To(WorkspaceCreateHandler))
-	ws.Route(ws.DELETE("/workspaces/{name}").To(DeleteWorkspaceHandler))
-	ws.Route(ws.GET("/workspaces/{name}").To(WorkspaceDetailHandler))
-	ws.Route(ws.PUT("/workspaces/{name}").To(WorkspaceEditHandler))
-	ws.Route(ws.GET("/workspaces/{workspace}/namespaces").To(UserNamespaceListHandler))
-	ws.Route(ws.GET("/workspaces/{workspace}/members/{username}/namespaces").To(UserNamespaceListHandler))
-	ws.Route(ws.POST("/workspaces/{name}/namespaces").To(NamespaceCreateHandler))
-	ws.Route(ws.DELETE("/workspaces/{name}/namespaces/{namespace}").To(NamespaceDeleteHandler))
-	ws.Route(ws.GET("/workspaces/{name}/namespaces/{namespace}").To(NamespaceCheckHandler))
-	ws.Route(ws.GET("/namespaces/{namespace}").To(NamespaceCheckHandler))
-	ws.Route(ws.GET("/workspaces/{name}/devops").To(DevOpsProjectHandler))
-	ws.Route(ws.GET("/workspaces/{name}/members/{username}/devops").To(DevOpsProjectHandler))
-	ws.Route(ws.POST("/workspaces/{name}/devops").To(DevOpsProjectCreateHandler))
-	ws.Route(ws.DELETE("/workspaces/{name}/devops/{id}").To(DevOpsProjectDeleteHandler))
-
-	ws.Route(ws.GET("/workspaces/{name}/members").To(MembersHandler))
-	ws.Route(ws.GET("/workspaces/{name}/members/{member}").To(MemberHandler))
-	ws.Route(ws.GET("/workspaces/{name}/roles").To(RolesHandler))
-	// TODO /workspaces/{name}/roles/{role}
-	ws.Route(ws.POST("/workspaces/{name}/members").To(MembersInviteHandler))
-	ws.Route(ws.DELETE("/workspaces/{name}/members").To(MembersRemoveHandler))
-}
-
-func RolesHandler(req *restful.Request, resp *restful.Response) {
-
-	name := req.PathParameter("name")
-
-	workspace, err := workspaces.Detail(name)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	roles, err := workspaces.Roles(workspace)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(roles)
-}
-
-func MembersHandler(req *restful.Request, resp *restful.Response) {
-	workspace := req.PathParameter("name")
-	keyword := req.QueryParameter("keyword")
-
-	users, err := workspaces.GetWorkspaceMembers(workspace, keyword)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(users)
-}
-
-func MemberHandler(req *restful.Request, resp *restful.Response) {
-	workspace := req.PathParameter("name")
-	username := req.PathParameter("member")
-
-	user, err := iam.GetUser(username)
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	namespaces, err := workspaces.Namespaces(workspace)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	user.WorkspaceRole = user.WorkspaceRoles[workspace]
-
-	roles := make(map[string]string)
-
-	for _, namespace := range namespaces {
-		if role := user.Roles[namespace.Name]; role != "" {
-			roles[namespace.Name] = role
-		}
-	}
-
-	user.Roles = roles
-	user.Rules = nil
-	user.WorkspaceRules = nil
-	user.WorkspaceRoles = nil
-	user.ClusterRules = nil
-	resp.WriteAsJson(user)
-}
-
-func MembersInviteHandler(req *restful.Request, resp *restful.Response) {
-	var users []workspaces.UserInvite
-	workspace := req.PathParameter("name")
-	err := req.ReadEntity(&users)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	err = workspaces.Invite(workspace, users)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(errors.None)
-}
-
-func MembersRemoveHandler(req *restful.Request, resp *restful.Response) {
-	query := req.QueryParameter("name")
-	workspace := req.PathParameter("name")
-
-	names := strings.Split(query, ",")
-
-	err := workspaces.RemoveMembers(workspace, names)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(errors.None)
-}
-
-func NamespaceCheckHandler(req *restful.Request, resp *restful.Response) {
-	namespace := req.PathParameter("namespace")
-
-	exist, err := workspaces.NamespaceExistCheck(namespace)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(map[string]bool{"exist": exist})
-}
-
-func NamespaceDeleteHandler(req *restful.Request, resp *restful.Response) {
-	namespace := req.PathParameter("namespace")
-	workspace := req.PathParameter("name")
-
-	err := workspaces.DeleteNamespace(workspace, namespace)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(errors.None)
-}
-
-func DevOpsProjectDeleteHandler(req *restful.Request, resp *restful.Response) {
-	devops := req.PathParameter("id")
-	workspace := req.PathParameter("name")
-	force := req.QueryParameter("force")
-	username := req.HeaderParameter(UserNameHeader)
-
-	err := workspaces.UnBindDevopsProject(workspace, devops)
-
-	if err != nil && force != "true" {
-		resp.WriteHeaderAndEntity(http.StatusInternalServerError, errors.New(errors.Internal, err.Error()))
-		return
-	}
-
-	err = workspaces.DeleteDevopsProject(username, devops)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(errors.None)
-}
-
-func DevOpsProjectCreateHandler(req *restful.Request, resp *restful.Response) {
-
-	workspace := req.PathParameter("name")
-	username := req.HeaderParameter(UserNameHeader)
-
-	var devops workspaces.DevopsProject
-
-	err := req.ReadEntity(&devops)
-
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
-		return
-	}
-
-	project, err := workspaces.CreateDevopsProject(username, workspace, devops)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(project)
-
-}
-
-func NamespaceCreateHandler(req *restful.Request, resp *restful.Response) {
-	workspace := req.PathParameter("name")
-	username := req.HeaderParameter(UserNameHeader)
-
-	namespace := &v1.Namespace{}
-
-	err := req.ReadEntity(namespace)
-
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
-		return
-	}
-
-	if namespace.Annotations == nil {
-		namespace.Annotations = make(map[string]string, 0)
-	}
-
-	namespace.Annotations["creator"] = username
-	namespace.Annotations["workspace"] = workspace
-
-	if namespace.Labels == nil {
-		namespace.Labels = make(map[string]string, 0)
-	}
-
-	namespace.Labels["kubesphere.io/workspace"] = workspace
-
-	namespace, err = workspaces.CreateNamespace(namespace)
-
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
-		return
-	}
-
-	resp.WriteAsJson(namespace)
-}
-
-func DevOpsProjectHandler(req *restful.Request, resp *restful.Response) {
-
-	workspace := req.PathParameter("name")
-	username := req.PathParameter("username")
-	keyword := req.QueryParameter("keyword")
-
-	if username == "" {
-		username = req.HeaderParameter(UserNameHeader)
-	}
-
-	limit := 65535
-	offset := 0
-	orderBy := "createTime"
-	reverse := true
-
-	if groups := regexp.MustCompile(`^limit=(\d+),page=(\d+)$`).FindStringSubmatch(req.QueryParameter("paging")); len(groups) == 3 {
-		limit, _ = strconv.Atoi(groups[1])
-		page, _ := strconv.Atoi(groups[2])
-		offset = (page - 1) * limit
-	}
-
-	if groups := regexp.MustCompile(`^(createTime|name)$`).FindStringSubmatch(req.QueryParameter("order")); len(groups) == 2 {
-		orderBy = groups[1]
-		reverse = false
-	}
-
-	if q := req.QueryParameter("reverse"); q != "" {
-		b, err := strconv.ParseBool(q)
-		if err == nil {
-			reverse = b
-		}
-	}
-
-	total, devOpsProjects, err := workspaces.ListDevopsProjectsByUser(username, workspace, keyword, orderBy, reverse, limit, offset)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	result := models.PageableResponse{}
-	result.TotalCount = total
-	result.Items = make([]interface{}, 0)
-	for _, n := range devOpsProjects {
-		result.Items = append(result.Items, n)
-	}
-	resp.WriteAsJson(result)
-}
-
-func WorkspaceCreateHandler(req *restful.Request, resp *restful.Response) {
-	var workspace workspaces.Workspace
-	username := req.HeaderParameter(UserNameHeader)
-	err := req.ReadEntity(&workspace)
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
-		return
-	}
-	if workspace.Name == "" || strings.Contains(workspace.Name, ":") {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, "invalid workspace name"))
-		return
-	}
-
-	workspace.Path = workspace.Name
-	workspace.Members = nil
-
-	if workspace.Admin != "" {
-		workspace.Creator = workspace.Admin
-	} else {
-		workspace.Creator = username
-	}
-
-	created, err := workspaces.Create(&workspace)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(created)
-
-}
-
-func DeleteWorkspaceHandler(req *restful.Request, resp *restful.Response) {
-	name := req.PathParameter("name")
-
-	if name == "" || strings.Contains(name, ":") {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, "invalid workspace name"))
-		return
-	}
-
-	workspace, err := workspaces.Detail(name)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	err = workspaces.Delete(workspace)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(errors.None)
-}
-func WorkspaceEditHandler(req *restful.Request, resp *restful.Response) {
-	var workspace workspaces.Workspace
-	name := req.PathParameter("name")
-	err := req.ReadEntity(&workspace)
-
-	if err != nil {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, err.Error()))
-		return
-	}
-
-	if name != workspace.Name {
-		resp.WriteError(http.StatusBadRequest, fmt.Errorf("the name of workspace (%s) does not match the name on the URL (%s)", workspace.Name, name))
-		return
-	}
-
-	if workspace.Name == "" || strings.Contains(workspace.Name, ":") {
-		resp.WriteHeaderAndEntity(http.StatusBadRequest, errors.New(errors.InvalidArgument, "invalid workspace name"))
-		return
-	}
-
-	workspace.Path = workspace.Name
-
-	workspace.Members = nil
-
-	edited, err := workspaces.Edit(&workspace)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(edited)
-}
-func WorkspaceDetailHandler(req *restful.Request, resp *restful.Response) {
-
-	name := req.PathParameter("name")
-
-	workspace, err := workspaces.Detail(name)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	resp.WriteAsJson(workspace)
-}
-
-// List all workspaces for the current user
-func UserWorkspaceListHandler(req *restful.Request, resp *restful.Response) {
-	keyword := req.QueryParameter("keyword")
-	username := req.HeaderParameter(UserNameHeader)
-
-	ws, err := workspaces.ListWorkspaceByUser(username, keyword)
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	sort.Slice(ws, func(i, j int) bool {
-		t1, err := ws[i].GetCreateTime()
-		if err != nil {
-			return false
-		}
-		t2, err := ws[j].GetCreateTime()
-		if err != nil {
-			return true
-		}
-		return t1.After(t2)
-	})
-
-	resp.WriteAsJson(ws)
-}
-
-func UserNamespaceListHandler(req *restful.Request, resp *restful.Response) {
-	withMetrics, err := strconv.ParseBool(req.QueryParameter("metrics"))
-
-	if err != nil {
-		withMetrics = false
-	}
-
-	username := req.PathParameter("username")
-	keyword := req.QueryParameter("keyword")
-	if username == "" {
-		username = req.HeaderParameter(UserNameHeader)
-	}
-	limit := 65535
-	offset := 0
-	orderBy := "createTime"
-	reverse := true
-
-	if groups := regexp.MustCompile(`^limit=(\d+),page=(\d+)$`).FindStringSubmatch(req.QueryParameter("paging")); len(groups) == 3 {
-		limit, _ = strconv.Atoi(groups[1])
-		page, _ := strconv.Atoi(groups[2])
-		if page < 0 {
-			page = 1
-		}
-		offset = (page - 1) * limit
-	}
-
-	if groups := regexp.MustCompile(`^(createTime|name)$`).FindStringSubmatch(req.QueryParameter("order")); len(groups) == 2 {
-		orderBy = groups[1]
-		reverse = false
-	}
-
-	if q := req.QueryParameter("reverse"); q != "" {
-		b, err := strconv.ParseBool(q)
-		if err == nil {
-			reverse = b
-		}
-	}
-
-	workspaceName := req.PathParameter("workspace")
-
-	total, namespaces, err := workspaces.ListNamespaceByUser(workspaceName, username, keyword, orderBy, reverse, limit, offset)
-
-	if withMetrics {
-		namespaces = metrics.GetNamespacesWithMetrics(namespaces)
-	}
-
-	if errors.HandlerError(err, resp) {
-		return
-	}
-
-	result := models.PageableResponse{}
-	result.TotalCount = total
-	result.Items = make([]interface{}, 0)
-	for _, n := range namespaces {
-		result.Items = append(result.Items, n)
-	}
-
-	resp.WriteAsJson(result)
-}

pkg/client/dbclient.go

@@ -1,51 +1,56 @@
 /*
-Copyright 2018 The KubeSphere Authors.
+
+ Copyright 2019 The KubeSphere Authors.
+
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
+
      http://www.apache.org/licenses/LICENSE-2.0
+
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
+
 */
 
 package client
 
 import (
-	"fmt"
+	"flag"
+	"log"
+	"sync"
 
 	_ "github.com/go-sql-driver/mysql"
-	"github.com/golang/glog"
 	"github.com/jinzhu/gorm"
 )
 
-var dbClient *gorm.DB
+var (
+	dbClientOnce sync.Once
+	dbClient     *gorm.DB
+	dsn          string
+)
 
-func NewDBClient() *gorm.DB {
+func init() {
-	conn := fmt.Sprintf("%s:%s@tcp(%s)/%s?charset=utf8mb4&parseTime=True&loc=Local", "", "", "", "")
+	flag.StringVar(&dsn, "database-connection", "root@tcp(localhost:3306)/kubesphere?charset=utf8&parseTime=True", "data source name")
+}
 
-	db, err := gorm.Open("mysql", conn)
+func DBClient() *gorm.DB {
+	dbClientOnce.Do(func() {
+		var err error
+		dbClient, err = gorm.Open("mysql", dsn)
 
 		if err != nil {
-		glog.Error(err)
+			log.Fatalln(err)
-		panic(err)
-	}
-	return db
 		}
 
-func NewSharedDBClient() *gorm.DB {
+		if err := dbClient.DB().Ping(); err != nil {
+			log.Fatalln(err)
+		}
+	})
 
-	if dbClient != nil {
-		err := dbClient.DB().Ping()
-		if err == nil {
 	return dbClient
-		} else {
-			glog.Error(err)
-			panic(err)
-		}
-	}
 
-	return NewDBClient()
 }

pkg/client/k8sclient.go

@@ -19,25 +19,31 @@
 package client
 
 import (
+	"flag"
 	"fmt"
+	"log"
 	"os"
 	"sync"
 
+	"k8s.io/client-go/tools/clientcmd"
+
 	"github.com/mitchellh/go-homedir"
 
-	"github.com/golang/glog"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
 )
 
 var (
-	KubeConfigFile string
+	kubeConfigFile string
 	k8sClient      *kubernetes.Clientset
 	k8sClientOnce  sync.Once
 	KubeConfig     *rest.Config
 )
 
+func init() {
+	flag.StringVar(&kubeConfigFile, "kubeconfig", fmt.Sprintf("%s/.kube/config", os.Getenv("HOME")), "path to kubeconfig file")
+}
+
 func K8sClient() *kubernetes.Clientset {
 
 	k8sClientOnce.Do(func() {
@@ -45,14 +51,10 @@ func K8sClient() *kubernetes.Clientset {
 		config, err := getKubeConfig()
 
 		if err != nil {
-			glog.Fatalf("cannot load kubeconfig: %v", err)
+			log.Fatalln(err)
 		}
 
-		k8sClient, err = kubernetes.NewForConfig(config)
+		k8sClient = kubernetes.NewForConfigOrDie(config)
-
-		if err != nil {
-			glog.Fatalf("cannot create k8s client: %v", err)
-		}
 
 		KubeConfig = config
 	})
@@ -62,36 +64,28 @@ func K8sClient() *kubernetes.Clientset {
 
 func getKubeConfig() (kubeConfig *rest.Config, err error) {
 
-	if KubeConfigFile == "" {
+	if kubeConfigFile == "" {
 		if env := os.Getenv("KUBECONFIG"); env != "" {
-			KubeConfigFile = env
+			kubeConfigFile = env
 		} else {
 			if home, err := homedir.Dir(); err == nil {
-				KubeConfigFile = fmt.Sprintf("%s/.kube/config", home)
+				kubeConfigFile = fmt.Sprintf("%s/.kube/config", home)
 			}
 		}
 	}
 
-	if KubeConfigFile != "" {
+	if _, err = os.Stat(kubeConfigFile); err == nil {
-
+		kubeConfig, err = clientcmd.BuildConfigFromFlags("", kubeConfigFile)
-		kubeConfig, err = clientcmd.BuildConfigFromFlags("", KubeConfigFile)
-
-		if err != nil {
-			return nil, err
-		}
-
 	} else {
-
 		kubeConfig, err = rest.InClusterConfig()
+	}
 
 	if err != nil {
 		return nil, err
 	}
-	}
 
 	kubeConfig.QPS = 1e6
 	kubeConfig.Burst = 1e6
 
 	return kubeConfig, nil
-
 }

pkg/client/ldap/channel.go

@@ -0,0 +1,188 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package ldap
+
+import (
+	"errors"
+	"log"
+	"sync"
+
+	"github.com/go-ldap/ldap"
+)
+
+// channelPool implements the Pool interface based on buffered channels.
+type channelPool struct {
+	// storage for our net.Conn connections
+	mu    sync.Mutex
+	conns chan ldap.Client
+
+	name        string
+	aliveChecks bool
+
+	// net.Conn generator
+	factory PoolFactory
+	closeAt []uint16
+}
+
+// PoolFactory is a function to create new connections.
+type PoolFactory func(string) (ldap.Client, error)
+
+// NewChannelPool returns a new pool based on buffered channels with an initial
+// capacity and maximum capacity. Factory is used when initial capacity is
+// greater than zero to fill the pool. A zero initialCap doesn't fill the Pool
+// until a new Get() is called. During a Get(), If there is no new connection
+// available in the pool, a new connection will be created via the Factory()
+// method.
+//
+// closeAt will automagically mark the connection as unusable if the return code
+// of the call is one of those passed, most likely you want to set this to something
+// like
+//   []uint8{ldap.LDAPResultTimeLimitExceeded, ldap.ErrorNetwork}
+func NewChannelPool(initialCap, maxCap int, name string, factory PoolFactory, closeAt []uint16) (Pool, error) {
+	if initialCap < 0 || maxCap <= 0 || initialCap > maxCap {
+		return nil, errors.New("invalid capacity settings")
+	}
+
+	c := &channelPool{
+		conns:       make(chan ldap.Client, maxCap),
+		name:        name,
+		factory:     factory,
+		closeAt:     closeAt,
+		aliveChecks: true,
+	}
+
+	// create initial connections, if something goes wrong,
+	// just close the pool error out.
+	for i := 0; i < initialCap; i++ {
+		conn, err := factory(c.name)
+		if err != nil {
+			c.Close()
+			return nil, errors.New("factory is not able to fill the pool: " + err.Error())
+		}
+		c.conns <- conn
+	}
+
+	return c, nil
+}
+
+func (c *channelPool) AliveChecks(on bool) {
+	c.mu.Lock()
+	c.aliveChecks = on
+	c.mu.Unlock()
+}
+
+func (c *channelPool) getConns() chan ldap.Client {
+	c.mu.Lock()
+	conns := c.conns
+	c.mu.Unlock()
+	return conns
+}
+
+// Get implements the Pool interfaces Get() method. If there is no new
+// connection available in the pool, a new connection will be created via the
+// Factory() method.
+func (c *channelPool) Get() (*PoolConn, error) {
+	conns := c.getConns()
+	if conns == nil {
+		return nil, ErrClosed
+	}
+
+	// wrap our connections with our ldap.Client implementation (wrapConn
+	// method) that puts the connection back to the pool if it's closed.
+	select {
+	case conn := <-conns:
+		if conn == nil {
+			return nil, ErrClosed
+		}
+		if !c.aliveChecks || isAlive(conn) {
+			return c.wrapConn(conn, c.closeAt), nil
+		}
+		conn.Close()
+		return c.NewConn()
+	default:
+		return c.NewConn()
+	}
+}
+
+func isAlive(conn ldap.Client) bool {
+	_, err := conn.Search(&ldap.SearchRequest{BaseDN: "", Scope: ldap.ScopeBaseObject, Filter: "(&)", Attributes: []string{"1.1"}})
+	return err == nil
+}
+
+func (c *channelPool) NewConn() (*PoolConn, error) {
+	conn, err := c.factory(c.name)
+	if err != nil {
+		return nil, err
+	}
+	return c.wrapConn(conn, c.closeAt), nil
+}
+
+// put puts the connection back to the pool. If the pool is full or closed,
+// conn is simply closed. A nil conn will be rejected.
+func (c *channelPool) put(conn ldap.Client) {
+	if conn == nil {
+		log.Printf("connection is nil. rejecting")
+		return
+	}
+
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.conns == nil {
+		// pool is closed, close passed connection
+		conn.Close()
+		return
+	}
+
+	// put the resource back into the pool. If the pool is full, this will
+	// block and the default case will be executed.
+	select {
+	case c.conns <- conn:
+		return
+	default:
+		// pool is full, close passed connection
+		conn.Close()
+		return
+	}
+}
+
+func (c *channelPool) Close() {
+	c.mu.Lock()
+	conns := c.conns
+	c.conns = nil
+	c.factory = nil
+	c.mu.Unlock()
+
+	if conns == nil {
+		return
+	}
+
+	close(conns)
+	for conn := range conns {
+		conn.Close()
+	}
+	return
+}
+
+func (c *channelPool) Len() int { return len(c.getConns()) }
+
+func (c *channelPool) wrapConn(conn ldap.Client, closeAt []uint16) *PoolConn {
+	p := &PoolConn{c: c, closeAt: closeAt}
+	p.Conn = conn
+	return p
+}

pkg/client/ldap/conn.go

@@ -0,0 +1,113 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package ldap
+
+import (
+	"crypto/tls"
+	"log"
+	"time"
+
+	"github.com/go-ldap/ldap"
+)
+
+// PoolConn implements Client to override the Close() method
+type PoolConn struct {
+	Conn     ldap.Client
+	c        *channelPool
+	unusable bool
+	closeAt  []uint16
+}
+
+func (p *PoolConn) Start() {
+	p.Conn.Start()
+}
+
+func (p *PoolConn) StartTLS(config *tls.Config) error {
+	// FIXME - check if already TLS and then ignore?
+	return p.Conn.StartTLS(config)
+}
+
+// Close() puts the given connects back to the pool instead of closing it.
+func (p *PoolConn) Close() {
+	if p.unusable {
+		log.Printf("Closing unusable connection")
+		if p.Conn != nil {
+			p.Conn.Close()
+		}
+		return
+	}
+	p.c.put(p.Conn)
+}
+
+func (p *PoolConn) SimpleBind(simpleBindRequest *ldap.SimpleBindRequest) (*ldap.SimpleBindResult, error) {
+	return p.Conn.SimpleBind(simpleBindRequest)
+}
+
+func (p *PoolConn) Bind(username, password string) error {
+	return p.Conn.Bind(username, password)
+}
+
+func (p *PoolConn) ModifyDN(modifyDNRequest *ldap.ModifyDNRequest) error {
+	return p.Conn.ModifyDN(modifyDNRequest)
+}
+
+// MarkUnusable() marks the connection not usable any more, to let the pool close it
+// instead of returning it to pool.
+func (p *PoolConn) MarkUnusable() {
+	p.unusable = true
+}
+
+func (p *PoolConn) autoClose(err error) {
+	for _, code := range p.closeAt {
+		if ldap.IsErrorWithCode(err, code) {
+			p.MarkUnusable()
+			return
+		}
+	}
+}
+
+func (p *PoolConn) SetTimeout(t time.Duration) {
+	p.Conn.SetTimeout(t)
+}
+
+func (p *PoolConn) Add(addRequest *ldap.AddRequest) error {
+	return p.Conn.Add(addRequest)
+}
+
+func (p *PoolConn) Del(delRequest *ldap.DelRequest) error {
+	return p.Conn.Del(delRequest)
+}
+
+func (p *PoolConn) Modify(modifyRequest *ldap.ModifyRequest) error {
+	return p.Conn.Modify(modifyRequest)
+}
+
+func (p *PoolConn) Compare(dn, attribute, value string) (bool, error) {
+	return p.Conn.Compare(dn, attribute, value)
+}
+
+func (p *PoolConn) PasswordModify(passwordModifyRequest *ldap.PasswordModifyRequest) (*ldap.PasswordModifyResult, error) {
+	return p.Conn.PasswordModify(passwordModifyRequest)
+}
+
+func (p *PoolConn) Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error) {
+	return p.Conn.Search(searchRequest)
+}
+func (p *PoolConn) SearchWithPaging(searchRequest *ldap.SearchRequest, pagingSize uint32) (*ldap.SearchResult, error) {
+	return p.Conn.SearchWithPaging(searchRequest, pagingSize)
+}

pkg/client/ldap/pool.go

@@ -0,0 +1,43 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package ldap
+
+import (
+	"errors"
+)
+
+var (
+	// ErrClosed is the error resulting if the pool is closed via pool.Close().
+	ErrClosed = errors.New("pool is closed")
+)
+
+// Pool interface describes a pool implementation. A pool should have maximum
+// capacity. An ideal pool is threadsafe and easy to use.
+type Pool interface {
+	// Get returns a new connection from the pool. Closing the connections puts
+	// it back to the Pool. Closing it when the pool is destroyed or full will
+	// be counted as an error.
+	Get() (*PoolConn, error)
+
+	// Close closes the pool and all its connections. After Close() the pool is
+	// no longer usable.
+	Close()
+
+	// Len returns the current number of connections of the pool.
+	Len() int
+}

pkg/client/ldapclient.go

@@ -0,0 +1,65 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package client
+
+import (
+	"flag"
+	"fmt"
+	"github.com/go-ldap/ldap"
+	ldapPool "kubesphere.io/kubesphere/pkg/client/ldap"
+	"os"
+	"sync"
+)
+
+var (
+	once            sync.Once
+	pool            ldapPool.Pool
+	ldapHost        string
+	ManagerDN       string
+	ManagerPassword string
+	UserSearchBase  string
+	GroupSearchBase string
+)
+
+func init() {
+	flag.StringVar(&ldapHost, "ldap-server", "localhost:389", "ldap server host")
+	flag.StringVar(&ManagerDN, "ldap-manager-dn", "cn=admin,dc=example,dc=org", "ldap manager dn")
+	flag.StringVar(&ManagerPassword, "ldap-manager-password", "admin", "ldap manager password")
+	flag.StringVar(&UserSearchBase, "ldap-user-search-base", "ou=Users,dc=example,dc=org", "ldap user search base")
+	flag.StringVar(&GroupSearchBase, "ldap-group-search-base", "ou=Groups,dc=example,dc=org", "ldap group search base")
+}
+
+func LdapClient() ldapPool.Pool {
+
+	once.Do(func() {
+		var err error
+		pool, err = ldapPool.NewChannelPool(8, 96, "kubesphere", func(s string) (ldap.Client, error) {
+			conn, err := ldap.Dial("tcp", ldapHost)
+			if err != nil {
+				return nil, err
+			}
+			return conn, nil
+		}, []uint16{ldap.LDAPResultTimeLimitExceeded, ldap.ErrorNetwork})
+
+		if err != nil {
+			fmt.Fprint(os.Stderr, err.Error())
+			panic(err)
+		}
+	})
+	return pool
+}

pkg/client/prometheusclient.go

@@ -1,18 +1,24 @@
 /*
-Copyright 2018 The KubeSphere Authors.
+
+ Copyright 2019 The KubeSphere Authors.
+
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
+
      http://www.apache.org/licenses/LICENSE-2.0
+
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
+
 */
 package client
 
 import (
+	"flag"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -20,31 +26,23 @@ import (
 	"strings"
 	"time"
 
-	"os"
-
 	"github.com/emicklei/go-restful"
 	"github.com/golang/glog"
 )
 
 const (
-	DefaultScheme          = "http"
-	DefaultPrometheusPort  = "9090"
-	PrometheusApiPath      = "/api/v1/"
 	DefaultQueryStep    = "10m"
 	DefaultQueryTimeout = "10s"
 	RangeQueryType      = "query_range?"
 	DefaultQueryType    = "query?"
-	PrometheusAPIServerEnv = "PROMETHEUS_API_SERVER"
 )
 
-var PrometheusAPIServer = "prometheus-k8s.kubesphere-monitoring-system.svc"
+var (
-var PrometheusEndpointUrl string
+	prometheusAPIEndpoint string
+)
 
 func init() {
-	if env := os.Getenv(PrometheusAPIServerEnv); env != "" {
+	flag.StringVar(&prometheusAPIEndpoint, "prometheus-endpoint", "http://prometheus-k8s.kubesphere-monitoring-system.svc:9090/api/v1/", "prometheus api endpoint")
-		PrometheusAPIServer = env
-	}
-	PrometheusEndpointUrl = DefaultScheme + "://" + PrometheusAPIServer + ":" + DefaultPrometheusPort + PrometheusApiPath
 }
 
 type MonitoringRequestParams struct {
@@ -72,11 +70,10 @@ type MonitoringRequestParams struct {
 	WorkloadKind     string
 }
 
-var client = &http.Client{}
-
 func SendMonitoringRequest(queryType string, params string) string {
-	epurl := PrometheusEndpointUrl + queryType + params
+	epurl := prometheusAPIEndpoint + queryType + params
-	response, err := client.Get(epurl)
+
+	response, err := http.DefaultClient.Get(epurl)
 	if err != nil {
 		glog.Error(err)
 	} else {
@@ -116,11 +113,11 @@ func ParseMonitoringRequestParams(request *restful.Request) *MonitoringRequestPa
 	metricsName := strings.Trim(request.QueryParameter("metrics_name"), " ")
 	workloadName := strings.Trim(request.QueryParameter("workload_name"), " ")
 
-	nodeId := strings.Trim(request.PathParameter("node_id"), " ")
+	nodeId := strings.Trim(request.PathParameter("node"), " ")
-	wsName := strings.Trim(request.PathParameter("workspace_name"), " ")
+	wsName := strings.Trim(request.PathParameter("workspace"), " ")
-	nsName := strings.Trim(request.PathParameter("ns_name"), " ")
+	nsName := strings.Trim(request.PathParameter("namespace"), " ")
-	podName := strings.Trim(request.PathParameter("pod_name"), " ")
+	podName := strings.Trim(request.PathParameter("pod"), " ")
-	containerName := strings.Trim(request.PathParameter("container_name"), " ")
+	containerName := strings.Trim(request.PathParameter("container"), " ")
 	workloadKind := strings.Trim(request.PathParameter("workload_kind"), " ")
 
 	var requestParams = MonitoringRequestParams{

pkg/client/redis.go

@@ -0,0 +1,56 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package client
+
+import (
+	"flag"
+	"log"
+	"sync"
+
+	"github.com/go-redis/redis"
+)
+
+var (
+	redisHost       string
+	redisPassword   string
+	redisDB         int
+	redisClientOnce sync.Once
+	redisClient     *redis.Client
+)
+
+func init() {
+	flag.StringVar(&redisHost, "redis-server", "localhost:6379", "redis server host")
+	flag.StringVar(&redisPassword, "redis-password", "", "redis password")
+	flag.IntVar(&redisDB, "redis-db", 0, "redis db")
+}
+
+func RedisClient() *redis.Client {
+
+	redisClientOnce.Do(func() {
+		redisClient = redis.NewClient(&redis.Options{
+			Addr:     redisHost,
+			Password: redisPassword,
+			DB:       redisDB,
+		})
+		if err := redisClient.Ping().Err(); err != nil {
+			log.Fatalln(err)
+		}
+	})
+
+	return redisClient
+}

pkg/constants/constants.go

@@ -1,6 +1,21 @@
-package constants
+/*
 
-import "os"
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package constants
 
 const (
 	APIVersion = "v1alpha1"
@@ -24,32 +39,18 @@ const (
 	DevopsOwner       = "owner"
 	DevopsReporter    = "reporter"
 
-	DevopsAPIServerEnv      = "DEVOPS_API_SERVER"
+	envDevopsAPIServer      = "DEVOPS_API_SERVER"
-	AccountAPIServerEnv     = "ACCOUNT_API_SERVER"
+	envAccountAPIServer     = "ACCOUNT_API_SERVER"
-	DevopsProxyTokenEnv     = "DEVOPS_PROXY_TOKEN"
+	envDevopsProxyToken     = "DEVOPS_PROXY_TOKEN"
-	OpenPitrixProxyTokenEnv = "OPENPITRIX_PROXY_TOKEN"
+	envOpenPitrixProxyToken = "OPENPITRIX_PROXY_TOKEN"
+
+	UserNameHeader = "X-Token-Username"
 )
 
 var (
 	WorkSpaceRoles   = []string{WorkspaceAdmin, WorkspaceRegular, WorkspaceViewer}
+	SystemWorkspace  = "system-workspace"
 	DevopsAPIServer  = "ks-devops-apiserver.kubesphere-system.svc"
 	AccountAPIServer = "ks-account.kubesphere-system.svc"
-	DevopsProxyToken     = ""
-	OpenPitrixProxyToken = ""
 	SystemNamespaces = []string{KubeSystemNamespace, OpenPitrixNamespace, KubeSystemNamespace}
 )
-
-func init() {
-	if env := os.Getenv(DevopsAPIServerEnv); env != "" {
-		DevopsAPIServer = env
-	}
-	if env := os.Getenv(AccountAPIServerEnv); env != "" {
-		AccountAPIServer = env
-	}
-	if env := os.Getenv(DevopsProxyTokenEnv); env != "" {
-		DevopsProxyToken = env
-	}
-	if env := os.Getenv(OpenPitrixProxyTokenEnv); env != "" {
-		OpenPitrixProxyToken = env
-	}
-}

pkg/errors/code.go

@@ -1,17 +0,0 @@
-package errors
-
-type Code int
-
-const (
-	OK Code = iota
-	Canceled
-	Unknown
-	InvalidArgument
-	Internal // 5
-	Unavailable
-	AlreadyExists
-	NotFound
-	NotImplement
-	VerifyFailed
-	Conflict
-)

pkg/errors/code_string.go

@@ -1,16 +0,0 @@
-// Code generated by "stringer -type=Code"; DO NOT EDIT.
-
-package errors
-
-import "strconv"
-
-const _Code_name = "OKCanceledUnknownInvalidArgumentInternalUnavailableAlreadyExistsWTFNotFoundNotImplementVerifyFailed"
-
-var _Code_index = [...]uint8{0, 2, 10, 17, 32, 40, 51, 64, 67, 75, 87, 99}
-
-func (i Code) String() string {
-	if i < 0 || i >= Code(len(_Code_index)-1) {
-		return "Code(" + strconv.FormatInt(int64(i), 10) + ")"
-	}
-	return _Code_name[_Code_index[i]:_Code_index[i+1]]
-}

pkg/errors/code_test.go

@@ -1,7 +0,0 @@
-package errors
-
-import "testing"
-
-func TestCode_String(t *testing.T) {
-	t.Log(Code(1).String())
-}

pkg/errors/errors.go

@@ -1,105 +1,42 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
 package errors
 
 import (
 	"encoding/json"
 	"errors"
-	"fmt"
-	"net"
-	"net/http"
-	"reflect"
-
-	k8sError "k8s.io/apimachinery/pkg/api/errors"
-
-	"github.com/emicklei/go-restful"
-	"github.com/go-sql-driver/mysql"
-	"github.com/golang/glog"
 )
 
 type Error struct {
-	Code    Code   `json:"code"`
 	Message string `json:"message"`
 }
 
-var None = New(OK, "success")
+var None = Error{Message: "success"}
 
 func (e *Error) Error() string {
-	return fmt.Sprintf("error: %v,message: %v", e.Code.String(), e.Message)
+	return e.Message
-}
-func (e *Error) HttpStatusCode() int {
-	switch e.Code {
-	case OK:
-		return http.StatusOK
-	case InvalidArgument:
-		return http.StatusBadRequest
-	case AlreadyExists:
-		return http.StatusConflict
-	case Unavailable:
-		return http.StatusServiceUnavailable
-	case NotImplement:
-		return http.StatusNotImplemented
-	case VerifyFailed:
-		return http.StatusBadRequest
-	case Conflict:
-		return http.StatusConflict
-	case Internal:
-		fallthrough
-	case Unknown:
-		fallthrough
-	default:
-		return http.StatusInternalServerError
-	}
 }
 
-func New(code Code, message string) error {
+func Wrap(err error) Error {
-	if message == "" {
+	return Error{Message: err.Error()}
-		message = code.String()
-	}
-	return &Error{Code: code, Message: message}
 }
 
-func HandlerError(err error, resp *restful.Response) bool {
+func Parse(data []byte) error {
-
-	if err == nil {
-		return false
-	}
-
-	glog.Errorln(reflect.TypeOf(err), err)
-
-	resp.WriteHeaderAndEntity(wrapper(err))
-
-	return true
-}
-
-func wrapper(err error) (int, interface{}) {
-	switch err.(type) {
-	case *Error:
-	case *json.UnmarshalTypeError:
-		err = New(InvalidArgument, err.Error())
-	case *mysql.MySQLError:
-		err = wrapperMysqlError(err.(*mysql.MySQLError))
-	case *net.OpError:
-		err = New(Internal, err.Error())
-	default:
-		if k8sError.IsNotFound(err) {
-			err = New(NotFound, err.Error())
-		} else {
-			err = New(Unknown, err.Error())
-		}
-
-	}
-	return err.(*Error).HttpStatusCode(), err
-}
-
-func wrapperMysqlError(sqlError *mysql.MySQLError) error {
-	switch sqlError.Number {
-	case 1062:
-		return New(AlreadyExists, sqlError.Message)
-	default:
-		return New(Unknown, sqlError.Message)
-	}
-}
-
-func Wrap(data []byte) error {
 	var j map[string]string
 	err := json.Unmarshal(data, &j)
 	if err != nil {

pkg/models/components/components.go

@@ -18,47 +18,27 @@
 package components
 
 import (
-	"time"
+	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"kubesphere.io/kubesphere/pkg/models"
 
-	lister "k8s.io/client-go/listers/core/v1"
+	"kubesphere.io/kubesphere/pkg/client"
 
 	"kubesphere.io/kubesphere/pkg/informers"
 
 	"github.com/golang/glog"
-	coreV1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 
 	"kubesphere.io/kubesphere/pkg/constants"
 )
 
-type Component struct {
-	Name            string      `json:"name"`
-	Namespace       string      `json:"namespace"`
-	SelfLink        string      `json:"selfLink"`
-	Label           interface{} `json:"label"`
-	StartedAt       time.Time   `json:"startedAt"`
-	TotalBackends   int         `json:"totalBackends"`
-	HealthyBackends int         `json:"healthyBackends"`
-}
-
-var (
-	componentStatusLister lister.ComponentStatusLister
-	serviceLister         lister.ServiceLister
-	podLister             lister.PodLister
-	nodeLister            lister.NodeLister
-)
-
-func init() {
-	componentStatusLister = informers.SharedInformerFactory().Core().V1().ComponentStatuses().Lister()
-	serviceLister = informers.SharedInformerFactory().Core().V1().Services().Lister()
-	podLister = informers.SharedInformerFactory().Core().V1().Pods().Lister()
-	nodeLister = informers.SharedInformerFactory().Core().V1().Nodes().Lister()
-}
-
 func GetComponentStatus(name string) (interface{}, error) {
 
-	var service *coreV1.Service
+	var service *corev1.Service
 	var err error
+
+	serviceLister := informers.SharedInformerFactory().Core().V1().Services().Lister()
+
 	for _, ns := range constants.SystemNamespaces {
 		service, err = serviceLister.Services(ns).Get(name)
 		if err == nil {
@@ -70,13 +50,15 @@ func GetComponentStatus(name string) (interface{}, error) {
 		return nil, err
 	}
 
+	podLister := informers.SharedInformerFactory().Core().V1().Pods().Lister()
+
 	pods, err := podLister.Pods(service.Namespace).List(labels.SelectorFromValidatedSet(service.Spec.Selector))
 
 	if err != nil {
 		return nil, err
 	}
 
-	component := Component{
+	component := models.Component{
 		Name:            service.Name,
 		Namespace:       service.Namespace,
 		SelfLink:        service.SelfLink,
@@ -102,11 +84,11 @@ func GetSystemHealthStatus() (map[string]interface{}, error) {
 
 	status := make(map[string]interface{})
 
-	componentStatuses, err := componentStatusLister.List(labels.Everything())
+	componentStatuses, err := client.K8sClient().CoreV1().ComponentStatuses().List(meta_v1.ListOptions{})
 	if err != nil {
 		return nil, err
 	}
-	for _, cs := range componentStatuses {
+	for _, cs := range componentStatuses.Items {
 		status[cs.Name] = cs.Conditions[0]
 	}
 
@@ -119,6 +101,8 @@ func GetSystemHealthStatus() (map[string]interface{}, error) {
 	for k, v := range systemComponentStatus {
 		status[k] = v
 	}
+
+	nodeLister := informers.SharedInformerFactory().Core().V1().Nodes().Lister()
 	// get node status
 	nodes, err := nodeLister.List(labels.Everything())
 	if err != nil {
@@ -132,7 +116,7 @@ func GetSystemHealthStatus() (map[string]interface{}, error) {
 	for _, nodes := range nodes {
 		totalNodes++
 		for _, condition := range nodes.Status.Conditions {
-			if condition.Type == coreV1.NodeReady && condition.Status == coreV1.ConditionTrue {
+			if condition.Type == corev1.NodeReady && condition.Status == corev1.ConditionTrue {
 				healthyNodes++
 			}
 		}
@@ -147,11 +131,12 @@ func GetSystemHealthStatus() (map[string]interface{}, error) {
 }
 
 func GetAllComponentsStatus() (map[string]interface{}, error) {
+	serviceLister := informers.SharedInformerFactory().Core().V1().Services().Lister()
+	podLister := informers.SharedInformerFactory().Core().V1().Pods().Lister()
 
 	status := make(map[string]interface{})
 
 	var err error
-
 	for _, ns := range constants.SystemNamespaces {
 
 		nsStatus := make(map[string]interface{})
@@ -164,7 +149,7 @@ func GetAllComponentsStatus() (map[string]interface{}, error) {
 		}
 
 		for _, service := range services {
-			component := Component{
+			component := models.Component{
 				Name:            service.Name,
 				Namespace:       service.Namespace,
 				SelfLink:        service.SelfLink,

pkg/models/iam/am.go

@@ -0,0 +1,822 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"kubesphere.io/kubesphere/pkg/informers"
+	"log"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/go-ldap/ldap"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/kubernetes/pkg/util/slice"
+
+	"kubesphere.io/kubesphere/pkg/client"
+	"kubesphere.io/kubesphere/pkg/constants"
+	"kubesphere.io/kubesphere/pkg/models"
+	"kubesphere.io/kubesphere/pkg/models/iam/policy"
+)
+
+func GetNamespaces(username string) ([]*corev1.Namespace, error) {
+
+	roles, err := GetRoles(username, "")
+
+	if err != nil {
+		return nil, err
+	}
+
+	namespaces := make([]*corev1.Namespace, 0)
+	namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister()
+	for _, role := range roles {
+		namespace, err := namespaceLister.Get(role.Name)
+		if err != nil {
+			return nil, err
+		}
+		namespaces = append(namespaces, namespace)
+	}
+
+	return namespaces, nil
+}
+
+func GetNamespacesByWorkspace(workspace string) ([]*corev1.Namespace, error) {
+	namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister()
+	return namespaceLister.List(labels.SelectorFromSet(labels.Set{"kubesphere.io/workspace": workspace}))
+}
+
+func GetDevopsRole(projectId string, username string) (string, error) {
+
+	//Hard fix
+	if username == "admin" {
+		return "owner", nil
+	}
+
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("http://%s/api/v1alpha/projects/%s/members", constants.DevopsAPIServer, projectId), nil)
+
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set(constants.UserNameHeader, username)
+	resp, err := http.DefaultClient.Do(req)
+
+	if err != nil {
+		return "", err
+	}
+
+	defer resp.Body.Close()
+	data, err := ioutil.ReadAll(resp.Body)
+
+	if err != nil {
+		return "", err
+	}
+
+	if resp.StatusCode > 200 {
+		return "", errors.New(string(data))
+	}
+
+	var result []map[string]string
+
+	err = json.Unmarshal(data, &result)
+
+	if err != nil {
+		return "", err
+	}
+
+	for _, item := range result {
+		if item["username"] == username {
+			return item["role"], nil
+		}
+	}
+
+	return "", nil
+}
+
+func GetNamespace(namespaceName string) (*corev1.Namespace, error) {
+	namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister()
+	return namespaceLister.Get(namespaceName)
+}
+
+func GetRoles(username string, namespace string) ([]*v1.Role, error) {
+	clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
+	roleBindingLister := informers.SharedInformerFactory().Rbac().V1().RoleBindings().Lister()
+	roleLister := informers.SharedInformerFactory().Rbac().V1().Roles().Lister()
+	roleBindings, err := roleBindingLister.RoleBindings(namespace).List(labels.Everything())
+
+	if err != nil {
+		return nil, err
+	}
+
+	roles := make([]*v1.Role, 0)
+
+	for _, roleBinding := range roleBindings {
+
+		for _, subject := range roleBinding.Subjects {
+			if subject.Kind == v1.UserKind && subject.Name == username {
+				if roleBinding.RoleRef.Kind == ClusterRoleKind {
+					clusterRole, err := clusterRoleLister.Get(roleBinding.RoleRef.Name)
+					if err == nil {
+						var role = v1.Role{TypeMeta: (*clusterRole).TypeMeta, ObjectMeta: (*clusterRole).ObjectMeta, Rules: (*clusterRole).Rules}
+						role.Namespace = roleBinding.Namespace
+						roles = append(roles, &role)
+						break
+					} else if apierrors.IsNotFound(err) {
+						log.Println(err)
+						break
+					} else {
+						return nil, err
+					}
+				} else {
+					if subject.Kind == v1.UserKind && subject.Name == username {
+						rule, err := roleLister.Roles(roleBinding.Namespace).Get(roleBinding.RoleRef.Name)
+						if err == nil {
+							roles = append(roles, rule)
+							break
+						} else if apierrors.IsNotFound(err) {
+							log.Println(err)
+							break
+						} else {
+							return nil, err
+						}
+
+					}
+				}
+			}
+		}
+	}
+
+	return roles, nil
+}
+
+func GetClusterRoles(username string) ([]*v1.ClusterRole, error) {
+	clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
+	clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
+	clusterRoleBindings, err := clusterRoleBindingLister.List(labels.Everything())
+
+	if err != nil {
+		return nil, err
+	}
+
+	roles := make([]*v1.ClusterRole, 0)
+
+	for _, rb := range clusterRoleBindings {
+		if rb.RoleRef.Kind == ClusterRoleKind {
+			for _, subject := range rb.Subjects {
+				if subject.Kind == v1.UserKind && subject.Name == username {
+
+					role, err := clusterRoleLister.Get(rb.RoleRef.Name)
+					role = role.DeepCopy()
+					if err == nil {
+						if role.Annotations == nil {
+							role.Annotations = make(map[string]string, 0)
+						}
+
+						role.Annotations["rbac.authorization.k8s.io/clusterrolebinding"] = rb.Name
+
+						if rb.Annotations != nil &&
+							rb.Annotations["rbac.authorization.k8s.io/clusterrole"] == rb.RoleRef.Name {
+							role.Annotations["rbac.authorization.k8s.io/clusterrole"] = "true"
+						}
+
+						roles = append(roles, role)
+						break
+					} else if apierrors.IsNotFound(err) {
+						log.Println(err)
+						break
+					} else {
+						return nil, err
+					}
+				}
+			}
+		}
+	}
+
+	return roles, nil
+}
+
+func GetRoleBindings(namespace string, roleName string) ([]*v1.RoleBinding, error) {
+	roleBindingLister := informers.SharedInformerFactory().Rbac().V1().RoleBindings().Lister()
+	roleBindingList, err := roleBindingLister.List(labels.Everything())
+
+	if err != nil {
+		return nil, err
+	}
+
+	items := make([]*v1.RoleBinding, 0)
+
+	for _, roleBinding := range roleBindingList {
+		if roleName == "" {
+			items = append(items, roleBinding)
+		} else if roleBinding.RoleRef.Name == roleName {
+			items = append(items, roleBinding)
+		}
+	}
+
+	return items, nil
+}
+
+func GetClusterRoleBindings(clusterRoleName string) ([]*v1.ClusterRoleBinding, error) {
+	clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
+	roleBindingList, err := clusterRoleBindingLister.List(labels.Everything())
+
+	if err != nil {
+		return nil, err
+	}
+
+	items := make([]*v1.ClusterRoleBinding, 0)
+
+	for _, roleBinding := range roleBindingList {
+		if roleBinding.RoleRef.Name == clusterRoleName {
+			items = append(items, roleBinding)
+		}
+	}
+
+	return items, nil
+}
+
+func ClusterRoleUsers(clusterRoleName string) ([]*models.User, error) {
+
+	roleBindings, err := GetClusterRoleBindings(clusterRoleName)
+
+	if err != nil {
+		return nil, err
+	}
+
+	conn, err := NewConnection()
+
+	if err != nil {
+		return nil, err
+	}
+
+	defer conn.Close()
+
+	names := make([]string, 0)
+	users := make([]*models.User, 0)
+	for _, roleBinding := range roleBindings {
+		for _, subject := range roleBinding.Subjects {
+			if subject.Kind == v1.UserKind && !strings.HasPrefix(subject.Name, "system") &&
+				!slice.ContainsString(names, subject.Name, nil) {
+				names = append(names, subject.Name)
+
+				user, err := UserDetail(subject.Name, conn)
+
+				if ldap.IsErrorWithCode(err, 32) {
+					continue
+				}
+
+				if err != nil {
+					return nil, err
+				}
+
+				users = append(users, user)
+			}
+		}
+	}
+
+	return users, nil
+
+}
+
+func RoleUsers(namespace string, roleName string) ([]*models.User, error) {
+	roleBindings, err := GetRoleBindings(namespace, roleName)
+
+	if err != nil {
+		return nil, err
+	}
+
+	conn, err := NewConnection()
+
+	if err != nil {
+		return nil, err
+	}
+
+	defer conn.Close()
+
+	names := make([]string, 0)
+	users := make([]*models.User, 0)
+	for _, roleBinding := range roleBindings {
+		for _, subject := range roleBinding.Subjects {
+			if subject.Kind == v1.UserKind &&
+				!strings.HasPrefix(subject.Name, "system") &&
+				!slice.ContainsString(names, subject.Name, nil) {
+				names = append(names, subject.Name)
+				user, err := UserDetail(subject.Name, conn)
+				if ldap.IsErrorWithCode(err, 32) {
+					continue
+				}
+
+				if err != nil {
+					return nil, err
+				}
+
+				users = append(users, user)
+			}
+		}
+	}
+	return users, nil
+}
+
+func NamespaceUsers(namespaceName string) ([]*models.User, error) {
+	roleBindings, err := GetRoleBindings(namespaceName, "")
+	if err != nil {
+		return nil, err
+	}
+	conn, err := NewConnection()
+
+	if err != nil {
+		return nil, err
+	}
+
+	defer conn.Close()
+
+	names := make([]string, 0)
+	users := make([]*models.User, 0)
+
+	for _, roleBinding := range roleBindings {
+
+		for _, subject := range roleBinding.Subjects {
+			if subject.Kind == v1.UserKind &&
+				!slice.ContainsString(names, subject.Name, nil) &&
+				!strings.HasPrefix(subject.Name, "system") {
+				if roleBinding.Name == "viewer" {
+					continue
+				}
+				if roleBinding.Name == "admin" {
+					continue
+				}
+				names = append(names, subject.Name)
+				user, err := UserDetail(subject.Name, conn)
+				if ldap.IsErrorWithCode(err, 32) {
+					continue
+				}
+				if err != nil {
+					return nil, err
+				}
+				user.Role = roleBinding.RoleRef.Name
+				user.RoleBinding = roleBinding.Name
+				users = append(users, user)
+			}
+		}
+	}
+
+	return users, nil
+}
+
+func GetWorkspaceRoles(clusterRoles []*v1.ClusterRole) map[string]string {
+
+	workspaceRoles := make(map[string]string, 0)
+
+	for _, v := range clusterRoles {
+		if groups := regexp.MustCompile(fmt.Sprintf(`^system:(\S+):(%s)$`, strings.Join(constants.WorkSpaceRoles, "|"))).FindStringSubmatch(v.Name); len(groups) == 3 {
+			workspaceRoles[groups[1]] = groups[2]
+		}
+	}
+
+	return workspaceRoles
+}
+
+func GetWorkspaceRole(clusterRoles []*v1.ClusterRole, workspace string) string {
+
+	for _, v := range clusterRoles {
+		if groups := regexp.MustCompile(fmt.Sprintf(`^system:(\S+):(%s)$`, strings.Join(constants.WorkSpaceRoles, "|"))).FindStringSubmatch(v.Name); len(groups) == 3 {
+			if groups[1] == workspace {
+				return groups[2]
+			}
+		}
+	}
+
+	return ""
+}
+
+func GetWorkspaceSimpleRules(clusterRoles []*v1.ClusterRole, workspace string) map[string][]models.SimpleRule {
+
+	workspaceRules := make(map[string][]models.SimpleRule, 0)
+
+	clusterSimpleRules := make([]models.SimpleRule, 0)
+	clusterRules := make([]v1.PolicyRule, 0)
+	for _, clusterRole := range clusterRoles {
+		clusterRules = append(clusterRules, clusterRole.Rules...)
+	}
+
+	for i := 0; i < len(policy.WorkspaceRoleRuleMapping); i++ {
+		rule := models.SimpleRule{Name: policy.WorkspaceRoleRuleMapping[i].Name}
+		rule.Actions = make([]string, 0)
+		for j := 0; j < (len(policy.WorkspaceRoleRuleMapping[i].Actions)); j++ {
+			if RulesMatchesAction(clusterRules, policy.WorkspaceRoleRuleMapping[i].Actions[j]) {
+				rule.Actions = append(rule.Actions, policy.WorkspaceRoleRuleMapping[i].Actions[j].Name)
+			}
+		}
+		if len(rule.Actions) > 0 {
+			clusterSimpleRules = append(clusterSimpleRules, rule)
+		}
+	}
+
+	if len(clusterRules) > 0 {
+		workspaceRules["*"] = clusterSimpleRules
+	}
+
+	for _, v := range clusterRoles {
+
+		if groups := regexp.MustCompile(fmt.Sprintf(`^system:(\S+):(%s)$`, strings.Join(constants.WorkSpaceRoles, "|"))).FindStringSubmatch(v.Name); len(groups) == 3 {
+
+			if workspace != "" && groups[1] != workspace {
+				continue
+			}
+
+			policyRules := make([]v1.PolicyRule, 0)
+
+			for _, rule := range v.Rules {
+				rule.ResourceNames = nil
+				policyRules = append(policyRules, rule)
+			}
+
+			rules := make([]models.SimpleRule, 0)
+
+			for i := 0; i < len(policy.WorkspaceRoleRuleMapping); i++ {
+				rule := models.SimpleRule{Name: policy.WorkspaceRoleRuleMapping[i].Name}
+				rule.Actions = make([]string, 0)
+				for j := 0; j < (len(policy.WorkspaceRoleRuleMapping[i].Actions)); j++ {
+					action := policy.WorkspaceRoleRuleMapping[i].Actions[j]
+					if RulesMatchesAction(policyRules, action) {
+						rule.Actions = append(rule.Actions, action.Name)
+					}
+				}
+				if len(rule.Actions) > 0 {
+					rules = append(rules, rule)
+				}
+			}
+
+			workspaceRules[groups[1]] = merge(rules, clusterSimpleRules)
+		}
+	}
+
+	return workspaceRules
+}
+
+func merge(clusterRules, rules []models.SimpleRule) []models.SimpleRule {
+	for _, clusterRule := range clusterRules {
+		exist := false
+
+		for i := 0; i < len(rules); i++ {
+			if rules[i].Name == clusterRule.Name {
+				exist = true
+
+				for _, action := range clusterRule.Actions {
+					if !slice.ContainsString(rules[i].Actions, action, nil) {
+						rules[i].Actions = append(rules[i].Actions, action)
+					}
+				}
+			}
+		}
+
+		if !exist {
+			rules = append(rules, clusterRule)
+		}
+	}
+	return rules
+}
+
+// Convert cluster roles to rules
+func GetClusterRoleSimpleRules(clusterRoles []*v1.ClusterRole) ([]models.SimpleRule, error) {
+
+	clusterRules := make([]v1.PolicyRule, 0)
+
+	for _, v := range clusterRoles {
+		clusterRules = append(clusterRules, v.Rules...)
+	}
+
+	rules := make([]models.SimpleRule, 0)
+
+	for i := 0; i < len(policy.ClusterRoleRuleMapping); i++ {
+		validActions := make([]string, 0)
+		for j := 0; j < (len(policy.ClusterRoleRuleMapping[i].Actions)); j++ {
+			if RulesMatchesAction(clusterRules, policy.ClusterRoleRuleMapping[i].Actions[j]) {
+				validActions = append(validActions, policy.ClusterRoleRuleMapping[i].Actions[j].Name)
+			}
+		}
+		if len(validActions) > 0 {
+			rules = append(rules, models.SimpleRule{Name: policy.ClusterRoleRuleMapping[i].Name, Actions: validActions})
+		}
+	}
+
+	return rules, nil
+}
+
+// Convert roles to rules
+func GetRoleSimpleRules(roles []*v1.Role, namespace string) (map[string][]models.SimpleRule, error) {
+
+	rulesMapping := make(map[string][]models.SimpleRule, 0)
+
+	policyRulesMapping := make(map[string][]v1.PolicyRule, 0)
+
+	for _, v := range roles {
+
+		if namespace != "" && v.Namespace != namespace {
+			continue
+		}
+
+		policyRules := policyRulesMapping[v.Namespace]
+
+		if policyRules == nil {
+			policyRules = make([]v1.PolicyRule, 0)
+		}
+
+		policyRules = append(policyRules, v.Rules...)
+
+		policyRulesMapping[v.Namespace] = policyRules
+	}
+
+	for namespace, policyRules := range policyRulesMapping {
+
+		rules := make([]models.SimpleRule, 0)
+
+		for i := 0; i < len(policy.RoleRuleMapping); i++ {
+			rule := models.SimpleRule{Name: policy.RoleRuleMapping[i].Name}
+			rule.Actions = make([]string, 0)
+			for j := 0; j < len(policy.RoleRuleMapping[i].Actions); j++ {
+				if RulesMatchesAction(policyRules, policy.RoleRuleMapping[i].Actions[j]) {
+					rule.Actions = append(rule.Actions, policy.RoleRuleMapping[i].Actions[j].Name)
+				}
+			}
+			if len(rule.Actions) > 0 {
+				rules = append(rules, rule)
+			}
+		}
+
+		rulesMapping[namespace] = rules
+	}
+
+	return rulesMapping, nil
+}
+
+func CreateClusterRoleBinding(username string, clusterRoleName string) error {
+	clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
+	_, err := clusterRoleLister.Get(clusterRoleName)
+
+	if err != nil {
+		return err
+	}
+
+	clusterRoles, err := GetClusterRoles(username)
+
+	if err != nil {
+		return err
+	}
+
+	for _, clusterRole := range clusterRoles {
+
+		if clusterRole.Annotations["rbac.authorization.k8s.io/clusterrole"] == "true" {
+
+			if clusterRole.Name == clusterRoleName {
+				return nil
+			}
+
+			clusterRoleBindingName := clusterRole.Annotations["rbac.authorization.k8s.io/clusterrolebinding"]
+			clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
+			clusterRoleBinding, err := clusterRoleBindingLister.Get(clusterRoleBindingName)
+
+			if err != nil {
+				return err
+			}
+
+			for i, v := range clusterRoleBinding.Subjects {
+				if v.Kind == v1.UserKind && v.Name == username {
+					clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects[:i], clusterRoleBinding.Subjects[i+1:]...)
+					break
+				}
+			}
+
+			_, err = client.K8sClient().RbacV1().ClusterRoleBindings().Update(clusterRoleBinding)
+
+			if err != nil {
+				return err
+			}
+
+			break
+		}
+	}
+	clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
+	clusterRoleBindings, err := clusterRoleBindingLister.List(labels.Everything())
+
+	if err != nil {
+		return err
+	}
+
+	var clusterRoleBinding *v1.ClusterRoleBinding
+
+	for _, roleBinding := range clusterRoleBindings {
+		if roleBinding.Annotations != nil && roleBinding.Annotations["rbac.authorization.k8s.io/clusterrole"] == clusterRoleName &&
+			roleBinding.RoleRef.Name == clusterRoleName {
+			clusterRoleBinding = roleBinding
+			break
+		}
+	}
+
+	if clusterRoleBinding != nil {
+		clusterRoleBinding.Subjects = append(clusterRoleBinding.Subjects, v1.Subject{Kind: v1.UserKind, Name: username})
+		_, err := client.K8sClient().RbacV1().ClusterRoleBindings().Update(clusterRoleBinding)
+		if err != nil {
+			return err
+		}
+	} else {
+		clusterRoleBinding = new(v1.ClusterRoleBinding)
+		clusterRoleBinding.Annotations = map[string]string{"rbac.authorization.k8s.io/clusterrole": clusterRoleName}
+		clusterRoleBinding.Name = clusterRoleName
+		clusterRoleBinding.RoleRef = v1.RoleRef{Name: clusterRoleName, Kind: ClusterRoleKind}
+		clusterRoleBinding.Subjects = []v1.Subject{{Kind: v1.UserKind, Name: username}}
+
+		_, err = client.K8sClient().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
+
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func GetRole(namespace string, roleName string) (*v1.Role, error) {
+	return informers.SharedInformerFactory().Rbac().V1().Roles().Lister().Roles(namespace).Get(roleName)
+}
+func GetClusterRole(clusterRoleName string) (*v1.ClusterRole, error) {
+	clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
+	return clusterRoleLister.Get(clusterRoleName)
+}
+
+func RulesMatchesAction(rules []v1.PolicyRule, action models.Action) bool {
+
+	for _, required := range action.Rules {
+		if !rulesMatchesRequired(rules, required) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func rulesMatchesRequired(rules []v1.PolicyRule, required v1.PolicyRule) bool {
+	for _, rule := range rules {
+		if ruleMatchesRequired(rule, required) {
+			return true
+		}
+	}
+	return false
+}
+
+func ruleMatchesRequired(rule v1.PolicyRule, required v1.PolicyRule) bool {
+
+	if len(required.NonResourceURLs) == 0 {
+		for _, apiGroup := range required.APIGroups {
+			for _, resource := range required.Resources {
+				resources := strings.Split(resource, "/")
+				resource = resources[0]
+				var subsource string
+				if len(resources) > 1 {
+					subsource = resources[1]
+				}
+
+				if len(required.ResourceNames) == 0 {
+					for _, verb := range required.Verbs {
+						if !ruleMatchesRequest(rule, apiGroup, "", resource, subsource, "", verb) {
+							return false
+						}
+					}
+				} else {
+					for _, resourceName := range required.ResourceNames {
+						for _, verb := range required.Verbs {
+							if !ruleMatchesRequest(rule, apiGroup, "", resource, subsource, resourceName, verb) {
+								return false
+							}
+						}
+					}
+				}
+			}
+		}
+	} else {
+		for _, apiGroup := range required.APIGroups {
+			for _, nonResourceURL := range required.NonResourceURLs {
+				for _, verb := range required.Verbs {
+					if !ruleMatchesRequest(rule, apiGroup, nonResourceURL, "", "", "", verb) {
+						return false
+					}
+				}
+			}
+		}
+	}
+	return true
+}
+
+func ruleMatchesResources(rule v1.PolicyRule, apiGroup string, resource string, subresource string, resourceName string) bool {
+
+	if resource == "" {
+		return false
+	}
+
+	if !hasString(rule.APIGroups, apiGroup) && !hasString(rule.APIGroups, v1.ResourceAll) {
+		return false
+	}
+
+	if len(rule.ResourceNames) > 0 && !hasString(rule.ResourceNames, resourceName) {
+		return false
+	}
+
+	combinedResource := resource
+
+	if subresource != "" {
+		combinedResource = combinedResource + "/" + subresource
+	}
+
+	for _, res := range rule.Resources {
+
+		// match "*"
+		if res == v1.ResourceAll || res == combinedResource {
+			return true
+		}
+
+		// match "*/subresource"
+		if len(subresource) > 0 && strings.HasPrefix(res, "*/") && subresource == strings.TrimLeft(res, "*/") {
+			return true
+		}
+		// match "resource/*"
+		if strings.HasSuffix(res, "/*") && resource == strings.TrimRight(res, "/*") {
+			return true
+		}
+	}
+
+	return false
+}
+
+func ruleMatchesRequest(rule v1.PolicyRule, apiGroup string, nonResourceURL string, resource string, subresource string, resourceName string, verb string) bool {
+
+	if !hasString(rule.Verbs, verb) && !hasString(rule.Verbs, v1.VerbAll) {
+		return false
+	}
+
+	if nonResourceURL == "" {
+		return ruleMatchesResources(rule, apiGroup, resource, subresource, resourceName)
+	} else {
+		return ruleMatchesNonResource(rule, nonResourceURL)
+	}
+}
+
+func ruleMatchesNonResource(rule v1.PolicyRule, nonResourceURL string) bool {
+
+	if nonResourceURL == "" {
+		return false
+	}
+
+	for _, spec := range rule.NonResourceURLs {
+		if pathMatches(nonResourceURL, spec) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func pathMatches(path, spec string) bool {
+	// Allow wildcard match
+	if spec == "*" {
+		return true
+	}
+	// Allow exact match
+	if spec == path {
+		return true
+	}
+	// Allow a trailing * subpath match
+	if strings.HasSuffix(spec, "*") && strings.HasPrefix(path, strings.TrimRight(spec, "*")) {
+		return true
+	}
+	return false
+}
+
+func hasString(slice []string, value string) bool {
+	for _, s := range slice {
+		if s == value {
+			return true
+		}
+	}
+	return false
+}

pkg/models/iam/counter.go

@@ -0,0 +1,54 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import "sync"
+
+type Counter struct {
+	value int
+	m     *sync.Mutex
+}
+
+func NewCounter(value int) Counter {
+	c := Counter{}
+	c.m = &sync.Mutex{}
+	c.Set(value)
+	return c
+}
+
+func (c *Counter) Set(value int) {
+	c.m.Lock()
+	c.value = value
+	c.m.Unlock()
+}
+
+func (c *Counter) Add(value int) {
+	c.m.Lock()
+	c.value += value
+	c.m.Unlock()
+}
+
+func (c *Counter) Sub(value int) {
+	c.m.Lock()
+	c.value -= value
+	c.m.Unlock()
+}
+
+func (c *Counter) Get() int {
+	return c.value
+}

pkg/models/iam/iam.go

@@ -1,3 +1,20 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
 package iam
 
 import (
@@ -7,38 +24,22 @@ import (
 	"net/http"
 	"strings"
 
-	v12 "k8s.io/client-go/listers/rbac/v1"
-
 	"kubesphere.io/kubesphere/pkg/informers"
 
-	"github.com/golang/glog"
 	"k8s.io/api/rbac/v1"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/kubernetes/pkg/util/slice"
 
 	"kubesphere.io/kubesphere/pkg/constants"
-	ksErr "kubesphere.io/kubesphere/pkg/errors"
+	kserr "kubesphere.io/kubesphere/pkg/errors"
+	"kubesphere.io/kubesphere/pkg/models"
 )
 
 const ClusterRoleKind = "ClusterRole"
 
-var (
-	clusterRoleBindingLister v12.ClusterRoleBindingLister
-	clusterRoleLister        v12.ClusterRoleLister
-	roleBindingLister        v12.RoleBindingLister
-	roleLister               v12.RoleLister
-)
-
-func init() {
-	clusterRoleBindingLister = informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
-	clusterRoleLister = informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
-	roleBindingLister = informers.SharedInformerFactory().Rbac().V1().RoleBindings().Lister()
-	roleLister = informers.SharedInformerFactory().Rbac().V1().Roles().Lister()
-}
-
 // Get user list based on workspace role
-func WorkspaceRoleUsers(workspace string, roleName string) ([]User, error) {
+func WorkspaceRoleUsers(workspace string, roleName string) ([]models.User, error) {
+
+	clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
 
 	workspaceRoleBinding, err := clusterRoleBindingLister.Get(fmt.Sprintf("system:%s:%s", workspace, roleName))
 
@@ -67,11 +68,11 @@ func WorkspaceRoleUsers(workspace string, roleName string) ([]User, error) {
 	return users, nil
 }
 
-func GetUsers(names []string) ([]User, error) {
+func GetUsers(names []string) ([]models.User, error) {
-	var users []User
+	var users []models.User
 
 	if names == nil || len(names) == 0 {
-		return make([]User, 0), nil
+		return make([]models.User, 0), nil
 	}
 
 	result, err := http.Get(fmt.Sprintf("http://%s/apis/account.kubesphere.io/v1alpha1/users?name=%s", constants.AccountAPIServer, strings.Join(names, ",")))
@@ -88,7 +89,7 @@ func GetUsers(names []string) ([]User, error) {
 	}
 
 	if result.StatusCode > 200 {
-		return nil, ksErr.Wrap(data)
+		return nil, kserr.Parse(data)
 	}
 
 	err = json.Unmarshal(data, &users)
@@ -100,7 +101,7 @@ func GetUsers(names []string) ([]User, error) {
 	return users, nil
 }
 
-func GetUser(name string) (*User, error) {
+func GetUser(name string) (*models.User, error) {
 
 	result, err := http.Get(fmt.Sprintf("http://%s/apis/account.kubesphere.io/v1alpha1/users/%s", constants.AccountAPIServer, name))
 
@@ -116,10 +117,10 @@ func GetUser(name string) (*User, error) {
 	}
 
 	if result.StatusCode > 200 {
-		return nil, ksErr.Wrap(data)
+		return nil, kserr.Parse(data)
 	}
 
-	var user User
+	var user models.User
 
 	err = json.Unmarshal(data, &user)
 
@@ -187,16 +188,8 @@ func GetUserNamespaces(username string, requiredRule v1.PolicyRule) (allNamespac
 	return false, namespaces, nil
 }
 
-func GetRole(namespace string, name string) (*v1.Role, error) {
-	role, err := roleLister.Roles(namespace).Get(name)
-	if err != nil {
-		return nil, err
-	}
-
-	return role.DeepCopy(), nil
-}
-
 func GetWorkspaceUsers(workspace string, workspaceRole string) ([]string, error) {
+	clusterRoleBindingLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoleBindings().Lister()
 	clusterRoleBinding, err := clusterRoleBindingLister.Get(fmt.Sprintf("system:%s:%s", workspace, workspaceRole))
 
 	if err != nil {
@@ -213,108 +206,6 @@ func GetWorkspaceUsers(workspace string, workspaceRole string) ([]string, error)
 	return users, nil
 }
 
-func GetClusterRole(name string) (*v1.ClusterRole, error) {
-
-	role, err := clusterRoleLister.Get(name)
-
-	if err != nil {
-		return nil, err
-	}
-	return role.DeepCopy(), nil
-}
-
-func GetRoles(namespace string, username string) ([]v1.Role, error) {
-	roleBindings, err := roleBindingLister.RoleBindings(namespace).List(labels.Everything())
-
-	if err != nil {
-		return nil, err
-	}
-
-	roles := make([]v1.Role, 0)
-
-	for _, roleBinding := range roleBindings {
-
-		for _, subject := range roleBinding.Subjects {
-			if subject.Kind == v1.UserKind && subject.Name == username {
-				if roleBinding.RoleRef.Kind == ClusterRoleKind {
-					clusterRole, err := clusterRoleLister.Get(roleBinding.RoleRef.Name)
-					if err == nil {
-						var role = v1.Role{TypeMeta: (*clusterRole).TypeMeta, ObjectMeta: (*clusterRole).ObjectMeta, Rules: (*clusterRole).Rules}
-						role.Namespace = roleBinding.Namespace
-						roles = append(roles, role)
-						break
-					} else if apierrors.IsNotFound(err) {
-						glog.Infoln(err.Error())
-						break
-					} else {
-						return nil, err
-					}
-
-				} else {
-					if subject.Kind == v1.UserKind && subject.Name == username {
-						role, err := roleLister.Roles(roleBinding.Namespace).Get(roleBinding.RoleRef.Name)
-						if err == nil {
-							roles = append(roles, *role)
-							break
-						} else if apierrors.IsNotFound(err) {
-							glog.Infoln(err.Error())
-							break
-						} else {
-							return nil, err
-						}
-
-					}
-
-				}
-			}
-		}
-
-	}
-
-	return roles, nil
-}
-
-// Get cluster roles by username
-func GetClusterRoles(username string) ([]v1.ClusterRole, error) {
-	clusterRoleBindings, err := clusterRoleBindingLister.List(labels.Everything())
-
-	if err != nil {
-		return nil, err
-	}
-
-	roles := make([]v1.ClusterRole, 0)
-
-	for _, roleBinding := range clusterRoleBindings {
-		for _, subject := range roleBinding.Subjects {
-			if subject.Kind == v1.UserKind && subject.Name == username {
-				if roleBinding.RoleRef.Kind == ClusterRoleKind {
-					role, err := clusterRoleLister.Get(roleBinding.RoleRef.Name)
-					if err == nil {
-						role = role.DeepCopy()
-						if role.Annotations == nil {
-							role.Annotations = make(map[string]string, 0)
-						}
-						role.Annotations["rbac.authorization.k8s.io/clusterrolebinding"] = roleBinding.Name
-						if roleBinding.Annotations != nil &&
-							roleBinding.Annotations["rbac.authorization.k8s.io/clusterrole"] == roleBinding.RoleRef.Name {
-							role.Annotations["rbac.authorization.k8s.io/clusterrole"] = "true"
-						}
-						roles = append(roles, *role)
-						break
-					} else if apierrors.IsNotFound(err) {
-						glog.Warning(err)
-						break
-					} else {
-						return nil, err
-					}
-				}
-			}
-		}
-	}
-
-	return roles, nil
-}
-
 func RulesMatchesRequired(rules []v1.PolicyRule, required v1.PolicyRule) bool {
 	for _, rule := range rules {
 		if ruleMatchesRequired(rule, required) {
@@ -323,139 +214,3 @@ func RulesMatchesRequired(rules []v1.PolicyRule, required v1.PolicyRule) bool {
 	}
 	return false
 }
-
-func ruleMatchesRequired(rule v1.PolicyRule, required v1.PolicyRule) bool {
-
-	if len(required.NonResourceURLs) == 0 {
-		for _, apiGroup := range required.APIGroups {
-			for _, resource := range required.Resources {
-				resources := strings.Split(resource, "/")
-				resource = resources[0]
-				var subsource string
-				if len(resources) > 1 {
-					subsource = resources[1]
-				}
-
-				if len(required.ResourceNames) == 0 {
-					for _, verb := range required.Verbs {
-						if !ruleMatchesRequest(rule, apiGroup, "", resource, subsource, "", verb) {
-							return false
-						}
-					}
-				} else {
-					for _, resourceName := range required.ResourceNames {
-						for _, verb := range required.Verbs {
-							if !ruleMatchesRequest(rule, apiGroup, "", resource, subsource, resourceName, verb) {
-								return false
-							}
-						}
-					}
-				}
-			}
-		}
-	} else {
-		for _, apiGroup := range required.APIGroups {
-			for _, nonResourceURL := range required.NonResourceURLs {
-				for _, verb := range required.Verbs {
-					if !ruleMatchesRequest(rule, apiGroup, nonResourceURL, "", "", "", verb) {
-						return false
-					}
-				}
-			}
-		}
-	}
-	return true
-}
-
-func ruleMatchesResources(rule v1.PolicyRule, apiGroup string, resource string, subresource string, resourceName string) bool {
-
-	if resource == "" {
-		return false
-	}
-
-	if !hasString(rule.APIGroups, apiGroup) && !hasString(rule.APIGroups, v1.ResourceAll) {
-		return false
-	}
-
-	if len(rule.ResourceNames) > 0 && !hasString(rule.ResourceNames, resourceName) {
-		return false
-	}
-
-	combinedResource := resource
-
-	if subresource != "" {
-		combinedResource = combinedResource + "/" + subresource
-	}
-
-	for _, res := range rule.Resources {
-
-		// match "*"
-		if res == v1.ResourceAll || res == combinedResource {
-			return true
-		}
-
-		// match "*/subresource"
-		if len(subresource) > 0 && strings.HasPrefix(res, "*/") && subresource == strings.TrimLeft(res, "*/") {
-			return true
-		}
-		// match "resource/*"
-		if strings.HasSuffix(res, "/*") && resource == strings.TrimRight(res, "/*") {
-			return true
-		}
-	}
-
-	return false
-}
-
-func ruleMatchesRequest(rule v1.PolicyRule, apiGroup string, nonResourceURL string, resource string, subresource string, resourceName string, verb string) bool {
-
-	if !hasString(rule.Verbs, verb) && !hasString(rule.Verbs, v1.VerbAll) {
-		return false
-	}
-
-	if nonResourceURL == "" {
-		return ruleMatchesResources(rule, apiGroup, resource, subresource, resourceName)
-	} else {
-		return ruleMatchesNonResource(rule, nonResourceURL)
-	}
-}
-
-func ruleMatchesNonResource(rule v1.PolicyRule, nonResourceURL string) bool {
-
-	if nonResourceURL == "" {
-		return false
-	}
-
-	for _, spec := range rule.NonResourceURLs {
-		if pathMatches(nonResourceURL, spec) {
-			return true
-		}
-	}
-
-	return false
-}
-
-func pathMatches(path, spec string) bool {
-	// Allow wildcard match
-	if spec == "*" {
-		return true
-	}
-	// Allow exact match
-	if spec == path {
-		return true
-	}
-	// Allow a trailing * subpath match
-	if strings.HasSuffix(spec, "*") && strings.HasPrefix(path, strings.TrimRight(spec, "*")) {
-		return true
-	}
-	return false
-}
-
-func hasString(slice []string, value string) bool {
-	for _, s := range slice {
-		if s == value {
-			return true
-		}
-	}
-	return false
-}

pkg/models/iam/path.go

@@ -0,0 +1,76 @@
+/*
+
+ Copyright 2019 The KubeSphere Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/
+package iam
+
+import (
+	"fmt"
+	"kubesphere.io/kubesphere/pkg/client"
+	"regexp"
+	"strings"
+)
+
+func convertDNToPath(dn string) string {
+
+	paths := regexp.MustCompile("cn=[a-z0-9]([-a-z0-9]*[a-z0-9])?").FindAllString(dn, -1)
+
+	if len(paths) > 1 {
+		for i := 0; i < len(paths); i++ {
+			paths[i] = strings.Replace(paths[i], "cn=", "", 1)
+		}
+		for i, j := 0, len(paths)-1; i < j; i, j = i+1, j-1 {
+			paths[i], paths[j] = paths[j], paths[i]
+		}
+		return strings.Join(paths, ":")
+	} else if len(paths) == 1 {
+		return strings.Replace(paths[0], "cn=", "", -1)
+	} else {
+		return ""
+	}
+}
+
+func splitPath(path string) (searchBase string, cn string) {
+
+	paths := strings.Split(path, ":")
+	length := len(paths)
+	if length > 2 {
+
+		cn = paths[length-1]
+		basePath := paths[:length-1]
+
+		for i := 0; i < len(basePath); i++ {
+			basePath[i] = fmt.Sprintf("cn=%s", basePath[i])
+		}
+
+		for i, j := 0, length-2; i < j; i, j = i+1, j-1 {
+			basePath[i], basePath[j] = basePath[j], basePath[i]
+		}
+
+		searchBase = fmt.Sprintf("%s,%s", strings.Join(basePath, ","), client.GroupSearchBase)
+	} else if length == 2 {
+		searchBase = fmt.Sprintf("cn=%s,%s", paths[0], client.GroupSearchBase)
+		cn = paths[1]
+	} else {
+		searchBase = client.GroupSearchBase
+		if paths[0] == "" {
+			cn = "*"
+		} else {
+			cn = paths[0]
+		}
+	}
+	return
+}

pkg/models/iam/types.go

@@ -1,39 +0,0 @@
-package iam
-
-import (
-	"k8s.io/api/rbac/v1"
-)
-
-type Action struct {
-	Name  string          `json:"name"`
-	Rules []v1.PolicyRule `json:"rules"`
-}
-
-type Rule struct {
-	Name    string   `json:"name"`
-	Actions []Action `json:"actions"`
-}
-
-type SimpleRule struct {
-	Name    string   `json:"name"`
-	Actions []string `json:"actions"`
-}
-
-type User struct {
-	Username       string                  `json:"username"`
-	Groups         []string                `json:"groups"`
-	Password       string                  `json:"password,omitempty"`
-	AvatarUrl      string                  `json:"avatar_url"`
-	Description    string                  `json:"description"`
-	Email          string                  `json:"email"`
-	LastLoginTime  string                  `json:"last_login_time"`
-	Status         int                     `json:"status"`
-	ClusterRole    string                  `json:"cluster_role"`
-	ClusterRules   []SimpleRule            `json:"cluster_rules,omitempty"`
-	Roles          map[string]string       `json:"roles,omitempty"`
-	Rules          map[string][]SimpleRule `json:"rules,omitempty"`
-	Role           string                  `json:"role,omitempty"`
-	WorkspaceRoles map[string]string       `json:"workspace_roles,omitempty"`
-	WorkspaceRole  string                  `json:"workspace_role,omitempty"`
-	WorkspaceRules map[string][]SimpleRule `json:"workspace_rules,omitempty"`
-}

pkg/models/kubeconfig/kubeconfig.go

@@ -258,7 +258,7 @@ func CreateKubeConfig(user string) error {
 		configMap := v1.ConfigMap{TypeMeta: metaV1.TypeMeta{Kind: "Configmap", APIVersion: "v1"}, ObjectMeta: metaV1.ObjectMeta{Name: user}, Data: data}
 		_, err = k8sClient.CoreV1().ConfigMaps(constants.KubeSphereControlNamespace).Create(&configMap)
 		if err != nil && !errors.IsAlreadyExists(err) {
-			glog.Errorf("create user %s's kubeConfig failed, reason: %s", user, err)
+			glog.Errorf("create user %s's kubeConfig failed, reason: %v", user, err)
 			return err
 		}
 	}
@@ -271,7 +271,7 @@ func GetKubeConfig(user string) (string, error) {
 	k8sClient := client.K8sClient()
 	configMap, err := k8sClient.CoreV1().ConfigMaps(constants.KubeSphereControlNamespace).Get(user, metaV1.GetOptions{})
 	if err != nil {
-		glog.Errorf("cannot get user %s's kubeConfig, reason: %s", user, err)
+		glog.Errorf("cannot get user %s's kubeConfig, reason: %v", user, err)
 		return "", err
 	}
 	return configMap.Data[kubectlConfigKey], nil
@@ -287,7 +287,7 @@ func DelKubeConfig(user string) error {
 	deletePolicy := metaV1.DeletePropagationBackground
 	err = k8sClient.CoreV1().ConfigMaps(constants.KubeSphereControlNamespace).Delete(user, &metaV1.DeleteOptions{PropagationPolicy: &deletePolicy})
 	if err != nil {
-		glog.Errorf("delete user %s's kubeConfig failed, reason: %s", user, err)
+		glog.Errorf("delete user %s's kubeConfig failed, reason: %v", user, err)
 		return err
 	}
 	return nil

pkg/models/kubectl/kubectl.go

@@ -20,6 +20,7 @@ package kubectl
 
 import (
 	"fmt"
+	"kubesphere.io/kubesphere/pkg/models"
 	"math/rand"
 
 	"github.com/golang/glog"
@@ -38,18 +39,12 @@ const (
 	namespace = constants.KubeSphereControlNamespace
 )
 
-type PodInfo struct {
+func GetKubectlPod(username string) (models.PodInfo, error) {
-	Namespace string `json:"namespace"`
-	Pod       string `json:"pod"`
-	Container string `json:"container"`
-}
-
-func GetKubectlPod(username string) (PodInfo, error) {
 	k8sClient := client.K8sClient()
 	deploy, err := k8sClient.AppsV1beta2().Deployments(namespace).Get(username, metav1.GetOptions{})
 	if err != nil {
 		glog.Errorln(err)
-		return PodInfo{}, err
+		return models.PodInfo{}, err
 	}
 
 	selectors := deploy.Spec.Selector.MatchLabels
@@ -57,16 +52,16 @@ func GetKubectlPod(username string) (PodInfo, error) {
 	podList, err := k8sClient.CoreV1().Pods(namespace).List(metav1.ListOptions{LabelSelector: labelSelector})
 	if err != nil {
 		glog.Errorln(err)
-		return PodInfo{}, err
+		return models.PodInfo{}, err
 	}
 
 	pod, err := selectCorrectPod(namespace, podList.Items)
 	if err != nil {
 		glog.Errorln(err)
-		return PodInfo{}, err
+		return models.PodInfo{}, err
 	}
 
-	info := PodInfo{Namespace: pod.Namespace, Pod: pod.Name, Container: pod.Status.ContainerStatuses[0].Name}
+	info := models.PodInfo{Namespace: pod.Namespace, Pod: pod.Name, Container: pod.Status.ContainerStatuses[0].Name}
 
 	return info, nil
 

pkg/models/metrics/metrics.go

@@ -20,14 +20,13 @@ package metrics
 
 import (
 	"fmt"
+	"kubesphere.io/kubesphere/pkg/models"
 	"net/url"
 	"regexp"
 	"strings"
 	"sync"
 	"time"
 
-	v12 "k8s.io/client-go/listers/core/v1"
-
 	"kubesphere.io/kubesphere/pkg/constants"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/models/components"
@@ -50,7 +49,6 @@ import (
 var (
 	jsonIter           = jsoniter.ConfigCompatibleWithStandardLibrary
 	nodeStatusDelLabel = []string{"endpoint", "instance", "job", "namespace", "pod", "service"}
-	nodeLister         v12.NodeLister
 )
 
 const (
@@ -126,10 +124,6 @@ type OneComponentStatus struct {
 	Error string `json:"error,omitempty"`
 }
 
-func init() {
-	nodeLister = informers.SharedInformerFactory().Core().V1().Nodes().Lister()
-}
-
 func getAllWorkspaceNames(formatedMetric *FormatedMetric) map[string]int {
 
 	var wsMap = make(map[string]int)
@@ -197,12 +191,12 @@ func unifyMetricHistoryTimeRange(fmtMetrics *FormatedMetric) {
 	var timestampMap = make(map[float64]bool)
 
 	if fmtMetrics.Data.ResultType == ResultTypeMatrix {
-		for i, _ := range fmtMetrics.Data.Result {
+		for i := range fmtMetrics.Data.Result {
 			values, exist := fmtMetrics.Data.Result[i][ResultItemValues]
 			if exist {
 				valueArray, sure := values.([]interface{})
 				if sure {
-					for j, _ := range valueArray {
+					for j := range valueArray {
 						timeAndValue := valueArray[j].([]interface{})
 						timestampMap[float64(timeAndValue[0].(uint64))] = true
 					}
@@ -213,7 +207,7 @@ func unifyMetricHistoryTimeRange(fmtMetrics *FormatedMetric) {
 
 	timestampArray := make([]float64, len(timestampMap))
 	i := 0
-	for timestamp, _ := range timestampMap {
+	for timestamp := range timestampMap {
 		timestampArray[i] = timestamp
 		i++
 	}
@@ -230,7 +224,7 @@ func unifyMetricHistoryTimeRange(fmtMetrics *FormatedMetric) {
 					formatValueArray := make([][]interface{}, len(timestampArray))
 					j := 0
 
-					for k, _ := range timestampArray {
+					for k := range timestampArray {
 						valueItem, sure := valueArray[j].([]interface{})
 						if sure && float64(valueItem[0].(uint64)) == timestampArray[k] {
 							formatValueArray[k] = []interface{}{int64(timestampArray[k]), valueItem[1]}
@@ -294,7 +288,7 @@ func GetMetric(queryType, params, metricName string) *FormatedMetric {
 }
 
 func GetNodeAddressInfo() *map[string][]v1.NodeAddress {
-
+	nodeLister := informers.SharedInformerFactory().Core().V1().Nodes().Lister()
 	nodes, err := nodeLister.List(labels.Everything())
 
 	if err != nil {
@@ -938,7 +932,7 @@ func MonitorComponentStatus(monitoringRequest *client.MonitoringRequestParams) *
 		nsStatus, exist := Components[ns]
 		if exist {
 			for _, nsStatusItem := range nsStatus.(map[string]interface{}) {
-				component := nsStatusItem.(components.Component)
+				component := nsStatusItem.(models.Component)
 				namespaceComponentTotalMap[ns] += 1
 				if component.HealthyBackends != 0 && component.HealthyBackends == component.TotalBackends {
 					namespaceComponentHealthyMap[ns] += 1

pkg/models/nodes/nodes.go

@@ -33,7 +33,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/wait"
 
 	"kubesphere.io/kubesphere/pkg/client"
-	"kubesphere.io/kubesphere/pkg/errors"
 )
 
 func DrainNode(nodename string) (err error) {
@@ -45,7 +44,7 @@ func DrainNode(nodename string) (err error) {
 	}
 
 	if node.Spec.Unschedulable {
-		return errors.New(errors.Conflict, fmt.Sprintf("node %s have been drained", nodename))
+		return fmt.Errorf("node %s have been drained", nodename)
 	}
 
 	data := []byte(" {\"spec\":{\"unschedulable\":true}}")

pkg/models/quotas/quotas.go

@@ -23,10 +23,10 @@ import (
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/labels"
-	v12 "k8s.io/client-go/listers/core/v1"
-
 	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/models"
 	"kubesphere.io/kubesphere/pkg/models/resources"
+	"kubesphere.io/kubesphere/pkg/params"
 )
 
 const (
@@ -51,27 +51,17 @@ var (
 		statefulsetsKey: resources.StatefulSets, persistentvolumeclaimsKey: resources.PersistentVolumeClaims, podsKey: resources.Pods,
 		namespaceKey: resources.Namespaces, storageClassesKey: resources.StorageClasses, clusterRolesKey: resources.ClusterRoles,
 		jobsKey: resources.Jobs, cronJobsKey: resources.CronJobs}
-	resouceQuotaLister v12.ResourceQuotaLister
 )
 
-type ResourceQuota struct {
-	Namespace string                 `json:"namespace"`
-	Data      v1.ResourceQuotaStatus `json:"data"`
-}
-
 func getUsage(namespace, resource string) (int, error) {
-	list, err := resources.ListNamespaceResource(namespace, resource, "", "", false, -1, 0)
+	list, err := resources.ListNamespaceResource(namespace, resource, &params.Conditions{}, "", false, -1, 0)
 	if err != nil {
 		return 0, err
 	}
 	return list.TotalCount, nil
 }
 
-func init() {
+func GetClusterQuotas() (*models.ResourceQuota, error) {
-	resouceQuotaLister = informers.SharedInformerFactory().Core().V1().ResourceQuotas().Lister()
-}
-
-func GetClusterQuotas() (*ResourceQuota, error) {
 
 	quota := v1.ResourceQuotaStatus{Hard: make(v1.ResourceList), Used: make(v1.ResourceList)}
 
@@ -85,11 +75,11 @@ func GetClusterQuotas() (*ResourceQuota, error) {
 		quota.Used[v1.ResourceName(k)] = quantity
 	}
 
-	return &ResourceQuota{Namespace: "\"\"", Data: quota}, nil
+	return &models.ResourceQuota{Namespace: "\"\"", Data: quota}, nil
 
 }
 
-func GetNamespaceQuotas(namespace string) (*ResourceQuota, error) {
+func GetNamespaceQuotas(namespace string) (*models.ResourceQuota, error) {
 	quota, err := getNamespaceResourceQuota(namespace)
 	if err != nil {
 		glog.Error(err)
@@ -115,7 +105,7 @@ func GetNamespaceQuotas(namespace string) (*ResourceQuota, error) {
 		}
 	}
 
-	return &ResourceQuota{Namespace: namespace, Data: *quota}, nil
+	return &models.ResourceQuota{Namespace: namespace, Data: *quota}, nil
 }
 
 func updateNamespaceQuota(tmpResourceList, resourceList v1.ResourceList) {
@@ -135,7 +125,8 @@ func updateNamespaceQuota(tmpResourceList, resourceList v1.ResourceList) {
 }
 
 func getNamespaceResourceQuota(namespace string) (*v1.ResourceQuotaStatus, error) {
-	quotaList, err := resouceQuotaLister.ResourceQuotas(namespace).List(labels.Everything())
+	resourceQuotaLister := informers.SharedInformerFactory().Core().V1().ResourceQuotas().Lister()
+	quotaList, err := resourceQuotaLister.ResourceQuotas(namespace).List(labels.Everything())
 	if err != nil || len(quotaList) == 0 {
 		return nil, err
 	}

pkg/models/registries/registries.go

@@ -20,12 +20,11 @@ package registries
 import (
 	"context"
 	"encoding/base64"
+	"fmt"
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/golang/glog"
-
-	"kubesphere.io/kubesphere/pkg/errors"
 )
 
 type AuthInfo struct {
@@ -62,6 +61,6 @@ func RegistryVerify(authInfo AuthInfo) error {
 	if resp.Status == loginSuccess {
 		return nil
 	} else {
-		return errors.New(errors.VerifyFailed, resp.Status)
+		return fmt.Errorf(resp.Status)
 	}
 }

pkg/models/resources/clusterroles.go

@@ -18,19 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
 	rbac "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/client-go/listers/rbac/v1"
 )
 
 type clusterRoleSearcher struct {
-	clusterRoleLister v1.ClusterRoleLister
 }
 
-// exactly match
+// exactly Match
 func (*clusterRoleSearcher) match(match map[string]string, item *rbac.ClusterRole) bool {
 	for k, v := range match {
 		switch k {
@@ -45,7 +45,7 @@ func (*clusterRoleSearcher) match(match map[string]string, item *rbac.ClusterRol
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*clusterRoleSearcher) fuzzy(fuzzy map[string]string, item *rbac.ClusterRole) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -86,8 +86,8 @@ func (*clusterRoleSearcher) compare(a, b *rbac.ClusterRole, orderBy string) bool
 	}
 }
 
-func (s *clusterRoleSearcher) search(conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *clusterRoleSearcher) search(conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	clusterRoles, err := s.clusterRoleLister.List(labels.Everything())
+	clusterRoles, err := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister().List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -95,11 +95,11 @@ func (s *clusterRoleSearcher) search(conditions *conditions, orderBy string, rev
 
 	result := make([]*rbac.ClusterRole, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = clusterRoles
 	} else {
 		for _, item := range clusterRoles {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/configmaps.go

@@ -18,20 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/core/v1"
-
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type configMapSearcher struct {
-	configMapLister lister.ConfigMapLister
 }
 
-// exactly match
+// exactly Match
 func (*configMapSearcher) match(match map[string]string, item *v1.ConfigMap) bool {
 	for k, v := range match {
 		switch k {
@@ -46,7 +45,7 @@ func (*configMapSearcher) match(match map[string]string, item *v1.ConfigMap) boo
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*configMapSearcher) fuzzy(fuzzy map[string]string, item *v1.ConfigMap) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -91,8 +90,8 @@ func (*configMapSearcher) compare(a, b *v1.ConfigMap, orderBy string) bool {
 	}
 }
 
-func (s *configMapSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *configMapSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	configMaps, err := s.configMapLister.ConfigMaps(namespace).List(labels.Everything())
+	configMaps, err := informers.SharedInformerFactory().Core().V1().ConfigMaps().Lister().ConfigMaps(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -100,11 +99,11 @@ func (s *configMapSearcher) search(namespace string, conditions *conditions, ord
 
 	result := make([]*v1.ConfigMap, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = configMaps
 	} else {
 		for _, item := range configMaps {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/cronjobs.go

@@ -18,28 +18,28 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/batch/v2alpha1"
+	"k8s.io/api/batch/v1beta1"
 
-	"k8s.io/api/batch/v2alpha1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type cronJobSearcher struct {
-	cronJobLister lister.CronJobLister
 }
 
-func cronJobStatus(item *v2alpha1.CronJob) string {
+func cronJobStatus(item *v1beta1.CronJob) string {
 	if item.Spec.Suspend != nil && *item.Spec.Suspend {
 		return paused
 	}
 	return running
 }
 
-// Exactly match
+// Exactly Match
-func (*cronJobSearcher) match(match map[string]string, item *v2alpha1.CronJob) bool {
+func (*cronJobSearcher) match(match map[string]string, item *v1beta1.CronJob) bool {
 	for k, v := range match {
 		switch k {
 		case status:
@@ -53,7 +53,7 @@ func (*cronJobSearcher) match(match map[string]string, item *v2alpha1.CronJob) b
 	return true
 }
 
-func (*cronJobSearcher) fuzzy(fuzzy map[string]string, item *v2alpha1.CronJob) bool {
+func (*cronJobSearcher) fuzzy(fuzzy map[string]string, item *v1beta1.CronJob) bool {
 
 	for k, v := range fuzzy {
 		switch k {
@@ -88,7 +88,7 @@ func (*cronJobSearcher) fuzzy(fuzzy map[string]string, item *v2alpha1.CronJob) b
 	return true
 }
 
-func (*cronJobSearcher) compare(a, b *v2alpha1.CronJob, orderBy string) bool {
+func (*cronJobSearcher) compare(a, b *v1beta1.CronJob, orderBy string) bool {
 	switch orderBy {
 	case createTime:
 		return a.CreationTimestamp.Time.After(b.CreationTimestamp.Time)
@@ -99,20 +99,20 @@ func (*cronJobSearcher) compare(a, b *v2alpha1.CronJob, orderBy string) bool {
 	}
 }
 
-func (s *cronJobSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *cronJobSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	cronJobs, err := s.cronJobLister.CronJobs(namespace).List(labels.Everything())
+	cronJobs, err := informers.SharedInformerFactory().Batch().V1beta1().CronJobs().Lister().CronJobs(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
 	}
 
-	result := make([]*v2alpha1.CronJob, 0)
+	result := make([]*v1beta1.CronJob, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = cronJobs
 	} else {
 		for _, item := range cronJobs {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/daemonsets.go

@@ -18,17 +18,16 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/apps/v1"
-
 	"k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type daemonSetSearcher struct {
-	daemonSetLister lister.DaemonSetLister
 }
 
 func daemonSetStatus(item *v1.DaemonSet) string {
@@ -41,7 +40,7 @@ func daemonSetStatus(item *v1.DaemonSet) string {
 	}
 }
 
-// Exactly match
+// Exactly Match
 func (*daemonSetSearcher) match(match map[string]string, item *v1.DaemonSet) bool {
 	for k, v := range match {
 		switch k {
@@ -102,8 +101,8 @@ func (*daemonSetSearcher) compare(a, b *v1.DaemonSet, orderBy string) bool {
 	}
 }
 
-func (s *daemonSetSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *daemonSetSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	daemonSets, err := s.daemonSetLister.DaemonSets(namespace).List(labels.Everything())
+	daemonSets, err := informers.SharedInformerFactory().Apps().V1().DaemonSets().Lister().DaemonSets(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -111,11 +110,11 @@ func (s *daemonSetSearcher) search(namespace string, conditions *conditions, ord
 
 	result := make([]*v1.DaemonSet, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = daemonSets
 	} else {
 		for _, item := range daemonSets {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/deployments.go

@@ -18,18 +18,17 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/apps/v1"
-
 	"k8s.io/apimachinery/pkg/labels"
 
 	"k8s.io/api/apps/v1"
 )
 
 type deploymentSearcher struct {
-	deploymentLister lister.DeploymentLister
 }
 
 func deploymentStatus(item *v1.Deployment) string {
@@ -45,7 +44,7 @@ func deploymentStatus(item *v1.Deployment) string {
 	return stopped
 }
 
-// Exactly match
+// Exactly Match
 func (*deploymentSearcher) match(match map[string]string, item *v1.Deployment) bool {
 	for k, v := range match {
 		switch k {
@@ -106,8 +105,8 @@ func (*deploymentSearcher) compare(a, b *v1.Deployment, orderBy string) bool {
 	}
 }
 
-func (s *deploymentSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *deploymentSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	deployments, err := s.deploymentLister.Deployments(namespace).List(labels.Everything())
+	deployments, err := informers.SharedInformerFactory().Apps().V1().Deployments().Lister().Deployments(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -115,11 +114,11 @@ func (s *deploymentSearcher) search(namespace string, conditions *conditions, or
 
 	result := make([]*v1.Deployment, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = deployments
 	} else {
 		for _, item := range deployments {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/ingresses.go

@@ -18,21 +18,20 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/extensions/v1beta1"
-
 	extensions "k8s.io/api/extensions/v1beta1"
 
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type ingressSearcher struct {
-	ingressLister lister.IngressLister
 }
 
-// exactly match
+// exactly Match
 func (*ingressSearcher) match(match map[string]string, item *extensions.Ingress) bool {
 	for k, v := range match {
 		switch k {
@@ -47,7 +46,7 @@ func (*ingressSearcher) match(match map[string]string, item *extensions.Ingress)
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*ingressSearcher) fuzzy(fuzzy map[string]string, item *extensions.Ingress) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -92,8 +91,8 @@ func (*ingressSearcher) compare(a, b *extensions.Ingress, orderBy string) bool {
 	}
 }
 
-func (s *ingressSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *ingressSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	ingresses, err := s.ingressLister.Ingresses(namespace).List(labels.Everything())
+	ingresses, err := informers.SharedInformerFactory().Extensions().V1beta1().Ingresses().Lister().Ingresses(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -101,11 +100,11 @@ func (s *ingressSearcher) search(namespace string, conditions *conditions, order
 
 	result := make([]*extensions.Ingress, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = ingresses
 	} else {
 		for _, item := range ingresses {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/jobs.go

@@ -18,37 +18,36 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 	"time"
 
-	lister "k8s.io/client-go/listers/batch/v1"
+	batchv1 "k8s.io/api/batch/v1"
-
+	corev1 "k8s.io/api/core/v1"
-	batchV1 "k8s.io/api/batch/v1"
-	coreV1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type jobSearcher struct {
-	jobLister lister.JobLister
 }
 
-func jobStatus(item *batchV1.Job) string {
+func jobStatus(item *batchv1.Job) string {
 	status := ""
 
 	for _, condition := range item.Status.Conditions {
-		if condition.Type == batchV1.JobFailed && condition.Status == coreV1.ConditionTrue {
+		if condition.Type == batchv1.JobFailed && condition.Status == corev1.ConditionTrue {
 			status = failed
 		}
-		if condition.Type == batchV1.JobComplete && condition.Status == coreV1.ConditionTrue {
+		if condition.Type == batchv1.JobComplete && condition.Status == corev1.ConditionTrue {
 			status = complete
 		}
 	}
 	return status
 }
 
-// Exactly match
+// Exactly Match
-func (*jobSearcher) match(match map[string]string, item *batchV1.Job) bool {
+func (*jobSearcher) match(match map[string]string, item *batchv1.Job) bool {
 	for k, v := range match {
 		switch k {
 		case status:
@@ -62,7 +61,7 @@ func (*jobSearcher) match(match map[string]string, item *batchV1.Job) bool {
 	return true
 }
 
-func (*jobSearcher) fuzzy(fuzzy map[string]string, item *batchV1.Job) bool {
+func (*jobSearcher) fuzzy(fuzzy map[string]string, item *batchv1.Job) bool {
 
 	for k, v := range fuzzy {
 		switch k {
@@ -97,7 +96,7 @@ func (*jobSearcher) fuzzy(fuzzy map[string]string, item *batchV1.Job) bool {
 	return true
 }
 
-func jobUpdateTime(item *batchV1.Job) time.Time {
+func jobUpdateTime(item *batchv1.Job) time.Time {
 	updateTime := item.CreationTimestamp.Time
 	for _, condition := range item.Status.Conditions {
 		if updateTime.Before(condition.LastProbeTime.Time) {
@@ -110,7 +109,7 @@ func jobUpdateTime(item *batchV1.Job) time.Time {
 	return updateTime
 }
 
-func (*jobSearcher) compare(a, b *batchV1.Job, orderBy string) bool {
+func (*jobSearcher) compare(a, b *batchv1.Job, orderBy string) bool {
 	switch orderBy {
 	case updateTime:
 		return jobUpdateTime(a).After(jobUpdateTime(b))
@@ -121,20 +120,20 @@ func (*jobSearcher) compare(a, b *batchV1.Job, orderBy string) bool {
 	}
 }
 
-func (s *jobSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *jobSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	jobs, err := s.jobLister.Jobs(namespace).List(labels.Everything())
+	jobs, err := informers.SharedInformerFactory().Batch().V1().Jobs().Lister().Jobs(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
 	}
 
-	result := make([]*batchV1.Job, 0)
+	result := make([]*batchv1.Job, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = jobs
 	} else {
 		for _, item := range jobs {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/namespaces.go

@@ -18,19 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	lister "k8s.io/client-go/listers/core/v1"
 )
 
 type namespaceSearcher struct {
-	namespaceLister lister.NamespaceLister
 }
 
-// exactly match
+// exactly Match
 func (*namespaceSearcher) match(match map[string]string, item *v1.Namespace) bool {
 	for k, v := range match {
 		switch k {
@@ -45,7 +45,7 @@ func (*namespaceSearcher) match(match map[string]string, item *v1.Namespace) boo
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*namespaceSearcher) fuzzy(fuzzy map[string]string, item *v1.Namespace) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -90,8 +90,8 @@ func (*namespaceSearcher) compare(a, b *v1.Namespace, orderBy string) bool {
 	}
 }
 
-func (s *namespaceSearcher) search(conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *namespaceSearcher) search(conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	namespaces, err := s.namespaceLister.List(labels.Everything())
+	namespaces, err := informers.SharedInformerFactory().Core().V1().Namespaces().Lister().List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -99,11 +99,11 @@ func (s *namespaceSearcher) search(conditions *conditions, orderBy string, rever
 
 	result := make([]*v1.Namespace, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = namespaces
 	} else {
 		for _, item := range namespaces {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/nodes.go

@@ -18,19 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	lister "k8s.io/client-go/listers/core/v1"
 )
 
 type nodeSearcher struct {
-	nodeLister lister.NodeLister
 }
 
-// exactly match
+// exactly Match
 func (*nodeSearcher) match(match map[string]string, item *v1.Node) bool {
 	for k, v := range match {
 		switch k {
@@ -45,7 +45,7 @@ func (*nodeSearcher) match(match map[string]string, item *v1.Node) bool {
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*nodeSearcher) fuzzy(fuzzy map[string]string, item *v1.Node) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -90,8 +90,8 @@ func (*nodeSearcher) compare(a, b *v1.Node, orderBy string) bool {
 	}
 }
 
-func (s *nodeSearcher) search(conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *nodeSearcher) search(conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	nodes, err := s.nodeLister.List(labels.Everything())
+	nodes, err := informers.SharedInformerFactory().Core().V1().Nodes().Lister().List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -99,11 +99,11 @@ func (s *nodeSearcher) search(conditions *conditions, orderBy string, reverse bo
 
 	result := make([]*v1.Node, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = nodes
 	} else {
 		for _, item := range nodes {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/persistentvolumeclaims.go

@@ -18,20 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/core/v1"
-
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type persistentVolumeClaimSearcher struct {
-	persistentVolumeClaimLister lister.PersistentVolumeClaimLister
 }
 
-// exactly match
+// exactly Match
 func (*persistentVolumeClaimSearcher) match(match map[string]string, item *v1.PersistentVolumeClaim) bool {
 	for k, v := range match {
 		switch k {
@@ -46,7 +45,7 @@ func (*persistentVolumeClaimSearcher) match(match map[string]string, item *v1.Pe
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*persistentVolumeClaimSearcher) fuzzy(fuzzy map[string]string, item *v1.PersistentVolumeClaim) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -91,8 +90,8 @@ func (*persistentVolumeClaimSearcher) compare(a, b *v1.PersistentVolumeClaim, or
 	}
 }
 
-func (s *persistentVolumeClaimSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *persistentVolumeClaimSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	persistentVolumeClaims, err := s.persistentVolumeClaimLister.PersistentVolumeClaims(namespace).List(labels.Everything())
+	persistentVolumeClaims, err := informers.SharedInformerFactory().Core().V1().PersistentVolumeClaims().Lister().PersistentVolumeClaims(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -100,11 +99,11 @@ func (s *persistentVolumeClaimSearcher) search(namespace string, conditions *con
 
 	result := make([]*v1.PersistentVolumeClaim, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = persistentVolumeClaims
 	} else {
 		for _, item := range persistentVolumeClaims {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/pods.go

@@ -18,20 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	v12 "k8s.io/client-go/listers/core/v1"
-
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type podSearcher struct {
-	podLister v12.PodLister
 }
 
-// exactly match
+// exactly Match
 func (*podSearcher) match(match map[string]string, item *v1.Pod) bool {
 	for k, v := range match {
 		switch k {
@@ -46,7 +45,7 @@ func (*podSearcher) match(match map[string]string, item *v1.Pod) bool {
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*podSearcher) fuzzy(fuzzy map[string]string, item *v1.Pod) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -91,9 +90,9 @@ func (*podSearcher) compare(a, b *v1.Pod, orderBy string) bool {
 	}
 }
 
-func (s *podSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *podSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
 
-	pods, err := s.podLister.Pods(namespace).List(labels.Everything())
+	pods, err := informers.SharedInformerFactory().Core().V1().Pods().Lister().Pods(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -101,11 +100,11 @@ func (s *podSearcher) search(namespace string, conditions *conditions, orderBy s
 
 	result := make([]*v1.Pod, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = pods
 	} else {
 		for _, item := range pods {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/resources.go

@@ -18,74 +18,35 @@
 package resources
 
 import (
-	"regexp"
+	"fmt"
+	"kubesphere.io/kubesphere/pkg/models"
+	"kubesphere.io/kubesphere/pkg/params"
 	"strings"
-
-	"kubesphere.io/kubesphere/pkg/informers"
-
-	"kubesphere.io/kubesphere/pkg/errors"
 )
 
 func init() {
-	namespacedResources[ConfigMaps] = &configMapSearcher{
+	namespacedResources[ConfigMaps] = &configMapSearcher{}
-		configMapLister: informers.SharedInformerFactory().Core().V1().ConfigMaps().Lister(),
+	namespacedResources[CronJobs] = &cronJobSearcher{}
-	}
+	namespacedResources[DaemonSets] = &daemonSetSearcher{}
-	namespacedResources[CronJobs] = &cronJobSearcher{
+	namespacedResources[Deployments] = &deploymentSearcher{}
-		cronJobLister: informers.SharedInformerFactory().Batch().V2alpha1().CronJobs().Lister(),
+	namespacedResources[Ingresses] = &ingressSearcher{}
-	}
+	namespacedResources[Jobs] = &jobSearcher{}
-	namespacedResources[DaemonSets] = &daemonSetSearcher{
+	namespacedResources[PersistentVolumeClaims] = &persistentVolumeClaimSearcher{}
-		daemonSetLister: informers.SharedInformerFactory().Apps().V1().DaemonSets().Lister(),
+	namespacedResources[Secrets] = &secretSearcher{}
-	}
+	namespacedResources[Services] = &serviceSearcher{}
-	namespacedResources[Deployments] = &deploymentSearcher{
+	namespacedResources[StatefulSets] = &statefulSetSearcher{}
-		deploymentLister: informers.SharedInformerFactory().Apps().V1().Deployments().Lister(),
+	namespacedResources[Pods] = &podSearcher{}
-	}
+	namespacedResources[Roles] = &roleSearcher{}
-	namespacedResources[Ingresses] = &ingressSearcher{
-		ingressLister: informers.SharedInformerFactory().Extensions().V1beta1().Ingresses().Lister(),
-	}
-	namespacedResources[Jobs] = &jobSearcher{
-		jobLister: informers.SharedInformerFactory().Batch().V1().Jobs().Lister(),
-	}
-	namespacedResources[PersistentVolumeClaims] = &persistentVolumeClaimSearcher{
-		persistentVolumeClaimLister: informers.SharedInformerFactory().Core().V1().PersistentVolumeClaims().Lister(),
-	}
-	namespacedResources[Secrets] = &secretSearcher{
-		secretLister: informers.SharedInformerFactory().Core().V1().Secrets().Lister(),
-	}
-	namespacedResources[Services] = &serviceSearcher{
-		serviceLister: informers.SharedInformerFactory().Core().V1().Services().Lister(),
-	}
-	namespacedResources[StatefulSets] = &statefulSetSearcher{
-		statefulSetLister: informers.SharedInformerFactory().Apps().V1().StatefulSets().Lister(),
-	}
-	namespacedResources[Pods] = &podSearcher{
-		podLister: informers.SharedInformerFactory().Core().V1().Pods().Lister(),
-	}
-	namespacedResources[Roles] = &roleSearcher{
-		roleLister: informers.SharedInformerFactory().Rbac().V1().Roles().Lister(),
-	}
 
-	clusterResources[Nodes] = &nodeSearcher{
+	clusterResources[Nodes] = &nodeSearcher{}
-		nodeLister: informers.SharedInformerFactory().Core().V1().Nodes().Lister(),
+	clusterResources[Namespaces] = &namespaceSearcher{}
-	}
+	clusterResources[ClusterRoles] = &clusterRoleSearcher{}
-	clusterResources[Namespaces] = &namespaceSearcher{
+	clusterResources[StorageClasses] = &storageClassesSearcher{}
-		namespaceLister: informers.SharedInformerFactory().Core().V1().Namespaces().Lister(),
-	}
-	clusterResources[ClusterRoles] = &clusterRoleSearcher{
-		clusterRoleLister: informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister(),
-	}
-	clusterResources[StorageClasses] = &storageClassesSearcher{
-		storageClassesLister: informers.SharedInformerFactory().Storage().V1().StorageClasses().Lister(),
-	}
 }
 
 var namespacedResources = make(map[string]namespacedSearcherInterface)
 var clusterResources = make(map[string]clusterSearcherInterface)
 
-type conditions struct {
-	match map[string]string
-	fuzzy map[string]string
-}
-
 const (
 	name                   = "name"
 	label                  = "label"
@@ -123,33 +84,26 @@ const (
 )
 
 type namespacedSearcherInterface interface {
-	search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error)
+	search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error)
 }
 type clusterSearcherInterface interface {
-	search(conditions *conditions, orderBy string, reverse bool) ([]interface{}, error)
+	search(conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error)
 }
 
-func ListNamespaceResource(namespace, resource, conditionStr, orderBy string, reverse bool, limit, offset int) (*ResourceList, error) {
+func ListNamespaceResource(namespace, resource string, conditions *params.Conditions, orderBy string, reverse bool, limit, offset int) (*models.PageableResponse, error) {
 	items := make([]interface{}, 0)
 	total := 0
 	var err error
-
-	conditions, err := parseToConditions(conditionStr)
-
-	if err != nil {
-		return nil, err
-	}
-
 	var result []interface{}
 
 	if searcher, ok := namespacedResources[resource]; ok {
 		result, err = searcher.search(namespace, conditions, orderBy, reverse)
 	} else {
-		return nil, errors.New(errors.NotImplement, "not support")
+		return nil, fmt.Errorf("not support")
 	}
 
 	if err != nil {
-		return nil, errors.New(errors.Internal, err.Error())
+		return nil, err
 	}
 
 	total = len(result)
@@ -160,16 +114,14 @@ func ListNamespaceResource(namespace, resource, conditionStr, orderBy string, re
 		}
 	}
 
-	return &ResourceList{TotalCount: total, Items: items}, nil
+	return &models.PageableResponse{TotalCount: total, Items: items}, nil
 }
 
-func ListClusterResource(resource, conditionStr, orderBy string, reverse bool, limit, offset int) (*ResourceList, error) {
+func ListClusterResource(resource string, conditions *params.Conditions, orderBy string, reverse bool, limit, offset int) (*models.PageableResponse, error) {
 	items := make([]interface{}, 0)
 	total := 0
 	var err error
 
-	conditions, err := parseToConditions(conditionStr)
-
 	if err != nil {
 		return nil, err
 	}
@@ -179,11 +131,11 @@ func ListClusterResource(resource, conditionStr, orderBy string, reverse bool, l
 	if searcher, ok := clusterResources[resource]; ok {
 		result, err = searcher.search(conditions, orderBy, reverse)
 	} else {
-		return nil, errors.New(errors.NotImplement, "not support")
+		return nil, fmt.Errorf("not support")
 	}
 
 	if err != nil {
-		return nil, errors.New(errors.Internal, err.Error())
+		return nil, err
 	}
 
 	total = len(result)
@@ -194,36 +146,7 @@ func ListClusterResource(resource, conditionStr, orderBy string, reverse bool, l
 		}
 	}
 
-	return &ResourceList{TotalCount: total, Items: items}, nil
+	return &models.PageableResponse{TotalCount: total, Items: items}, nil
-}
-
-func parseToConditions(str string) (*conditions, error) {
-	conditions := &conditions{match: make(map[string]string, 0), fuzzy: make(map[string]string, 0)}
-
-	if str == "" {
-		return conditions, nil
-	}
-
-	for _, item := range strings.Split(str, ",") {
-		if strings.Count(item, "=") > 1 || strings.Count(item, "~") > 1 {
-			return nil, errors.New(errors.InvalidArgument, "invalid condition")
-		}
-		if groups := regexp.MustCompile(`(\S+)([=~])(\S+)`).FindStringSubmatch(item); len(groups) == 4 {
-			if groups[2] == "=" {
-				conditions.match[groups[1]] = groups[3]
-			} else {
-				conditions.fuzzy[groups[1]] = groups[3]
-			}
-		} else {
-			return nil, errors.New(errors.InvalidArgument, "invalid condition")
-		}
-	}
-	return conditions, nil
-}
-
-type ResourceList struct {
-	TotalCount int           `json:"total_count"`
-	Items      []interface{} `json:"items"`
 }
 
 func searchFuzzy(m map[string]string, key, value string) bool {

pkg/models/resources/roles.go

@@ -18,20 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
 	rbac "k8s.io/api/rbac/v1"
-	lister "k8s.io/client-go/listers/rbac/v1"
-
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type roleSearcher struct {
-	roleLister lister.RoleLister
 }
 
-// exactly match
+// exactly Match
 func (*roleSearcher) match(match map[string]string, item *rbac.Role) bool {
 	for k, v := range match {
 		switch k {
@@ -46,7 +45,7 @@ func (*roleSearcher) match(match map[string]string, item *rbac.Role) bool {
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*roleSearcher) fuzzy(fuzzy map[string]string, item *rbac.Role) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -87,8 +86,8 @@ func (*roleSearcher) compare(a, b *rbac.Role, orderBy string) bool {
 	}
 }
 
-func (s *roleSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *roleSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	roles, err := s.roleLister.Roles(namespace).List(labels.Everything())
+	roles, err := informers.SharedInformerFactory().Rbac().V1().Roles().Lister().Roles(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -96,11 +95,11 @@ func (s *roleSearcher) search(namespace string, conditions *conditions, orderBy
 
 	result := make([]*rbac.Role, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = roles
 	} else {
 		for _, item := range roles {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/secrets.go

@@ -18,20 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/core/v1"
-
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type secretSearcher struct {
-	secretLister lister.SecretLister
 }
 
-// exactly match
+// exactly Match
 func (*secretSearcher) match(match map[string]string, item *v1.Secret) bool {
 	for k, v := range match {
 		switch k {
@@ -50,7 +49,7 @@ func (*secretSearcher) match(match map[string]string, item *v1.Secret) bool {
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*secretSearcher) fuzzy(fuzzy map[string]string, item *v1.Secret) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -95,8 +94,8 @@ func (*secretSearcher) compare(a, b *v1.Secret, orderBy string) bool {
 	}
 }
 
-func (s *secretSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *secretSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	secrets, err := s.secretLister.Secrets(namespace).List(labels.Everything())
+	secrets, err := informers.SharedInformerFactory().Core().V1().Secrets().Lister().Secrets(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -104,11 +103,11 @@ func (s *secretSearcher) search(namespace string, conditions *conditions, orderB
 
 	result := make([]*v1.Secret, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = secrets
 	} else {
 		for _, item := range secrets {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/services.go

@@ -18,20 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/core/v1"
-
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type serviceSearcher struct {
-	serviceLister lister.ServiceLister
 }
 
-// exactly match
+// exactly Match
 func (*serviceSearcher) match(match map[string]string, item *v1.Service) bool {
 	for k, v := range match {
 		switch k {
@@ -46,7 +45,7 @@ func (*serviceSearcher) match(match map[string]string, item *v1.Service) bool {
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*serviceSearcher) fuzzy(fuzzy map[string]string, item *v1.Service) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -91,8 +90,8 @@ func (*serviceSearcher) compare(a, b *v1.Service, orderBy string) bool {
 	}
 }
 
-func (s *serviceSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *serviceSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	services, err := s.serviceLister.Services(namespace).List(labels.Everything())
+	services, err := informers.SharedInformerFactory().Core().V1().Services().Lister().Services(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -100,11 +99,11 @@ func (s *serviceSearcher) search(namespace string, conditions *conditions, order
 
 	result := make([]*v1.Service, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = services
 	} else {
 		for _, item := range services {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/statefulsets.go

@@ -18,17 +18,16 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
-	lister "k8s.io/client-go/listers/apps/v1"
-
 	"k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
 type statefulSetSearcher struct {
-	statefulSetLister lister.StatefulSetLister
 }
 
 func statefulSetStatus(item *v1.StatefulSet) string {
@@ -44,7 +43,7 @@ func statefulSetStatus(item *v1.StatefulSet) string {
 	return stopped
 }
 
-// Exactly match
+// Exactly Match
 func (*statefulSetSearcher) match(match map[string]string, item *v1.StatefulSet) bool {
 	for k, v := range match {
 		switch k {
@@ -105,8 +104,8 @@ func (*statefulSetSearcher) compare(a, b *v1.StatefulSet, orderBy string) bool {
 	}
 }
 
-func (s *statefulSetSearcher) search(namespace string, conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *statefulSetSearcher) search(namespace string, conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	statefulSets, err := s.statefulSetLister.StatefulSets(namespace).List(labels.Everything())
+	statefulSets, err := informers.SharedInformerFactory().Apps().V1().StatefulSets().Lister().StatefulSets(namespace).List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -114,11 +113,11 @@ func (s *statefulSetSearcher) search(namespace string, conditions *conditions, o
 
 	result := make([]*v1.StatefulSet, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = statefulSets
 	} else {
 		for _, item := range statefulSets {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/resources/storageclasses.go

@@ -18,19 +18,19 @@
 package resources
 
 import (
+	"kubesphere.io/kubesphere/pkg/informers"
+	"kubesphere.io/kubesphere/pkg/params"
 	"sort"
 	"strings"
 
 	"k8s.io/api/storage/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	lister "k8s.io/client-go/listers/storage/v1"
 )
 
 type storageClassesSearcher struct {
-	storageClassesLister lister.StorageClassLister
 }
 
-// exactly match
+// exactly Match
 func (*storageClassesSearcher) match(match map[string]string, item *v1.StorageClass) bool {
 	for k, v := range match {
 		switch k {
@@ -45,7 +45,7 @@ func (*storageClassesSearcher) match(match map[string]string, item *v1.StorageCl
 	return true
 }
 
-// fuzzy searchInNamespace
+// Fuzzy searchInNamespace
 func (*storageClassesSearcher) fuzzy(fuzzy map[string]string, item *v1.StorageClass) bool {
 	for k, v := range fuzzy {
 		switch k {
@@ -86,8 +86,8 @@ func (*storageClassesSearcher) compare(a, b *v1.StorageClass, orderBy string) bo
 	}
 }
 
-func (s *storageClassesSearcher) search(conditions *conditions, orderBy string, reverse bool) ([]interface{}, error) {
+func (s *storageClassesSearcher) search(conditions *params.Conditions, orderBy string, reverse bool) ([]interface{}, error) {
-	storageClasses, err := s.storageClassesLister.List(labels.Everything())
+	storageClasses, err := informers.SharedInformerFactory().Storage().V1().StorageClasses().Lister().List(labels.Everything())
 
 	if err != nil {
 		return nil, err
@@ -95,11 +95,11 @@ func (s *storageClassesSearcher) search(conditions *conditions, orderBy string,
 
 	result := make([]*v1.StorageClass, 0)
 
-	if len(conditions.match) == 0 && len(conditions.fuzzy) == 0 {
+	if len(conditions.Match) == 0 && len(conditions.Fuzzy) == 0 {
 		result = storageClasses
 	} else {
 		for _, item := range storageClasses {
-			if s.match(conditions.match, item) && s.fuzzy(conditions.fuzzy, item) {
+			if s.match(conditions.Match, item) && s.fuzzy(conditions.Fuzzy, item) {
 				result = append(result, item)
 			}
 		}

pkg/models/revisions/revisions.go

@@ -24,29 +24,11 @@ import (
 	"github.com/golang/glog"
 	"k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	lister "k8s.io/client-go/listers/apps/v1"
-
-	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/informers"
 )
 
-var (
-	daemonSetLister          lister.DaemonSetLister
-	deploymentLister         lister.DeploymentLister
-	replicaSetLister         lister.ReplicaSetLister
-	statefulSetLister        lister.StatefulSetLister
-	controllerRevisionLister lister.ControllerRevisionLister
-)
-
-func init() {
-	daemonSetLister = informers.SharedInformerFactory().Apps().V1().DaemonSets().Lister()
-	deploymentLister = informers.SharedInformerFactory().Apps().V1().Deployments().Lister()
-	replicaSetLister = informers.SharedInformerFactory().Apps().V1().ReplicaSets().Lister()
-	statefulSetLister = informers.SharedInformerFactory().Apps().V1().StatefulSets().Lister()
-	controllerRevisionLister = informers.SharedInformerFactory().Apps().V1().ControllerRevisions().Lister()
-}
-
 func GetDeployRevision(namespace, name, revision string) (*v1.ReplicaSet, error) {
+	deploymentLister := informers.SharedInformerFactory().Apps().V1().Deployments().Lister()
 	deploy, err := deploymentLister.Deployments(namespace).Get(name)
 	if err != nil {
 		glog.Errorf("get deployment %s failed, reason: %s", name, err)
@@ -56,6 +38,7 @@ func GetDeployRevision(namespace, name, revision string) (*v1.ReplicaSet, error)
 	labelMap := deploy.Spec.Template.Labels
 	labelSelector := labels.Set(labelMap).AsSelector()
 
+	replicaSetLister := informers.SharedInformerFactory().Apps().V1().ReplicaSets().Lister()
 	rsList, err := replicaSetLister.ReplicaSets(namespace).List(labelSelector)
 	if err != nil {
 		return nil, err
@@ -67,11 +50,11 @@ func GetDeployRevision(namespace, name, revision string) (*v1.ReplicaSet, error)
 		}
 	}
 
-	return nil, errors.New(errors.NotFound, fmt.Sprintf("revision not found %v#%v", name, revision))
+	return nil, fmt.Errorf("revision not found %v#%v", name, revision)
 }
 
 func GetDaemonSetRevision(namespace, name string, revisionInt int) (*v1.ControllerRevision, error) {
-
+	daemonSetLister := informers.SharedInformerFactory().Apps().V1().DaemonSets().Lister()
 	ds, err := daemonSetLister.DaemonSets(namespace).Get(name)
 
 	if err != nil {
@@ -84,7 +67,7 @@ func GetDaemonSetRevision(namespace, name string, revisionInt int) (*v1.Controll
 }
 
 func GetStatefulSetRevision(namespace, name string, revisionInt int) (*v1.ControllerRevision, error) {
-
+	statefulSetLister := informers.SharedInformerFactory().Apps().V1().StatefulSets().Lister()
 	st, err := statefulSetLister.StatefulSets(namespace).Get(name)
 
 	if err != nil {
@@ -97,7 +80,7 @@ func GetStatefulSetRevision(namespace, name string, revisionInt int) (*v1.Contro
 func getControllerRevision(namespace, name string, labelMap map[string]string, revision int) (*v1.ControllerRevision, error) {
 
 	labelSelector := labels.Set(labelMap).AsSelector()
-
+	controllerRevisionLister := informers.SharedInformerFactory().Apps().V1().ControllerRevisions().Lister()
 	revisions, err := controllerRevisionLister.ControllerRevisions(namespace).List(labelSelector)
 
 	if err != nil {
@@ -110,5 +93,5 @@ func getControllerRevision(namespace, name string, labelMap map[string]string, r
 		}
 	}
 
-	return nil, errors.New(errors.NotFound, fmt.Sprintf("revision not found %v#%v", name, revision))
+	return nil, fmt.Errorf("revision not found %v#%v", name, revision)
 }

pkg/models/routers/routers.go

@@ -23,15 +23,12 @@ import (
 	"io/ioutil"
 
 	"k8s.io/apimachinery/pkg/labels"
-	v12 "k8s.io/client-go/listers/core/v1"
-
-	"kubesphere.io/kubesphere/pkg/errors"
 	"kubesphere.io/kubesphere/pkg/informers"
 
 	"github.com/golang/glog"
-	coreV1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
-	extensionsV1beta1 "k8s.io/api/extensions/v1beta1"
+	extensionsv1beta1 "k8s.io/api/extensions/v1beta1"
-	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes/scheme"
 
 	"k8s.io/api/rbac/v1"
@@ -43,18 +40,10 @@ import (
 	"kubesphere.io/kubesphere/pkg/models/iam"
 )
 
-var (
+func GetAllRouters() ([]*corev1.Service, error) {
-	serviceLister v12.ServiceLister
-)
-
-func init() {
-	serviceLister = informers.SharedInformerFactory().Core().V1().Services().Lister()
-}
-
-func GetAllRouters() ([]*coreV1.Service, error) {
 
 	selector := labels.SelectorFromSet(labels.Set{"app": "kubesphere", "component": "ks-router", "tier": "backend"})
-
+	serviceLister := informers.SharedInformerFactory().Core().V1().Services().Lister()
 	services, err := serviceLister.Services(constants.IngressControllerNamespace).List(selector)
 
 	if err != nil {
@@ -65,7 +54,7 @@ func GetAllRouters() ([]*coreV1.Service, error) {
 	return services, nil
 }
 
-func GetAllRoutersOfUser(username string) ([]*coreV1.Service, error) {
+func GetAllRoutersOfUser(username string) ([]*corev1.Service, error) {
 	allNamespace, namespaces, err := iam.GetUserNamespaces(username, v1.PolicyRule{
 		Verbs:     []string{"get", "list"},
 		APIGroups: []string{""},
@@ -82,7 +71,7 @@ func GetAllRoutersOfUser(username string) ([]*coreV1.Service, error) {
 		return GetAllRouters()
 	}
 
-	routers := make([]*coreV1.Service, 0)
+	routers := make([]*corev1.Service, 0)
 
 	for _, namespace := range namespaces {
 		router, err := GetRouter(namespace)
@@ -99,11 +88,11 @@ func GetAllRoutersOfUser(username string) ([]*coreV1.Service, error) {
 }
 
 // Get router from a namespace
-func GetRouter(namespace string) (*coreV1.Service, error) {
+func GetRouter(namespace string) (*corev1.Service, error) {
 	serviceName := constants.IngressControllerPrefix + namespace
 
 	selector := labels.SelectorFromSet(labels.Set{"app": "kubesphere", "component": "ks-router", "tier": "backend", "project": namespace})
-
+	serviceLister := informers.SharedInformerFactory().Core().V1().Services().Lister()
 	services, err := serviceLister.Services(constants.IngressControllerNamespace).List(selector)
 
 	if err != nil {
@@ -116,7 +105,7 @@ func GetRouter(namespace string) (*coreV1.Service, error) {
 		}
 	}
 
-	return nil, errors.New(errors.NotFound, fmt.Sprintf("resources not found %s", serviceName))
+	return nil, fmt.Errorf("resources not found %s", serviceName)
 }
 
 // Load all resource yamls
@@ -148,11 +137,11 @@ func LoadYamls() ([]string, error) {
 }
 
 // Create a ingress controller in a namespace
-func CreateRouter(namespace string, routerType coreV1.ServiceType, annotations map[string]string) (*coreV1.Service, error) {
+func CreateRouter(namespace string, routerType corev1.ServiceType, annotations map[string]string) (*corev1.Service, error) {
 
 	k8sClient := client.K8sClient()
 
-	var router *coreV1.Service
+	var router *corev1.Service
 
 	yamls, err := LoadYamls()
 
@@ -170,8 +159,8 @@ func CreateRouter(namespace string, routerType coreV1.ServiceType, annotations m
 		}
 
 		switch obj.(type) {
-		case *coreV1.Service:
+		case *corev1.Service:
-			service := obj.(*coreV1.Service)
+			service := obj.(*corev1.Service)
 
 			service.SetAnnotations(annotations)
 			service.Spec.Type = routerType
@@ -190,8 +179,8 @@ func CreateRouter(namespace string, routerType coreV1.ServiceType, annotations m
 
 			router = service
 
-		case *extensionsV1beta1.Deployment:
+		case *extensionsv1beta1.Deployment:
-			deployment := obj.(*extensionsV1beta1.Deployment)
+			deployment := obj.(*extensionsv1beta1.Deployment)
 			deployment.Name = constants.IngressControllerPrefix + namespace
 
 			// Add project label
@@ -204,7 +193,7 @@ func CreateRouter(namespace string, routerType coreV1.ServiceType, annotations m
 			// Choose self as master
 			deployment.Spec.Template.Spec.Containers[0].Args = append(deployment.Spec.Template.Spec.Containers[0].Args, "--election-id="+deployment.Name)
 
-			if routerType == coreV1.ServiceTypeLoadBalancer {
+			if routerType == corev1.ServiceTypeLoadBalancer {
 				deployment.Spec.Template.Spec.Containers[0].Args = append(deployment.Spec.Template.Spec.Containers[0].Args, "--publish-service="+constants.IngressControllerNamespace+"/"+constants.IngressControllerPrefix+namespace)
 			} else {
 				deployment.Spec.Template.Spec.Containers[0].Args = append(deployment.Spec.Template.Spec.Containers[0].Args, "--report-node-internal-ip-address")
@@ -224,11 +213,11 @@ func CreateRouter(namespace string, routerType coreV1.ServiceType, annotations m
 
 // DeleteRouter is used to delete ingress controller related resources in namespace
 // It will not delete ClusterRole resource cause it maybe used by other controllers
-func DeleteRouter(namespace string) (*coreV1.Service, error) {
+func DeleteRouter(namespace string) (*corev1.Service, error) {
 	k8sClient := client.K8sClient()
 
 	var err error
-	var router *coreV1.Service
+	var router *corev1.Service
 
 	if err != nil {
 		glog.Error(err)
@@ -236,9 +225,9 @@ func DeleteRouter(namespace string) (*coreV1.Service, error) {
 
 	// delete controller service
 	serviceName := constants.IngressControllerPrefix + namespace
-	deleteOptions := metaV1.DeleteOptions{}
+	deleteOptions := meta_v1.DeleteOptions{}
 
-	listOptions := metaV1.ListOptions{
+	listOptions := meta_v1.ListOptions{
 		LabelSelector: "app=kubesphere,component=ks-router,tier=backend,project=" + namespace,
 		FieldSelector: "metadata.name=" + serviceName}
 
@@ -259,7 +248,7 @@ func DeleteRouter(namespace string) (*coreV1.Service, error) {
 	// delete controller deployment
 	deploymentName := constants.IngressControllerPrefix + namespace
 
-	listOptions = metaV1.ListOptions{
+	listOptions = meta_v1.ListOptions{
 		LabelSelector: "app=kubesphere,component=ks-router,tier=backend,project=" + namespace,
 	}
 	deployments, err := k8sClient.ExtensionsV1beta1().Deployments(constants.IngressControllerNamespace).List(listOptions)
@@ -279,10 +268,10 @@ func DeleteRouter(namespace string) (*coreV1.Service, error) {
 }
 
 // Update Ingress Controller Service, change type from NodePort to Loadbalancer or vice versa.
-func UpdateRouter(namespace string, routerType coreV1.ServiceType, annotations map[string]string) (*coreV1.Service, error) {
+func UpdateRouter(namespace string, routerType corev1.ServiceType, annotations map[string]string) (*corev1.Service, error) {
 	k8sClient := client.K8sClient()
 
-	var router *coreV1.Service
+	var router *corev1.Service
 
 	router, err := GetRouter(namespace)
 
@@ -293,7 +282,7 @@ func UpdateRouter(namespace string, routerType coreV1.ServiceType, annotations m
 
 	if router == nil {
 		glog.Error("Trying to update a non-existed router")
-		return nil, errors.New(errors.Internal, "router not created yet")
+		return nil, fmt.Errorf("router not created yet")
 	}
 
 	// from LoadBalancer to NodePort, or vice-versa

pkg/models/status/status.go

@@ -18,7 +18,8 @@
 package status
 
 import (
-	"fmt"
+	"kubesphere.io/kubesphere/pkg/models"
+	"kubesphere.io/kubesphere/pkg/params"
 
 	"kubesphere.io/kubesphere/pkg/models/resources"
 )
@@ -31,7 +32,7 @@ type workLoadStatus struct {
 
 func GetNamespacesResourceStatus(namespace string) (*workLoadStatus, error) {
 	res := workLoadStatus{Count: make(map[string]int), Namespace: namespace, Items: make(map[string]interface{})}
-	var notReadyList *resources.ResourceList
+	var notReadyList *models.PageableResponse
 	var err error
 	for _, resource := range []string{resources.Deployments, resources.StatefulSets, resources.DaemonSets, resources.PersistentVolumeClaims} {
 		notReadyStatus := "updating"
@@ -39,7 +40,7 @@ func GetNamespacesResourceStatus(namespace string) (*workLoadStatus, error) {
 			notReadyStatus = "pending"
 		}
 
-		notReadyList, err = resources.ListNamespaceResource(namespace, resource, fmt.Sprintf("status=%s", notReadyStatus), "", false, -1, 0)
+		notReadyList, err = resources.ListNamespaceResource(namespace, resource, &params.Conditions{Match: map[string]string{"status": notReadyStatus}}, "", false, -1, 0)
 
 		if err != nil {
 			return nil, err

pkg/models/storage/storage.go

@@ -24,9 +24,6 @@ import (
 	storageV1 "k8s.io/api/storage/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/labels"
-	lister "k8s.io/client-go/listers/core/v1"
-	lister2 "k8s.io/client-go/listers/storage/v1"
-
 	"kubesphere.io/kubesphere/pkg/informers"
 )
 
@@ -36,18 +33,12 @@ type ScMetrics struct {
 	PvcNumber string `json:"pvcNumber"`
 }
 
-var (
-	persistentVolumeClaimLister lister.PersistentVolumeClaimLister
-	persistentVolumeLister      lister.PersistentVolumeLister
-	sotrageClassesLister        lister2.StorageClassLister
-)
-
 func init() {
-	persistentVolumeClaimLister = informers.SharedInformerFactory().Core().V1().PersistentVolumeClaims().Lister()
+
-	persistentVolumeLister = informers.SharedInformerFactory().Core().V1().PersistentVolumes().Lister()
 }
 
 func GetPvcListBySc(scName string) ([]*v1.PersistentVolumeClaim, error) {
+	persistentVolumeClaimLister := informers.SharedInformerFactory().Core().V1().PersistentVolumeClaims().Lister()
 	all, err := persistentVolumeClaimLister.List(labels.Everything())
 
 	if err != nil {
@@ -70,6 +61,7 @@ func GetPvcListBySc(scName string) ([]*v1.PersistentVolumeClaim, error) {
 
 // Get info of metrics
 func GetScMetrics(scName string) (*ScMetrics, error) {
+	persistentVolumeLister := informers.SharedInformerFactory().Core().V1().PersistentVolumes().Lister()
 	pvList, err := persistentVolumeLister.List(labels.Everything())
 	if err != nil {
 		return nil, err
@@ -102,7 +94,7 @@ func GetScMetrics(scName string) (*ScMetrics, error) {
 func GetScList() ([]*storageV1.StorageClass, error) {
 
 	// Get StorageClass list
-	scList, err := sotrageClassesLister.List(labels.Everything())
+	scList, err := informers.SharedInformerFactory().Storage().V1().StorageClasses().Lister().List(labels.Everything())
 
 	if err != nil {
 		return nil, err

pkg/models/storage/volumes.go

@@ -20,19 +20,12 @@ package storage
 import (
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	v12 "k8s.io/client-go/listers/core/v1"
-
 	"kubesphere.io/kubesphere/pkg/informers"
 )
 
-var podLister v12.PodLister
-
-func init() {
-	podLister = informers.SharedInformerFactory().Core().V1().Pods().Lister()
-}
-
 // List pods of a specific persistent volume claims
 func GetPodListByPvc(pvc string, ns string) (res []*v1.Pod, err error) {
+	podLister := informers.SharedInformerFactory().Core().V1().Pods().Lister()
 	podList, err := podLister.Pods(ns).List(labels.Everything())
 	if err != nil {
 		return nil, err