Feat: support runnig ks-controller-manager without ldap option

Signed-off-by: yuswift <yuswiftli@yunify.com>
2020-11-16 12:19:07 +08:00
parent 0b18c571a4
commit 69a27e40aa
3 changed files with 17 additions and 9 deletions
--- a/cmd/controller-manager/app/server.go
+++ b/cmd/controller-manager/app/server.go
@@ -118,9 +118,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 	}
 	var ldapClient ldapclient.Interface
-	if s.LdapOptions == nil || len(s.LdapOptions.Host) == 0 {
+	// when there is no ldapOption, we set ldapClient as nil, which means we don't need to sync user info into ldap.
-		return fmt.Errorf("ldap service address MUST not be empty")
+	if s.LdapOptions != nil && len(s.LdapOptions.Host) != 0 {
 	} else {
 		if s.LdapOptions.Host == ldapclient.FAKE_HOST { // for debug only
 			ldapClient = ldapclient.NewSimpleLdap()
 		} else {
@@ -129,6 +128,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
 				return fmt.Errorf("failed to connect to ldap service, please check ldap status, error: %v", err)
 			}
 		}
 	} else {
 		klog.Info("Kubesphere-controller-manager starts without ldap option, it will not sync user into ldap")
 	}
 	var openpitrixClient openpitrix.Client
--- a/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
+++ b/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
@@ -22,6 +22,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/klog"
 	iamv1alpha2listers "kubesphere.io/kubesphere/pkg/client/listers/iam/v1alpha2"
 	"kubesphere.io/kubesphere/pkg/models/iam/im"
 )
--- a/pkg/controller/user/user_controller.go
+++ b/pkg/controller/user/user_controller.go
@@ -287,10 +287,13 @@ func (c *Controller) reconcile(key string) error {
 		if sliceutil.HasString(user.ObjectMeta.Finalizers, finalizer) {
 			klog.V(4).Infof("delete user %s", key)
 			// we do not need to delete the user from ldapServer when ldapClient is nil
 			if c.ldapClient != nil {
 				if err = c.ldapClient.Delete(key); err != nil && err != ldapclient.ErrUserNotExists {
 					klog.Error(err)
 					return err
 				}
 			}
 			if err = c.deleteRoleBindings(user); err != nil {
 				klog.Error(err)
@@ -329,10 +332,13 @@ func (c *Controller) reconcile(key string) error {
 		return nil
 	}
 	// we do not need to sync ldap info when ldapClient is nil
 	if c.ldapClient != nil {
 		if err = c.ldapSync(user); err != nil {
 			klog.Error(err)
 			return err
 		}
 	}
 	if user, err = c.ensurePasswordIsEncrypted(user); err != nil {
 		klog.Error(err)