admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat: support runnig ks-controller-manager without ldap option

Browse Source 
Signed-off-by: yuswift <yuswiftli@yunify.com>
This commit is contained in:
yuswift
2020-11-16 12:19:07 +08:00
parent 0b18c571a4
commit 69a27e40aa
3 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/controller-manager/app/server.go
View File

@@ -118,9 +118,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
} }
var ldapClient ldapclient.Interface var ldapClient ldapclient.Interface
if s.LdapOptions == nil || len(s.LdapOptions.Host) == 0 { // when there is no ldapOption, we set ldapClient as nil, which means we don't need to sync user info into ldap.
return fmt.Errorf("ldap service address MUST not be empty") if s.LdapOptions != nil && len(s.LdapOptions.Host) != 0 {
} else {
if s.LdapOptions.Host == ldapclient.FAKE_HOST { // for debug only if s.LdapOptions.Host == ldapclient.FAKE_HOST { // for debug only
ldapClient = ldapclient.NewSimpleLdap() ldapClient = ldapclient.NewSimpleLdap()
} else { } else {
@@ -129,6 +128,8 @@ func run(s *options.KubeSphereControllerManagerOptions, stopCh <-chan struct{})
return fmt.Errorf("failed to connect to ldap service, please check ldap status, error: %v", err) return fmt.Errorf("failed to connect to ldap service, please check ldap status, error: %v", err)
} }
} }
} else {
klog.Info("Kubesphere-controller-manager starts without ldap option, it will not sync user into ldap")
} }
var openpitrixClient openpitrix.Client var openpitrixClient openpitrix.Client

1
pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
View File

@@ -22,6 +22,7 @@ import (
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/klog" "k8s.io/klog"
iamv1alpha2listers "kubesphere.io/kubesphere/pkg/client/listers/iam/v1alpha2" iamv1alpha2listers "kubesphere.io/kubesphere/pkg/client/listers/iam/v1alpha2"
"kubesphere.io/kubesphere/pkg/models/iam/im" "kubesphere.io/kubesphere/pkg/models/iam/im"
) )

18
pkg/controller/user/user_controller.go
View File

@@ -287,9 +287,12 @@ func (c *Controller) reconcile(key string) error {
if sliceutil.HasString(user.ObjectMeta.Finalizers, finalizer) { if sliceutil.HasString(user.ObjectMeta.Finalizers, finalizer) {
klog.V(4).Infof("delete user %s", key) klog.V(4).Infof("delete user %s", key)
if err = c.ldapClient.Delete(key); err != nil && err != ldapclient.ErrUserNotExists { // we do not need to delete the user from ldapServer when ldapClient is nil
klog.Error(err) if c.ldapClient != nil {
return err if err = c.ldapClient.Delete(key); err != nil && err != ldapclient.ErrUserNotExists {
klog.Error(err)
return err
}
} }
if err = c.deleteRoleBindings(user); err != nil { if err = c.deleteRoleBindings(user); err != nil {
@@ -329,9 +332,12 @@ func (c *Controller) reconcile(key string) error {
return nil return nil
} }
if err = c.ldapSync(user); err != nil { // we do not need to sync ldap info when ldapClient is nil
klog.Error(err) if c.ldapClient != nil {
return err if err = c.ldapSync(user); err != nil {
klog.Error(err)
return err
}
} }
if user, err = c.ensurePasswordIsEncrypted(user); err != nil { if user, err = c.ensurePasswordIsEncrypted(user); err != nil {