Refactor workspace API and introduced tenant v1alpha3 version

2022-03-08 17:50:53 +08:00
parent f018a23023
commit 6a3e1ac099
9 changed files with 316 additions and 50 deletions
--- a/pkg/models/tenant/tenant.go
+++ b/pkg/models/tenant/tenant.go
@@ -24,8 +24,6 @@ import (
 	"strings"
 	"time"

-	"kubesphere.io/kubesphere/pkg/models/openpitrix"
-
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -58,6 +56,7 @@ import (
 	"kubesphere.io/kubesphere/pkg/models/logging"
 	"kubesphere.io/kubesphere/pkg/models/metering"
 	"kubesphere.io/kubesphere/pkg/models/monitoring"
+	"kubesphere.io/kubesphere/pkg/models/openpitrix"
 	resources "kubesphere.io/kubesphere/pkg/models/resources/v1alpha3"
 	resourcesv1alpha3 "kubesphere.io/kubesphere/pkg/models/resources/v1alpha3/resource"
 	resourcev1alpha3 "kubesphere.io/kubesphere/pkg/models/resources/v1alpha3/resource"
@@ -72,15 +71,17 @@ import (
 const orphanFinalizer = "orphan.finalizers.kubesphere.io"

 type Interface interface {
-	ListWorkspaces(user user.Info, query *query.Query) (*api.ListResult, error)
+	ListWorkspaces(user user.Info, queryParam *query.Query) (*api.ListResult, error)
+	ListWorkspaceTemplates(user user.Info, query *query.Query) (*api.ListResult, error)
+	CreateWorkspaceTemplate(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
+	DeleteWorkspaceTemplate(workspace string, opts metav1.DeleteOptions) error
+	UpdateWorkspaceTemplate(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
+	PatchWorkspaceTemplate(workspace string, data json.RawMessage) (*tenantv1alpha2.WorkspaceTemplate, error)
+	DescribeWorkspaceTemplate(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error)
 	ListNamespaces(user user.Info, workspace string, query *query.Query) (*api.ListResult, error)
 	ListDevOpsProjects(user user.Info, workspace string, query *query.Query) (*api.ListResult, error)
 	ListFederatedNamespaces(info user.Info, workspace string, param *query.Query) (*api.ListResult, error)
 	CreateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error)
-	CreateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
-	DeleteWorkspace(workspace string, opts metav1.DeleteOptions) error
-	UpdateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
-	DescribeWorkspace(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error)
 	ListWorkspaceClusters(workspace string) (*api.ListResult, error)
 	Events(user user.Info, queryParam *eventsv1alpha1.Query) (*eventsv1alpha1.APIResponse, error)
 	QueryLogs(user user.Info, query *loggingv1alpha2.Query) (*loggingv1alpha2.APIResponse, error)
@@ -90,7 +91,6 @@ type Interface interface {
 	DeleteNamespace(workspace, namespace string) error
 	UpdateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error)
 	PatchNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error)
-	PatchWorkspace(workspace string, data json.RawMessage) (*tenantv1alpha2.WorkspaceTemplate, error)
 	ListClusters(info user.Info) (*api.ListResult, error)
 	Metering(user user.Info, queryParam *meteringv1alpha1.Query, priceInfo meteringclient.PriceInfo) (monitoring.Metrics, error)
 	MeteringHierarchy(user user.Info, queryParam *meteringv1alpha1.Query, priceInfo meteringclient.PriceInfo) (metering.ResourceStatistic, error)
@@ -134,6 +134,69 @@ func New(informers informers.InformerFactory, k8sclient kubernetes.Interface, ks
 }

 func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query) (*api.ListResult, error) {
+	listWS := authorizer.AttributesRecord{
+		User:            user,
+		Verb:            "list",
+		APIGroup:        "*",
+		Resource:        "workspaces",
+		ResourceRequest: true,
+		ResourceScope:   request.GlobalScope,
+	}
+
+	decision, _, err := t.authorizer.Authorize(listWS)
+	if err != nil {
+		klog.Error(err)
+		return nil, err
+	}
+
+	// allowed to list all workspaces
+	if decision == authorizer.DecisionAllow {
+		result, err := t.resourceGetter.List(tenantv1alpha1.ResourcePluralWorkspace, "", queryParam)
+		if err != nil {
+			klog.Error(err)
+			return nil, err
+		}
+		return result, nil
+	}
+
+	// retrieving associated resources through role binding
+	workspaceRoleBindings, err := t.am.ListWorkspaceRoleBindings(user.GetName(), user.GetGroups(), "")
+	if err != nil {
+		klog.Error(err)
+		return nil, err
+	}
+
+	workspaces := make([]runtime.Object, 0)
+	for _, roleBinding := range workspaceRoleBindings {
+		workspaceName := roleBinding.Labels[tenantv1alpha1.WorkspaceLabel]
+		obj, err := t.resourceGetter.Get(tenantv1alpha1.ResourcePluralWorkspace, "", workspaceName)
+		if errors.IsNotFound(err) {
+			klog.Warningf("workspace role binding: %+v found but workspace not exist", roleBinding.Name)
+			continue
+		}
+		if err != nil {
+			klog.Error(err)
+			return nil, err
+		}
+		workspace := obj.(*tenantv1alpha1.Workspace)
+		// label matching selector, remove duplicate entity
+		if queryParam.Selector().Matches(labels.Set(workspace.Labels)) &&
+			!contains(workspaces, workspace) {
+			workspaces = append(workspaces, workspace)
+		}
+	}
+
+	// use default pagination search logic
+	result := resources.DefaultList(workspaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
+		return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha1.Workspace).ObjectMeta, right.(*tenantv1alpha1.Workspace).ObjectMeta, field)
+	}, func(workspace runtime.Object, filter query.Filter) bool {
+		return resources.DefaultObjectMetaFilter(workspace.(*tenantv1alpha1.Workspace).ObjectMeta, filter)
+	})
+
+	return result, nil
+}
+
+func (t *tenantOperator) ListWorkspaceTemplates(user user.Info, queryParam *query.Query) (*api.ListResult, error) {

 	listWS := authorizer.AttributesRecord{
 		User:            user,
@@ -396,19 +459,19 @@ func (t *tenantOperator) PatchNamespace(workspace string, namespace *corev1.Name
 	return t.k8sclient.CoreV1().Namespaces().Patch(context.Background(), namespace.Name, types.MergePatchType, data, metav1.PatchOptions{})
 }

-func (t *tenantOperator) PatchWorkspace(workspace string, data json.RawMessage) (*tenantv1alpha2.WorkspaceTemplate, error) {
+func (t *tenantOperator) PatchWorkspaceTemplate(workspace string, data json.RawMessage) (*tenantv1alpha2.WorkspaceTemplate, error) {
 	return t.ksclient.TenantV1alpha2().WorkspaceTemplates().Patch(context.Background(), workspace, types.MergePatchType, data, metav1.PatchOptions{})
 }

-func (t *tenantOperator) CreateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {
+func (t *tenantOperator) CreateWorkspaceTemplate(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {
 	return t.ksclient.TenantV1alpha2().WorkspaceTemplates().Create(context.Background(), workspace, metav1.CreateOptions{})
 }

-func (t *tenantOperator) UpdateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {
+func (t *tenantOperator) UpdateWorkspaceTemplate(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {
 	return t.ksclient.TenantV1alpha2().WorkspaceTemplates().Update(context.Background(), workspace, metav1.UpdateOptions{})
 }

-func (t *tenantOperator) DescribeWorkspace(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error) {
+func (t *tenantOperator) DescribeWorkspaceTemplate(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error) {
 	obj, err := t.resourceGetter.Get(tenantv1alpha2.ResourcePluralWorkspaceTemplate, "", workspace)
 	if err != nil {
 		klog.Error(err)
@@ -416,8 +479,9 @@ func (t *tenantOperator) DescribeWorkspace(workspace string) (*tenantv1alpha2.Wo
 	}
 	return obj.(*tenantv1alpha2.WorkspaceTemplate), nil
 }
+
 func (t *tenantOperator) ListWorkspaceClusters(workspaceName string) (*api.ListResult, error) {
-	workspace, err := t.DescribeWorkspace(workspaceName)
+	workspace, err := t.DescribeWorkspaceTemplate(workspaceName)
 	if err != nil {
 		klog.Error(err)
 		return nil, err
@@ -457,6 +521,7 @@ func (t *tenantOperator) ListWorkspaceClusters(workspaceName string) (*api.ListR
 	// In this case, you can either set spec: {} as above or remove spec field from your placement policy. The resource will not be propagated to member clusters.
 	return &api.ListResult{Items: []interface{}{}, TotalItems: 0}, nil
 }
+
 func (t *tenantOperator) ListClusters(user user.Info) (*api.ListResult, error) {

 	listClustersInGlobalScope := authorizer.AttributesRecord{
@@ -510,7 +575,7 @@ func (t *tenantOperator) ListClusters(user user.Info) (*api.ListResult, error) {

 	for _, roleBinding := range workspaceRoleBindings {
 		workspaceName := roleBinding.Labels[tenantv1alpha1.WorkspaceLabel]
-		workspace, err := t.DescribeWorkspace(workspaceName)
+		workspace, err := t.DescribeWorkspaceTemplate(workspaceName)
 		if err != nil {
 			klog.Error(err)
 			return nil, err
@@ -542,10 +607,10 @@ func (t *tenantOperator) ListClusters(user user.Info) (*api.ListResult, error) {
 	return &api.ListResult{Items: items, TotalItems: len(items)}, nil
 }

-func (t *tenantOperator) DeleteWorkspace(workspace string, opts metav1.DeleteOptions) error {
+func (t *tenantOperator) DeleteWorkspaceTemplate(workspace string, opts metav1.DeleteOptions) error {

 	if opts.PropagationPolicy != nil && *opts.PropagationPolicy == metav1.DeletePropagationOrphan {
-		wsp, err := t.DescribeWorkspace(workspace)
+		wsp, err := t.DescribeWorkspaceTemplate(workspace)
 		if err != nil {
 			klog.Error(err)
 			return err