change resourceGetter to devopsGetter
Signed-off-by: wanjunlei <wanjunlei@yunify.com>
This commit is contained in:
wanjunlei
@@ -18,7 +18,8 @@ import (
|
|||||||
"kubesphere.io/kubesphere/pkg/apiserver/request"
|
"kubesphere.io/kubesphere/pkg/apiserver/request"
|
||||||
"kubesphere.io/kubesphere/pkg/client/listers/auditing/v1alpha1"
|
"kubesphere.io/kubesphere/pkg/client/listers/auditing/v1alpha1"
|
||||||
"kubesphere.io/kubesphere/pkg/informers"
|
"kubesphere.io/kubesphere/pkg/informers"
|
||||||
resourcesv1alpha3 "kubesphere.io/kubesphere/pkg/models/resources/v1alpha3/resource"
|
"kubesphere.io/kubesphere/pkg/models/resources/v1alpha3"
|
||||||
|
"kubesphere.io/kubesphere/pkg/models/resources/v1alpha3/devops"
|
||||||
"kubesphere.io/kubesphere/pkg/utils/iputil"
|
"kubesphere.io/kubesphere/pkg/utils/iputil"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
@@ -41,18 +42,18 @@ type Auditing interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type auditing struct {
|
type auditing struct {
|
||||||
lister v1alpha1.WebhookLister
|
webhookLister v1alpha1.WebhookLister
|
||||||
resourceGetter *resourcesv1alpha3.ResourceGetter
|
devopsGetter v1alpha3.Interface
|
||||||
cache chan *auditv1alpha1.EventList
|
cache chan *auditv1alpha1.EventList
|
||||||
backend *Backend
|
backend *Backend
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewAuditing(informers informers.InformerFactory, url string, stopCh <-chan struct{}) Auditing {
|
func NewAuditing(informers informers.InformerFactory, url string, stopCh <-chan struct{}) Auditing {
|
||||||
|
|
||||||
a := &auditing{
|
a := &auditing{
|
||||||
lister: informers.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
webhookLister: informers.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
||||||
resourceGetter: resourcesv1alpha3.NewResourceGetter(informers),
|
devopsGetter: devops.New(informers.KubeSphereSharedInformerFactory()),
|
||||||
cache: make(chan *auditv1alpha1.EventList, DefaultCacheCapacity),
|
cache: make(chan *auditv1alpha1.EventList, DefaultCacheCapacity),
|
||||||
}
|
}
|
||||||
|
|
||||||
a.backend = NewBackend(url, ChannelCapacity, a.cache, SendTimeout, stopCh)
|
a.backend = NewBackend(url, ChannelCapacity, a.cache, SendTimeout, stopCh)
|
||||||
@@ -60,7 +61,7 @@ func NewAuditing(informers informers.InformerFactory, url string, stopCh <-chan
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (a *auditing) getAuditLevel() audit.Level {
|
func (a *auditing) getAuditLevel() audit.Level {
|
||||||
wh, err := a.lister.Get(DefaultWebhook)
|
wh, err := a.webhookLister.Get(DefaultWebhook)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.V(8).Info(err)
|
klog.V(8).Info(err)
|
||||||
return audit.LevelNone
|
return audit.LevelNone
|
||||||
@@ -79,7 +80,7 @@ func (a *auditing) Enabled() bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (a *auditing) K8sAuditingEnabled() bool {
|
func (a *auditing) K8sAuditingEnabled() bool {
|
||||||
wh, err := a.lister.Get(DefaultWebhook)
|
wh, err := a.webhookLister.Get(DefaultWebhook)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.V(8).Info(err)
|
klog.V(8).Info(err)
|
||||||
return false
|
return false
|
||||||
@@ -111,6 +112,7 @@ func (a *auditing) LogRequestObject(req *http.Request, info *request.RequestInfo
|
|||||||
}
|
}
|
||||||
|
|
||||||
e := &auditv1alpha1.Event{
|
e := &auditv1alpha1.Event{
|
||||||
|
Devops: info.DevOps,
|
||||||
Workspace: info.Workspace,
|
Workspace: info.Workspace,
|
||||||
Cluster: info.Cluster,
|
Cluster: info.Cluster,
|
||||||
Event: audit.Event{
|
Event: audit.Event{
|
||||||
@@ -136,34 +138,21 @@ func (a *auditing) LogRequestObject(req *http.Request, info *request.RequestInfo
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle the devops request which request url matched /devops/{devops}/kind.
|
// Get the workspace which the devops project be in.
|
||||||
if len(info.Parts) >= 3 && info.Parts[0] == "devops" {
|
if len(e.Devops) > 0 && len(e.Workspace) == 0 {
|
||||||
e.ObjectRef.Subresource = ""
|
res, err := a.devopsGetter.List("", query.New())
|
||||||
e.Devops = info.Parts[1]
|
if err != nil {
|
||||||
// set resource as kind
|
klog.Error(err)
|
||||||
e.ObjectRef.Resource = info.Parts[2]
|
|
||||||
|
|
||||||
// If the request url matched /devops/{devops}/kind/{kind}, set resource name as {kind}
|
|
||||||
if len(info.Parts) >= 4 {
|
|
||||||
e.ObjectRef.Name = info.Parts[3]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the workspace which the devops project be in.
|
for _, obj := range res.Items {
|
||||||
if len(e.Workspace) == 0 {
|
d := obj.(*devopsv1alpha3.DevOpsProject)
|
||||||
res, err := a.resourceGetter.List(devopsv1alpha3.ResourcePluralDevOpsProject, "", query.New())
|
|
||||||
if err != nil {
|
|
||||||
klog.Error(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, obj := range res.Items {
|
if d.Name == e.Devops {
|
||||||
d := obj.(*devopsv1alpha3.DevOpsProject)
|
e.Workspace = d.Labels["kubesphere.io/workspace"]
|
||||||
|
} else if d.Status.AdminNamespace == e.Devops {
|
||||||
if d.Name == e.Devops {
|
e.Workspace = d.Labels["kubesphere.io/workspace"]
|
||||||
e.Workspace = d.Labels["kubesphere.io/workspace"]
|
e.Devops = d.Name
|
||||||
} else if d.Status.AdminNamespace == e.Devops {
|
|
||||||
e.Workspace = d.Labels["kubesphere.io/workspace"]
|
|
||||||
e.Devops = d.Name
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ func TestGetAuditLevel(t *testing.T) {
|
|||||||
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
||||||
|
|
||||||
a := auditing{
|
a := auditing{
|
||||||
lister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
webhookLister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
||||||
}
|
}
|
||||||
|
|
||||||
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
||||||
@@ -72,7 +72,7 @@ func TestAuditing_Enabled(t *testing.T) {
|
|||||||
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
||||||
|
|
||||||
a := auditing{
|
a := auditing{
|
||||||
lister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
webhookLister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
||||||
}
|
}
|
||||||
|
|
||||||
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
||||||
@@ -102,7 +102,7 @@ func TestAuditing_K8sAuditingEnabled(t *testing.T) {
|
|||||||
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
||||||
|
|
||||||
a := auditing{
|
a := auditing{
|
||||||
lister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
webhookLister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
||||||
}
|
}
|
||||||
|
|
||||||
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
||||||
@@ -132,7 +132,7 @@ func TestAuditing_LogRequestObject(t *testing.T) {
|
|||||||
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
||||||
|
|
||||||
a := auditing{
|
a := auditing{
|
||||||
lister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
webhookLister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
||||||
}
|
}
|
||||||
|
|
||||||
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
||||||
@@ -222,7 +222,7 @@ func TestAuditing_LogResponseObject(t *testing.T) {
|
|||||||
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
fakeInformerFactory := informers.NewInformerFactories(k8sClient, ksClient, nil, nil, nil, nil)
|
||||||
|
|
||||||
a := auditing{
|
a := auditing{
|
||||||
lister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
webhookLister: fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Lister(),
|
||||||
}
|
}
|
||||||
|
|
||||||
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
err := fakeInformerFactory.KubeSphereSharedInformerFactory().Auditing().V1alpha1().Webhooks().Informer().GetIndexer().Add(webhook)
|
||||||
|
|||||||
Reference in New Issue
Block a user