fix: get application details failed (#481)

Signed-off-by: hongming <talonwan@yunify.com>
2019-06-20 16:23:24 +08:00
parent ed0b211c2b
commit 72875c7885
9 changed files with 94 additions and 13 deletions
--- a/pkg/models/applications/applications.go
+++ b/pkg/models/applications/applications.go
@@ -148,6 +148,11 @@ func getWorkLoads(namespace string, clusterRoles []openpitrix.ClusterRole) (*wor
 				item, err := informers.SharedInformerFactory().Apps().V1().Deployments().Lister().Deployments(namespace).Get(name)

 				if err != nil {
+					// app not ready
+					if errors.IsNotFound(err) {
+						continue
+					}
+					glog.Error(err)
 					return nil, err
 				}

@@ -159,6 +164,11 @@ func getWorkLoads(namespace string, clusterRoles []openpitrix.ClusterRole) (*wor
 				name := strings.Split(workLoadName, openpitrix.DaemonSuffix)[0]
 				item, err := informers.SharedInformerFactory().Apps().V1().DaemonSets().Lister().DaemonSets(namespace).Get(name)
 				if err != nil {
+					// app not ready
+					if errors.IsNotFound(err) {
+						continue
+					}
+					glog.Error(err)
 					return nil, err
 				}
 				works.Daemonsets = append(works.Daemonsets, *item)
@@ -169,6 +179,11 @@ func getWorkLoads(namespace string, clusterRoles []openpitrix.ClusterRole) (*wor
 				name := strings.Split(workLoadName, openpitrix.StateSuffix)[0]
 				item, err := informers.SharedInformerFactory().Apps().V1().StatefulSets().Lister().StatefulSets(namespace).Get(name)
 				if err != nil {
+					// app not ready
+					if errors.IsNotFound(err) {
+						continue
+					}
+					glog.Error(err)
 					return nil, err
 				}
 				works.Statefulsets = append(works.Statefulsets, *item)
--- a/pkg/models/iam/im.go
+++ b/pkg/models/iam/im.go
@@ -56,10 +56,12 @@ import (
 )

 var (
-	adminEmail      string
-	adminPassword   string
-	tokenExpireTime time.Duration
-	initUsers       []initUser
+	adminEmail       string
+	adminPassword    string
+	tokenExpireTime  time.Duration
+	maxAuthFailed    int
+	authTimeInterval time.Duration
+	initUsers        []initUser
 )

 type initUser struct {
@@ -68,14 +70,17 @@ type initUser struct {
 }

 const (
-	userInitFile = "/etc/ks-iam/users.json"
+	userInitFile            = "/etc/ks-iam/users.json"
+	authRateLimitRegex      = `(\d+)/(\d+[s|m|h])`
+	defaultMaxAuthFailed    = 5
+	defaultAuthTimeInterval = 30 * time.Minute
 )

-func Init(email, password string, t time.Duration) error {
+func Init(email, password string, expireTime time.Duration, authRateLimit string) error {
 	adminEmail = email
 	adminPassword = password
-	tokenExpireTime = t
-
+	tokenExpireTime = expireTime
+	maxAuthFailed, authTimeInterval = parseAuthRateLimit(authRateLimit)
 	conn, err := ldapclient.Client()

 	if err != nil {
@@ -101,6 +106,23 @@ func Init(email, password string, t time.Duration) error {
 	return nil
 }

+func parseAuthRateLimit(authRateLimit string) (int, time.Duration) {
+	regex := regexp.MustCompile(authRateLimitRegex)
+	groups := regex.FindStringSubmatch(authRateLimit)
+
+	maxCount := defaultMaxAuthFailed
+	timeInterval := defaultAuthTimeInterval
+
+	if len(groups) == 3 {
+		maxCount, _ = strconv.Atoi(groups[1])
+		timeInterval, _ = time.ParseDuration(groups[2])
+	} else {
+		glog.Warning("invalid auth rate limit", authRateLimit)
+	}
+
+	return maxCount, timeInterval
+}
+
 func checkAndCreateDefaultGroup(conn ldap.Client) error {

 	groupSearchRequest := ldap.NewSearchRequest(
@@ -203,9 +225,23 @@ func createGroupsBaseDN(conn ldap.Client) error {
 // User login
 func Login(username string, password string, ip string) (*models.Token, error) {

+	redisClient := redis.Client()
+
+	records, err := redisClient.Keys(fmt.Sprintf("kubesphere:authfailed:%s:*", username)).Result()
+
+	if err != nil {
+		glog.Error(err)
+		return nil, err
+	}
+
+	if len(records) >= maxAuthFailed {
+		return nil, restful.NewError(http.StatusTooManyRequests, "auth rate limit exceeded")
+	}
+
 	conn, err := ldapclient.Client()

 	if err != nil {
+		glog.Error(err)
 		return nil, err
 	}

@@ -237,7 +273,13 @@ func Login(username string, password string, ip string) (*models.Token, error) {
 	err = conn.Bind(dn, password)

 	if err != nil {
-		glog.Errorln("auth error", username, err)
+		glog.Infoln("auth failed", username, err)
+
+		if ldap.IsErrorWithCode(err, ldap.LDAPResultInvalidCredentials) {
+			loginFailedRecord := fmt.Sprintf("kubesphere:authfailed:%s:%d", username, time.Now().UnixNano())
+			redisClient.Set(loginFailedRecord, "", authTimeInterval)
+		}
+
 		return nil, err
 	}

@@ -876,6 +918,17 @@ func UpdateUser(user *models.User) (*models.User, error) {
 		return nil, err
 	}

+	// clear auth failed record
+	if user.Password != "" {
+		redisClient := redis.Client()
+
+		records, err := redisClient.Keys(fmt.Sprintf("kubesphere:authfailed:%s:*", user.Username)).Result()
+
+		if err == nil {
+			redisClient.Del(records...)
+		}
+	}
+
 	return GetUserInfo(user.Username)
 }
 func DeleteGroup(path string) error {
--- a/pkg/models/resources/nodes.go
+++ b/pkg/models/resources/nodes.go
@@ -18,6 +18,7 @@
 package resources

 import (
+	"fmt"
 	"kubesphere.io/kubesphere/pkg/constants"
 	"kubesphere.io/kubesphere/pkg/informers"
 	"kubesphere.io/kubesphere/pkg/params"
@@ -45,6 +46,11 @@ func (*nodeSearcher) match(match map[string]string, item *v1.Node) bool {
 			if !sliceutil.HasString(names, item.Name) {
 				return false
 			}
+		case Role:
+			labelKey := fmt.Sprintf("node-role.kubernetes.io/%s", v)
+			if _, ok := item.Labels[labelKey]; !ok {
+				return false
+			}
 		case Keyword:
 			if !strings.Contains(item.Name, v) && !searchFuzzy(item.Labels, "", v) && !searchFuzzy(item.Annotations, "", v) {
 				return false
--- a/pkg/models/resources/resources.go
+++ b/pkg/models/resources/resources.go
@@ -61,6 +61,7 @@ const (
 	Label                  = "label"
 	OwnerKind              = "ownerKind"
 	OwnerName              = "ownerName"
+	Role                   = "role"
 	CreateTime             = "createTime"
 	UpdateTime             = "updateTime"
 	LastScheduleTime       = "lastScheduleTime"