feat: support listing cluster that user has the cluster`s rolebinding (#6259)

(cherry picked from commit c5e2800ab2)
2024-10-31 17:31:07 +08:00
parent 64e054bde2
commit 742c1e52db
2 changed files with 56 additions and 3 deletions
--- a/pkg/models/tenant/tenant.go
+++ b/pkg/models/tenant/tenant.go
@@ -9,6 +9,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strconv"
 	"strings"

 	"kubesphere.io/kubesphere/pkg/constants"
@@ -35,6 +36,7 @@ import (
 	"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizer"
 	"kubesphere.io/kubesphere/pkg/apiserver/query"
 	"kubesphere.io/kubesphere/pkg/apiserver/request"
+	clusterutils "kubesphere.io/kubesphere/pkg/controller/cluster/utils"
 	"kubesphere.io/kubesphere/pkg/models/iam/am"
 	"kubesphere.io/kubesphere/pkg/models/iam/im"
 	resources "kubesphere.io/kubesphere/pkg/models/resources/v1alpha3"
@@ -43,6 +45,10 @@ import (
 	jsonpatchutil "kubesphere.io/kubesphere/pkg/utils/josnpatchutil"
 )

+const (
+	queryRoleBindingExists = "roleBindingExists"
+)
+
 type Interface interface {
 	ListWorkspaces(user user.Info, queryParam *query.Query) (*api.ListResult, error)
 	GetWorkspace(workspace string) (*tenantv1beta1.Workspace, error)
@@ -549,6 +555,27 @@ func (t *tenantOperator) ListClusters(user user.Info, queryParam *query.Query) (
 		items = append(items, cluster)
 	}

+	clusterByRoleBinding := false
+	if v, ok := queryParam.Filters[queryRoleBindingExists]; ok && v != "" {
+		clusterByRoleBinding, err = strconv.ParseBool(string(v))
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if clusterByRoleBinding {
+		byRoleBinding, err := t.getClusterByRoleBinding(context.Background(), user)
+		if err != nil {
+			return nil, err
+		}
+		for _, cluster := range byRoleBinding {
+			// duplicate cluster will not append to results
+			if !grantedClusters.Has(cluster.Name) {
+				items = append(items, cluster)
+			}
+		}
+	}
+
 	// apply additional labelSelector
 	if queryParam.LabelSelector != "" {
 		queryParam.Filters[query.FieldLabel] = query.Value(queryParam.LabelSelector)
@@ -564,6 +591,35 @@ func (t *tenantOperator) ListClusters(user user.Info, queryParam *query.Query) (
 	return result, nil
 }

+func (t *tenantOperator) getClusterByRoleBinding(ctx context.Context, user user.Info) ([]*clusterv1alpha1.Cluster, error) {
+	result := []*clusterv1alpha1.Cluster{}
+	clusters, err := t.clusterClient.ListClusters(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, cluster := range clusters {
+		if !clusterutils.IsClusterReady(&cluster) {
+			continue
+		}
+		rtClient, err := t.clusterClient.GetRuntimeClient(cluster.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		rbList := &iamv1beta1.RoleBindingList{}
+		err = rtClient.List(ctx, rbList, runtimeclient.MatchingLabels{iamv1beta1.UserReferenceLabel: user.GetName()})
+		if err != nil {
+			return nil, err
+		}
+		if len(rbList.Items) != 0 {
+			result = append(result, &cluster)
+		}
+
+	}
+	return result, nil
+}
+
 func (t *tenantOperator) DeleteWorkspaceTemplate(workspaceName string, opts metav1.DeleteOptions) error {
 	workspace := &tenantv1beta1.WorkspaceTemplate{}
 	if err := t.client.Get(context.Background(), types.NamespacedName{Name: workspaceName}, workspace); err != nil {
--- a/pkg/utils/clusterclient/clusterclient.go
+++ b/pkg/utils/clusterclient/clusterclient.go
@@ -125,9 +125,6 @@ func (c *clusterClients) addCluster(obj interface{}) (*ClusterClient, error) {
 	if err != nil {
 		return nil, err
 	}
-	if err != nil {
-		return nil, err
-	}
 	client, err := runtimeclient.New(restConfig, runtimeclient.Options{
 		HTTPClient: httpClient,
 		Scheme:     scheme.Scheme,