Merge pull request #607 from wansir/token-management
feat: token management
This commit is contained in:
KubeSphere CI Bot
@@ -27,6 +27,7 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/mysql"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/redis"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
type ServerRunOptions struct {
|
||||
@@ -37,9 +38,10 @@ type ServerRunOptions struct {
|
||||
MySQLOptions *mysql.MySQLOptions
|
||||
AdminEmail string
|
||||
AdminPassword string
|
||||
TokenExpireTime string
|
||||
TokenIdleTimeout time.Duration
|
||||
JWTSecret string
|
||||
AuthRateLimit string
|
||||
EnableMultiLogin bool
|
||||
}
|
||||
|
||||
func NewServerRunOptions() *ServerRunOptions {
|
||||
@@ -60,9 +62,10 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
|
||||
s.GenericServerRunOptions.AddFlags(fs)
|
||||
fs.StringVar(&s.AdminEmail, "admin-email", "admin@kubesphere.io", "default administrator's email")
|
||||
fs.StringVar(&s.AdminPassword, "admin-password", "passw0rd", "default administrator's password")
|
||||
fs.StringVar(&s.TokenExpireTime, "token-expire-time", "2h", "token expire time,valid time units are \"ns\",\"us\",\"ms\",\"s\",\"m\",\"h\"")
|
||||
fs.DurationVar(&s.TokenIdleTimeout, "token-idle-timeout", 30*time.Minute, "tokens that are idle beyond that time will expire,0s means the token has no expiration time. valid time units are \"ns\",\"us\",\"ms\",\"s\",\"m\",\"h\"")
|
||||
fs.StringVar(&s.JWTSecret, "jwt-secret", "", "jwt secret")
|
||||
fs.StringVar(&s.AuthRateLimit, "auth-rate-limit", "5/30m", "specifies the maximum number of authentication attempts permitted and time interval,valid time units are \"s\",\"m\",\"h\"")
|
||||
fs.BoolVar(&s.EnableMultiLogin, "enable-multi-login", false, "allow one account to have multiple sessions")
|
||||
|
||||
s.KubernetesOptions.AddFlags(fss.FlagSet("kubernetes"))
|
||||
s.LdapOptions.AddFlags(fss.FlagSet("ldap"))
|
||||
|
||||
@@ -24,6 +24,7 @@ import (
|
||||
cliflag "k8s.io/component-base/cli/flag"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/cmd/ks-iam/app/options"
|
||||
"kubesphere.io/kubesphere/pkg/apis"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/runtime"
|
||||
"kubesphere.io/kubesphere/pkg/informers"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam"
|
||||
@@ -35,9 +36,6 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/utils/signals"
|
||||
"kubesphere.io/kubesphere/pkg/utils/term"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"kubesphere.io/kubesphere/pkg/apis"
|
||||
)
|
||||
|
||||
func NewAPIServerCommand() *cobra.Command {
|
||||
@@ -94,15 +92,10 @@ func Run(s *options.ServerRunOptions, stopChan <-chan struct{}) error {
|
||||
|
||||
client.NewClientSetFactory(csop, stopChan)
|
||||
|
||||
expireTime, err := time.ParseDuration(s.TokenExpireTime)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
waitForResourceSync(stopChan)
|
||||
|
||||
err = iam.Init(s.AdminEmail, s.AdminPassword, expireTime, s.AuthRateLimit)
|
||||
err := iam.Init(s.AdminEmail, s.AdminPassword, s.AuthRateLimit, s.TokenIdleTimeout, s.EnableMultiLogin)
|
||||
|
||||
jwtutil.Setup(s.JWTSecret)
|
||||
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user