From 95f6d75c1919e57c2e63de85013fe60df92b1a04 Mon Sep 17 00:00:00 2001 From: zryfish Date: Wed, 1 Apr 2020 15:23:29 +0800 Subject: [PATCH 1/3] fix proxy host bug (#1977) --- pkg/apiserver/dispatch/dispatch.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/apiserver/dispatch/dispatch.go b/pkg/apiserver/dispatch/dispatch.go index da9628b38..42385c55c 100644 --- a/pkg/apiserver/dispatch/dispatch.go +++ b/pkg/apiserver/dispatch/dispatch.go @@ -54,7 +54,7 @@ func (c *clusterDispatch) Dispatch(w http.ResponseWriter, req *http.Request, han } u := *req.URL - u.Host = agent.Spec.Proxy + u.Host = fmt.Sprintf("%s:%d", agent.Spec.Proxy, agent.Spec.KubeSphereAPIServerPort) u.Path = strings.Replace(u.Path, fmt.Sprintf("/clusters/%s", info.Cluster), "", 1) httpProxy := proxy.NewUpgradeAwareHandler(&u, http.DefaultTransport, true, false, c) From c8dc3a4044dbfc3d799e558337d38c4fe9262cc7 Mon Sep 17 00:00:00 2001 From: zryfish Date: Wed, 1 Apr 2020 15:50:57 +0800 Subject: [PATCH 2/3] fix requestinfo bug (#1980) --- Makefile | 2 +- pkg/api/types.go | 3 + .../devops/v1alpha1/zz_generated.deepcopy.go | 37 +-------- .../network/v1alpha1/zz_generated.deepcopy.go | 22 +----- .../v1alpha2/zz_generated.deepcopy.go | 16 +--- .../tenant/v1alpha1/zz_generated.deepcopy.go | 6 +- .../tower/v1alpha1/zz_generated.deepcopy.go | 6 ++ pkg/apiserver/request/requestinfo.go | 33 +++++--- pkg/apiserver/request/requestinfo_test.go | 78 +++++++++++-------- 9 files changed, 88 insertions(+), 115 deletions(-) diff --git a/Makefile b/Makefile index 685d5f9c8..16cfa112d 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ vet: generate # Generate manifests e.g. CRD, RBAC etc. manifests: - go run ./vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go all + go run ./vendor/sigs.k8s.io/controller-tools/cmd/controller-gen/main.go object:headerFile=./hack/boilerplate.go.txt paths=./pkg/apis/... deploy: manifests kubectl apply -f config/crds diff --git a/pkg/api/types.go b/pkg/api/types.go index b9c9024fe..8b1266f32 100644 --- a/pkg/api/types.go +++ b/pkg/api/types.go @@ -155,4 +155,7 @@ const ( ResourceKindeS2iRun = "s2iruns" ResourceKindS2iBuilder = "s2ibuilders" ResourceKindApplication = "applications" + + WorkspaceNone = "" + ClusterNone = "" ) diff --git a/pkg/apis/devops/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/devops/v1alpha1/zz_generated.deepcopy.go index d0bb2e679..c1c383403 100644 --- a/pkg/apis/devops/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/devops/v1alpha1/zz_generated.deepcopy.go @@ -16,12 +16,12 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Code generated by deepcopy-gen. DO NOT EDIT. +// Code generated by controller-gen. DO NOT EDIT. package v1alpha1 import ( - v1 "k8s.io/api/core/v1" + "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -33,7 +33,6 @@ func (in *AuthConfig) DeepCopyInto(out *AuthConfig) { *out = new(v1.LocalObjectReference) **out = **in } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig. @@ -49,7 +48,6 @@ func (in *AuthConfig) DeepCopy() *AuthConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CGroupLimits) DeepCopyInto(out *CGroupLimits) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CGroupLimits. @@ -77,7 +75,6 @@ func (in *ContainerConfig) DeepCopyInto(out *ContainerConfig) { *out = make([]string, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerConfig. @@ -103,7 +100,6 @@ func (in *ContainerInfo) DeepCopyInto(out *ContainerInfo) { *out = make([]string, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerInfo. @@ -119,7 +115,6 @@ func (in *ContainerInfo) DeepCopy() *ContainerInfo { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerConfig) DeepCopyInto(out *DockerConfig) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DockerConfig. @@ -135,7 +130,6 @@ func (in *DockerConfig) DeepCopy() *DockerConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerConfigEntry) DeepCopyInto(out *DockerConfigEntry) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DockerConfigEntry. @@ -158,7 +152,6 @@ func (in *DockerConfigJson) DeepCopyInto(out *DockerConfigJson) { (*out)[key] = val } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DockerConfigJson. @@ -179,7 +172,6 @@ func (in DockerConfigMap) DeepCopyInto(out *DockerConfigMap) { for key, val := range *in { (*out)[key] = val } - return } } @@ -196,7 +188,6 @@ func (in DockerConfigMap) DeepCopy() DockerConfigMap { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EnvironmentSpec) DeepCopyInto(out *EnvironmentSpec) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvironmentSpec. @@ -217,7 +208,6 @@ func (in *Parameter) DeepCopyInto(out *Parameter) { *out = make([]string, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Parameter. @@ -233,7 +223,6 @@ func (in *Parameter) DeepCopy() *Parameter { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProxyConfig) DeepCopyInto(out *ProxyConfig) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfig. @@ -259,7 +248,6 @@ func (in *S2iAutoScale) DeepCopyInto(out *S2iAutoScale) { *out = make([]string, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iAutoScale. @@ -279,7 +267,6 @@ func (in *S2iBinary) DeepCopyInto(out *S2iBinary) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBinary. @@ -312,7 +299,6 @@ func (in *S2iBinaryList) DeepCopyInto(out *S2iBinaryList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBinaryList. @@ -340,7 +326,6 @@ func (in *S2iBinarySpec) DeepCopyInto(out *S2iBinarySpec) { in, out := &in.UploadTimeStamp, &out.UploadTimeStamp *out = (*in).DeepCopy() } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBinarySpec. @@ -356,7 +341,6 @@ func (in *S2iBinarySpec) DeepCopy() *S2iBinarySpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *S2iBinaryStatus) DeepCopyInto(out *S2iBinaryStatus) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBinaryStatus. @@ -377,7 +361,6 @@ func (in *S2iBuildResult) DeepCopyInto(out *S2iBuildResult) { *out = make([]string, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuildResult. @@ -393,7 +376,6 @@ func (in *S2iBuildResult) DeepCopy() *S2iBuildResult { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *S2iBuildSource) DeepCopyInto(out *S2iBuildSource) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuildSource. @@ -413,7 +395,6 @@ func (in *S2iBuilder) DeepCopyInto(out *S2iBuilder) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilder. @@ -446,7 +427,6 @@ func (in *S2iBuilderList) DeepCopyInto(out *S2iBuilderList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilderList. @@ -480,7 +460,6 @@ func (in *S2iBuilderSpec) DeepCopyInto(out *S2iBuilderSpec) { *out = new(UserDefineTemplate) (*in).DeepCopyInto(*out) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilderSpec. @@ -505,7 +484,6 @@ func (in *S2iBuilderStatus) DeepCopyInto(out *S2iBuilderStatus) { in, out := &in.LastRunStartTime, &out.LastRunStartTime *out = (*in).DeepCopy() } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilderStatus. @@ -525,7 +503,6 @@ func (in *S2iBuilderTemplate) DeepCopyInto(out *S2iBuilderTemplate) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilderTemplate. @@ -558,7 +535,6 @@ func (in *S2iBuilderTemplateList) DeepCopyInto(out *S2iBuilderTemplateList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilderTemplateList. @@ -596,7 +572,6 @@ func (in *S2iBuilderTemplateSpec) DeepCopyInto(out *S2iBuilderTemplateSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilderTemplateSpec. @@ -612,7 +587,6 @@ func (in *S2iBuilderTemplateSpec) DeepCopy() *S2iBuilderTemplateSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *S2iBuilderTemplateStatus) DeepCopyInto(out *S2iBuilderTemplateStatus) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iBuilderTemplateStatus. @@ -715,7 +689,6 @@ func (in *S2iConfig) DeepCopyInto(out *S2iConfig) { *out = make([]string, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iConfig. @@ -735,7 +708,6 @@ func (in *S2iRun) DeepCopyInto(out *S2iRun) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) out.Spec = in.Spec in.Status.DeepCopyInto(&out.Status) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iRun. @@ -768,7 +740,6 @@ func (in *S2iRunList) DeepCopyInto(out *S2iRunList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iRunList. @@ -792,7 +763,6 @@ func (in *S2iRunList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *S2iRunSpec) DeepCopyInto(out *S2iRunSpec) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iRunSpec. @@ -826,7 +796,6 @@ func (in *S2iRunStatus) DeepCopyInto(out *S2iRunStatus) { *out = new(S2iBuildSource) **out = **in } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S2iRunStatus. @@ -849,7 +818,6 @@ func (in *UserDefineTemplate) DeepCopyInto(out *UserDefineTemplate) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserDefineTemplate. @@ -865,7 +833,6 @@ func (in *UserDefineTemplate) DeepCopy() *UserDefineTemplate { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VolumeSpec) DeepCopyInto(out *VolumeSpec) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeSpec. diff --git a/pkg/apis/network/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/network/v1alpha1/zz_generated.deepcopy.go index ae35ee8ab..71e01062f 100644 --- a/pkg/apis/network/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/network/v1alpha1/zz_generated.deepcopy.go @@ -16,16 +16,16 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Code generated by deepcopy-gen. DO NOT EDIT. +// Code generated by controller-gen. DO NOT EDIT. package v1alpha1 import ( - v1 "k8s.io/api/core/v1" + "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" - numorstring "kubesphere.io/kubesphere/pkg/apis/network/v1alpha1/numorstring" + "kubesphere.io/kubesphere/pkg/apis/network/v1alpha1/numorstring" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -56,7 +56,6 @@ func (in *EntityRule) DeepCopyInto(out *EntityRule) { *out = new(ServiceAccountMatch) (*in).DeepCopyInto(*out) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntityRule. @@ -82,7 +81,6 @@ func (in *HTTPMatch) DeepCopyInto(out *HTTPMatch) { *out = make([]HTTPPath, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatch. @@ -98,7 +96,6 @@ func (in *HTTPMatch) DeepCopy() *HTTPMatch { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HTTPPath) DeepCopyInto(out *HTTPPath) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPath. @@ -124,7 +121,6 @@ func (in *ICMPFields) DeepCopyInto(out *ICMPFields) { *out = new(int) **out = **in } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ICMPFields. @@ -143,7 +139,6 @@ func (in *NamespaceNetworkPolicy) DeepCopyInto(out *NamespaceNetworkPolicy) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceNetworkPolicy. @@ -176,7 +171,6 @@ func (in *NamespaceNetworkPolicyList) DeepCopyInto(out *NamespaceNetworkPolicyLi (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceNetworkPolicyList. @@ -224,7 +218,6 @@ func (in *NamespaceNetworkPolicySpec) DeepCopyInto(out *NamespaceNetworkPolicySp *out = make([]PolicyType, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceNetworkPolicySpec. @@ -272,7 +265,6 @@ func (in *Rule) DeepCopyInto(out *Rule) { *out = new(HTTPMatch) (*in).DeepCopyInto(*out) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule. @@ -293,7 +285,6 @@ func (in *ServiceAccountMatch) DeepCopyInto(out *ServiceAccountMatch) { *out = make([]string, len(*in)) copy(*out, *in) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountMatch. @@ -313,7 +304,6 @@ func (in *WorkspaceNetworkPolicy) DeepCopyInto(out *WorkspaceNetworkPolicy) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicy. @@ -351,7 +341,6 @@ func (in *WorkspaceNetworkPolicyEgressRule) DeepCopyInto(out *WorkspaceNetworkPo (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyEgressRule. @@ -381,7 +370,6 @@ func (in *WorkspaceNetworkPolicyIngressRule) DeepCopyInto(out *WorkspaceNetworkP (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyIngressRule. @@ -406,7 +394,6 @@ func (in *WorkspaceNetworkPolicyList) DeepCopyInto(out *WorkspaceNetworkPolicyLi (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyList. @@ -436,7 +423,6 @@ func (in *WorkspaceNetworkPolicyPeer) DeepCopyInto(out *WorkspaceNetworkPolicyPe *out = new(metav1.LabelSelector) (*in).DeepCopyInto(*out) } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyPeer. @@ -471,7 +457,6 @@ func (in *WorkspaceNetworkPolicySpec) DeepCopyInto(out *WorkspaceNetworkPolicySp (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicySpec. @@ -487,7 +472,6 @@ func (in *WorkspaceNetworkPolicySpec) DeepCopy() *WorkspaceNetworkPolicySpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkspaceNetworkPolicyStatus) DeepCopyInto(out *WorkspaceNetworkPolicyStatus) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceNetworkPolicyStatus. diff --git a/pkg/apis/servicemesh/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/servicemesh/v1alpha2/zz_generated.deepcopy.go index 23e36c5f8..c5a810aa5 100644 --- a/pkg/apis/servicemesh/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/servicemesh/v1alpha2/zz_generated.deepcopy.go @@ -16,12 +16,12 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Code generated by deepcopy-gen. DO NOT EDIT. +// Code generated by controller-gen. DO NOT EDIT. package v1alpha2 import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -30,7 +30,6 @@ func (in *DestinationRuleSpecTemplate) DeepCopyInto(out *DestinationRuleSpecTemp *out = *in in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleSpecTemplate. @@ -50,7 +49,6 @@ func (in *ServicePolicy) DeepCopyInto(out *ServicePolicy) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicy. @@ -76,7 +74,6 @@ func (in *ServicePolicyCondition) DeepCopyInto(out *ServicePolicyCondition) { *out = *in in.LastProbeTime.DeepCopyInto(&out.LastProbeTime) in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicyCondition. @@ -101,7 +98,6 @@ func (in *ServicePolicyList) DeepCopyInto(out *ServicePolicyList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicyList. @@ -131,7 +127,6 @@ func (in *ServicePolicySpec) DeepCopyInto(out *ServicePolicySpec) { (*in).DeepCopyInto(*out) } in.Template.DeepCopyInto(&out.Template) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicySpec. @@ -162,7 +157,6 @@ func (in *ServicePolicyStatus) DeepCopyInto(out *ServicePolicyStatus) { in, out := &in.CompletionTime, &out.CompletionTime *out = (*in).DeepCopy() } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePolicyStatus. @@ -182,7 +176,6 @@ func (in *Strategy) DeepCopyInto(out *Strategy) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Strategy. @@ -208,7 +201,6 @@ func (in *StrategyCondition) DeepCopyInto(out *StrategyCondition) { *out = *in in.LastProbeTime.DeepCopyInto(&out.LastProbeTime) in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategyCondition. @@ -233,7 +225,6 @@ func (in *StrategyList) DeepCopyInto(out *StrategyList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategyList. @@ -263,7 +254,6 @@ func (in *StrategySpec) DeepCopyInto(out *StrategySpec) { (*in).DeepCopyInto(*out) } in.Template.DeepCopyInto(&out.Template) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategySpec. @@ -294,7 +284,6 @@ func (in *StrategyStatus) DeepCopyInto(out *StrategyStatus) { in, out := &in.CompletionTime, &out.CompletionTime *out = (*in).DeepCopy() } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StrategyStatus. @@ -312,7 +301,6 @@ func (in *VirtualServiceTemplateSpec) DeepCopyInto(out *VirtualServiceTemplateSp *out = *in in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualServiceTemplateSpec. diff --git a/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go index b50a8d568..a9319670d 100644 --- a/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go @@ -16,7 +16,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Code generated by deepcopy-gen. DO NOT EDIT. +// Code generated by controller-gen. DO NOT EDIT. package v1alpha1 @@ -31,7 +31,6 @@ func (in *Workspace) DeepCopyInto(out *Workspace) { in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) out.Spec = in.Spec out.Status = in.Status - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Workspace. @@ -64,7 +63,6 @@ func (in *WorkspaceList) DeepCopyInto(out *WorkspaceList) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceList. @@ -88,7 +86,6 @@ func (in *WorkspaceList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkspaceSpec) DeepCopyInto(out *WorkspaceSpec) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceSpec. @@ -104,7 +101,6 @@ func (in *WorkspaceSpec) DeepCopy() *WorkspaceSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkspaceStatus) DeepCopyInto(out *WorkspaceStatus) { *out = *in - return } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceStatus. diff --git a/pkg/apis/tower/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/tower/v1alpha1/zz_generated.deepcopy.go index 2cfab57f9..87a6e5cd3 100644 --- a/pkg/apis/tower/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/tower/v1alpha1/zz_generated.deepcopy.go @@ -1,6 +1,7 @@ // +build !ignore_autogenerated /* +Copyright 2019 The KubeSphere authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -124,6 +125,11 @@ func (in *AgentStatus) DeepCopyInto(out *AgentStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.KubeConfig != nil { + in, out := &in.KubeConfig, &out.KubeConfig + *out = make([]byte, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentStatus. diff --git a/pkg/apiserver/request/requestinfo.go b/pkg/apiserver/request/requestinfo.go index 7a39a9786..1645be19a 100644 --- a/pkg/apiserver/request/requestinfo.go +++ b/pkg/apiserver/request/requestinfo.go @@ -8,6 +8,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/api" "net/http" "strings" @@ -88,6 +89,8 @@ func (r *RequestInfoFactory) NewRequestInfo(req *http.Request) (*RequestInfo, er Path: req.URL.Path, Verb: req.Method, }, + Workspace: api.WorkspaceNone, + Cluster: api.ClusterNone, } defer func() { @@ -123,16 +126,6 @@ func (r *RequestInfoFactory) NewRequestInfo(req *http.Request) (*RequestInfo, er requestInfo.APIVersion = currentParts[0] currentParts = currentParts[1:] - if currentParts[0] == "clusters" { - requestInfo.Cluster = currentParts[1] - currentParts = currentParts[2:] - } - - if currentParts[0] == "workspaces" { - requestInfo.Workspace = currentParts[1] - currentParts = currentParts[2:] - } - if specialVerbs.Has(currentParts[0]) { if len(currentParts) < 2 { return &requestInfo, fmt.Errorf("unable to determine kind and namespace from url: %v", req.URL) @@ -157,6 +150,26 @@ func (r *RequestInfoFactory) NewRequestInfo(req *http.Request) (*RequestInfo, er } } + // URL forms: /clusters/{cluster}/* + if currentParts[0] == "clusters" { + if len(currentParts) > 1 { + requestInfo.Cluster = currentParts[1] + } + if len(currentParts) > 2 { + currentParts = currentParts[2:] + } + } + + // URL forms: /workspaces/{workspace}/* + if currentParts[0] == "workspaces" { + if len(currentParts) > 1 { + requestInfo.Workspace = currentParts[1] + } + if len(currentParts) > 2 { + currentParts = currentParts[2:] + } + } + // URL forms: /namespaces/{namespace}/{kind}/*, where parts are adjusted to be relative to kind if currentParts[0] == "namespaces" { if len(currentParts) > 1 { diff --git a/pkg/apiserver/request/requestinfo_test.go b/pkg/apiserver/request/requestinfo_test.go index 4348184cc..8e87a116a 100644 --- a/pkg/apiserver/request/requestinfo_test.go +++ b/pkg/apiserver/request/requestinfo_test.go @@ -162,6 +162,19 @@ func TestRequestInfoFactory_NewRequestInfo(t *testing.T) { expectedCluster: "", expectedKubernetesRequest: false, }, + { + name: "", + url: "/kapis/tenant.kubesphere.io/v1alpha2/workspaces", + method: http.MethodGet, + expectedErr: nil, + expectedVerb: "list", + expectedNamespace: "", + expectedCluster: "", + expectedWorkspace: "", + expectedKubernetesRequest: false, + expectedIsResourceRequest: true, + expectedResource: "workspaces", + }, { name: "kubesphere api without clusters", url: "/kapis/foo/bar/", @@ -180,39 +193,42 @@ func TestRequestInfoFactory_NewRequestInfo(t *testing.T) { requestInfoResolver := newTestRequestInfoResolver() for _, test := range tests { - req, err := http.NewRequest(test.method, test.url, nil) - if err != nil { - t.Fatal(err) - } - requestInfo, err := requestInfoResolver.NewRequestInfo(req) + t.Run(test.url, func(t *testing.T) { + req, err := http.NewRequest(test.method, test.url, nil) + if err != nil { + t.Fatal(err) + } + requestInfo, err := requestInfoResolver.NewRequestInfo(req) - if err != nil { - if test.expectedErr != err { - t.Errorf("%s: expected error %v, actual %v", test.name, test.expectedErr, err) - } - } else { - if test.expectedVerb != requestInfo.Verb { - t.Errorf("%s: expected verb %v, actual %+v", test.name, test.expectedVerb, requestInfo.Verb) - } - if test.expectedResource != requestInfo.Resource { - t.Errorf("%s: expected resource %v, actual %+v", test.name, test.expectedResource, requestInfo.Resource) - } - if test.expectedIsResourceRequest != requestInfo.IsResourceRequest { - t.Errorf("%s: expected is resource request %v, actual %+v", test.name, test.expectedIsResourceRequest, requestInfo.IsResourceRequest) - } - if test.expectedCluster != requestInfo.Cluster { - t.Errorf("%s: expected cluster %v, actual %+v", test.name, test.expectedCluster, requestInfo.Cluster) - } - if test.expectedWorkspace != requestInfo.Workspace { - t.Errorf("%s: expected workspace %v, actual %+v", test.name, test.expectedWorkspace, requestInfo.Workspace) - } - if test.expectedNamespace != requestInfo.Namespace { - t.Errorf("%s: expected namespace %v, actual %+v", test.name, test.expectedNamespace, requestInfo.Namespace) - } + if err != nil { + if test.expectedErr != err { + t.Errorf("%s: expected error %v, actual %v", test.name, test.expectedErr, err) + } + } else { + if test.expectedVerb != requestInfo.Verb { + t.Errorf("%s: expected verb %v, actual %+v", test.name, test.expectedVerb, requestInfo.Verb) + } + if test.expectedResource != requestInfo.Resource { + t.Errorf("%s: expected resource %v, actual %+v", test.name, test.expectedResource, requestInfo.Resource) + } + if test.expectedIsResourceRequest != requestInfo.IsResourceRequest { + t.Errorf("%s: expected is resource request %v, actual %+v", test.name, test.expectedIsResourceRequest, requestInfo.IsResourceRequest) + } + if test.expectedCluster != requestInfo.Cluster { + t.Errorf("%s: expected cluster %v, actual %+v", test.name, test.expectedCluster, requestInfo.Cluster) + } + if test.expectedWorkspace != requestInfo.Workspace { + t.Errorf("%s: expected workspace %v, actual %+v", test.name, test.expectedWorkspace, requestInfo.Workspace) + } + if test.expectedNamespace != requestInfo.Namespace { + t.Errorf("%s: expected namespace %v, actual %+v", test.name, test.expectedNamespace, requestInfo.Namespace) + } - if test.expectedKubernetesRequest != requestInfo.IsKubernetesRequest { - t.Errorf("%s: expected kubernetes request %v, actual %+v", test.name, test.expectedKubernetesRequest, requestInfo.IsKubernetesRequest) + if test.expectedKubernetesRequest != requestInfo.IsKubernetesRequest { + t.Errorf("%s: expected kubernetes request %v, actual %+v", test.name, test.expectedKubernetesRequest, requestInfo.IsKubernetesRequest) + } } - } + }) + } } From 3c73471f79dc604056efc9cb1156f0cf77d425b0 Mon Sep 17 00:00:00 2001 From: zryfish Date: Wed, 1 Apr 2020 17:41:50 +0800 Subject: [PATCH 3/3] fix path authorizer give no opinion on resource requests (#1981) --- pkg/apiserver/apiserver.go | 16 ++++++++-------- pkg/apiserver/authorization/path/path.go | 4 ---- pkg/apiserver/filters/authorization.go | 14 +++++++------- .../v1alpha2/register.go | 0 4 files changed, 15 insertions(+), 19 deletions(-) rename pkg/kapis/{serverconfig => config}/v1alpha2/register.go (100%) diff --git a/pkg/apiserver/apiserver.go b/pkg/apiserver/apiserver.go index 76ca4426a..323ec1de1 100644 --- a/pkg/apiserver/apiserver.go +++ b/pkg/apiserver/apiserver.go @@ -25,6 +25,7 @@ import ( "kubesphere.io/kubesphere/pkg/apiserver/filters" "kubesphere.io/kubesphere/pkg/apiserver/request" "kubesphere.io/kubesphere/pkg/informers" + configv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/config/v1alpha2" iamv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/iam/v1alpha2" loggingv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/logging/v1alpha2" monitoringv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/monitoring/v1alpha2" @@ -33,7 +34,6 @@ import ( operationsv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/operations/v1alpha2" resourcesv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/resources/v1alpha2" resourcev1alpha3 "kubesphere.io/kubesphere/pkg/kapis/resources/v1alpha3" - "kubesphere.io/kubesphere/pkg/kapis/serverconfig/v1alpha2" servicemeshv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/servicemesh/metrics/v1alpha2" terminalv1alpha2 "kubesphere.io/kubesphere/pkg/kapis/terminal/v1alpha2" "kubesphere.io/kubesphere/pkg/models/iam/am" @@ -133,7 +133,7 @@ func (s *APIServer) PrepareRun() error { } func (s *APIServer) installKubeSphereAPIs() { - urlruntime.Must(v1alpha2.AddToContainer(s.container, s.Config)) + urlruntime.Must(configv1alpha2.AddToContainer(s.container, s.Config)) urlruntime.Must(resourcev1alpha3.AddToContainer(s.container, s.InformerFactory)) // Need to refactor devops api registration, too much dependencies //urlruntime.Must(devopsv1alpha2.AddToContainer(s.container, s.DevopsClient, s.DBClient.Database(), nil, s.KubernetesClient.KubeSphere(), s.InformerFactory.KubeSphereSharedInformerFactory(), s.S3Client)) @@ -181,20 +181,20 @@ func (s *APIServer) buildHandlerChain() { } handler := s.Server.Handler - handler = filters.WithKubeAPIServer(handler, s.KubernetesClient.Config(), &errorResponder{}) handler = filters.WithMultipleClusterDispatcher(handler, dispatch.NewClusterDispatch(s.InformerFactory.KubeSphereSharedInformerFactory().Tower().V1alpha1().Agents().Lister())) excludedPaths := []string{"/oauth/*", "/kapis/config.kubesphere.io/*"} pathAuthorizer, _ := path.NewAuthorizer(excludedPaths) - authorizer := unionauthorizer.New(pathAuthorizer, - authorizerfactory.NewOPAAuthorizer(am.NewFakeAMOperator())) - handler = filters.WithAuthorization(handler, authorizer) + // union authorizers are ordered, don't change the order here + authorizers := unionauthorizer.New(pathAuthorizer, authorizerfactory.NewOPAAuthorizer(am.NewFakeAMOperator())) + handler = filters.WithAuthorization(handler, authorizers) + + // authenticators are unordered authn := unionauth.New(anonymous.NewAuthenticator(), basictoken.New(basic.NewBasicAuthenticator(im.NewFakeOperator())), - bearertoken.New(jwttoken.NewTokenAuthenticator( - token.NewJwtTokenIssuer(token.DefaultIssuerName, s.Config.AuthenticationOptions, s.CacheClient)))) + bearertoken.New(jwttoken.NewTokenAuthenticator(token.NewJwtTokenIssuer(token.DefaultIssuerName, s.Config.AuthenticationOptions, s.CacheClient)))) handler = filters.WithAuthentication(handler, authn) handler = filters.WithRequestInfo(handler, requestInfoResolver) s.Server.Handler = handler diff --git a/pkg/apiserver/authorization/path/path.go b/pkg/apiserver/authorization/path/path.go index 4df9c41a5..435cca198 100644 --- a/pkg/apiserver/authorization/path/path.go +++ b/pkg/apiserver/authorization/path/path.go @@ -47,10 +47,6 @@ func NewAuthorizer(alwaysAllowPaths []string) (authorizer.Authorizer, error) { } return authorizer.AuthorizerFunc(func(a authorizer.Attributes) (authorizer.Decision, string, error) { - if a.IsResourceRequest() { - return authorizer.DecisionNoOpinion, "", nil - } - pth := strings.TrimPrefix(a.GetPath(), "/") if paths.Has(pth) { return authorizer.DecisionAllow, "", nil diff --git a/pkg/apiserver/filters/authorization.go b/pkg/apiserver/filters/authorization.go index fb63f97ba..44c9ba4db 100644 --- a/pkg/apiserver/filters/authorization.go +++ b/pkg/apiserver/filters/authorization.go @@ -13,23 +13,23 @@ import ( ) // WithAuthorization passes all authorized requests on to handler, and returns forbidden error otherwise. -func WithAuthorization(handler http.Handler, a authorizer.Authorizer) http.Handler { - if a == nil { +func WithAuthorization(handler http.Handler, authorizers authorizer.Authorizer) http.Handler { + if authorizers == nil { klog.Warningf("Authorization is disabled") return handler } - serializer := serializer.NewCodecFactory(runtime.NewScheme()).WithoutConversion() + defaultSerializer := serializer.NewCodecFactory(runtime.NewScheme()).WithoutConversion() return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { ctx := req.Context() - attributes, err := GetAuthorizerAttributes(ctx) + attributes, err := getAuthorizerAttributes(ctx) if err != nil { responsewriters.InternalError(w, req, err) } - authorized, reason, err := a.Authorize(attributes) + authorized, reason, err := authorizers.Authorize(attributes) if authorized == authorizer.DecisionAllow { handler.ServeHTTP(w, req) return @@ -41,11 +41,11 @@ func WithAuthorization(handler http.Handler, a authorizer.Authorizer) http.Handl } klog.V(4).Infof("Forbidden: %#v, Reason: %q", req.RequestURI, reason) - responsewriters.Forbidden(ctx, attributes, w, req, reason, serializer) + responsewriters.Forbidden(ctx, attributes, w, req, reason, defaultSerializer) }) } -func GetAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error) { +func getAuthorizerAttributes(ctx context.Context) (authorizer.Attributes, error) { attribs := authorizer.AttributesRecord{} user, ok := request.UserFrom(ctx) diff --git a/pkg/kapis/serverconfig/v1alpha2/register.go b/pkg/kapis/config/v1alpha2/register.go similarity index 100% rename from pkg/kapis/serverconfig/v1alpha2/register.go rename to pkg/kapis/config/v1alpha2/register.go