migrate legacy API

Signed-off-by: hongming <talonwan@yunify.com>
2020-04-20 07:01:43 +08:00
parent 3f89eaef7e
commit 7db2ba662c
103 changed files with 5962 additions and 2363 deletions
--- a/pkg/kapis/iam/v1alpha2/handler.go
+++ b/pkg/kapis/iam/v1alpha2/handler.go
@@ -1,14 +1,20 @@
 package v1alpha2

 import (
+	"fmt"
 	"github.com/emicklei/go-restful"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/klog"
 	"kubesphere.io/kubesphere/pkg/api"
 	iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
+	tenantv1alpha1 "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
 	authoptions "kubesphere.io/kubesphere/pkg/apiserver/authentication/options"
+	"kubesphere.io/kubesphere/pkg/apiserver/query"
 	"kubesphere.io/kubesphere/pkg/models/iam/am"
 	"kubesphere.io/kubesphere/pkg/models/iam/im"
-	"strings"
+	resources "kubesphere.io/kubesphere/pkg/models/resources/v1alpha3"
 )

 type iamHandler struct {
@@ -23,18 +29,6 @@ func newIAMHandler(im im.IdentityManagementInterface, am am.AccessManagementInte
 	}
 }

-func (h *iamHandler) CreateUser(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
-
-func (h *iamHandler) DeleteUser(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
-
-func (h *iamHandler) ModifyUser(request *restful.Request, response *restful.Response) {
-	panic("implement me")
-}
-
 func (h *iamHandler) DescribeUser(req *restful.Request, resp *restful.Response) {
 	username := req.PathParameter("user")
 	user, err := h.im.DescribeUser(username)
@@ -43,108 +37,198 @@ func (h *iamHandler) DescribeUser(req *restful.Request, resp *restful.Response)
 		return
 	}

-	globalRole, err := h.am.GetRoleOfUserInTargetScope(iamv1alpha2.GlobalScope, "", username)
+	globalRole, err := h.am.GetGlobalRoleOfUser(username)

 	if err != nil {
 		api.HandleInternalError(resp, req, err)
 		return
 	}
+
 	result := iamv1alpha2.UserDetail{User: user, GlobalRole: globalRole}

 	resp.WriteEntity(result)
 }

 func (h *iamHandler) ListUsers(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
-
-func (h *iamHandler) ListUserRoles(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
-
-func (h *iamHandler) ListRoles(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
-
-func (h *iamHandler) ListRolesOfUser(req *restful.Request, resp *restful.Response) {
-	username := req.PathParameter("user")
-
-	var roles []iamv1alpha2.Role
-	var err error
-
-	if strings.HasSuffix(req.Request.URL.Path, "workspaceroles") {
-		roles, err = h.am.ListRolesOfUser(iamv1alpha2.WorkspaceScope, username)
-	} else if strings.HasSuffix(req.Request.URL.Path, "clusterroles") {
-		roles, err = h.am.ListRolesOfUser(iamv1alpha2.ClusterScope, username)
-	} else if strings.HasSuffix(req.Request.URL.Path, "namespaceroles") {
-		roles, err = h.am.ListRolesOfUser(iamv1alpha2.NamespaceScope, username)
-	}
-
+	queryParam := query.ParseQueryParameter(req)
+	result, err := h.im.ListUsers(queryParam)
 	if err != nil {
 		api.HandleInternalError(resp, req, err)
 		return
 	}
+	for i, item := range result.Items {
+		user := item.(*iamv1alpha2.User)
+		user = user.DeepCopy()
+		role, err := h.am.GetGlobalRoleOfUser(user.Name)
+		if err != nil && !errors.IsNotFound(err) {
+			klog.Error(err)
+			api.HandleInternalError(resp, req, err)
+			return
+		}

-	result := iamv1alpha2.RoleList{
-		TypeMeta: v1.TypeMeta{
-			Kind:       "List",
-			APIVersion: "v1",
-		},
-		ListMeta: v1.ListMeta{},
-		Items:    roles,
+		if user.Annotations == nil {
+			user.Annotations = make(map[string]string, 0)
+		}
+
+		if role != nil {
+			user.Annotations["iam.kubesphere.io/global-role"] = role.Name
+		} else {
+			user.Annotations["iam.kubesphere.io/global-role"] = ""
+		}
+
+		result.Items[i] = user
 	}

 	resp.WriteEntity(result)
+
 }
+
+func (h *iamHandler) ListRoles(req *restful.Request, resp *restful.Response) {
+	namespace := req.PathParameter("namespace")
+	queryParam := query.ParseQueryParameter(req)
+	result, err := h.am.ListRoles(namespace, queryParam)
+	if err != nil {
+		api.HandleInternalError(resp, req, err)
+		return
+	}
+	resp.WriteEntity(result)
+}
+
 func (h *iamHandler) ListClusterRoles(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
+	queryParam := query.ParseQueryParameter(req)
+	result, err := h.am.ListClusterRoles(queryParam)
+	if err != nil {
+		api.HandleInternalError(resp, req, err)
+		return
+	}
+	resp.WriteEntity(result)
+}
+
+func (h *iamHandler) ListGlobalRoles(req *restful.Request, resp *restful.Response) {
+	queryParam := query.ParseQueryParameter(req)
+	result, err := h.am.ListGlobalRoles(queryParam)
+	if err != nil {
+		api.HandleInternalError(resp, req, err)
+		return
+	}
+	resp.WriteEntity(result)
 }

 func (h *iamHandler) ListRoleUsers(req *restful.Request, resp *restful.Response) {
 	panic("implement me")
 }

-// List users by namespace
 func (h *iamHandler) ListNamespaceUsers(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
+	queryParam := query.ParseQueryParameter(req)
+	namespace := req.PathParameter("namespace")

-func (h *iamHandler) ListClusterRoleUsers(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
+	roleBindings, err := h.am.ListRoleBindings("", namespace)

-func (h *iamHandler) ListClusterRoleRules(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
-}
+	if err != nil {
+		api.HandleInternalError(resp, req, err)
+		return
+	}

-func (h *iamHandler) ListRoleRules(req *restful.Request, resp *restful.Response) {
-	panic("implement me")
+	users := make([]runtime.Object, 0)
+
+	for _, roleBinding := range roleBindings {
+		for _, subject := range roleBinding.Subjects {
+			if subject.Kind == iamv1alpha2.ResourceKindUser {
+				user, err := h.im.DescribeUser(subject.Name)
+
+				if errors.IsNotFound(err) {
+					klog.Errorf("orphan subject: %+v", subject)
+					continue
+				}
+
+				if err != nil {
+					api.HandleInternalError(resp, req, err)
+					return
+				}
+
+				user = user.DeepCopy()
+
+				if user.Annotations == nil {
+					user.Annotations = make(map[string]string, 0)
+				}
+
+				user.Annotations["iam.kubesphere.io/role"] = roleBinding.RoleRef.Name
+
+				users = append(users, user)
+			}
+		}
+	}
+
+	result := resources.DefaultList(users, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
+		return resources.DefaultObjectMetaCompare(left.(*corev1.Namespace).ObjectMeta, right.(*corev1.Namespace).ObjectMeta, field)
+	}, func(object runtime.Object, filter query.Filter) bool {
+		user := object.(*iamv1alpha2.User).ObjectMeta
+		return resources.DefaultObjectMetaFilter(user, filter)
+	})
+
+	resp.WriteEntity(result)
 }

 func (h *iamHandler) ListWorkspaceRoles(request *restful.Request, response *restful.Response) {
-	panic("implement me")
-}
+	queryParam := query.ParseQueryParameter(request)
+	workspace := request.PathParameter("workspace")
+	queryParam.Filters[query.FieldLabel] = query.Value(fmt.Sprintf("%s:%s", tenantv1alpha1.WorkspaceLabel, workspace))

-func (h *iamHandler) DescribeWorkspaceRole(request *restful.Request, response *restful.Response) {
-	panic("implement me")
-}
-
-func (h *iamHandler) ListWorkspaceRoleRules(request *restful.Request, response *restful.Response) {
-	panic("implement me")
+	result, err := h.am.ListWorkspaceRoles(queryParam)
+	if err != nil {
+		api.HandleInternalError(response, request, err)
+		return
+	}
+	response.WriteEntity(result)
 }

 func (h *iamHandler) ListWorkspaceUsers(request *restful.Request, response *restful.Response) {
-	panic("implement me")
-}
+	queryParam := query.ParseQueryParameter(request)
+	workspace := request.PathParameter("workspace")

-func (h *iamHandler) InviteUser(request *restful.Request, response *restful.Response) {
-	panic("implement me")
-}
+	roleBindings, err := h.am.ListWorkspaceRoleBindings("", workspace)

-func (h *iamHandler) RemoveUser(request *restful.Request, response *restful.Response) {
-	panic("implement me")
-}
+	if err != nil {
+		api.HandleInternalError(response, request, err)
+		return
+	}

-func (h *iamHandler) DescribeWorkspaceUser(request *restful.Request, response *restful.Response) {
-	panic("implement me")
+	users := make([]runtime.Object, 0)
+
+	for _, roleBinding := range roleBindings {
+		for _, subject := range roleBinding.Subjects {
+			if subject.Kind == iamv1alpha2.ResourceKindUser {
+				user, err := h.im.DescribeUser(subject.Name)
+
+				if errors.IsNotFound(err) {
+					klog.Errorf("orphan subject: %+v", subject)
+					continue
+				}
+
+				if err != nil {
+					api.HandleInternalError(response, request, err)
+					return
+				}
+
+				user = user.DeepCopy()
+
+				if user.Annotations == nil {
+					user.Annotations = make(map[string]string, 0)
+				}
+
+				user.Annotations["iam.kubesphere.io/workspace-role"] = roleBinding.RoleRef.Name
+
+				users = append(users, user)
+			}
+		}
+	}
+
+	result := resources.DefaultList(users, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
+		return resources.DefaultObjectMetaCompare(left.(*corev1.Namespace).ObjectMeta, right.(*corev1.Namespace).ObjectMeta, field)
+	}, func(object runtime.Object, filter query.Filter) bool {
+		user := object.(*iamv1alpha2.User).ObjectMeta
+		return resources.DefaultObjectMetaFilter(user, filter)
+	})
+
+	response.WriteEntity(result)
 }