admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: workspace cluster authorize

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2020-06-17 10:40:09 +08:00
parent 692271bb56
commit 8aa934bfb7
5 changed files with 90 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
config/crds/tenant.kubesphere.io_workspacetemplates.yaml generated
View File

@@ -35,15 +35,6 @@ spec:
type: object type: object
spec: spec:
properties: properties:
clusters:
description: authorized clusters
items:
type: string
type: array
manager:
type: string
networkIsolation:
type: boolean
overrides: overrides:
items: items:
properties: properties:
@@ -54,15 +45,15 @@ spec:
properties: properties:
op: op:
type: string type: string
path: path:
type: string type: string
value: value:
anyOf: anyOf:
- type: string - type: string
- type: integer - type: integer
- type: boolean - type: boolean
- type: object - type: object
- type: array - type: array
required: required:
- path - path
- value - value
@@ -73,6 +64,43 @@ spec:
- clusterOverrides - clusterOverrides
type: object type: object
type: array type: array
placement:
properties:
clusterSelector:
properties:
matchLabels:
additionalProperties:
type: string
type: object
type: object
clusters:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
type: object
template:
properties:
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
manager:
type: string
networkIsolation:
type: boolean
type: object
required:
- spec
type: object
required:
- placement
- template
type: object type: object
type: object type: object
version: v1alpha2 version: v1alpha2

48
pkg/apis/tenant/v1alpha2/workspacetemplate_types.go
View File

@@ -58,34 +58,6 @@ type WorkspaceTemplate struct {
} }
type WorkspaceTemplateSpec struct { type WorkspaceTemplateSpec struct {
v1alpha1.WorkspaceSpec `json:",inline"`
// authorized clusters
// +optional
Clusters []string `json:"clusters,omitempty"`
Overrides []Override `json:"overrides,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +genclient:nonNamespaced
// WorkspaceTemplateList contains a list of WorkspaceTemplate
type WorkspaceTemplateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WorkspaceTemplate `json:"items"`
}
func init() {
SchemeBuilder.Register(&WorkspaceTemplate{}, &WorkspaceTemplateList{})
}
type FederatedWorkspace struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec FederatedWorkspaceSpec `json:"spec"`
}
type FederatedWorkspaceSpec struct {
Template Template `json:"template"` Template Template `json:"template"`
Placement Placement `json:"placement"` Placement Placement `json:"placement"`
Overrides []Override `json:"overrides,omitempty"` Overrides []Override `json:"overrides,omitempty"`
@@ -119,3 +91,23 @@ type ClusterOverride struct {
Op string `json:"op,omitempty"` Op string `json:"op,omitempty"`
Value runtime.RawExtension `json:"value"` Value runtime.RawExtension `json:"value"`
} }
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +genclient:nonNamespaced
// WorkspaceTemplateList contains a list of WorkspaceTemplate
type WorkspaceTemplateList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []WorkspaceTemplate `json:"items"`
}
func init() {
SchemeBuilder.Register(&WorkspaceTemplate{}, &WorkspaceTemplateList{})
}
type FederatedWorkspace struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec WorkspaceTemplateSpec `json:"spec"`
}

32
pkg/apis/tenant/v1alpha2/zz_generated.deepcopy.go generated
View File

@@ -95,30 +95,6 @@ func (in *FederatedWorkspace) DeepCopy() *FederatedWorkspace {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *FederatedWorkspaceSpec) DeepCopyInto(out *FederatedWorkspaceSpec) {
*out = *in
in.Template.DeepCopyInto(&out.Template)
in.Placement.DeepCopyInto(&out.Placement)
if in.Overrides != nil {
in, out := &in.Overrides, &out.Overrides
*out = make([]Override, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederatedWorkspaceSpec.
func (in *FederatedWorkspaceSpec) DeepCopy() *FederatedWorkspaceSpec {
if in == nil {
return nil
}
out := new(FederatedWorkspaceSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Override) DeepCopyInto(out *Override) { func (in *Override) DeepCopyInto(out *Override) {
*out = *in *out = *in
@@ -240,12 +216,8 @@ func (in *WorkspaceTemplateList) DeepCopyObject() runtime.Object {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WorkspaceTemplateSpec) DeepCopyInto(out *WorkspaceTemplateSpec) { func (in *WorkspaceTemplateSpec) DeepCopyInto(out *WorkspaceTemplateSpec) {
*out = *in *out = *in
out.WorkspaceSpec = in.WorkspaceSpec in.Template.DeepCopyInto(&out.Template)
if in.Clusters != nil { in.Placement.DeepCopyInto(&out.Placement)
in, out := &in.Clusters, &out.Clusters
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Overrides != nil { if in.Overrides != nil {
in, out := &in.Overrides, &out.Overrides in, out := &in.Overrides, &out.Overrides
*out = make([]Override, len(*in)) *out = make([]Override, len(*in))

53
pkg/controller/workspacetemplate/workspacetemplate_controller.go
View File

@@ -297,15 +297,9 @@ func (c *Controller) multiClusterSync(workspaceTemplate *tenantv1alpha2.Workspac
return err return err
} }
if !reflect.DeepEqual(fedWorkspace.Spec.Template.Spec, workspaceTemplate.Spec.WorkspaceSpec) || if !reflect.DeepEqual(fedWorkspace.Spec, workspaceTemplate.Spec) {
!reflect.DeepEqual(fedWorkspace.Labels, workspaceTemplate.Labels) ||
!reflect.DeepEqual(fedWorkspace.Annotations, workspaceTemplate.Annotations) ||
!reflect.DeepEqual(fedWorkspace.Spec.Overrides, workspaceTemplate.Spec.Overrides) {
fedWorkspace.Spec.Template.Spec = workspaceTemplate.Spec.WorkspaceSpec fedWorkspace.Spec = workspaceTemplate.Spec
fedWorkspace.Annotations = workspaceTemplate.Annotations
fedWorkspace.Labels = workspaceTemplate.Labels
fedWorkspace.Spec.Overrides = workspaceTemplate.Spec.Overrides
return c.updateFederatedWorkspace(&fedWorkspace) return c.updateFederatedWorkspace(&fedWorkspace)
} }
@@ -314,11 +308,6 @@ func (c *Controller) multiClusterSync(workspaceTemplate *tenantv1alpha2.Workspac
} }
func (c *Controller) createFederatedWorkspace(workspaceTemplate *tenantv1alpha2.WorkspaceTemplate) error { func (c *Controller) createFederatedWorkspace(workspaceTemplate *tenantv1alpha2.WorkspaceTemplate) error {
clusters := make([]tenantv1alpha2.Cluster, 0)
for _, cluster := range workspaceTemplate.Spec.Clusters {
clusters = append(clusters, tenantv1alpha2.Cluster{Name: cluster})
}
federatedWorkspace := &tenantv1alpha2.FederatedWorkspace{ federatedWorkspace := &tenantv1alpha2.FederatedWorkspace{
TypeMeta: metav1.TypeMeta{ TypeMeta: metav1.TypeMeta{
Kind: tenantv1alpha2.FedWorkspaceKind, Kind: tenantv1alpha2.FedWorkspaceKind,
@@ -327,19 +316,7 @@ func (c *Controller) createFederatedWorkspace(workspaceTemplate *tenantv1alpha2.
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: workspaceTemplate.Name, Name: workspaceTemplate.Name,
}, },
Spec: tenantv1alpha2.FederatedWorkspaceSpec{ Spec: workspaceTemplate.Spec,
Template: tenantv1alpha2.Template{
ObjectMeta: metav1.ObjectMeta{
Labels: workspaceTemplate.Labels,
Annotations: workspaceTemplate.Annotations,
},
Spec: workspaceTemplate.Spec.WorkspaceSpec,
},
Placement: tenantv1alpha2.Placement{
Clusters: clusters,
},
Overrides: workspaceTemplate.Spec.Overrides,
},
} }
err := controllerutil.SetControllerReference(workspaceTemplate, federatedWorkspace, scheme.Scheme) err := controllerutil.SetControllerReference(workspaceTemplate, federatedWorkspace, scheme.Scheme)
@@ -404,14 +381,14 @@ func (c *Controller) sync(workspaceTemplate *tenantv1alpha2.WorkspaceTemplate) e
return err return err
} }
if !reflect.DeepEqual(workspace.Spec, workspaceTemplate.Spec.WorkspaceSpec) || if !reflect.DeepEqual(workspace.Spec, workspaceTemplate.Spec.Template.Spec) ||
!reflect.DeepEqual(workspace.Labels, workspaceTemplate.Labels) || !reflect.DeepEqual(workspace.Labels, workspaceTemplate.Spec.Template.Labels) ||
!reflect.DeepEqual(workspace.Annotations, workspaceTemplate.Annotations) { !reflect.DeepEqual(workspace.Annotations, workspaceTemplate.Spec.Template.Annotations) {
workspace = workspace.DeepCopy() workspace = workspace.DeepCopy()
workspace.Spec = workspaceTemplate.Spec.WorkspaceSpec workspace.Spec = workspaceTemplate.Spec.Template.Spec
workspace.Annotations = workspaceTemplate.Annotations workspace.Labels = workspaceTemplate.Spec.Template.Labels
workspace.Labels = workspaceTemplate.Labels workspace.Annotations = workspaceTemplate.Spec.Template.Annotations
return c.updateWorkspace(workspace) return c.updateWorkspace(workspace)
} }
@@ -423,10 +400,10 @@ func (c *Controller) createWorkspace(workspaceTemplate *tenantv1alpha2.Workspace
workspace := &tenantv1alpha1.Workspace{ workspace := &tenantv1alpha1.Workspace{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: workspaceTemplate.Name, Name: workspaceTemplate.Name,
Labels: workspaceTemplate.Labels, Labels: workspaceTemplate.Spec.Template.Labels,
Annotations: workspaceTemplate.Annotations, Annotations: workspaceTemplate.Spec.Template.Annotations,
}, },
Spec: workspaceTemplate.Spec.WorkspaceSpec, Spec: workspaceTemplate.Spec.Template.Spec,
} }
err := controllerutil.SetControllerReference(workspaceTemplate, workspace, scheme.Scheme) err := controllerutil.SetControllerReference(workspaceTemplate, workspace, scheme.Scheme)
@@ -482,9 +459,11 @@ func (r *Controller) initRoles(workspace *tenantv1alpha2.WorkspaceTemplate) erro
} }
} }
if !reflect.DeepEqual(role.Annotations, old.Annotations) || if !reflect.DeepEqual(role.Labels, old.Labels) ||
!reflect.DeepEqual(role.Annotations, old.Annotations) ||
!reflect.DeepEqual(role.Rules, old.Rules) { !reflect.DeepEqual(role.Rules, old.Rules) {
updated := old.DeepCopy() updated := old.DeepCopy()
updated.Labels = role.Labels
updated.Annotations = role.Annotations updated.Annotations = role.Annotations
updated.Rules = role.Rules updated.Rules = role.Rules
@@ -500,7 +479,7 @@ func (r *Controller) initRoles(workspace *tenantv1alpha2.WorkspaceTemplate) erro
} }
func (r *Controller) initManagerRoleBinding(workspace *tenantv1alpha2.WorkspaceTemplate) error { func (r *Controller) initManagerRoleBinding(workspace *tenantv1alpha2.WorkspaceTemplate) error {
if manager := workspace.Spec.Manager; manager != "" { if manager := workspace.Spec.Template.Spec.Manager; manager != "" {
workspaceAdminRoleName := fmt.Sprintf(iamv1alpha2.WorkspaceAdminFormat, workspace.Name) workspaceAdminRoleName := fmt.Sprintf(iamv1alpha2.WorkspaceAdminFormat, workspace.Name)

12
pkg/models/tenant/tenant.go
View File

@@ -342,8 +342,8 @@ func (t *tenantOperator) ListWorkspaceClusters(workspaceName string) (*api.ListR
return nil, err return nil, err
} }
clusters := make([]interface{}, 0) clusters := make([]interface{}, 0)
for _, cluster := range workspace.Spec.Clusters { for _, cluster := range workspace.Spec.Placement.Clusters {
obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", cluster) obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", cluster.Name)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { if errors.IsNotFound(err) {
@@ -415,12 +415,12 @@ func (t *tenantOperator) ListClusters(user user.Info) (*api.ListResult, error) {
return nil, err return nil, err
} }
for _, clusterName := range workspace.Spec.Clusters { for _, grantedCluster := range workspace.Spec.Placement.Clusters {
// skip if cluster exist // skip if cluster exist
if clusters[clusterName] != nil { if clusters[grantedCluster.Name] != nil {
continue continue
} }
obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", clusterName) obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", grantedCluster.Name)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { if errors.IsNotFound(err) {
@@ -429,7 +429,7 @@ func (t *tenantOperator) ListClusters(user user.Info) (*api.ListResult, error) {
return nil, err return nil, err
} }
cluster := obj.(*clusterv1alpha1.Cluster) cluster := obj.(*clusterv1alpha1.Cluster)
clusters[clusterName] = cluster clusters[cluster.Name] = cluster
} }
} }