fix: workspace cluster authorize
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
@@ -35,15 +35,6 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
spec:
|
spec:
|
||||||
properties:
|
properties:
|
||||||
clusters:
|
|
||||||
description: authorized clusters
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
manager:
|
|
||||||
type: string
|
|
||||||
networkIsolation:
|
|
||||||
type: boolean
|
|
||||||
overrides:
|
overrides:
|
||||||
items:
|
items:
|
||||||
properties:
|
properties:
|
||||||
@@ -54,15 +45,15 @@ spec:
|
|||||||
properties:
|
properties:
|
||||||
op:
|
op:
|
||||||
type: string
|
type: string
|
||||||
path:
|
path:
|
||||||
type: string
|
type: string
|
||||||
value:
|
value:
|
||||||
anyOf:
|
anyOf:
|
||||||
- type: string
|
- type: string
|
||||||
- type: integer
|
- type: integer
|
||||||
- type: boolean
|
- type: boolean
|
||||||
- type: object
|
- type: object
|
||||||
- type: array
|
- type: array
|
||||||
required:
|
required:
|
||||||
- path
|
- path
|
||||||
- value
|
- value
|
||||||
@@ -73,6 +64,43 @@ spec:
|
|||||||
- clusterOverrides
|
- clusterOverrides
|
||||||
type: object
|
type: object
|
||||||
type: array
|
type: array
|
||||||
|
placement:
|
||||||
|
properties:
|
||||||
|
clusterSelector:
|
||||||
|
properties:
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
clusters:
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
template:
|
||||||
|
properties:
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: WorkspaceSpec defines the desired state of Workspace
|
||||||
|
properties:
|
||||||
|
manager:
|
||||||
|
type: string
|
||||||
|
networkIsolation:
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- spec
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- placement
|
||||||
|
- template
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
version: v1alpha2
|
version: v1alpha2
|
||||||
|
|||||||
@@ -58,34 +58,6 @@ type WorkspaceTemplate struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type WorkspaceTemplateSpec struct {
|
type WorkspaceTemplateSpec struct {
|
||||||
v1alpha1.WorkspaceSpec `json:",inline"`
|
|
||||||
// authorized clusters
|
|
||||||
// +optional
|
|
||||||
Clusters []string `json:"clusters,omitempty"`
|
|
||||||
Overrides []Override `json:"overrides,omitempty"`
|
|
||||||
}
|
|
||||||
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
|
||||||
// +genclient:nonNamespaced
|
|
||||||
|
|
||||||
// WorkspaceTemplateList contains a list of WorkspaceTemplate
|
|
||||||
type WorkspaceTemplateList struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ListMeta `json:"metadata,omitempty"`
|
|
||||||
Items []WorkspaceTemplate `json:"items"`
|
|
||||||
}
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
SchemeBuilder.Register(&WorkspaceTemplate{}, &WorkspaceTemplateList{})
|
|
||||||
}
|
|
||||||
|
|
||||||
type FederatedWorkspace struct {
|
|
||||||
metav1.TypeMeta `json:",inline"`
|
|
||||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
|
||||||
Spec FederatedWorkspaceSpec `json:"spec"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type FederatedWorkspaceSpec struct {
|
|
||||||
Template Template `json:"template"`
|
Template Template `json:"template"`
|
||||||
Placement Placement `json:"placement"`
|
Placement Placement `json:"placement"`
|
||||||
Overrides []Override `json:"overrides,omitempty"`
|
Overrides []Override `json:"overrides,omitempty"`
|
||||||
@@ -119,3 +91,23 @@ type ClusterOverride struct {
|
|||||||
Op string `json:"op,omitempty"`
|
Op string `json:"op,omitempty"`
|
||||||
Value runtime.RawExtension `json:"value"`
|
Value runtime.RawExtension `json:"value"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
// +genclient:nonNamespaced
|
||||||
|
|
||||||
|
// WorkspaceTemplateList contains a list of WorkspaceTemplate
|
||||||
|
type WorkspaceTemplateList struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ListMeta `json:"metadata,omitempty"`
|
||||||
|
Items []WorkspaceTemplate `json:"items"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
SchemeBuilder.Register(&WorkspaceTemplate{}, &WorkspaceTemplateList{})
|
||||||
|
}
|
||||||
|
|
||||||
|
type FederatedWorkspace struct {
|
||||||
|
metav1.TypeMeta `json:",inline"`
|
||||||
|
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||||
|
Spec WorkspaceTemplateSpec `json:"spec"`
|
||||||
|
}
|
||||||
|
|||||||
32
pkg/apis/tenant/v1alpha2/zz_generated.deepcopy.go
generated
32
pkg/apis/tenant/v1alpha2/zz_generated.deepcopy.go
generated
@@ -95,30 +95,6 @@ func (in *FederatedWorkspace) DeepCopy() *FederatedWorkspace {
|
|||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
|
||||||
func (in *FederatedWorkspaceSpec) DeepCopyInto(out *FederatedWorkspaceSpec) {
|
|
||||||
*out = *in
|
|
||||||
in.Template.DeepCopyInto(&out.Template)
|
|
||||||
in.Placement.DeepCopyInto(&out.Placement)
|
|
||||||
if in.Overrides != nil {
|
|
||||||
in, out := &in.Overrides, &out.Overrides
|
|
||||||
*out = make([]Override, len(*in))
|
|
||||||
for i := range *in {
|
|
||||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FederatedWorkspaceSpec.
|
|
||||||
func (in *FederatedWorkspaceSpec) DeepCopy() *FederatedWorkspaceSpec {
|
|
||||||
if in == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
out := new(FederatedWorkspaceSpec)
|
|
||||||
in.DeepCopyInto(out)
|
|
||||||
return out
|
|
||||||
}
|
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *Override) DeepCopyInto(out *Override) {
|
func (in *Override) DeepCopyInto(out *Override) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@@ -240,12 +216,8 @@ func (in *WorkspaceTemplateList) DeepCopyObject() runtime.Object {
|
|||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *WorkspaceTemplateSpec) DeepCopyInto(out *WorkspaceTemplateSpec) {
|
func (in *WorkspaceTemplateSpec) DeepCopyInto(out *WorkspaceTemplateSpec) {
|
||||||
*out = *in
|
*out = *in
|
||||||
out.WorkspaceSpec = in.WorkspaceSpec
|
in.Template.DeepCopyInto(&out.Template)
|
||||||
if in.Clusters != nil {
|
in.Placement.DeepCopyInto(&out.Placement)
|
||||||
in, out := &in.Clusters, &out.Clusters
|
|
||||||
*out = make([]string, len(*in))
|
|
||||||
copy(*out, *in)
|
|
||||||
}
|
|
||||||
if in.Overrides != nil {
|
if in.Overrides != nil {
|
||||||
in, out := &in.Overrides, &out.Overrides
|
in, out := &in.Overrides, &out.Overrides
|
||||||
*out = make([]Override, len(*in))
|
*out = make([]Override, len(*in))
|
||||||
|
|||||||
@@ -297,15 +297,9 @@ func (c *Controller) multiClusterSync(workspaceTemplate *tenantv1alpha2.Workspac
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if !reflect.DeepEqual(fedWorkspace.Spec.Template.Spec, workspaceTemplate.Spec.WorkspaceSpec) ||
|
if !reflect.DeepEqual(fedWorkspace.Spec, workspaceTemplate.Spec) {
|
||||||
!reflect.DeepEqual(fedWorkspace.Labels, workspaceTemplate.Labels) ||
|
|
||||||
!reflect.DeepEqual(fedWorkspace.Annotations, workspaceTemplate.Annotations) ||
|
|
||||||
!reflect.DeepEqual(fedWorkspace.Spec.Overrides, workspaceTemplate.Spec.Overrides) {
|
|
||||||
|
|
||||||
fedWorkspace.Spec.Template.Spec = workspaceTemplate.Spec.WorkspaceSpec
|
fedWorkspace.Spec = workspaceTemplate.Spec
|
||||||
fedWorkspace.Annotations = workspaceTemplate.Annotations
|
|
||||||
fedWorkspace.Labels = workspaceTemplate.Labels
|
|
||||||
fedWorkspace.Spec.Overrides = workspaceTemplate.Spec.Overrides
|
|
||||||
|
|
||||||
return c.updateFederatedWorkspace(&fedWorkspace)
|
return c.updateFederatedWorkspace(&fedWorkspace)
|
||||||
}
|
}
|
||||||
@@ -314,11 +308,6 @@ func (c *Controller) multiClusterSync(workspaceTemplate *tenantv1alpha2.Workspac
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (c *Controller) createFederatedWorkspace(workspaceTemplate *tenantv1alpha2.WorkspaceTemplate) error {
|
func (c *Controller) createFederatedWorkspace(workspaceTemplate *tenantv1alpha2.WorkspaceTemplate) error {
|
||||||
clusters := make([]tenantv1alpha2.Cluster, 0)
|
|
||||||
for _, cluster := range workspaceTemplate.Spec.Clusters {
|
|
||||||
clusters = append(clusters, tenantv1alpha2.Cluster{Name: cluster})
|
|
||||||
}
|
|
||||||
|
|
||||||
federatedWorkspace := &tenantv1alpha2.FederatedWorkspace{
|
federatedWorkspace := &tenantv1alpha2.FederatedWorkspace{
|
||||||
TypeMeta: metav1.TypeMeta{
|
TypeMeta: metav1.TypeMeta{
|
||||||
Kind: tenantv1alpha2.FedWorkspaceKind,
|
Kind: tenantv1alpha2.FedWorkspaceKind,
|
||||||
@@ -327,19 +316,7 @@ func (c *Controller) createFederatedWorkspace(workspaceTemplate *tenantv1alpha2.
|
|||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: workspaceTemplate.Name,
|
Name: workspaceTemplate.Name,
|
||||||
},
|
},
|
||||||
Spec: tenantv1alpha2.FederatedWorkspaceSpec{
|
Spec: workspaceTemplate.Spec,
|
||||||
Template: tenantv1alpha2.Template{
|
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
|
||||||
Labels: workspaceTemplate.Labels,
|
|
||||||
Annotations: workspaceTemplate.Annotations,
|
|
||||||
},
|
|
||||||
Spec: workspaceTemplate.Spec.WorkspaceSpec,
|
|
||||||
},
|
|
||||||
Placement: tenantv1alpha2.Placement{
|
|
||||||
Clusters: clusters,
|
|
||||||
},
|
|
||||||
Overrides: workspaceTemplate.Spec.Overrides,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
err := controllerutil.SetControllerReference(workspaceTemplate, federatedWorkspace, scheme.Scheme)
|
err := controllerutil.SetControllerReference(workspaceTemplate, federatedWorkspace, scheme.Scheme)
|
||||||
@@ -404,14 +381,14 @@ func (c *Controller) sync(workspaceTemplate *tenantv1alpha2.WorkspaceTemplate) e
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if !reflect.DeepEqual(workspace.Spec, workspaceTemplate.Spec.WorkspaceSpec) ||
|
if !reflect.DeepEqual(workspace.Spec, workspaceTemplate.Spec.Template.Spec) ||
|
||||||
!reflect.DeepEqual(workspace.Labels, workspaceTemplate.Labels) ||
|
!reflect.DeepEqual(workspace.Labels, workspaceTemplate.Spec.Template.Labels) ||
|
||||||
!reflect.DeepEqual(workspace.Annotations, workspaceTemplate.Annotations) {
|
!reflect.DeepEqual(workspace.Annotations, workspaceTemplate.Spec.Template.Annotations) {
|
||||||
|
|
||||||
workspace = workspace.DeepCopy()
|
workspace = workspace.DeepCopy()
|
||||||
workspace.Spec = workspaceTemplate.Spec.WorkspaceSpec
|
workspace.Spec = workspaceTemplate.Spec.Template.Spec
|
||||||
workspace.Annotations = workspaceTemplate.Annotations
|
workspace.Labels = workspaceTemplate.Spec.Template.Labels
|
||||||
workspace.Labels = workspaceTemplate.Labels
|
workspace.Annotations = workspaceTemplate.Spec.Template.Annotations
|
||||||
|
|
||||||
return c.updateWorkspace(workspace)
|
return c.updateWorkspace(workspace)
|
||||||
}
|
}
|
||||||
@@ -423,10 +400,10 @@ func (c *Controller) createWorkspace(workspaceTemplate *tenantv1alpha2.Workspace
|
|||||||
workspace := &tenantv1alpha1.Workspace{
|
workspace := &tenantv1alpha1.Workspace{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: workspaceTemplate.Name,
|
Name: workspaceTemplate.Name,
|
||||||
Labels: workspaceTemplate.Labels,
|
Labels: workspaceTemplate.Spec.Template.Labels,
|
||||||
Annotations: workspaceTemplate.Annotations,
|
Annotations: workspaceTemplate.Spec.Template.Annotations,
|
||||||
},
|
},
|
||||||
Spec: workspaceTemplate.Spec.WorkspaceSpec,
|
Spec: workspaceTemplate.Spec.Template.Spec,
|
||||||
}
|
}
|
||||||
|
|
||||||
err := controllerutil.SetControllerReference(workspaceTemplate, workspace, scheme.Scheme)
|
err := controllerutil.SetControllerReference(workspaceTemplate, workspace, scheme.Scheme)
|
||||||
@@ -482,9 +459,11 @@ func (r *Controller) initRoles(workspace *tenantv1alpha2.WorkspaceTemplate) erro
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !reflect.DeepEqual(role.Annotations, old.Annotations) ||
|
if !reflect.DeepEqual(role.Labels, old.Labels) ||
|
||||||
|
!reflect.DeepEqual(role.Annotations, old.Annotations) ||
|
||||||
!reflect.DeepEqual(role.Rules, old.Rules) {
|
!reflect.DeepEqual(role.Rules, old.Rules) {
|
||||||
updated := old.DeepCopy()
|
updated := old.DeepCopy()
|
||||||
|
updated.Labels = role.Labels
|
||||||
updated.Annotations = role.Annotations
|
updated.Annotations = role.Annotations
|
||||||
updated.Rules = role.Rules
|
updated.Rules = role.Rules
|
||||||
|
|
||||||
@@ -500,7 +479,7 @@ func (r *Controller) initRoles(workspace *tenantv1alpha2.WorkspaceTemplate) erro
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (r *Controller) initManagerRoleBinding(workspace *tenantv1alpha2.WorkspaceTemplate) error {
|
func (r *Controller) initManagerRoleBinding(workspace *tenantv1alpha2.WorkspaceTemplate) error {
|
||||||
if manager := workspace.Spec.Manager; manager != "" {
|
if manager := workspace.Spec.Template.Spec.Manager; manager != "" {
|
||||||
|
|
||||||
workspaceAdminRoleName := fmt.Sprintf(iamv1alpha2.WorkspaceAdminFormat, workspace.Name)
|
workspaceAdminRoleName := fmt.Sprintf(iamv1alpha2.WorkspaceAdminFormat, workspace.Name)
|
||||||
|
|
||||||
|
|||||||
@@ -342,8 +342,8 @@ func (t *tenantOperator) ListWorkspaceClusters(workspaceName string) (*api.ListR
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
clusters := make([]interface{}, 0)
|
clusters := make([]interface{}, 0)
|
||||||
for _, cluster := range workspace.Spec.Clusters {
|
for _, cluster := range workspace.Spec.Placement.Clusters {
|
||||||
obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", cluster)
|
obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", cluster.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.Error(err)
|
klog.Error(err)
|
||||||
if errors.IsNotFound(err) {
|
if errors.IsNotFound(err) {
|
||||||
@@ -415,12 +415,12 @@ func (t *tenantOperator) ListClusters(user user.Info) (*api.ListResult, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, clusterName := range workspace.Spec.Clusters {
|
for _, grantedCluster := range workspace.Spec.Placement.Clusters {
|
||||||
// skip if cluster exist
|
// skip if cluster exist
|
||||||
if clusters[clusterName] != nil {
|
if clusters[grantedCluster.Name] != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", clusterName)
|
obj, err := t.resourceGetter.Get(clusterv1alpha1.ResourcesPluralCluster, "", grantedCluster.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
klog.Error(err)
|
klog.Error(err)
|
||||||
if errors.IsNotFound(err) {
|
if errors.IsNotFound(err) {
|
||||||
@@ -429,7 +429,7 @@ func (t *tenantOperator) ListClusters(user user.Info) (*api.ListResult, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
cluster := obj.(*clusterv1alpha1.Cluster)
|
cluster := obj.(*clusterv1alpha1.Cluster)
|
||||||
clusters[clusterName] = cluster
|
clusters[cluster.Name] = cluster
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user