This is a huge commit, it does following things:
1. refactor kubesphere dependency service client creation, we can disable dependency by config 2. dependencies can be configured by configuration file 3. refactor cmd package using cobra.Command, so we can use hypersphere to invoke command sepearately. Later we only need to build one image to contains all kubesphere core components. One command to rule them all! 4. live reloading configuration currently not implemented
This commit is contained in:
Jeff
87
pkg/simple/client/ldap/ldap.go
Normal file
87
pkg/simple/client/ldap/ldap.go
Normal file
@@ -0,0 +1,87 @@
|
||||
/*
|
||||
|
||||
Copyright 2019 The KubeSphere Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
*/
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"github.com/go-ldap/ldap"
|
||||
"k8s.io/klog"
|
||||
)
|
||||
|
||||
type LdapClient struct {
|
||||
pool Pool
|
||||
options *LdapOptions
|
||||
}
|
||||
|
||||
// panic if cannot connect to ldap service
|
||||
func NewLdapClient(options *LdapOptions, stopCh <-chan struct{}) (*LdapClient, error) {
|
||||
pool, err := NewChannelPool(8, 64, "kubesphere", func(s string) (ldap.Client, error) {
|
||||
conn, err := ldap.Dial("tcp", options.Host)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return conn, nil
|
||||
}, []uint16{ldap.LDAPResultAdminLimitExceeded, ldap.ErrorNetwork})
|
||||
|
||||
if err != nil {
|
||||
klog.Error(err)
|
||||
pool.Close()
|
||||
return nil, err
|
||||
}
|
||||
|
||||
client := &LdapClient{
|
||||
pool: pool,
|
||||
options: options,
|
||||
}
|
||||
|
||||
go func() {
|
||||
<-stopCh
|
||||
if client.pool != nil {
|
||||
client.pool.Close()
|
||||
}
|
||||
}()
|
||||
|
||||
return client, nil
|
||||
}
|
||||
|
||||
func (l *LdapClient) Ldap() ldap.Client {
|
||||
if l.pool != nil {
|
||||
conn, err := l.pool.Get()
|
||||
if err != nil {
|
||||
klog.Error(err)
|
||||
return nil
|
||||
}
|
||||
|
||||
err = conn.Bind(l.options.ManagerDN, l.options.ManagerPassword)
|
||||
if err != nil {
|
||||
conn.Close()
|
||||
klog.Error(err)
|
||||
return nil
|
||||
}
|
||||
return conn
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (l *LdapClient) GroupSearchBase() string {
|
||||
return l.options.GroupSearchBase
|
||||
}
|
||||
|
||||
func (l *LdapClient) UserSearchBase() string {
|
||||
return l.options.UserSearchBase
|
||||
}
|
||||
@@ -1,84 +0,0 @@
|
||||
/*
|
||||
|
||||
Copyright 2019 The KubeSphere Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
|
||||
*/
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"github.com/go-ldap/ldap"
|
||||
"github.com/golang/glog"
|
||||
"log"
|
||||
"sync"
|
||||
)
|
||||
|
||||
var (
|
||||
once sync.Once
|
||||
pool Pool
|
||||
ldapHost string
|
||||
ManagerDN string
|
||||
ManagerPassword string
|
||||
UserSearchBase string
|
||||
GroupSearchBase string
|
||||
poolSize int
|
||||
)
|
||||
|
||||
func init() {
|
||||
flag.StringVar(&ldapHost, "ldap-server", "localhost:389", "ldap server host")
|
||||
flag.StringVar(&ManagerDN, "ldap-manager-dn", "cn=admin,dc=example,dc=org", "ldap manager dn")
|
||||
flag.StringVar(&ManagerPassword, "ldap-manager-password", "admin", "ldap manager password")
|
||||
flag.StringVar(&UserSearchBase, "ldap-user-search-base", "ou=Users,dc=example,dc=org", "ldap user search base")
|
||||
flag.StringVar(&GroupSearchBase, "ldap-group-search-base", "ou=Groups,dc=example,dc=org", "ldap group search base")
|
||||
flag.IntVar(&poolSize, "ldap-pool-size", 64, "ldap connection pool size")
|
||||
}
|
||||
|
||||
func ldapClientPool() Pool {
|
||||
|
||||
once.Do(func() {
|
||||
var err error
|
||||
pool, err = NewChannelPool(8, poolSize, "kubesphere", func(s string) (ldap.Client, error) {
|
||||
conn, err := ldap.Dial("tcp", ldapHost)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return conn, nil
|
||||
}, []uint16{ldap.LDAPResultTimeLimitExceeded, ldap.ErrorNetwork})
|
||||
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
})
|
||||
return pool
|
||||
}
|
||||
|
||||
func Client() (ldap.Client, error) {
|
||||
conn, err := ldapClientPool().Get()
|
||||
|
||||
if err != nil {
|
||||
glog.Errorln("get ldap connection from pool", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
err = conn.Bind(ManagerDN, ManagerPassword)
|
||||
|
||||
if err != nil {
|
||||
conn.Close()
|
||||
glog.Errorln("bind manager dn", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return conn, nil
|
||||
}
|
||||
53
pkg/simple/client/ldap/options.go
Normal file
53
pkg/simple/client/ldap/options.go
Normal file
@@ -0,0 +1,53 @@
|
||||
package ldap
|
||||
|
||||
import (
|
||||
"github.com/spf13/pflag"
|
||||
"kubesphere.io/kubesphere/pkg/utils/reflectutils"
|
||||
)
|
||||
|
||||
type LdapOptions struct {
|
||||
Host string `json:"host,omitempty" yaml:"host,omitempty"`
|
||||
ManagerDN string `json:"managerDN,omitempty" yaml:"managerDN,omitempty"`
|
||||
ManagerPassword string `json:"managerPassword,omitempty" yaml:"managerPassword,omitempty"`
|
||||
UserSearchBase string `json:"userSearchBase,omitempty" yaml:"userSearchBase,omitempty"`
|
||||
GroupSearchBase string `json:"groupSearchBase,omitempty" yaml:"groupSearchBase,omitempty"`
|
||||
}
|
||||
|
||||
// NewLdapOptions return a default option
|
||||
// which host field point to nowhere.
|
||||
func NewLdapOptions() *LdapOptions {
|
||||
return &LdapOptions{
|
||||
Host: "",
|
||||
ManagerDN: "cn=admin,dc=example,dc=org",
|
||||
UserSearchBase: "ou=Users,dc=example,dc=org",
|
||||
GroupSearchBase: "ou=Groups,dc=example,dc=org",
|
||||
}
|
||||
}
|
||||
|
||||
func (l *LdapOptions) Validate() []error {
|
||||
errors := []error{}
|
||||
|
||||
return errors
|
||||
}
|
||||
|
||||
func (l *LdapOptions) ApplyTo(options *LdapOptions) {
|
||||
reflectutils.Override(options, l)
|
||||
}
|
||||
|
||||
func (l *LdapOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
fs.StringVar(&l.Host, "ldap-host", l.Host, ""+
|
||||
"Ldap service host, if left blank, all of the following options will "+
|
||||
"be ignored and ldap will be disabled.")
|
||||
|
||||
fs.StringVar(&l.ManagerDN, "ldap-manager-dn", l.ManagerDN, ""+
|
||||
"Ldap manager account domain name.")
|
||||
|
||||
fs.StringVar(&l.ManagerPassword, "ldap-manager-password", l.ManagerPassword, ""+
|
||||
"Ldap manager account password.")
|
||||
|
||||
fs.StringVar(&l.UserSearchBase, "ldap-user-search-base", l.UserSearchBase, ""+
|
||||
"Ldap user search base.")
|
||||
|
||||
fs.StringVar(&l.GroupSearchBase, "ldap-group-search-base", l.GroupSearchBase, ""+
|
||||
"Ldap group search base.")
|
||||
}
|
||||
Reference in New Issue
Block a user