implement identity provider and built-in oauth server

Signed-off-by: hongming <talonwan@yunify.com>
2020-03-26 06:43:20 +08:00
parent 59002cd176
commit 9b9d4021ec
25 changed files with 637 additions and 1163 deletions
--- a/pkg/simple/client/kubesphere/kubesphere.go
+++ b/pkg/simple/client/kubesphere/kubesphere.go
@@ -1,349 +0,0 @@
-/*
-
- Copyright 2019 The KubeSphere Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/
-package kubesphere
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"k8s.io/klog"
-	"kubesphere.io/kubesphere/pkg/api/devops/v1alpha2"
-	"kubesphere.io/kubesphere/pkg/constants"
-	"kubesphere.io/kubesphere/pkg/models"
-	"net/http"
-	"strings"
-)
-
-type Interface interface {
-	CreateGroup(group *models.Group) (*models.Group, error)
-	UpdateGroup(group *models.Group) (*models.Group, error)
-	DescribeGroup(name string) (*models.Group, error)
-	DeleteGroup(name string) error
-	ListUsers() (*models.PageableResponse, error)
-	ListWorkspaceDevOpsProjects(workspace string) (*v1alpha2.PageableDevOpsProject, error)
-	DeleteWorkspaceDevOpsProjects(workspace, devops string) error
-}
-
-type Client struct {
-	client *http.Client
-
-	apiServer     string
-	accountServer string
-}
-
-func NewKubeSphereClient(options *Options) *Client {
-	return &Client{
-		client:        &http.Client{},
-		apiServer:     options.APIServer,
-		accountServer: options.AccountServer,
-	}
-}
-
-type Error struct {
-	status  int
-	message string
-}
-
-func (e Error) Error() string {
-	return fmt.Sprintf("status: %d,message: %s", e.status, e.message)
-}
-
-func (c *Client) CreateGroup(group *models.Group) (*models.Group, error) {
-	data, err := json.Marshal(group)
-	if err != nil {
-		return nil, err
-	}
-
-	req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/kapis/iam.kubesphere.io/v1alpha2/groups", c.accountServer), bytes.NewReader(data))
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	req.Header.Add("Content-Type", "application/json")
-
-	resp, err := c.client.Do(req)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	defer resp.Body.Close()
-	data, err = ioutil.ReadAll(resp.Body)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	if resp.StatusCode > http.StatusOK {
-		return nil, Error{resp.StatusCode, string(data)}
-	}
-
-	err = json.Unmarshal(data, group)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	return group, nil
-}
-
-func (c *Client) UpdateGroup(group *models.Group) (*models.Group, error) {
-	data, err := json.Marshal(group)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	req, err := http.NewRequest(http.MethodPut, fmt.Sprintf("%s/kapis/iam.kubesphere.io/v1alpha2/groups/%s", c.accountServer, group.Name), bytes.NewReader(data))
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	req.Header.Add("Content-Type", "application/json")
-	resp, err := c.client.Do(req)
-
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	data, err = ioutil.ReadAll(resp.Body)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	if resp.StatusCode > http.StatusOK {
-		return nil, Error{resp.StatusCode, string(data)}
-	}
-
-	err = json.Unmarshal(data, group)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	return group, nil
-}
-
-func (c *Client) DeleteGroup(name string) error {
-	req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("%s/kapis/iam.kubesphere.io/v1alpha2/groups/%s", c.accountServer, name), nil)
-
-	if err != nil {
-		klog.Error(err)
-		return err
-	}
-
-	resp, err := c.client.Do(req)
-
-	if err != nil {
-		klog.Error(err)
-		return err
-	}
-	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
-
-	if err != nil {
-		klog.Error(err)
-		return err
-	}
-
-	if resp.StatusCode > http.StatusOK {
-		return Error{resp.StatusCode, string(data)}
-	}
-
-	return nil
-}
-
-func (c *Client) DescribeGroup(name string) (*models.Group, error) {
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/kapis/iam.kubesphere.io/v1alpha2/groups/%s", c.accountServer, name), nil)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	resp, err := c.client.Do(req)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	if resp.StatusCode > http.StatusOK {
-		return nil, Error{resp.StatusCode, string(data)}
-	}
-
-	var group models.Group
-	err = json.Unmarshal(data, &group)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	return &group, nil
-}
-
-func (c *Client) ListUsers() (*models.PageableResponse, error) {
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/kapis/iam.kubesphere.io/v1alpha2/users", c.accountServer), nil)
-
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("Authorization", c.accountServer)
-	resp, err := c.client.Do(req)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	if resp.StatusCode > http.StatusOK {
-		return nil, Error{resp.StatusCode, string(data)}
-	}
-
-	var result models.PageableResponse
-	err = json.Unmarshal(data, &result)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	return &result, nil
-}
-
-func (c *Client) ListWorkspaceDevOpsProjects(workspace string) (*v1alpha2.PageableDevOpsProject, error) {
-	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/kapis/tenant.kubesphere.io/v1alpha2/workspaces/%s/devops", c.apiServer, workspace), nil)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-
-	req.Header.Add(constants.UserNameHeader, constants.AdminUserName)
-
-	klog.Info(req.Method, req.URL)
-	resp, err := c.client.Do(req)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	if resp.StatusCode > http.StatusOK {
-		klog.Error(req.Method, req.URL, resp.StatusCode, string(data))
-		return nil, Error{resp.StatusCode, string(data)}
-	}
-
-	var result v1alpha2.PageableDevOpsProject
-	err = json.Unmarshal(data, &result)
-
-	if err != nil {
-		klog.Error(err)
-		return nil, err
-	}
-	return &result, nil
-
-}
-
-func (c *Client) DeleteWorkspaceDevOpsProjects(workspace, devops string) error {
-	req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("%s/kapis/tenant.kubesphere.io/v1alpha2/workspaces/%s/devops/%s", c.apiServer, workspace, devops), nil)
-
-	if err != nil {
-		klog.Error(err)
-		return err
-	}
-	req.Header.Add(constants.UserNameHeader, constants.AdminUserName)
-
-	klog.Info(req.Method, req.URL)
-	resp, err := c.client.Do(req)
-
-	if err != nil {
-		klog.Error(err)
-		return err
-	}
-	defer resp.Body.Close()
-	data, err := ioutil.ReadAll(resp.Body)
-
-	if err != nil {
-		klog.Error(err)
-		return err
-	}
-	if resp.StatusCode > http.StatusOK {
-		klog.Error(req.Method, req.URL, resp.StatusCode, string(data))
-		return Error{resp.StatusCode, string(data)}
-	}
-
-	return nil
-}
-
-func IsNotFound(err error) bool {
-	if e, ok := err.(Error); ok {
-		if e.status == http.StatusNotFound {
-			return true
-		}
-		if strings.Contains(e.message, "not exist") {
-			return true
-		}
-		if strings.Contains(e.message, "not found") {
-			return true
-		}
-	}
-	return false
-}
-
-func IsExist(err error) bool {
-	if e, ok := err.(Error); ok {
-		if e.status == http.StatusConflict {
-			return true
-		}
-		if strings.Contains(e.message, "Already Exists") {
-			return true
-		}
-	}
-	return false
-}
--- a/pkg/simple/client/kubesphere/options.go
+++ b/pkg/simple/client/kubesphere/options.go
@@ -1,40 +0,0 @@
-package kubesphere
-
-import "github.com/spf13/pflag"
-
-type Options struct {
-	APIServer     string `json:"apiServer" yaml:"apiServer"`
-	AccountServer string `json:"accountServer" yaml:"accountServer"`
-}
-
-// NewKubeSphereOptions create a default options
-func NewKubeSphereOptions() *Options {
-	return &Options{
-		APIServer:     "http://ks-apiserver.kubesphere-system.svc",
-		AccountServer: "http://ks-account.kubesphere-system.svc",
-	}
-}
-
-func (s *Options) ApplyTo(options *Options) {
-	if s.AccountServer != "" {
-		options.AccountServer = s.AccountServer
-	}
-
-	if s.APIServer != "" {
-		options.APIServer = s.APIServer
-	}
-}
-
-func (s *Options) Validate() []error {
-	errs := []error{}
-
-	return errs
-}
-
-func (s *Options) AddFlags(fs *pflag.FlagSet) {
-	fs.StringVar(&s.APIServer, "kubesphere-apiserver-host", s.APIServer, ""+
-		"KubeSphere apiserver host address.")
-
-	fs.StringVar(&s.AccountServer, "kubesphere-account-host", s.AccountServer, ""+
-		"KubeSphere account server host address.")
-}