code refactor (#1924)
* code refactor Signed-off-by: hongming <talonwan@yunify.com> * code refactor Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
@@ -25,8 +25,8 @@ import (
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/client-go/informers"
|
||||
"kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/internal"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
|
||||
"kubesphere.io/kubesphere/pkg/utils/k8sutil"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
@@ -140,7 +140,7 @@ func (c *Authentication) roleValidate(attrs authorizer.Attributes) (bool, error)
|
||||
}
|
||||
|
||||
for _, roleBinding := range roleBindings {
|
||||
if k8sutil.ContainsUser(roleBinding.Subjects, attrs.GetUser().GetName()) {
|
||||
if iam.ContainsUser(roleBinding.Subjects, attrs.GetUser().GetName()) {
|
||||
role, err := roleLister.Roles(attrs.GetNamespace()).Get(roleBinding.RoleRef.Name)
|
||||
|
||||
if err != nil {
|
||||
@@ -171,7 +171,7 @@ func (c *Authentication) clusterRoleValidate(attrs authorizer.Attributes) (bool,
|
||||
|
||||
for _, clusterRoleBinding := range clusterRoleBindings {
|
||||
|
||||
if k8sutil.ContainsUser(clusterRoleBinding.Subjects, attrs.GetUser().GetName()) {
|
||||
if iam.ContainsUser(clusterRoleBinding.Subjects, attrs.GetUser().GetName()) {
|
||||
clusterRole, err := clusterRoleLister.Get(clusterRoleBinding.RoleRef.Name)
|
||||
|
||||
if err != nil {
|
||||
|
||||
@@ -32,8 +32,8 @@ import (
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/openpitrix"
|
||||
"kubesphere.io/kubesphere/pkg/utils/k8sutil"
|
||||
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
||||
"openpitrix.io/openpitrix/pkg/pb"
|
||||
"reflect"
|
||||
@@ -261,7 +261,7 @@ func (r *ReconcileNamespace) checkAndCreateRoleBindings(namespace *corev1.Namesp
|
||||
if adminBinding.Subjects == nil {
|
||||
adminBinding.Subjects = make([]rbac.Subject, 0)
|
||||
}
|
||||
if !k8sutil.ContainsUser(adminBinding.Subjects, creatorName) {
|
||||
if !iam.ContainsUser(adminBinding.Subjects, creatorName) {
|
||||
adminBinding.Subjects = append(adminBinding.Subjects, creator)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,12 +18,11 @@ import (
|
||||
"github.com/asaskevich/govalidator"
|
||||
"github.com/emicklei/go-restful"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"kubesphere.io/kubesphere/pkg/server/params"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops"
|
||||
"kubesphere.io/kubesphere/pkg/utils/reflectutils"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful.Request, resp *restful.Response) {
|
||||
@@ -34,7 +33,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful.
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
orderBy := request.QueryParameter(params.OrderByParam)
|
||||
@@ -46,7 +45,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful.
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -63,14 +62,14 @@ func (h ProjectPipelineHandler) GetDevOpsProjectMemberHandler(request *restful.R
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
project, err := h.projectMemberOperator.GetProjectMember(projectId, member)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -86,26 +85,26 @@ func (h ProjectPipelineHandler) AddDevOpsProjectMemberHandler(request *restful.R
|
||||
err := request.ReadEntity(&member)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
if govalidator.IsNull(member.Username) {
|
||||
err := fmt.Errorf("error need username")
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
if !reflectutils.In(member.Role, devops.AllRoleSlice) {
|
||||
err := fmt.Errorf("err role [%s] not in [%s]", member.Role,
|
||||
devops.AllRoleSlice)
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -114,7 +113,7 @@ func (h ProjectPipelineHandler) AddDevOpsProjectMemberHandler(request *restful.R
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -130,41 +129,41 @@ func (h ProjectPipelineHandler) UpdateDevOpsProjectMemberHandler(request *restfu
|
||||
err := request.ReadEntity(&member)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
member.Username = request.PathParameter("member")
|
||||
if govalidator.IsNull(member.Username) {
|
||||
err := fmt.Errorf("error need username")
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
if username == member.Username {
|
||||
err := fmt.Errorf("you can not change your role")
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
if !reflectutils.In(member.Role, devops.AllRoleSlice) {
|
||||
err := fmt.Errorf("err role [%s] not in [%s]", member.Role,
|
||||
devops.AllRoleSlice)
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
project, err := h.projectMemberOperator.UpdateProjectMember(projectId, member)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -181,13 +180,13 @@ func (h ProjectPipelineHandler) DeleteDevOpsProjectMemberHandler(request *restfu
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
username, err = h.projectMemberOperator.DeleteProjectMember(projectId, member)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
resp.WriteAsJson(struct {
|
||||
|
||||
@@ -3,10 +3,9 @@ package v1alpha2
|
||||
import (
|
||||
"github.com/emicklei/go-restful"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func (h PipelineSonarHandler) GetPipelineSonarStatusHandler(request *restful.Request, resp *restful.Response) {
|
||||
@@ -16,13 +15,13 @@ func (h PipelineSonarHandler) GetPipelineSonarStatusHandler(request *restful.Req
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
sonarStatus, err := h.pipelineSonarGetter.GetPipelineSonar(projectId, pipelineId)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
resp.WriteAsJson(sonarStatus)
|
||||
@@ -36,13 +35,13 @@ func (h PipelineSonarHandler) GetMultiBranchesPipelineSonarStatusHandler(request
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
sonarStatus, err := h.pipelineSonarGetter.GetMultiBranchPipelineSonar(projectId, pipelineId, branchId)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
resp.WriteAsJson(sonarStatus)
|
||||
|
||||
@@ -16,11 +16,10 @@ package v1alpha2
|
||||
import (
|
||||
"github.com/emicklei/go-restful"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
"kubesphere.io/kubesphere/pkg/api/devops/v1alpha2"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func (h ProjectPipelineHandler) GetDevOpsProjectHandler(request *restful.Request, resp *restful.Response) {
|
||||
@@ -31,14 +30,14 @@ func (h ProjectPipelineHandler) GetDevOpsProjectHandler(request *restful.Request
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
project, err := h.projectOperator.GetProject(projectId)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -54,21 +53,21 @@ func (h ProjectPipelineHandler) UpdateProjectHandler(request *restful.Request, r
|
||||
err := request.ReadEntity(&project)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
project.ProjectId = projectId
|
||||
err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
project, err = h.projectOperator.UpdateProject(project)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -16,10 +16,9 @@ package v1alpha2
|
||||
import (
|
||||
"github.com/emicklei/go-restful"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func (h ProjectPipelineHandler) CreateDevOpsProjectCredentialHandler(request *restful.Request, resp *restful.Response) {
|
||||
@@ -30,14 +29,14 @@ func (h ProjectPipelineHandler) CreateDevOpsProjectCredentialHandler(request *re
|
||||
err := request.ReadEntity(&credential)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
credentialId, err := h.projectCredentialOperator.CreateProjectCredential(projectId, username, credential)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -55,14 +54,14 @@ func (h ProjectPipelineHandler) UpdateDevOpsProjectCredentialHandler(request *re
|
||||
err := request.ReadEntity(&credential)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
credentialId, err = h.projectCredentialOperator.UpdateProjectCredential(projectId, credentialId, credential)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -81,7 +80,7 @@ func (h ProjectPipelineHandler) DeleteDevOpsProjectCredentialHandler(request *re
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -100,7 +99,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectCredentialHandler(request *restf
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -114,7 +113,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectCredentialsHandler(request *rest
|
||||
jenkinsCredentials, err := h.projectCredentialOperator.GetProjectCredentials(projectId)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
resp.WriteAsJson(jenkinsCredentials)
|
||||
|
||||
@@ -16,10 +16,9 @@ package v1alpha2
|
||||
import (
|
||||
"github.com/emicklei/go-restful"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/devops"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
func (h ProjectPipelineHandler) CreateDevOpsProjectPipelineHandler(request *restful.Request, resp *restful.Response) {
|
||||
@@ -30,20 +29,20 @@ func (h ProjectPipelineHandler) CreateDevOpsProjectPipelineHandler(request *rest
|
||||
err := request.ReadEntity(&pipeline)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
pipelineName, err := h.projectPipelineOperator.CreateProjectPipeline(projectId, pipeline)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -61,14 +60,14 @@ func (h ProjectPipelineHandler) DeleteDevOpsProjectPipelineHandler(request *rest
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
pipelineName, err := h.projectPipelineOperator.DeleteProjectPipeline(projectId, pipelineId)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -87,20 +86,20 @@ func (h ProjectPipelineHandler) UpdateDevOpsProjectPipelineHandler(request *rest
|
||||
err := request.ReadEntity(&pipeline)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
pipelineName, err := h.projectPipelineOperator.UpdateProjectPipeline(projectId, pipelineId, pipeline)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -119,14 +118,14 @@ func (h ProjectPipelineHandler) GetDevOpsProjectPipelineConfigHandler(request *r
|
||||
err := h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer})
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp)
|
||||
api.HandleForbidden(resp, err)
|
||||
return
|
||||
}
|
||||
pipeline, err := h.projectPipelineOperator.GetProjectPipelineConfig(projectId, pipelineId)
|
||||
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -5,8 +5,8 @@ import (
|
||||
"fmt"
|
||||
"github.com/emicklei/go-restful"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
"kubesphere.io/kubesphere/pkg/models/devops"
|
||||
"kubesphere.io/kubesphere/pkg/server/errors"
|
||||
"kubesphere.io/kubesphere/pkg/utils/hashutil"
|
||||
"net/http"
|
||||
)
|
||||
@@ -22,38 +22,38 @@ func (h S2iBinaryHandler) UploadS2iBinaryHandler(req *restful.Request, resp *res
|
||||
err := req.Request.ParseMultipartForm(bytefmt.MEGABYTE * 20)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
if len(req.Request.MultipartForm.File) == 0 {
|
||||
err := restful.NewError(http.StatusBadRequest, "could not get file from form")
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp)
|
||||
api.HandleBadRequest(resp, err)
|
||||
return
|
||||
}
|
||||
if len(req.Request.MultipartForm.File["s2ibinary"]) == 0 {
|
||||
err := restful.NewError(http.StatusBadRequest, "could not get file from form")
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
if len(req.Request.MultipartForm.File["s2ibinary"]) > 1 {
|
||||
err := restful.NewError(http.StatusBadRequest, "s2ibinary should only have one file")
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
defer req.Request.MultipartForm.RemoveAll()
|
||||
file, err := req.Request.MultipartForm.File["s2ibinary"][0].Open()
|
||||
if err != nil {
|
||||
klog.Error(err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
filemd5, err := hashutil.GetMD5(file)
|
||||
if err != nil {
|
||||
klog.Error(err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
md5, ok := req.Request.MultipartForm.Value["md5"]
|
||||
@@ -61,7 +61,7 @@ func (h S2iBinaryHandler) UploadS2iBinaryHandler(req *restful.Request, resp *res
|
||||
if md5[0] != filemd5 {
|
||||
err := restful.NewError(http.StatusBadRequest, fmt.Sprintf("md5 not match, origin: %+v, calculate: %+v", md5[0], filemd5))
|
||||
klog.Error(err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
}
|
||||
@@ -69,7 +69,7 @@ func (h S2iBinaryHandler) UploadS2iBinaryHandler(req *restful.Request, resp *res
|
||||
s2ibin, err := h.s2iUploader.UploadS2iBinary(ns, name, filemd5, req.Request.MultipartForm.File["s2ibinary"][0])
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
resp.WriteAsJson(s2ibin)
|
||||
@@ -83,7 +83,7 @@ func (h S2iBinaryHandler) DownloadS2iBinaryHandler(req *restful.Request, resp *r
|
||||
url, err := h.s2iUploader.DownloadS2iBinary(ns, name, fileName)
|
||||
if err != nil {
|
||||
klog.Errorf("%+v", err)
|
||||
errors.ParseSvcErr(err, resp)
|
||||
api.HandleInternalError(resp, err)
|
||||
return
|
||||
}
|
||||
http.Redirect(resp.ResponseWriter, req.Request, url, http.StatusFound)
|
||||
|
||||
@@ -156,7 +156,7 @@ func (am *amOperator) GetUserRoles(namespace, username string) ([]*rbacv1.Role,
|
||||
roles := make([]*rbacv1.Role, 0)
|
||||
|
||||
for _, roleBinding := range roleBindings {
|
||||
if k8sutil.ContainsUser(roleBinding.Subjects, username) {
|
||||
if ContainsUser(roleBinding.Subjects, username) {
|
||||
if roleBinding.RoleRef.Kind == ClusterRoleKind {
|
||||
clusterRole, err := clusterRoleLister.Get(roleBinding.RoleRef.Name)
|
||||
if err != nil {
|
||||
@@ -207,7 +207,7 @@ func (am *amOperator) GetUserClusterRoles(username string) (*rbacv1.ClusterRole,
|
||||
clusterRoles := make([]*rbacv1.ClusterRole, 0)
|
||||
userFacingClusterRole := &rbacv1.ClusterRole{}
|
||||
for _, clusterRoleBinding := range clusterRoleBindings {
|
||||
if k8sutil.ContainsUser(clusterRoleBinding.Subjects, username) {
|
||||
if ContainsUser(clusterRoleBinding.Subjects, username) {
|
||||
clusterRole, err := clusterRoleLister.Get(clusterRoleBinding.RoleRef.Name)
|
||||
if err != nil {
|
||||
if apierrors.IsNotFound(err) {
|
||||
@@ -307,7 +307,7 @@ func (am *amOperator) GetWorkspaceRoleMap(username string) (map[string]string, e
|
||||
|
||||
for _, roleBinding := range clusterRoleBindings {
|
||||
if workspace := k8sutil.GetControlledWorkspace(roleBinding.OwnerReferences); workspace != "" &&
|
||||
k8sutil.ContainsUser(roleBinding.Subjects, username) {
|
||||
ContainsUser(roleBinding.Subjects, username) {
|
||||
result[workspace] = roleBinding.RoleRef.Name
|
||||
}
|
||||
}
|
||||
@@ -588,7 +588,7 @@ func (am *amOperator) CreateClusterRoleBinding(username string, clusterRoleName
|
||||
return nil
|
||||
}
|
||||
|
||||
if !k8sutil.ContainsUser(found.Subjects, username) {
|
||||
if !ContainsUser(found.Subjects, username) {
|
||||
found.Subjects = clusterRoleBinding.Subjects
|
||||
_, err = client.ClientSets().K8s().Kubernetes().RbacV1().ClusterRoleBindings().Update(found)
|
||||
if err != nil {
|
||||
|
||||
@@ -179,3 +179,34 @@ func hasString(slice []string, value string) bool {
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func ContainsUser(subjects interface{}, username string) bool {
|
||||
switch subjects.(type) {
|
||||
case []*rbacv1.Subject:
|
||||
for _, subject := range subjects.([]*rbacv1.Subject) {
|
||||
if subject.Kind == rbacv1.UserKind && subject.Name == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
case []rbacv1.Subject:
|
||||
for _, subject := range subjects.([]rbacv1.Subject) {
|
||||
if subject.Kind == rbacv1.UserKind && subject.Name == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
case []User:
|
||||
for _, u := range subjects.([]User) {
|
||||
if u.Username == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
case []*User:
|
||||
for _, u := range subjects.([]*User) {
|
||||
if u.Username == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -23,7 +23,6 @@ import (
|
||||
"github.com/json-iterator/go"
|
||||
"k8s.io/klog"
|
||||
"kubesphere.io/kubesphere/pkg/api/monitoring/v1alpha2"
|
||||
"kubesphere.io/kubesphere/pkg/models/workspaces"
|
||||
cs "kubesphere.io/kubesphere/pkg/simple/client"
|
||||
"net/url"
|
||||
"regexp"
|
||||
@@ -665,40 +664,40 @@ func GetClusterStatistics() *Response {
|
||||
wg := sync.WaitGroup{}
|
||||
wg.Add(4)
|
||||
|
||||
go func() {
|
||||
num, err := workspaces.WorkspaceCount()
|
||||
if err != nil {
|
||||
klog.Errorln(err)
|
||||
workspaceStats.Status = "error"
|
||||
} else {
|
||||
workspaceStats.withMetricResult(now, num)
|
||||
}
|
||||
wg.Done()
|
||||
}()
|
||||
//go func() {
|
||||
// num, err := workspaces.WorkspaceCount()
|
||||
// if err != nil {
|
||||
// klog.Errorln(err)
|
||||
// workspaceStats.Status = "error"
|
||||
// } else {
|
||||
// workspaceStats.withMetricResult(now, num)
|
||||
// }
|
||||
// wg.Done()
|
||||
//}()
|
||||
|
||||
go func() {
|
||||
num, err := workspaces.GetAllDevOpsProjectsNums()
|
||||
if err != nil {
|
||||
if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled {
|
||||
klog.Errorln(err)
|
||||
}
|
||||
devopsStats.Status = "error"
|
||||
} else {
|
||||
devopsStats.withMetricResult(now, num)
|
||||
}
|
||||
wg.Done()
|
||||
}()
|
||||
//go func() {
|
||||
//num, err := workspaces.GetAllDevOpsProjectsNums()
|
||||
//if err != nil {
|
||||
// if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled {
|
||||
// klog.Errorln(err)
|
||||
// }
|
||||
// devopsStats.Status = "error"
|
||||
//} else {
|
||||
// devopsStats.withMetricResult(now, num)
|
||||
//}
|
||||
// wg.Done()
|
||||
//}()
|
||||
|
||||
go func() {
|
||||
num, err := workspaces.GetAllProjectNums()
|
||||
if err != nil {
|
||||
klog.Errorln(err)
|
||||
namespaceStats.Status = "error"
|
||||
} else {
|
||||
namespaceStats.withMetricResult(now, num)
|
||||
}
|
||||
wg.Done()
|
||||
}()
|
||||
//go func() {
|
||||
//num, err := workspaces.GetAllProjectNums()
|
||||
//if err != nil {
|
||||
// klog.Errorln(err)
|
||||
// namespaceStats.Status = "error"
|
||||
//} else {
|
||||
// namespaceStats.withMetricResult(now, num)
|
||||
//}
|
||||
// wg.Done()
|
||||
//}()
|
||||
|
||||
go func() {
|
||||
ret, err := cs.ClientSets().KubeSphere().ListUsers()
|
||||
@@ -723,7 +722,7 @@ func GetClusterStatistics() *Response {
|
||||
|
||||
func GetWorkspaceStatistics(workspaceName string) *Response {
|
||||
|
||||
now := time.Now().Unix()
|
||||
//now := time.Now().Unix()
|
||||
|
||||
var metricsArray []APIResponse
|
||||
namespaceStats := APIResponse{MetricName: MetricWorkspaceNamespaceCount}
|
||||
@@ -734,51 +733,51 @@ func GetWorkspaceStatistics(workspaceName string) *Response {
|
||||
wg := sync.WaitGroup{}
|
||||
wg.Add(4)
|
||||
|
||||
go func() {
|
||||
num, err := workspaces.WorkspaceNamespaceCount(workspaceName)
|
||||
if err != nil {
|
||||
klog.Errorln(err)
|
||||
namespaceStats.Status = "error"
|
||||
} else {
|
||||
namespaceStats.withMetricResult(now, num)
|
||||
}
|
||||
wg.Done()
|
||||
}()
|
||||
//go func() {
|
||||
// num, err := workspaces.WorkspaceNamespaceCount(workspaceName)
|
||||
// if err != nil {
|
||||
// klog.Errorln(err)
|
||||
// namespaceStats.Status = "error"
|
||||
// } else {
|
||||
// namespaceStats.withMetricResult(now, num)
|
||||
// }
|
||||
// wg.Done()
|
||||
//}()
|
||||
|
||||
go func() {
|
||||
num, err := workspaces.GetDevOpsProjectsCount(workspaceName)
|
||||
if err != nil {
|
||||
if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled {
|
||||
klog.Errorln(err)
|
||||
}
|
||||
devopsStats.Status = "error"
|
||||
} else {
|
||||
devopsStats.withMetricResult(now, num)
|
||||
}
|
||||
wg.Done()
|
||||
}()
|
||||
//go func() {
|
||||
// num, err := workspaces.GetDevOpsProjectsCount(workspaceName)
|
||||
// if err != nil {
|
||||
// if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled {
|
||||
// klog.Errorln(err)
|
||||
// }
|
||||
// devopsStats.Status = "error"
|
||||
// } else {
|
||||
// devopsStats.withMetricResult(now, num)
|
||||
// }
|
||||
// wg.Done()
|
||||
//}()
|
||||
|
||||
go func() {
|
||||
num, err := workspaces.WorkspaceUserCount(workspaceName)
|
||||
if err != nil {
|
||||
klog.Errorln(err)
|
||||
memberStats.Status = "error"
|
||||
} else {
|
||||
memberStats.withMetricResult(now, num)
|
||||
}
|
||||
wg.Done()
|
||||
}()
|
||||
//go func() {
|
||||
//num, err := workspaces.WorkspaceUserCount(workspaceName)
|
||||
//if err != nil {
|
||||
// klog.Errorln(err)
|
||||
// memberStats.Status = "error"
|
||||
//} else {
|
||||
// memberStats.withMetricResult(now, num)
|
||||
//}
|
||||
// wg.Done()
|
||||
//}()
|
||||
|
||||
go func() {
|
||||
num, err := workspaces.GetOrgRolesCount(workspaceName)
|
||||
if err != nil {
|
||||
klog.Errorln(err)
|
||||
roleStats.Status = "error"
|
||||
} else {
|
||||
roleStats.withMetricResult(now, num)
|
||||
}
|
||||
wg.Done()
|
||||
}()
|
||||
//go func() {
|
||||
//num, err := workspaces.GetOrgRolesCount(workspaceName)
|
||||
// if err != nil {
|
||||
// klog.Errorln(err)
|
||||
// roleStats.Status = "error"
|
||||
// } else {
|
||||
// roleStats.withMetricResult(now, num)
|
||||
// }
|
||||
// wg.Done()
|
||||
//}()
|
||||
|
||||
wg.Wait()
|
||||
|
||||
|
||||
@@ -35,7 +35,6 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/server/params"
|
||||
clientset "kubesphere.io/kubesphere/pkg/simple/client"
|
||||
"kubesphere.io/kubesphere/pkg/simple/client/mysql"
|
||||
"kubesphere.io/kubesphere/pkg/utils/k8sutil"
|
||||
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
||||
"sort"
|
||||
"strings"
|
||||
@@ -164,7 +163,7 @@ func (w *workspaceOperator) createWorkspaceRoleBinding(workspace, username strin
|
||||
return err
|
||||
}
|
||||
|
||||
if !k8sutil.ContainsUser(workspaceRoleBinding.Subjects, username) {
|
||||
if !iam.ContainsUser(workspaceRoleBinding.Subjects, username) {
|
||||
workspaceRoleBinding = workspaceRoleBinding.DeepCopy()
|
||||
workspaceRoleBinding.Subjects = append(workspaceRoleBinding.Subjects, v1.Subject{APIGroup: "rbac.authorization.k8s.io", Kind: "User", Name: username})
|
||||
_, err = w.client.RbacV1().ClusterRoleBindings().Update(workspaceRoleBinding)
|
||||
|
||||
@@ -19,6 +19,8 @@ package errors
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/emicklei/go-restful"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type Error struct {
|
||||
|
||||
@@ -18,9 +18,7 @@
|
||||
package k8sutil
|
||||
|
||||
import (
|
||||
"k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam"
|
||||
)
|
||||
|
||||
func IsControlledBy(reference []metav1.OwnerReference, kind string, name string) bool {
|
||||
@@ -40,34 +38,3 @@ func GetControlledWorkspace(reference []metav1.OwnerReference) string {
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func ContainsUser(subjects interface{}, username string) bool {
|
||||
switch subjects.(type) {
|
||||
case []*v1.Subject:
|
||||
for _, subject := range subjects.([]*v1.Subject) {
|
||||
if subject.Kind == v1.UserKind && subject.Name == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
case []v1.Subject:
|
||||
for _, subject := range subjects.([]v1.Subject) {
|
||||
if subject.Kind == v1.UserKind && subject.Name == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
case []iam.User:
|
||||
for _, u := range subjects.([]iam.User) {
|
||||
if u.Username == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
case []*iam.User:
|
||||
for _, u := range subjects.([]*iam.User) {
|
||||
if u.Username == username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user