diff --git a/pkg/apigateway/caddy-plugin/authentication/authentication.go b/pkg/apigateway/caddy-plugin/authentication/authentication.go index 40e765101..c4b817a29 100644 --- a/pkg/apigateway/caddy-plugin/authentication/authentication.go +++ b/pkg/apigateway/caddy-plugin/authentication/authentication.go @@ -25,8 +25,8 @@ import ( "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/client-go/informers" "kubesphere.io/kubesphere/pkg/apigateway/caddy-plugin/internal" + "kubesphere.io/kubesphere/pkg/models/iam" "kubesphere.io/kubesphere/pkg/simple/client/k8s" - "kubesphere.io/kubesphere/pkg/utils/k8sutil" "log" "net/http" "strings" @@ -140,7 +140,7 @@ func (c *Authentication) roleValidate(attrs authorizer.Attributes) (bool, error) } for _, roleBinding := range roleBindings { - if k8sutil.ContainsUser(roleBinding.Subjects, attrs.GetUser().GetName()) { + if iam.ContainsUser(roleBinding.Subjects, attrs.GetUser().GetName()) { role, err := roleLister.Roles(attrs.GetNamespace()).Get(roleBinding.RoleRef.Name) if err != nil { @@ -171,7 +171,7 @@ func (c *Authentication) clusterRoleValidate(attrs authorizer.Attributes) (bool, for _, clusterRoleBinding := range clusterRoleBindings { - if k8sutil.ContainsUser(clusterRoleBinding.Subjects, attrs.GetUser().GetName()) { + if iam.ContainsUser(clusterRoleBinding.Subjects, attrs.GetUser().GetName()) { clusterRole, err := clusterRoleLister.Get(clusterRoleBinding.RoleRef.Name) if err != nil { diff --git a/pkg/controller/namespace/namespace_controller.go b/pkg/controller/namespace/namespace_controller.go index 638f705ed..7ca8c7449 100644 --- a/pkg/controller/namespace/namespace_controller.go +++ b/pkg/controller/namespace/namespace_controller.go @@ -32,8 +32,8 @@ import ( "k8s.io/klog" "kubesphere.io/kubesphere/pkg/apis/tenant/v1alpha1" "kubesphere.io/kubesphere/pkg/constants" + "kubesphere.io/kubesphere/pkg/models/iam" "kubesphere.io/kubesphere/pkg/simple/client/openpitrix" - "kubesphere.io/kubesphere/pkg/utils/k8sutil" "kubesphere.io/kubesphere/pkg/utils/sliceutil" "openpitrix.io/openpitrix/pkg/pb" "reflect" @@ -261,7 +261,7 @@ func (r *ReconcileNamespace) checkAndCreateRoleBindings(namespace *corev1.Namesp if adminBinding.Subjects == nil { adminBinding.Subjects = make([]rbac.Subject, 0) } - if !k8sutil.ContainsUser(adminBinding.Subjects, creatorName) { + if !iam.ContainsUser(adminBinding.Subjects, creatorName) { adminBinding.Subjects = append(adminBinding.Subjects, creator) } } diff --git a/pkg/kapis/devops/v1alpha2/member.go b/pkg/kapis/devops/v1alpha2/member.go index 9de60c7e8..29f383fe4 100644 --- a/pkg/kapis/devops/v1alpha2/member.go +++ b/pkg/kapis/devops/v1alpha2/member.go @@ -18,12 +18,11 @@ import ( "github.com/asaskevich/govalidator" "github.com/emicklei/go-restful" "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/api" "kubesphere.io/kubesphere/pkg/constants" - "kubesphere.io/kubesphere/pkg/server/errors" "kubesphere.io/kubesphere/pkg/server/params" "kubesphere.io/kubesphere/pkg/simple/client/devops" "kubesphere.io/kubesphere/pkg/utils/reflectutils" - "net/http" ) func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful.Request, resp *restful.Response) { @@ -34,7 +33,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful. err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } orderBy := request.QueryParameter(params.OrderByParam) @@ -46,7 +45,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectMembersHandler(request *restful. if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -63,14 +62,14 @@ func (h ProjectPipelineHandler) GetDevOpsProjectMemberHandler(request *restful.R err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } project, err := h.projectMemberOperator.GetProjectMember(projectId, member) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -86,26 +85,26 @@ func (h ProjectPipelineHandler) AddDevOpsProjectMemberHandler(request *restful.R err := request.ReadEntity(&member) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } if govalidator.IsNull(member.Username) { err := fmt.Errorf("error need username") klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } if !reflectutils.In(member.Role, devops.AllRoleSlice) { err := fmt.Errorf("err role [%s] not in [%s]", member.Role, devops.AllRoleSlice) klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } @@ -114,7 +113,7 @@ func (h ProjectPipelineHandler) AddDevOpsProjectMemberHandler(request *restful.R if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -130,41 +129,41 @@ func (h ProjectPipelineHandler) UpdateDevOpsProjectMemberHandler(request *restfu err := request.ReadEntity(&member) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } member.Username = request.PathParameter("member") if govalidator.IsNull(member.Username) { err := fmt.Errorf("error need username") klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } if username == member.Username { err := fmt.Errorf("you can not change your role") klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } if !reflectutils.In(member.Role, devops.AllRoleSlice) { err := fmt.Errorf("err role [%s] not in [%s]", member.Role, devops.AllRoleSlice) klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } project, err := h.projectMemberOperator.UpdateProjectMember(projectId, member) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -181,13 +180,13 @@ func (h ProjectPipelineHandler) DeleteDevOpsProjectMemberHandler(request *restfu err := h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } username, err = h.projectMemberOperator.DeleteProjectMember(projectId, member) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } resp.WriteAsJson(struct { diff --git a/pkg/kapis/devops/v1alpha2/pipeline_sonar.go b/pkg/kapis/devops/v1alpha2/pipeline_sonar.go index c4fcedf81..ceee6e975 100644 --- a/pkg/kapis/devops/v1alpha2/pipeline_sonar.go +++ b/pkg/kapis/devops/v1alpha2/pipeline_sonar.go @@ -3,10 +3,9 @@ package v1alpha2 import ( "github.com/emicklei/go-restful" "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/api" "kubesphere.io/kubesphere/pkg/constants" - "kubesphere.io/kubesphere/pkg/server/errors" "kubesphere.io/kubesphere/pkg/simple/client/devops" - "net/http" ) func (h PipelineSonarHandler) GetPipelineSonarStatusHandler(request *restful.Request, resp *restful.Response) { @@ -16,13 +15,13 @@ func (h PipelineSonarHandler) GetPipelineSonarStatusHandler(request *restful.Req err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } sonarStatus, err := h.pipelineSonarGetter.GetPipelineSonar(projectId, pipelineId) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } resp.WriteAsJson(sonarStatus) @@ -36,13 +35,13 @@ func (h PipelineSonarHandler) GetMultiBranchesPipelineSonarStatusHandler(request err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } sonarStatus, err := h.pipelineSonarGetter.GetMultiBranchPipelineSonar(projectId, pipelineId, branchId) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } resp.WriteAsJson(sonarStatus) diff --git a/pkg/kapis/devops/v1alpha2/project.go b/pkg/kapis/devops/v1alpha2/project.go index 2bd4b88a9..590f7e5d7 100644 --- a/pkg/kapis/devops/v1alpha2/project.go +++ b/pkg/kapis/devops/v1alpha2/project.go @@ -16,11 +16,10 @@ package v1alpha2 import ( "github.com/emicklei/go-restful" "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/api" "kubesphere.io/kubesphere/pkg/api/devops/v1alpha2" "kubesphere.io/kubesphere/pkg/constants" - "kubesphere.io/kubesphere/pkg/server/errors" "kubesphere.io/kubesphere/pkg/simple/client/devops" - "net/http" ) func (h ProjectPipelineHandler) GetDevOpsProjectHandler(request *restful.Request, resp *restful.Response) { @@ -31,14 +30,14 @@ func (h ProjectPipelineHandler) GetDevOpsProjectHandler(request *restful.Request err := h.projectOperator.CheckProjectUserInRole(username, projectId, devops.AllRoleSlice) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } project, err := h.projectOperator.GetProject(projectId) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -54,21 +53,21 @@ func (h ProjectPipelineHandler) UpdateProjectHandler(request *restful.Request, r err := request.ReadEntity(&project) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } project.ProjectId = projectId err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } project, err = h.projectOperator.UpdateProject(project) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } diff --git a/pkg/kapis/devops/v1alpha2/project_credential.go b/pkg/kapis/devops/v1alpha2/project_credential.go index 9d9d92892..fb5af8c60 100644 --- a/pkg/kapis/devops/v1alpha2/project_credential.go +++ b/pkg/kapis/devops/v1alpha2/project_credential.go @@ -16,10 +16,9 @@ package v1alpha2 import ( "github.com/emicklei/go-restful" "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/api" "kubesphere.io/kubesphere/pkg/constants" - "kubesphere.io/kubesphere/pkg/server/errors" "kubesphere.io/kubesphere/pkg/simple/client/devops" - "net/http" ) func (h ProjectPipelineHandler) CreateDevOpsProjectCredentialHandler(request *restful.Request, resp *restful.Response) { @@ -30,14 +29,14 @@ func (h ProjectPipelineHandler) CreateDevOpsProjectCredentialHandler(request *re err := request.ReadEntity(&credential) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } credentialId, err := h.projectCredentialOperator.CreateProjectCredential(projectId, username, credential) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -55,14 +54,14 @@ func (h ProjectPipelineHandler) UpdateDevOpsProjectCredentialHandler(request *re err := request.ReadEntity(&credential) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } credentialId, err = h.projectCredentialOperator.UpdateProjectCredential(projectId, credentialId, credential) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -81,7 +80,7 @@ func (h ProjectPipelineHandler) DeleteDevOpsProjectCredentialHandler(request *re if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -100,7 +99,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectCredentialHandler(request *restf if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -114,7 +113,7 @@ func (h ProjectPipelineHandler) GetDevOpsProjectCredentialsHandler(request *rest jenkinsCredentials, err := h.projectCredentialOperator.GetProjectCredentials(projectId) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } resp.WriteAsJson(jenkinsCredentials) diff --git a/pkg/kapis/devops/v1alpha2/project_pipeline.go b/pkg/kapis/devops/v1alpha2/project_pipeline.go index b752dafd9..e1ad0158a 100644 --- a/pkg/kapis/devops/v1alpha2/project_pipeline.go +++ b/pkg/kapis/devops/v1alpha2/project_pipeline.go @@ -16,10 +16,9 @@ package v1alpha2 import ( "github.com/emicklei/go-restful" "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/api" "kubesphere.io/kubesphere/pkg/constants" - "kubesphere.io/kubesphere/pkg/server/errors" "kubesphere.io/kubesphere/pkg/simple/client/devops" - "net/http" ) func (h ProjectPipelineHandler) CreateDevOpsProjectPipelineHandler(request *restful.Request, resp *restful.Response) { @@ -30,20 +29,20 @@ func (h ProjectPipelineHandler) CreateDevOpsProjectPipelineHandler(request *rest err := request.ReadEntity(&pipeline) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } pipelineName, err := h.projectPipelineOperator.CreateProjectPipeline(projectId, pipeline) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -61,14 +60,14 @@ func (h ProjectPipelineHandler) DeleteDevOpsProjectPipelineHandler(request *rest err := h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } pipelineName, err := h.projectPipelineOperator.DeleteProjectPipeline(projectId, pipelineId) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -87,20 +86,20 @@ func (h ProjectPipelineHandler) UpdateDevOpsProjectPipelineHandler(request *rest err := request.ReadEntity(&pipeline) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } err = h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } pipelineName, err := h.projectPipelineOperator.UpdateProjectPipeline(projectId, pipelineId, pipeline) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } @@ -119,14 +118,14 @@ func (h ProjectPipelineHandler) GetDevOpsProjectPipelineConfigHandler(request *r err := h.projectOperator.CheckProjectUserInRole(username, projectId, []string{devops.ProjectOwner, devops.ProjectMaintainer}) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusForbidden, err.Error()), resp) + api.HandleForbidden(resp, err) return } pipeline, err := h.projectPipelineOperator.GetProjectPipelineConfig(projectId, pipelineId) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } diff --git a/pkg/kapis/devops/v1alpha2/s2ibinary.go b/pkg/kapis/devops/v1alpha2/s2ibinary.go index 0ce781f5a..1a3a2dac0 100644 --- a/pkg/kapis/devops/v1alpha2/s2ibinary.go +++ b/pkg/kapis/devops/v1alpha2/s2ibinary.go @@ -5,8 +5,8 @@ import ( "fmt" "github.com/emicklei/go-restful" "k8s.io/klog" + "kubesphere.io/kubesphere/pkg/api" "kubesphere.io/kubesphere/pkg/models/devops" - "kubesphere.io/kubesphere/pkg/server/errors" "kubesphere.io/kubesphere/pkg/utils/hashutil" "net/http" ) @@ -22,38 +22,38 @@ func (h S2iBinaryHandler) UploadS2iBinaryHandler(req *restful.Request, resp *res err := req.Request.ParseMultipartForm(bytefmt.MEGABYTE * 20) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } if len(req.Request.MultipartForm.File) == 0 { err := restful.NewError(http.StatusBadRequest, "could not get file from form") klog.Errorf("%+v", err) - errors.ParseSvcErr(restful.NewError(http.StatusBadRequest, err.Error()), resp) + api.HandleBadRequest(resp, err) return } if len(req.Request.MultipartForm.File["s2ibinary"]) == 0 { err := restful.NewError(http.StatusBadRequest, "could not get file from form") klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } if len(req.Request.MultipartForm.File["s2ibinary"]) > 1 { err := restful.NewError(http.StatusBadRequest, "s2ibinary should only have one file") klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } defer req.Request.MultipartForm.RemoveAll() file, err := req.Request.MultipartForm.File["s2ibinary"][0].Open() if err != nil { klog.Error(err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } filemd5, err := hashutil.GetMD5(file) if err != nil { klog.Error(err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } md5, ok := req.Request.MultipartForm.Value["md5"] @@ -61,7 +61,7 @@ func (h S2iBinaryHandler) UploadS2iBinaryHandler(req *restful.Request, resp *res if md5[0] != filemd5 { err := restful.NewError(http.StatusBadRequest, fmt.Sprintf("md5 not match, origin: %+v, calculate: %+v", md5[0], filemd5)) klog.Error(err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } } @@ -69,7 +69,7 @@ func (h S2iBinaryHandler) UploadS2iBinaryHandler(req *restful.Request, resp *res s2ibin, err := h.s2iUploader.UploadS2iBinary(ns, name, filemd5, req.Request.MultipartForm.File["s2ibinary"][0]) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } resp.WriteAsJson(s2ibin) @@ -83,7 +83,7 @@ func (h S2iBinaryHandler) DownloadS2iBinaryHandler(req *restful.Request, resp *r url, err := h.s2iUploader.DownloadS2iBinary(ns, name, fileName) if err != nil { klog.Errorf("%+v", err) - errors.ParseSvcErr(err, resp) + api.HandleInternalError(resp, err) return } http.Redirect(resp.ResponseWriter, req.Request, url, http.StatusFound) diff --git a/pkg/models/iam/am.go b/pkg/models/iam/am.go index dcda859b5..5f560b90c 100644 --- a/pkg/models/iam/am.go +++ b/pkg/models/iam/am.go @@ -156,7 +156,7 @@ func (am *amOperator) GetUserRoles(namespace, username string) ([]*rbacv1.Role, roles := make([]*rbacv1.Role, 0) for _, roleBinding := range roleBindings { - if k8sutil.ContainsUser(roleBinding.Subjects, username) { + if ContainsUser(roleBinding.Subjects, username) { if roleBinding.RoleRef.Kind == ClusterRoleKind { clusterRole, err := clusterRoleLister.Get(roleBinding.RoleRef.Name) if err != nil { @@ -207,7 +207,7 @@ func (am *amOperator) GetUserClusterRoles(username string) (*rbacv1.ClusterRole, clusterRoles := make([]*rbacv1.ClusterRole, 0) userFacingClusterRole := &rbacv1.ClusterRole{} for _, clusterRoleBinding := range clusterRoleBindings { - if k8sutil.ContainsUser(clusterRoleBinding.Subjects, username) { + if ContainsUser(clusterRoleBinding.Subjects, username) { clusterRole, err := clusterRoleLister.Get(clusterRoleBinding.RoleRef.Name) if err != nil { if apierrors.IsNotFound(err) { @@ -307,7 +307,7 @@ func (am *amOperator) GetWorkspaceRoleMap(username string) (map[string]string, e for _, roleBinding := range clusterRoleBindings { if workspace := k8sutil.GetControlledWorkspace(roleBinding.OwnerReferences); workspace != "" && - k8sutil.ContainsUser(roleBinding.Subjects, username) { + ContainsUser(roleBinding.Subjects, username) { result[workspace] = roleBinding.RoleRef.Name } } @@ -588,7 +588,7 @@ func (am *amOperator) CreateClusterRoleBinding(username string, clusterRoleName return nil } - if !k8sutil.ContainsUser(found.Subjects, username) { + if !ContainsUser(found.Subjects, username) { found.Subjects = clusterRoleBinding.Subjects _, err = client.ClientSets().K8s().Kubernetes().RbacV1().ClusterRoleBindings().Update(found) if err != nil { diff --git a/pkg/models/iam/utils.go b/pkg/models/iam/utils.go index 1f7c90b32..44af601c0 100644 --- a/pkg/models/iam/utils.go +++ b/pkg/models/iam/utils.go @@ -179,3 +179,34 @@ func hasString(slice []string, value string) bool { } return false } + +func ContainsUser(subjects interface{}, username string) bool { + switch subjects.(type) { + case []*rbacv1.Subject: + for _, subject := range subjects.([]*rbacv1.Subject) { + if subject.Kind == rbacv1.UserKind && subject.Name == username { + return true + } + } + case []rbacv1.Subject: + for _, subject := range subjects.([]rbacv1.Subject) { + if subject.Kind == rbacv1.UserKind && subject.Name == username { + return true + } + } + case []User: + for _, u := range subjects.([]User) { + if u.Username == username { + return true + } + } + + case []*User: + for _, u := range subjects.([]*User) { + if u.Username == username { + return true + } + } + } + return false +} diff --git a/pkg/models/metrics/metrics.go b/pkg/models/metrics/metrics.go index 2fe5cbb62..be6453fd3 100644 --- a/pkg/models/metrics/metrics.go +++ b/pkg/models/metrics/metrics.go @@ -23,7 +23,6 @@ import ( "github.com/json-iterator/go" "k8s.io/klog" "kubesphere.io/kubesphere/pkg/api/monitoring/v1alpha2" - "kubesphere.io/kubesphere/pkg/models/workspaces" cs "kubesphere.io/kubesphere/pkg/simple/client" "net/url" "regexp" @@ -665,40 +664,40 @@ func GetClusterStatistics() *Response { wg := sync.WaitGroup{} wg.Add(4) - go func() { - num, err := workspaces.WorkspaceCount() - if err != nil { - klog.Errorln(err) - workspaceStats.Status = "error" - } else { - workspaceStats.withMetricResult(now, num) - } - wg.Done() - }() + //go func() { + // num, err := workspaces.WorkspaceCount() + // if err != nil { + // klog.Errorln(err) + // workspaceStats.Status = "error" + // } else { + // workspaceStats.withMetricResult(now, num) + // } + // wg.Done() + //}() - go func() { - num, err := workspaces.GetAllDevOpsProjectsNums() - if err != nil { - if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled { - klog.Errorln(err) - } - devopsStats.Status = "error" - } else { - devopsStats.withMetricResult(now, num) - } - wg.Done() - }() + //go func() { + //num, err := workspaces.GetAllDevOpsProjectsNums() + //if err != nil { + // if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled { + // klog.Errorln(err) + // } + // devopsStats.Status = "error" + //} else { + // devopsStats.withMetricResult(now, num) + //} + // wg.Done() + //}() - go func() { - num, err := workspaces.GetAllProjectNums() - if err != nil { - klog.Errorln(err) - namespaceStats.Status = "error" - } else { - namespaceStats.withMetricResult(now, num) - } - wg.Done() - }() + //go func() { + //num, err := workspaces.GetAllProjectNums() + //if err != nil { + // klog.Errorln(err) + // namespaceStats.Status = "error" + //} else { + // namespaceStats.withMetricResult(now, num) + //} + // wg.Done() + //}() go func() { ret, err := cs.ClientSets().KubeSphere().ListUsers() @@ -723,7 +722,7 @@ func GetClusterStatistics() *Response { func GetWorkspaceStatistics(workspaceName string) *Response { - now := time.Now().Unix() + //now := time.Now().Unix() var metricsArray []APIResponse namespaceStats := APIResponse{MetricName: MetricWorkspaceNamespaceCount} @@ -734,51 +733,51 @@ func GetWorkspaceStatistics(workspaceName string) *Response { wg := sync.WaitGroup{} wg.Add(4) - go func() { - num, err := workspaces.WorkspaceNamespaceCount(workspaceName) - if err != nil { - klog.Errorln(err) - namespaceStats.Status = "error" - } else { - namespaceStats.withMetricResult(now, num) - } - wg.Done() - }() + //go func() { + // num, err := workspaces.WorkspaceNamespaceCount(workspaceName) + // if err != nil { + // klog.Errorln(err) + // namespaceStats.Status = "error" + // } else { + // namespaceStats.withMetricResult(now, num) + // } + // wg.Done() + //}() - go func() { - num, err := workspaces.GetDevOpsProjectsCount(workspaceName) - if err != nil { - if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled { - klog.Errorln(err) - } - devopsStats.Status = "error" - } else { - devopsStats.withMetricResult(now, num) - } - wg.Done() - }() + //go func() { + // num, err := workspaces.GetDevOpsProjectsCount(workspaceName) + // if err != nil { + // if _, notEnabled := err.(cs.ClientSetNotEnabledError); !notEnabled { + // klog.Errorln(err) + // } + // devopsStats.Status = "error" + // } else { + // devopsStats.withMetricResult(now, num) + // } + // wg.Done() + //}() - go func() { - num, err := workspaces.WorkspaceUserCount(workspaceName) - if err != nil { - klog.Errorln(err) - memberStats.Status = "error" - } else { - memberStats.withMetricResult(now, num) - } - wg.Done() - }() + //go func() { + //num, err := workspaces.WorkspaceUserCount(workspaceName) + //if err != nil { + // klog.Errorln(err) + // memberStats.Status = "error" + //} else { + // memberStats.withMetricResult(now, num) + //} + // wg.Done() + //}() - go func() { - num, err := workspaces.GetOrgRolesCount(workspaceName) - if err != nil { - klog.Errorln(err) - roleStats.Status = "error" - } else { - roleStats.withMetricResult(now, num) - } - wg.Done() - }() + //go func() { + //num, err := workspaces.GetOrgRolesCount(workspaceName) + // if err != nil { + // klog.Errorln(err) + // roleStats.Status = "error" + // } else { + // roleStats.withMetricResult(now, num) + // } + // wg.Done() + //}() wg.Wait() diff --git a/pkg/models/tenant/workspaces.go b/pkg/models/tenant/workspaces.go index 08ddb70d0..9bdf74354 100644 --- a/pkg/models/tenant/workspaces.go +++ b/pkg/models/tenant/workspaces.go @@ -35,7 +35,6 @@ import ( "kubesphere.io/kubesphere/pkg/server/params" clientset "kubesphere.io/kubesphere/pkg/simple/client" "kubesphere.io/kubesphere/pkg/simple/client/mysql" - "kubesphere.io/kubesphere/pkg/utils/k8sutil" "kubesphere.io/kubesphere/pkg/utils/sliceutil" "sort" "strings" @@ -164,7 +163,7 @@ func (w *workspaceOperator) createWorkspaceRoleBinding(workspace, username strin return err } - if !k8sutil.ContainsUser(workspaceRoleBinding.Subjects, username) { + if !iam.ContainsUser(workspaceRoleBinding.Subjects, username) { workspaceRoleBinding = workspaceRoleBinding.DeepCopy() workspaceRoleBinding.Subjects = append(workspaceRoleBinding.Subjects, v1.Subject{APIGroup: "rbac.authorization.k8s.io", Kind: "User", Name: username}) _, err = w.client.RbacV1().ClusterRoleBindings().Update(workspaceRoleBinding) diff --git a/pkg/server/errors/errors.go b/pkg/server/errors/errors.go index 08a0c19e2..c08138e31 100644 --- a/pkg/server/errors/errors.go +++ b/pkg/server/errors/errors.go @@ -19,6 +19,8 @@ package errors import ( "fmt" + "github.com/emicklei/go-restful" + "net/http" ) type Error struct { diff --git a/pkg/utils/k8sutil/k8sutil.go b/pkg/utils/k8sutil/k8sutil.go index 89c1db73f..bff210a54 100644 --- a/pkg/utils/k8sutil/k8sutil.go +++ b/pkg/utils/k8sutil/k8sutil.go @@ -18,9 +18,7 @@ package k8sutil import ( - "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "kubesphere.io/kubesphere/pkg/models/iam" ) func IsControlledBy(reference []metav1.OwnerReference, kind string, name string) bool { @@ -40,34 +38,3 @@ func GetControlledWorkspace(reference []metav1.OwnerReference) string { } return "" } - -func ContainsUser(subjects interface{}, username string) bool { - switch subjects.(type) { - case []*v1.Subject: - for _, subject := range subjects.([]*v1.Subject) { - if subject.Kind == v1.UserKind && subject.Name == username { - return true - } - } - case []v1.Subject: - for _, subject := range subjects.([]v1.Subject) { - if subject.Kind == v1.UserKind && subject.Name == username { - return true - } - } - case []iam.User: - for _, u := range subjects.([]iam.User) { - if u.Username == username { - return true - } - } - - case []*iam.User: - for _, u := range subjects.([]*iam.User) { - if u.Username == username { - return true - } - } - } - return false -}