admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ks-iam and ks-apigateway

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-03-08 11:09:05 +08:00
parent f579e97f6b
commit b59c244ca2
715 changed files with 108638 additions and 23446 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
pkg/models/workspaces/types.go
View File

@@ -1,63 +0,0 @@
/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package workspaces
import "time"
type Workspace struct {
Group `json:",inline"`
Admin string `json:"admin,omitempty"`
Namespaces []string `json:"namespaces"`
DevopsProjects []string `json:"devops_projects"`
}
type UserInvite struct {
Username string `json:"username"`
Role string `json:"role"`
}
type Group struct {
Path string `json:"path"`
Name string `json:"name"`
Gid string `json:"gid"`
Members []string `json:"members"`
Logo string `json:"logo"`
Creator string `json:"creator"`
CreateTime string `json:"create_time"`
ChildGroups []string `json:"child_groups,omitempty"`
Description string `json:"description"`
}
func (g Group) GetCreateTime() (time.Time, error) {
return time.Parse("2006-01-02T15:04:05Z", g.CreateTime)
}
type WorkspaceDPBinding struct {
Workspace string `gorm:"primary_key"`
DevOpsProject string `gorm:"primary_key"`
}
type DevopsProject struct {
ProjectId *string `json:"project_id,omitempty"`
Name string `json:"name"`
Description string `json:"description"`
Creator string `json:"creator"`
CreateTime *time.Time `json:"create_time,omitempty"`
Status *string `json:"status"`
Visibility *string `json:"visibility,omitempty"`
}

143
pkg/models/workspaces/workspaces.go
View File

@@ -24,10 +24,9 @@ import (
"io/ioutil"
"net/http"
lister "k8s.io/client-go/listers/core/v1"
"kubesphere.io/kubesphere/pkg/constants"
"kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models"
"kubesphere.io/kubesphere/pkg/models/iam"
"log"
@@ -50,26 +49,14 @@ import (
"sort"
lister2 "k8s.io/client-go/listers/rbac/v1"
"kubesphere.io/kubesphere/pkg/client"
ksErr "kubesphere.io/kubesphere/pkg/errors"
kserr "kubesphere.io/kubesphere/pkg/errors"
)
var (
namespaceLister lister.NamespaceLister
clusterRoleLister lister2.ClusterRoleLister
)
func init() {
namespaceLister = informers.SharedInformerFactory().Core().V1().Namespaces().Lister()
clusterRoleLister = informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
}
func UnBindDevopsProject(workspace string, devops string) error {
db := client.NewSharedDBClient()
db := client.DBClient()
defer db.Close()
return db.Delete(&WorkspaceDPBinding{Workspace: workspace, DevOpsProject: devops}).Error
return db.Delete(&models.WorkspaceDPBinding{Workspace: workspace, DevOpsProject: devops}).Error
}
func DeleteDevopsProject(username string, devops string) error {
@@ -87,12 +74,12 @@ func DeleteDevopsProject(username string, devops string) error {
return err
}
if result.StatusCode > 200 {
return ksErr.Wrap(data)
return kserr.Parse(data)
}
return nil
}
func CreateDevopsProject(username string, workspace string, devops DevopsProject) (*DevopsProject, error) {
func CreateDevopsProject(username string, workspace string, devops models.DevopsProject) (*models.DevopsProject, error) {
data, err := json.Marshal(devops)
@@ -117,10 +104,10 @@ func CreateDevopsProject(username string, workspace string, devops DevopsProject
}
if result.StatusCode > 200 {
return nil, ksErr.Wrap(data)
return nil, kserr.Parse(data)
}
var project DevopsProject
var project models.DevopsProject
err = json.Unmarshal(data, &project)
@@ -140,7 +127,7 @@ func CreateDevopsProject(username string, workspace string, devops DevopsProject
return &project, nil
}
func createDefaultDevopsRoleBinding(workspace string, project DevopsProject) error {
func createDefaultDevopsRoleBinding(workspace string, project models.DevopsProject) error {
admins, err := iam.GetWorkspaceUsers(workspace, constants.WorkspaceAdmin)
if err != nil {
@@ -296,7 +283,7 @@ func ListNamespaceByUser(workspaceName string, username string, keyword string,
}
func Namespaces(workspaceName string) ([]*core.Namespace, error) {
namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister()
namespaces, err := namespaceLister.List(labels.SelectorFromSet(labels.Set{"kubesphere.io/workspace": workspaceName}))
if err != nil {
@@ -317,11 +304,9 @@ func Namespaces(workspaceName string) ([]*core.Namespace, error) {
}
func BindingDevopsProject(workspace string, devops string) error {
//db := client.NewSharedDBClient()
//defer db.Close()
//return db.Create(&WorkspaceDPBinding{Workspace: workspace, DevOpsProject: devops}).Error
// TODO FIX
return nil
db := client.DBClient()
defer db.Close()
return db.Create(&models.WorkspaceDPBinding{Workspace: workspace, DevOpsProject: devops}).Error
}
func DeleteNamespace(workspace string, namespaceName string) error {
@@ -338,7 +323,7 @@ func DeleteNamespace(workspace string, namespaceName string) error {
}
func Delete(workspace *Workspace) error {
func Delete(workspace *models.Workspace) error {
err := release(workspace)
@@ -365,13 +350,13 @@ func Delete(workspace *Workspace) error {
}
if result.StatusCode > 200 {
return ksErr.Wrap(data)
return kserr.Parse(data)
}
return nil
}
func release(workspace *Workspace) error {
func release(workspace *models.Workspace) error {
for _, namespace := range workspace.Namespaces {
err := DeleteNamespace(workspace.Name, namespace)
if err != nil && !apierrors.IsNotFound(err) {
@@ -413,7 +398,7 @@ func workspaceRoleRelease(workspace string) error {
return nil
}
func Create(workspace *Workspace) (*Workspace, error) {
func Create(workspace *models.Workspace) (*models.Workspace, error) {
data, err := json.Marshal(workspace)
@@ -434,10 +419,10 @@ func Create(workspace *Workspace) (*Workspace, error) {
}
if result.StatusCode > 200 {
return nil, ksErr.Wrap(data)
return nil, kserr.Parse(data)
}
var created Workspace
var created models.Workspace
err = json.Unmarshal(data, &created)
@@ -458,7 +443,7 @@ func Create(workspace *Workspace) (*Workspace, error) {
return &created, nil
}
func Edit(workspace *Workspace) (*Workspace, error) {
func Edit(workspace *models.Workspace) (*models.Workspace, error) {
data, err := json.Marshal(workspace)
@@ -487,10 +472,10 @@ func Edit(workspace *Workspace) (*Workspace, error) {
}
if result.StatusCode > 200 {
return nil, ksErr.Wrap(data)
return nil, kserr.Parse(data)
}
var edited Workspace
var edited models.Workspace
err = json.Unmarshal(data, &edited)
@@ -501,7 +486,7 @@ func Edit(workspace *Workspace) (*Workspace, error) {
return &edited, nil
}
func Detail(name string) (*Workspace, error) {
func Detail(name string) (*models.Workspace, error) {
result, err := http.Get(fmt.Sprintf("http://%s/apis/account.kubesphere.io/v1alpha1/groups/%s", constants.AccountAPIServer, name))
@@ -517,10 +502,10 @@ func Detail(name string) (*Workspace, error) {
}
if result.StatusCode > 200 {
return nil, ksErr.Wrap(data)
return nil, kserr.Parse(data)
}
var group Group
var group models.Group
err = json.Unmarshal(data, &group)
@@ -528,7 +513,7 @@ func Detail(name string) (*Workspace, error) {
return nil, err
}
db := client.NewSharedDBClient()
db := client.DBClient()
defer db.Close()
workspace, err := convertGroupToWorkspace(db, group)
@@ -541,7 +526,7 @@ func Detail(name string) (*Workspace, error) {
}
// List all workspaces for the current user
func ListWorkspaceByUser(username string, keyword string) ([]*Workspace, error) {
func ListWorkspaceByUser(username string, keyword string) ([]*models.Workspace, error) {
clusterRoles, err := iam.GetClusterRoles(username)
if err != nil {
@@ -556,7 +541,7 @@ func ListWorkspaceByUser(username string, keyword string) ([]*Workspace, error)
workspacesManager := v1.PolicyRule{APIGroups: []string{"kubesphere.io"}, Verbs: []string{"list", "get"}, Resources: []string{"workspaces"}}
var workspaces []*Workspace
var workspaces []*models.Workspace
if iam.RulesMatchesRequired(rules, workspacesManager) {
workspaces, err = fetch(nil)
} else {
@@ -582,13 +567,13 @@ func ListWorkspaceByUser(username string, keyword string) ([]*Workspace, error)
return workspaces, err
}
func fetch(names []string) ([]*Workspace, error) {
func fetch(names []string) ([]*models.Workspace, error) {
url := fmt.Sprintf("http://%s/apis/account.kubesphere.io/v1alpha1/groups", constants.AccountAPIServer)
if names != nil {
if len(names) == 0 {
return make([]*Workspace, 0), nil
return make([]*models.Workspace, 0), nil
} else {
url = url + "?path=" + strings.Join(names, ",")
}
@@ -608,10 +593,10 @@ func fetch(names []string) ([]*Workspace, error) {
}
if result.StatusCode > 200 {
return nil, ksErr.Wrap(data)
return nil, kserr.Parse(data)
}
var groups []Group
var groups []models.Group
err = json.Unmarshal(data, &groups)
@@ -619,11 +604,11 @@ func fetch(names []string) ([]*Workspace, error) {
return nil, err
}
db := client.NewSharedDBClient()
db := client.DBClient()
defer db.Close()
workspaces := make([]*Workspace, 0)
workspaces := make([]*models.Workspace, 0)
for _, group := range groups {
workspace, err := convertGroupToWorkspace(db, group)
if err != nil {
@@ -635,21 +620,21 @@ func fetch(names []string) ([]*Workspace, error) {
return workspaces, nil
}
func ListDevopsProjectsByUser(username string, workspace string, keyword string, orderBy string, reverse bool, limit int, offset int) (int, []DevopsProject, error) {
func ListDevopsProjectsByUser(username string, workspace string, keyword string, orderBy string, reverse bool, limit int, offset int) (int, []models.DevopsProject, error) {
db := client.NewSharedDBClient()
db := client.DBClient()
defer db.Close()
var workspaceDOPBindings []WorkspaceDPBinding
var workspaceDOPBindings []models.WorkspaceDPBinding
if err := db.Where("workspace = ?", workspace).Find(&workspaceDOPBindings).Error; err != nil {
return 0, nil, err
}
devOpsProjects := make([]DevopsProject, 0)
devOpsProjects := make([]models.DevopsProject, 0)
request, _ := http.NewRequest(http.MethodGet, fmt.Sprintf("http://%s/api/v1alpha/projects", constants.DevopsAPIServer), nil)
request.Header.Add("X-Token-Username", username)
request.Header.Add(constants.UserNameHeader, username)
result, err := http.DefaultClient.Do(request)
if err != nil {
@@ -662,15 +647,8 @@ func ListDevopsProjectsByUser(username string, workspace string, keyword string,
return 0, nil, err
}
//if result.StatusCode == 403 || result.StatusCode == 404 {
// if err := db.Delete(&workspaceDOPBinding).Error; err != nil {
// return nil, err
// }
// continue
//}
if result.StatusCode > 200 {
return 0, nil, ksErr.Wrap(data)
return 0, nil, kserr.Parse(data)
}
err = json.Unmarshal(data, &devOpsProjects)
@@ -720,14 +698,14 @@ func ListDevopsProjectsByUser(username string, workspace string, keyword string,
}
if len(devOpsProjects) < offset {
return len(devOpsProjects), make([]DevopsProject, 0), nil
return len(devOpsProjects), make([]models.DevopsProject, 0), nil
} else if len(devOpsProjects) < limit+offset {
return len(devOpsProjects), devOpsProjects[offset:], nil
} else {
return len(devOpsProjects), devOpsProjects[offset : limit+offset], nil
}
}
func convertGroupToWorkspace(db *gorm.DB, group Group) (*Workspace, error) {
func convertGroupToWorkspace(db *gorm.DB, group models.Group) (*models.Workspace, error) {
namespaces, err := Namespaces(group.Name)
if err != nil {
@@ -740,7 +718,7 @@ func convertGroupToWorkspace(db *gorm.DB, group Group) (*Workspace, error) {
namespacesNames = append(namespacesNames, namespace.Name)
}
var workspaceDOPBindings []WorkspaceDPBinding
var workspaceDOPBindings []models.WorkspaceDPBinding
if err := db.Where("workspace = ?", group.Name).Find(&workspaceDOPBindings).Error; err != nil {
return nil, err
@@ -752,7 +730,7 @@ func convertGroupToWorkspace(db *gorm.DB, group Group) (*Workspace, error) {
devOpsProjects = append(devOpsProjects, workspaceDOPBinding.DevOpsProject)
}
workspace := Workspace{Group: group}
workspace := models.Workspace{Group: group}
workspace.Namespaces = namespacesNames
workspace.DevopsProjects = devOpsProjects
return &workspace, nil
@@ -769,7 +747,7 @@ func CreateNamespace(namespace *core.Namespace) (*core.Namespace, error) {
return ns, nil
}
func Invite(workspaceName string, users []UserInvite) error {
func Invite(workspaceName string, users []models.UserInvite) error {
for _, user := range users {
if !slice.ContainsString(constants.WorkSpaceRoles, user.Role, nil) {
return fmt.Errorf("role %s not exist", user.Role)
@@ -848,9 +826,9 @@ func RemoveMembers(workspaceName string, users []string) error {
return nil
}
func Roles(workspace *Workspace) ([]*v1.ClusterRole, error) {
func Roles(workspace *models.Workspace) ([]*v1.ClusterRole, error) {
roles := make([]*v1.ClusterRole, 0)
clusterRoleLister := informers.SharedInformerFactory().Rbac().V1().ClusterRoles().Lister()
for _, name := range constants.WorkSpaceRoles {
clusterRole, err := clusterRoleLister.Get(fmt.Sprintf("system:%s:%s", workspace.Name, name))
@@ -871,7 +849,7 @@ func Roles(workspace *Workspace) ([]*v1.ClusterRole, error) {
return roles, nil
}
func GetWorkspaceMembers(workspace string, keyword string) ([]iam.User, error) {
func GetWorkspaceMembers(workspace string, keyword string) ([]models.User, error) {
url := fmt.Sprintf("http://%s/apis/account.kubesphere.io/v1alpha1/workspaces/%s/members", constants.AccountAPIServer, workspace)
@@ -893,10 +871,10 @@ func GetWorkspaceMembers(workspace string, keyword string) ([]iam.User, error) {
}
if result.StatusCode > 200 {
return nil, ksErr.Wrap(data)
return nil, kserr.Parse(data)
}
var users []iam.User
var users []models.User
err = json.Unmarshal(data, &users)
@@ -908,7 +886,7 @@ func GetWorkspaceMembers(workspace string, keyword string) ([]iam.User, error) {
}
func WorkspaceRoleInit(workspace *Workspace) error {
func WorkspaceRoleInit(workspace *models.Workspace) error {
k8sClient := client.K8sClient()
admin := new(v1.ClusterRole)
@@ -1169,7 +1147,7 @@ func unbindNamespacesRole(namespaces []string, users []string) error {
return nil
}
func UnbindWorkspace(workspace *Workspace, users []string) error {
func UnbindWorkspace(workspace *models.Workspace, users []string) error {
err := unbindNamespacesRole(workspace.Namespaces, users)
@@ -1186,7 +1164,7 @@ func UnbindWorkspace(workspace *Workspace, users []string) error {
return nil
}
func CreateWorkspaceRoleBinding(workspace *Workspace, username string, role string) error {
func CreateWorkspaceRoleBinding(workspace *models.Workspace, username string, role string) error {
k8sClient := client.K8sClient()
@@ -1242,10 +1220,10 @@ func CreateWorkspaceRoleBinding(workspace *Workspace, username string, role stri
func GetDevOpsProjects(workspaceName string) ([]string, error) {
db := client.NewSharedDBClient()
db := client.DBClient()
defer db.Close()
var workspaceDOPBindings []WorkspaceDPBinding
var workspaceDOPBindings []models.WorkspaceDPBinding
if err := db.Where("workspace = ?", workspaceName).Find(&workspaceDOPBindings).Error; err != nil {
return nil, err
@@ -1304,7 +1282,7 @@ func Count() (int, error) {
}
if result.StatusCode > 200 {
return 0, ksErr.Wrap(data)
return 0, kserr.Parse(data)
}
var count map[string]json.Number
@@ -1319,13 +1297,14 @@ func Count() (int, error) {
v, err := value.Int64()
if err != nil {
return 0, ksErr.New(ksErr.Internal, err.Error())
return 0, err
}
return int(v), nil
}
func GetAllProjectNums() (int, error) {
namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister()
list, err := namespaceLister.List(labels.Everything())
if err != nil {
return 0, err
@@ -1334,11 +1313,11 @@ func GetAllProjectNums() (int, error) {
}
func GetAllDevOpsProjectsNums() (int, error) {
db := client.NewSharedDBClient()
db := client.DBClient()
defer db.Close()
var count int
if err := db.Model(&WorkspaceDPBinding{}).Count(&count).Error; err != nil {
if err := db.Model(&models.WorkspaceDPBinding{}).Count(&count).Error; err != nil {
return 0, err
}
return count, nil
@@ -1357,7 +1336,7 @@ func GetAllAccountNums() (int, error) {
return 0, err
}
if result.StatusCode > 200 {
return 0, ksErr.Wrap(data)
return 0, kserr.Parse(data)
}
var count map[string]json.Number