admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add tenant resource API

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2020-06-11 01:47:25 +08:00
parent 0316223f0d
commit bafeecfee6
5 changed files with 350 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files

326
pkg/kapis/iam/v1alpha2/handler.go
View File

@@ -156,11 +156,6 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
namespace, err := h.resolveNamespace(request.PathParameter("namespace"), request.PathParameter("devops")) namespace, err := h.resolveNamespace(request.PathParameter("namespace"), request.PathParameter("devops"))
if err != nil { if err != nil {
// if role binding not exist return empty list
if errors.IsNotFound(err) {
response.WriteEntity([]interface{}{})
return
}
api.HandleInternalError(response, request, err) api.HandleInternalError(response, request, err)
return return
} }
@@ -168,6 +163,11 @@ func (h *iamHandler) RetrieveMemberRoleTemplates(request *restful.Request, respo
role, err := h.am.GetNamespaceRoleOfUser(username, namespace) role, err := h.am.GetNamespaceRoleOfUser(username, namespace)
if err != nil { if err != nil {
// if role binding not exist return empty list
if errors.IsNotFound(err) {
response.WriteEntity([]interface{}{})
return
}
api.HandleInternalError(response, request, err) api.HandleInternalError(response, request, err)
return return
} }
@@ -208,13 +208,11 @@ func (h *iamHandler) ListUsers(request *restful.Request, response *restful.Respo
} }
if globalRole != nil { if globalRole != nil {
if user.Annotations == nil { if user.Annotations == nil {
user.Annotations = make(map[string]string, 0) user.Annotations = make(map[string]string, 0)
} }
user.Annotations[iamv1alpha2.GlobalRoleAnnotation] = globalRole.Name user.Annotations[iamv1alpha2.GlobalRoleAnnotation] = globalRole.Name
} }
result.Items[i] = user result.Items[i] = user
} }
response.WriteEntity(result) response.WriteEntity(result)
@@ -226,11 +224,7 @@ func (h *iamHandler) ListRoles(request *restful.Request, response *restful.Respo
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -269,11 +263,7 @@ func (h *iamHandler) ListNamespaceMembers(request *restful.Request, response *re
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -295,11 +285,7 @@ func (h *iamHandler) DescribeNamespaceMember(request *restful.Request, response
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -408,15 +394,7 @@ func (h *iamHandler) UpdateWorkspaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -440,11 +418,7 @@ func (h *iamHandler) CreateWorkspaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsBadRequest(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -459,11 +433,7 @@ func (h *iamHandler) DeleteWorkspaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -486,40 +456,22 @@ func (h *iamHandler) CreateUser(request *restful.Request, response *restful.Resp
if globalRole != "" { if globalRole != "" {
if _, err = h.am.GetGlobalRole(globalRole); err != nil { if _, err = h.am.GetGlobalRole(globalRole); err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
} }
created, err := h.im.CreateUser(&user) created, err := h.im.CreateUser(&user)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsBadRequest(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
if errors.IsAlreadyExists(err) {
api.HandleConflict(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
if globalRole != "" { if globalRole != "" {
if err := h.am.CreateOrUpdateGlobalRoleBinding(user.Name, globalRole); err != nil { if err := h.am.CreateGlobalRoleBinding(user.Name, globalRole); err != nil {
klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
} }
@@ -554,29 +506,16 @@ func (h *iamHandler) UpdateUser(request *restful.Request, response *restful.Resp
delete(user.Annotations, iamv1alpha2.GlobalRoleAnnotation) delete(user.Annotations, iamv1alpha2.GlobalRoleAnnotation)
updated, err := h.im.UpdateUser(&user) updated, err := h.im.UpdateUser(&user)
if err != nil { if err != nil {
if errors.IsNotFound(err) { klog.Error(err)
api.HandleNotFound(response, request, err) handleError(request, response, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
if globalRole != "" { if globalRole != "" {
if err := h.am.CreateOrUpdateGlobalRoleBinding(user.Name, globalRole); err != nil { if err := h.am.CreateGlobalRoleBinding(user.Name, globalRole); err != nil {
klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
} }
@@ -591,12 +530,9 @@ func (h *iamHandler) DeleteUser(request *restful.Request, response *restful.Resp
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return return
} }
api.HandleInternalError(response, request, err)
}
response.WriteEntity(servererr.None) response.WriteEntity(servererr.None)
} }
@@ -617,11 +553,7 @@ func (h *iamHandler) CreateGlobalRole(request *restful.Request, response *restfu
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsBadRequest(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -635,11 +567,7 @@ func (h *iamHandler) DeleteGlobalRole(request *restful.Request, response *restfu
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -670,11 +598,7 @@ func (h *iamHandler) UpdateGlobalRole(request *restful.Request, response *restfu
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsBadRequest(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -686,11 +610,7 @@ func (h *iamHandler) DescribeGlobalRole(request *restful.Request, response *rest
globalRole, err := h.am.GetGlobalRole(globalRoleName) globalRole, err := h.am.GetGlobalRole(globalRoleName)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -712,11 +632,7 @@ func (h *iamHandler) CreateClusterRole(request *restful.Request, response *restf
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsBadRequest(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -730,11 +646,7 @@ func (h *iamHandler) DeleteClusterRole(request *restful.Request, response *restf
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -765,15 +677,7 @@ func (h *iamHandler) UpdateClusterRole(request *restful.Request, response *restf
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -785,11 +689,7 @@ func (h *iamHandler) DescribeClusterRole(request *restful.Request, response *res
clusterRole, err := h.am.GetClusterRole(clusterRoleName) clusterRole, err := h.am.GetClusterRole(clusterRoleName)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -802,11 +702,7 @@ func (h *iamHandler) DescribeWorkspaceRole(request *restful.Request, response *r
workspaceRole, err := h.am.GetWorkspaceRole(workspace, workspaceRoleName) workspaceRole, err := h.am.GetWorkspaceRole(workspace, workspaceRoleName)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -819,11 +715,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -841,11 +733,7 @@ func (h *iamHandler) CreateNamespaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsBadRequest(err) { handleError(request, response, err)
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -859,11 +747,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -871,11 +755,7 @@ func (h *iamHandler) DeleteNamespaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -889,11 +769,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -918,15 +794,7 @@ func (h *iamHandler) UpdateNamespaceRole(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -947,14 +815,10 @@ func (h *iamHandler) CreateWorkspaceMembers(request *restful.Request, response *
} }
for _, member := range members { for _, member := range members {
err := h.am.CreateOrUpdateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef) err := h.am.CreateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
} }
@@ -970,11 +834,7 @@ func (h *iamHandler) RemoveWorkspaceMember(request *restful.Request, response *r
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1002,18 +862,10 @@ func (h *iamHandler) UpdateWorkspaceMember(request *restful.Request, response *r
return return
} }
err = h.am.CreateOrUpdateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef) err = h.am.CreateWorkspaceRoleBinding(member.Username, workspace, member.RoleRef)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1026,11 +878,7 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response *
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1045,14 +893,10 @@ func (h *iamHandler) CreateNamespaceMembers(request *restful.Request, response *
} }
for _, member := range members { for _, member := range members {
err := h.am.CreateOrUpdateNamespaceRoleBinding(member.Username, namespace, member.RoleRef) err := h.am.CreateNamespaceRoleBinding(member.Username, namespace, member.RoleRef)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
} }
@@ -1066,11 +910,7 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1091,18 +931,10 @@ func (h *iamHandler) UpdateNamespaceMember(request *restful.Request, response *r
return return
} }
err = h.am.CreateOrUpdateNamespaceRoleBinding(member.Username, namespace, member.RoleRef) err = h.am.CreateNamespaceRoleBinding(member.Username, namespace, member.RoleRef)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1115,11 +947,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1127,11 +955,7 @@ func (h *iamHandler) RemoveNamespaceMember(request *restful.Request, response *r
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1150,14 +974,10 @@ func (h *iamHandler) CreateClusterMembers(request *restful.Request, response *re
} }
for _, member := range members { for _, member := range members {
err := h.am.CreateOrUpdateClusterRoleBinding(member.Username, member.RoleRef) err := h.am.CreateClusterRoleBinding(member.Username, member.RoleRef)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
} }
@@ -1172,11 +992,7 @@ func (h *iamHandler) RemoveClusterMember(request *restful.Request, response *res
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1203,18 +1019,10 @@ func (h *iamHandler) UpdateClusterMember(request *restful.Request, response *res
return return
} }
err = h.am.CreateOrUpdateClusterRoleBinding(member.Username, member.RoleRef) err = h.am.CreateClusterRoleBinding(member.Username, member.RoleRef)
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1266,11 +1074,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1278,11 +1082,7 @@ func (h *iamHandler) DescribeNamespaceRole(request *restful.Request, response *r
if err != nil { if err != nil {
klog.Error(err) klog.Error(err)
if errors.IsNotFound(err) { handleError(request, response, err)
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return return
} }
@@ -1296,3 +1096,15 @@ func (h *iamHandler) resolveNamespace(namespace string, devops string) (string,
} }
return h.am.GetControlledNamespace(devops) return h.am.GetControlledNamespace(devops)
} }
func handleError(request *restful.Request, response *restful.Response, err error) {
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
} else if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
} else if errors.IsAlreadyExists(err) {
api.HandleConflict(response, request, err)
} else {
api.HandleInternalError(response, request, err)
}
}

149
pkg/kapis/tenant/v1alpha2/handler.go
View File

@@ -185,7 +185,6 @@ func (h *tenantHandler) UpdateWorkspace(request *restful.Request, response *rest
} }
response.WriteEntity(updated) response.WriteEntity(updated)
} }
func (h *tenantHandler) DescribeWorkspace(request *restful.Request, response *restful.Response) { func (h *tenantHandler) DescribeWorkspace(request *restful.Request, response *restful.Response) {
@@ -310,3 +309,151 @@ func (h *tenantHandler) Auditing(req *restful.Request, resp *restful.Response) {
_ = resp.WriteEntity(result) _ = resp.WriteEntity(result)
} }
func (h *tenantHandler) DescribeNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
ns, err := h.tenant.DescribeNamespace(workspaceName, namespaceName)
if err != nil {
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(ns)
}
func (h *tenantHandler) DeleteNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
err := h.tenant.DeleteNamespace(workspaceName, namespaceName)
if err != nil {
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(servererr.None)
}
func (h *tenantHandler) UpdateNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
var namespace corev1.Namespace
err := request.ReadEntity(&namespace)
if err != nil {
klog.Error(err)
api.HandleBadRequest(response, request, err)
return
}
if namespaceName != namespace.Name {
err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", namespace.Name, namespaceName)
klog.Errorf("%+v", err)
api.HandleBadRequest(response, request, err)
return
}
updated, err := h.tenant.UpdateNamespace(workspaceName, &namespace)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(updated)
}
func (h *tenantHandler) PatchNamespace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
namespaceName := request.PathParameter("namespace")
var namespace corev1.Namespace
err := request.ReadEntity(&namespace)
if err != nil {
klog.Error(err)
api.HandleBadRequest(response, request, err)
return
}
if namespaceName != namespace.Name {
err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", namespace.Name, namespaceName)
klog.Errorf("%+v", err)
api.HandleBadRequest(response, request, err)
return
}
patched, err := h.tenant.PatchNamespace(workspaceName, &namespace)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(patched)
}
func (h *tenantHandler) PatchWorkspace(request *restful.Request, response *restful.Response) {
workspaceName := request.PathParameter("workspace")
var workspace tenantv1alpha2.WorkspaceTemplate
err := request.ReadEntity(&workspace)
if err != nil {
klog.Error(err)
api.HandleBadRequest(response, request, err)
return
}
if workspaceName != workspace.Name {
err := fmt.Errorf("the name of the object (%s) does not match the name on the URL (%s)", workspace.Name, workspaceName)
klog.Errorf("%+v", err)
api.HandleBadRequest(response, request, err)
return
}
patched, err := h.tenant.PatchWorkspace(&workspace)
if err != nil {
klog.Error(err)
if errors.IsNotFound(err) {
api.HandleNotFound(response, request, err)
return
}
if errors.IsBadRequest(err) {
api.HandleBadRequest(response, request, err)
return
}
api.HandleInternalError(response, request, err)
return
}
response.WriteEntity(patched)
}

34
pkg/kapis/tenant/v1alpha2/register.go
View File

@@ -46,6 +46,8 @@ const (
var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"} var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8sclient kubernetes.Interface, ksclient kubesphere.Interface, evtsClient events.Client, loggingClient logging.Interface, auditingclient auditing.Client) error { func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8sclient kubernetes.Interface, ksclient kubesphere.Interface, evtsClient events.Client, loggingClient logging.Interface, auditingclient auditing.Client) error {
mimePatch := []string{restful.MIME_JSON, runtime.MimeMergePatchJson, runtime.MimeJsonPatchJson}
ws := runtime.NewWebService(GroupVersion) ws := runtime.NewWebService(GroupVersion)
handler := newTenantHandler(factory, k8sclient, ksclient, evtsClient, loggingClient, auditingclient) handler := newTenantHandler(factory, k8sclient, ksclient, evtsClient, loggingClient, auditingclient)
@@ -66,6 +68,13 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Returns(http.StatusOK, api.StatusOK, tenantv1alpha2.WorkspaceTemplate{}). Returns(http.StatusOK, api.StatusOK, tenantv1alpha2.WorkspaceTemplate{}).
Doc("Update workspace."). Doc("Update workspace.").
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.PATCH("/workspaces/{workspace}").
To(handler.PatchWorkspace).
Consumes(mimePatch...).
Reads(tenantv1alpha2.WorkspaceTemplate{}).
Returns(http.StatusOK, api.StatusOK, tenantv1alpha2.WorkspaceTemplate{}).
Doc("Update workspace.").
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.GET("/workspaces"). ws.Route(ws.GET("/workspaces").
To(handler.ListWorkspaces). To(handler.ListWorkspaces).
Returns(http.StatusOK, api.StatusOK, models.PageableResponse{}). Returns(http.StatusOK, api.StatusOK, models.PageableResponse{}).
@@ -94,6 +103,18 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Doc("List the namespaces of the specified workspace for the current user"). Doc("List the namespaces of the specified workspace for the current user").
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}). Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.GET("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.DescribeNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("Retrieve namespace details.").
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.DELETE("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.DeleteNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Doc("Delete namespace.").
Returns(http.StatusOK, api.StatusOK, errors.None).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.POST("/workspaces/{workspace}/namespaces"). ws.Route(ws.POST("/workspaces/{workspace}/namespaces").
To(handler.CreateNamespace). To(handler.CreateNamespace).
Param(ws.PathParameter("workspace", "workspace name")). Param(ws.PathParameter("workspace", "workspace name")).
@@ -101,6 +122,19 @@ func AddToContainer(c *restful.Container, factory informers.InformerFactory, k8s
Reads(corev1.Namespace{}). Reads(corev1.Namespace{}).
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}). Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag})) Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.PUT("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.UpdateNamespace).
Param(ws.PathParameter("workspace", "workspace name")).
Reads(corev1.Namespace{}).
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.PATCH("/workspaces/{workspace}/namespaces/{namespace}").
To(handler.PatchNamespace).
Consumes(mimePatch...).
Param(ws.PathParameter("workspace", "workspace name")).
Reads(corev1.Namespace{}).
Returns(http.StatusOK, api.StatusOK, []corev1.Namespace{}).
Metadata(restfulspec.KeyOpenAPITags, []string{constants.TenantResourcesTag}))
ws.Route(ws.GET("/events"). ws.Route(ws.GET("/events").
To(handler.Events). To(handler.Events).

64
pkg/models/iam/am/am.go
View File

@@ -44,16 +44,14 @@ type AccessManagementInterface interface {
ListClusterRoles(query *query.Query) (*api.ListResult, error) ListClusterRoles(query *query.Query) (*api.ListResult, error)
ListWorkspaceRoles(query *query.Query) (*api.ListResult, error) ListWorkspaceRoles(query *query.Query) (*api.ListResult, error)
ListGlobalRoles(query *query.Query) (*api.ListResult, error) ListGlobalRoles(query *query.Query) (*api.ListResult, error)
ListGlobalRoleBindings(username string) ([]*iamv1alpha2.GlobalRoleBinding, error) ListGlobalRoleBindings(username string) ([]*iamv1alpha2.GlobalRoleBinding, error)
ListClusterRoleBindings(username string) ([]*rbacv1.ClusterRoleBinding, error) ListClusterRoleBindings(username string) ([]*rbacv1.ClusterRoleBinding, error)
ListWorkspaceRoleBindings(username, workspace string) ([]*iamv1alpha2.WorkspaceRoleBinding, error) ListWorkspaceRoleBindings(username, workspace string) ([]*iamv1alpha2.WorkspaceRoleBinding, error)
ListRoleBindings(username, namespace string) ([]*rbacv1.RoleBinding, error) ListRoleBindings(username, namespace string) ([]*rbacv1.RoleBinding, error)
GetRoleReferenceRules(roleRef rbacv1.RoleRef, namespace string) (string, []rbacv1.PolicyRule, error) GetRoleReferenceRules(roleRef rbacv1.RoleRef, namespace string) (string, []rbacv1.PolicyRule, error)
GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole, error) GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole, error)
GetWorkspaceRole(workspace string, name string) (*iamv1alpha2.WorkspaceRole, error) GetWorkspaceRole(workspace string, name string) (*iamv1alpha2.WorkspaceRole, error)
CreateOrUpdateGlobalRoleBinding(username string, globalRole string) error CreateGlobalRoleBinding(username string, globalRole string) error
CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error) CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error)
CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRole) (*iamv1alpha2.GlobalRole, error) CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRole) (*iamv1alpha2.GlobalRole, error)
DeleteWorkspaceRole(workspace string, name string) error DeleteWorkspaceRole(workspace string, name string) error
@@ -64,11 +62,11 @@ type AccessManagementInterface interface {
GetNamespaceRole(namespace string, name string) (*rbacv1.Role, error) GetNamespaceRole(namespace string, name string) (*rbacv1.Role, error)
CreateOrUpdateNamespaceRole(namespace string, role *rbacv1.Role) (*rbacv1.Role, error) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1.Role) (*rbacv1.Role, error)
DeleteNamespaceRole(namespace string, name string) error DeleteNamespaceRole(namespace string, name string) error
CreateOrUpdateWorkspaceRoleBinding(username string, workspace string, role string) error CreateWorkspaceRoleBinding(username string, workspace string, role string) error
RemoveUserFromWorkspace(username string, workspace string) error RemoveUserFromWorkspace(username string, workspace string) error
CreateOrUpdateNamespaceRoleBinding(username string, namespace string, role string) error CreateNamespaceRoleBinding(username string, namespace string, role string) error
RemoveUserFromNamespace(username string, namespace string) error RemoveUserFromNamespace(username string, namespace string) error
CreateOrUpdateClusterRoleBinding(username string, role string) error CreateClusterRoleBinding(username string, role string) error
RemoveUserFromCluster(username string) error RemoveUserFromCluster(username string) error
GetControlledNamespace(devops string) (string, error) GetControlledNamespace(devops string) (string, error)
GetControlledWorkspace(namespace string) (string, error) GetControlledWorkspace(namespace string) (string, error)
@@ -371,7 +369,7 @@ func (am *amOperator) GetGlobalRole(globalRole string) (*iamv1alpha2.GlobalRole,
return obj.(*iamv1alpha2.GlobalRole), nil return obj.(*iamv1alpha2.GlobalRole), nil
} }
func (am *amOperator) CreateOrUpdateGlobalRoleBinding(username string, globalRole string) error { func (am *amOperator) CreateGlobalRoleBinding(username string, globalRole string) error {
_, err := am.GetGlobalRole(globalRole) _, err := am.GetGlobalRole(globalRole)
@@ -428,11 +426,9 @@ func (am *amOperator) CreateOrUpdateGlobalRoleBinding(username string, globalRol
} }
func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error) { func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRole *iamv1alpha2.WorkspaceRole) (*iamv1alpha2.WorkspaceRole, error) {
if workspaceRole.Labels == nil { if workspaceRole.Labels == nil {
workspaceRole.Labels = make(map[string]string, 0) workspaceRole.Labels = make(map[string]string, 0)
} }
workspaceRole.Labels[tenantv1alpha1.WorkspaceLabel] = workspace workspaceRole.Labels[tenantv1alpha1.WorkspaceLabel] = workspace
workspaceRole.Rules = make([]rbacv1.PolicyRule, 0) workspaceRole.Rules = make([]rbacv1.PolicyRule, 0)
@@ -452,15 +448,10 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol
} }
} }
old, err := am.GetWorkspaceRole("", workspaceRole.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *iamv1alpha2.WorkspaceRole var created *iamv1alpha2.WorkspaceRole
if old != nil { var err error
if workspaceRole.ResourceVersion != "" {
created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Update(workspaceRole) created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Update(workspaceRole)
} else { } else {
created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Create(workspaceRole) created, err = am.ksclient.IamV1alpha2().WorkspaceRoles().Create(workspaceRole)
@@ -469,7 +460,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRole(workspace string, workspaceRol
return created, err return created, err
} }
func (am *amOperator) CreateOrUpdateWorkspaceRoleBinding(username string, workspace string, role string) error { func (am *amOperator) CreateWorkspaceRoleBinding(username string, workspace string, role string) error {
_, err := am.GetWorkspaceRole(workspace, role) _, err := am.GetWorkspaceRole(workspace, role)
@@ -526,7 +517,7 @@ func (am *amOperator) CreateOrUpdateWorkspaceRoleBinding(username string, worksp
return nil return nil
} }
func (am *amOperator) CreateOrUpdateClusterRoleBinding(username string, role string) error { func (am *amOperator) CreateClusterRoleBinding(username string, role string) error {
_, err := am.GetClusterRole(role) _, err := am.GetClusterRole(role)
@@ -582,7 +573,7 @@ func (am *amOperator) CreateOrUpdateClusterRoleBinding(username string, role str
return nil return nil
} }
func (am *amOperator) CreateOrUpdateNamespaceRoleBinding(username string, namespace string, role string) error { func (am *amOperator) CreateNamespaceRoleBinding(username string, namespace string, role string) error {
_, err := am.GetNamespaceRole(namespace, role) _, err := am.GetNamespaceRole(namespace, role)
@@ -727,15 +718,10 @@ func (am *amOperator) CreateOrUpdateGlobalRole(globalRole *iamv1alpha2.GlobalRol
} }
} }
old, err := am.GetGlobalRole(globalRole.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *iamv1alpha2.GlobalRole var created *iamv1alpha2.GlobalRole
if old != nil { var err error
if globalRole.ResourceVersion != "" {
created, err = am.ksclient.IamV1alpha2().GlobalRoles().Update(globalRole) created, err = am.ksclient.IamV1alpha2().GlobalRoles().Update(globalRole)
} else { } else {
created, err = am.ksclient.IamV1alpha2().GlobalRoles().Create(globalRole) created, err = am.ksclient.IamV1alpha2().GlobalRoles().Create(globalRole)
@@ -763,16 +749,9 @@ func (am *amOperator) CreateOrUpdateClusterRole(clusterRole *rbacv1.ClusterRole)
clusterRole.Rules = append(clusterRole.Rules, role.Rules...) clusterRole.Rules = append(clusterRole.Rules, role.Rules...)
} }
} }
old, err := am.GetClusterRole(clusterRole.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *rbacv1.ClusterRole var created *rbacv1.ClusterRole
if old != nil { var err error
if clusterRole.ResourceVersion != "" {
created, err = am.k8sclient.RbacV1().ClusterRoles().Update(clusterRole) created, err = am.k8sclient.RbacV1().ClusterRoles().Update(clusterRole)
} else { } else {
created, err = am.k8sclient.RbacV1().ClusterRoles().Create(clusterRole) created, err = am.k8sclient.RbacV1().ClusterRoles().Create(clusterRole)
@@ -801,16 +780,9 @@ func (am *amOperator) CreateOrUpdateNamespaceRole(namespace string, role *rbacv1
role.Rules = append(role.Rules, role.Rules...) role.Rules = append(role.Rules, role.Rules...)
} }
} }
old, err := am.GetNamespaceRole(namespace, role.Name)
if err != nil && !errors.IsNotFound(err) {
klog.Error(err)
return nil, err
}
var created *rbacv1.Role var created *rbacv1.Role
if old != nil { var err error
if role.ResourceVersion != "" {
created, err = am.k8sclient.RbacV1().Roles(namespace).Update(role) created, err = am.k8sclient.RbacV1().Roles(namespace).Update(role)
} else { } else {
created, err = am.k8sclient.RbacV1().Roles(namespace).Create(role) created, err = am.k8sclient.RbacV1().Roles(namespace).Create(role)

92
pkg/models/tenant/tenant.go
View File

@@ -17,12 +17,14 @@ limitations under the License.
package tenant package tenant
import ( import (
"encoding/json"
"fmt" "fmt"
"io" "io"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
"k8s.io/klog" "k8s.io/klog"
@@ -36,6 +38,7 @@ import (
"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizer" "kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizer"
"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizerfactory" "kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizerfactory"
"kubesphere.io/kubesphere/pkg/apiserver/query" "kubesphere.io/kubesphere/pkg/apiserver/query"
"kubesphere.io/kubesphere/pkg/apiserver/request"
kubesphere "kubesphere.io/kubesphere/pkg/client/clientset/versioned" kubesphere "kubesphere.io/kubesphere/pkg/client/clientset/versioned"
"kubesphere.io/kubesphere/pkg/informers" "kubesphere.io/kubesphere/pkg/informers"
"kubesphere.io/kubesphere/pkg/models/auditing" "kubesphere.io/kubesphere/pkg/models/auditing"
@@ -61,11 +64,15 @@ type Interface interface {
UpdateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) UpdateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
DescribeWorkspace(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error) DescribeWorkspace(workspace string) (*tenantv1alpha2.WorkspaceTemplate, error)
ListWorkspaceClusters(workspace string) (*api.ListResult, error) ListWorkspaceClusters(workspace string) (*api.ListResult, error)
Events(user user.Info, queryParam *eventsv1alpha1.Query) (*eventsv1alpha1.APIResponse, error) Events(user user.Info, queryParam *eventsv1alpha1.Query) (*eventsv1alpha1.APIResponse, error)
QueryLogs(user user.Info, query *loggingv1alpha2.Query) (*loggingv1alpha2.APIResponse, error) QueryLogs(user user.Info, query *loggingv1alpha2.Query) (*loggingv1alpha2.APIResponse, error)
ExportLogs(user user.Info, query *loggingv1alpha2.Query, writer io.Writer) error ExportLogs(user user.Info, query *loggingv1alpha2.Query, writer io.Writer) error
Auditing(user user.Info, queryParam *auditingv1alpha1.Query) (*auditingv1alpha1.APIResponse, error) Auditing(user user.Info, queryParam *auditingv1alpha1.Query) (*auditingv1alpha1.APIResponse, error)
DescribeNamespace(workspace, namespace string) (*corev1.Namespace, error)
DeleteNamespace(workspace, namespace string) error
UpdateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error)
PatchNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error)
PatchWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error)
} }
type tenantOperator struct { type tenantOperator struct {
@@ -99,10 +106,10 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
listWS := authorizer.AttributesRecord{ listWS := authorizer.AttributesRecord{
User: user, User: user,
Verb: "list", Verb: "list",
APIGroup: "tenant.kubesphere.io", APIGroup: "*",
APIVersion: "v1alpha2",
Resource: "workspaces", Resource: "workspaces",
ResourceRequest: true, ResourceRequest: true,
ResourceScope: request.GlobalScope,
} }
decision, _, err := t.authorizer.Authorize(listWS) decision, _, err := t.authorizer.Authorize(listWS)
@@ -154,9 +161,9 @@ func (t *tenantOperator) ListWorkspaces(user user.Info, queryParam *query.Query)
} }
result := resources.DefaultList(workspaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool { result := resources.DefaultList(workspaces, queryParam, func(left runtime.Object, right runtime.Object, field query.Field) bool {
return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha1.Workspace).ObjectMeta, right.(*tenantv1alpha1.Workspace).ObjectMeta, field) return resources.DefaultObjectMetaCompare(left.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, right.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, field)
}, func(workspace runtime.Object, filter query.Filter) bool { }, func(workspace runtime.Object, filter query.Filter) bool {
return resources.DefaultObjectMetaFilter(workspace.(*tenantv1alpha1.Workspace).ObjectMeta, filter) return resources.DefaultObjectMetaFilter(workspace.(*tenantv1alpha2.WorkspaceTemplate).ObjectMeta, filter)
}) })
return result, nil return result, nil
@@ -167,11 +174,10 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
listNSInWS := authorizer.AttributesRecord{ listNSInWS := authorizer.AttributesRecord{
User: user, User: user,
Verb: "list", Verb: "list",
APIGroup: "",
APIVersion: "v1",
Workspace: workspace, Workspace: workspace,
Resource: "namespaces", Resource: "namespaces",
ResourceRequest: true, ResourceRequest: true,
ResourceScope: request.WorkspaceScope,
} }
decision, _, err := t.authorizer.Authorize(listNSInWS) decision, _, err := t.authorizer.Authorize(listNSInWS)
@@ -238,20 +244,78 @@ func (t *tenantOperator) ListNamespaces(user user.Info, workspace string, queryP
} }
func (t *tenantOperator) CreateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) { func (t *tenantOperator) CreateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) {
_, err := t.resourceGetter.Get(tenantv1alpha1.ResourcePluralWorkspace, "", workspace) _, err := t.resourceGetter.Get(tenantv1alpha1.ResourcePluralWorkspace, "", workspace)
if err != nil { if err != nil {
return nil, err return nil, err
} }
namespace = appendWorkspaceLabel(namespace, workspace)
if namespace.Annotations == nil { return t.k8sclient.CoreV1().Namespaces().Create(namespace)
namespace.Annotations = make(map[string]string, 0)
} }
namespace.Annotations[tenantv1alpha1.WorkspaceLabel] = workspace func appendWorkspaceLabel(namespace *corev1.Namespace, workspace string) *corev1.Namespace {
if namespace.Labels == nil {
namespace.Labels = make(map[string]string, 0)
}
namespace.Labels[tenantv1alpha1.WorkspaceLabel] = workspace
return namespace
}
return t.k8sclient.CoreV1().Namespaces().Create(namespace) func (t *tenantOperator) DescribeNamespace(workspace, namespace string) (*corev1.Namespace, error) {
obj, err := t.resourceGetter.Get("namespaces", "", namespace)
if err != nil {
return nil, err
}
ns := obj.(*corev1.Namespace)
if ns.Labels[tenantv1alpha1.WorkspaceLabel] != workspace {
err := errors.NewNotFound(corev1.Resource("namespace"), namespace)
klog.Error(err)
return nil, err
}
return ns, nil
}
func (t *tenantOperator) DeleteNamespace(workspace, namespace string) error {
_, err := t.DescribeNamespace(workspace, namespace)
if err != nil {
return err
}
return t.k8sclient.CoreV1().Namespaces().Delete(namespace, metav1.NewDeleteOptions(0))
}
func (t *tenantOperator) UpdateNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) {
_, err := t.DescribeNamespace(workspace, namespace.Namespace)
if err != nil {
return nil, err
}
namespace = appendWorkspaceLabel(namespace, workspace)
return t.k8sclient.CoreV1().Namespaces().Update(namespace)
}
func (t *tenantOperator) PatchNamespace(workspace string, namespace *corev1.Namespace) (*corev1.Namespace, error) {
_, err := t.DescribeNamespace(workspace, namespace.Name)
if err != nil {
return nil, err
}
if namespace.Labels != nil {
namespace.Labels[tenantv1alpha1.WorkspaceLabel] = workspace
}
data, err := json.Marshal(namespace)
if err != nil {
return nil, err
}
return t.k8sclient.CoreV1().Namespaces().Patch(namespace.Name, types.MergePatchType, data)
}
func (t *tenantOperator) PatchWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {
_, err := t.DescribeWorkspace(workspace.Name)
if err != nil {
return nil, err
}
data, err := json.Marshal(workspace)
if err != nil {
return nil, err
}
return t.ksclient.TenantV1alpha2().WorkspaceTemplates().Patch(workspace.Name, types.MergePatchType, data)
} }
func (t *tenantOperator) CreateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) { func (t *tenantOperator) CreateWorkspace(workspace *tenantv1alpha2.WorkspaceTemplate) (*tenantv1alpha2.WorkspaceTemplate, error) {