From d2452c97e8ec84c661307b500a15665b4554ca4a Mon Sep 17 00:00:00 2001
From: hongming <talonwan@yunify.com>
Date: Sat, 6 Jul 2019 21:13:25 +0800
Subject: [PATCH] fix: recreate kubectl pod

Signed-off-by: hongming <talonwan@yunify.com>
---
 pkg/models/iam/am.go | 23 ++++++++++++-----------
 pkg/models/iam/im.go |  9 +++++----
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/pkg/models/iam/am.go b/pkg/models/iam/am.go
index a2dc51bcd..75b542d56 100644
--- a/pkg/models/iam/am.go
+++ b/pkg/models/iam/am.go
@@ -628,6 +628,18 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
 		return err
 	}
 
+	// create kubectl pod if cluster role is cluster-admin
+	if clusterRoleName == constants.ClusterAdmin {
+		if err := kubectl.CreateKubectlDeploy(username); err != nil {
+			glog.Error("create user terminal pod failed", username, err)
+		}
+		// delete kubectl pod if cluster role is not cluster-admin, whether it exists or not
+	} else {
+		if err := kubectl.DelKubectlDeploy(username); err != nil {
+			glog.Error("delete user terminal pod failed", username, err)
+		}
+	}
+
 	clusterRoleBinding := &rbacv1.ClusterRoleBinding{}
 	clusterRoleBinding.Name = username
 	clusterRoleBinding.RoleRef = rbacv1.RoleRef{Name: clusterRoleName, Kind: ClusterRoleKind}
@@ -657,11 +669,6 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
 			glog.Errorln("delete cluster role binding", err)
 			return err
 		}
-		if found.RoleRef.Name == constants.ClusterAdmin {
-			if err := kubectl.DelKubectlDeploy(username); err != nil {
-				glog.Error("delete user terminal pod failed", username, err)
-			}
-		}
 		maxRetries := 3
 		for i := 0; i < maxRetries; i++ {
 			_, err = k8s.Client().RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
@@ -674,12 +681,6 @@ func CreateClusterRoleBinding(username string, clusterRoleName string) error {
 		return err
 	}
 
-	if clusterRoleName == constants.ClusterAdmin {
-		if err := kubectl.CreateKubectlDeploy(username); err != nil {
-			glog.Errorln("create user terminal pod failed", username, err)
-		}
-	}
-
 	if !k8sutil.ContainsUser(found.Subjects, username) {
 		found.Subjects = clusterRoleBinding.Subjects
 		_, err = k8s.Client().RbacV1().ClusterRoleBindings().Update(found)
diff --git a/pkg/models/iam/im.go b/pkg/models/iam/im.go
index ff68ed7ef..747d77076 100644
--- a/pkg/models/iam/im.go
+++ b/pkg/models/iam/im.go
@@ -786,6 +786,11 @@ func CreateUser(user *models.User) (*models.User, error) {
 		userCreateRequest.Attribute("description", []string{user.Description}) // RFC4519: descriptive information
 	}
 
+	if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
+		glog.Errorln("create user kubeconfig failed", user.Username, err)
+		return nil, err
+	}
+
 	err = conn.Add(userCreateRequest)
 
 	if err != nil {
@@ -797,10 +802,6 @@ func CreateUser(user *models.User) (*models.User, error) {
 		setAvatar(user.Username, user.AvatarUrl)
 	}
 
-	if err := kubeconfig.CreateKubeConfig(user.Username); err != nil {
-		glog.Errorln("create user kubeconfig failed", user.Username, err)
-	}
-
 	if user.ClusterRole != "" {
 		err := CreateClusterRoleBinding(user.Username, user.ClusterRole)