improve identity provider plugin

Signed-off-by: hongming <talonwan@yunify.com>
2020-11-23 15:04:59 +08:00
parent 91c2e05616
commit dfaefa5ffb
63 changed files with 3656 additions and 1746 deletions
--- a/pkg/apis/iam/v1alpha2/types.go
+++ b/pkg/apis/iam/v1alpha2/types.go
@@ -58,13 +58,20 @@ const (
 	GlobalRoleAnnotation                  = "iam.kubesphere.io/globalrole"
 	WorkspaceRoleAnnotation               = "iam.kubesphere.io/workspacerole"
 	ClusterRoleAnnotation                 = "iam.kubesphere.io/clusterrole"
+	UninitializedAnnotation               = "iam.kubesphere.io/uninitialized"
 	RoleAnnotation                        = "iam.kubesphere.io/role"
 	RoleTemplateLabel                     = "iam.kubesphere.io/role-template"
 	ScopeLabelFormat                      = "scope.kubesphere.io/%s"
 	UserReferenceLabel                    = "iam.kubesphere.io/user-ref"
 	IdentifyProviderLabel                 = "iam.kubesphere.io/identify-provider"
-	PasswordEncryptedAnnotation           = "iam.kubesphere.io/password-encrypted"
+	OriginUIDLabel                        = "iam.kubesphere.io/origin-uid"
 	FieldEmail                            = "email"
+	ExtraEmail                            = FieldEmail
+	ExtraIdentityProvider                 = "idp"
+	ExtraUID                              = "uid"
+	ExtraUsername                         = "username"
+	ExtraDisplayName                      = "displayName"
+	ExtraUninitialized                    = "uninitialized"
 	InGroup                               = "ingroup"
 	NotInGroup                            = "notingroup"
 	AggregateTo                           = "aggregateTo"
@@ -76,6 +83,8 @@ const (
 	NamespaceAdmin                        = "admin"
 	WorkspaceAdminFormat                  = "%s-admin"
 	ClusterAdmin                          = "cluster-admin"
+	PreRegistrationUser                   = "system:pre-registration"
+	PreRegistrationUserGroup              = "pre-registration"
 )

 // +genclient
@@ -87,6 +96,7 @@ const (
 // +kubebuilder:printcolumn:name="Email",type="string",JSONPath=".spec.email"
 // +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.state"
 // +kubebuilder:resource:categories="iam",scope="Cluster"
+// +kubebuilder:subresource:status
 type User struct {
 	metav1.TypeMeta `json:",inline"`
 	// Standard object's metadata.
@@ -126,7 +136,7 @@ const (
 	UserActive UserState = "Active"
 	// UserDisabled means the user is disabled.
 	UserDisabled UserState = "Disabled"
-	// UserDisabled means the user is disabled.
+	// UserAuthLimitExceeded means restrict user login.
 	UserAuthLimitExceeded UserState = "AuthLimitExceeded"

 	AuthenticatedSuccessfully = "authenticated successfully"
@@ -136,7 +146,7 @@ const (
 type UserStatus struct {
 	// The user status
 	// +optional
-	State UserState `json:"state,omitempty"`
+	State *UserState `json:"state,omitempty"`
 	// +optional
 	Reason string `json:"reason,omitempty"`
 	// +optional