improve identity provider plugin

Signed-off-by: hongming <talonwan@yunify.com>
2020-11-23 15:04:59 +08:00
parent 91c2e05616
commit dfaefa5ffb
63 changed files with 3656 additions and 1746 deletions
--- a/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
+++ b/pkg/apiserver/authentication/authenticators/jwttoken/jwt_token.go
@@ -18,13 +18,13 @@ package jwttoken

 import (
 	"context"
-
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/klog"
+	iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
+	"kubesphere.io/kubesphere/pkg/models/auth"

 	iamv1alpha2listers "kubesphere.io/kubesphere/pkg/client/listers/iam/v1alpha2"
-	"kubesphere.io/kubesphere/pkg/models/iam/im"
 )

 // TokenAuthenticator implements kubernetes token authenticate interface with our custom logic.
@@ -33,11 +33,11 @@ import (
 // and group from user.AllUnauthenticated. This helps requests be passed along the handler chain,
 // because some resources are public accessible.
 type tokenAuthenticator struct {
-	tokenOperator im.TokenManagementInterface
+	tokenOperator auth.TokenManagementInterface
 	userLister    iamv1alpha2listers.UserLister
 }

-func NewTokenAuthenticator(tokenOperator im.TokenManagementInterface, userLister iamv1alpha2listers.UserLister) authenticator.Token {
+func NewTokenAuthenticator(tokenOperator auth.TokenManagementInterface, userLister iamv1alpha2listers.UserLister) authenticator.Token {
 	return &tokenAuthenticator{
 		tokenOperator: tokenOperator,
 		userLister:    userLister,
@@ -51,6 +51,16 @@ func (t *tokenAuthenticator) AuthenticateToken(ctx context.Context, token string
 		return nil, false, err
 	}

+	if providedUser.GetName() == iamv1alpha2.PreRegistrationUser {
+		return &authenticator.Response{
+			User: &user.DefaultInfo{
+				Name:   providedUser.GetName(),
+				Extra:  providedUser.GetExtra(),
+				Groups: providedUser.GetGroups(),
+			},
+		}, true, nil
+	}
+
 	dbUser, err := t.userLister.Get(providedUser.GetName())
 	if err != nil {
 		return nil, false, err
@@ -58,8 +68,7 @@ func (t *tokenAuthenticator) AuthenticateToken(ctx context.Context, token string

 	return &authenticator.Response{
 		User: &user.DefaultInfo{
-			Name:   providedUser.GetName(),
-			UID:    providedUser.GetUID(),
+			Name:   dbUser.GetName(),
 			Groups: append(dbUser.Spec.Groups, user.AllAuthenticated),
 		},
 	}, true, nil