diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index db980a35b..def8709c9 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -37,7 +37,8 @@ const ( WorkspaceLabelKey = "kubesphere.io/workspace" DisplayNameAnnotationKey = "displayName" DescriptionAnnotationKey = "desc" - CreatorLabelAnnotationKey = "creator" + CreatorAnnotationKey = "creator" + System = "system" OpenPitrixRuntimeAnnotationKey = "openpitrix_runtime" WorkspaceAdmin = "workspace-admin" ClusterAdmin = "cluster-admin" diff --git a/pkg/controller/namespace/namespace_controller.go b/pkg/controller/namespace/namespace_controller.go index af2d560f3..90857ef07 100644 --- a/pkg/controller/namespace/namespace_controller.go +++ b/pkg/controller/namespace/namespace_controller.go @@ -204,7 +204,7 @@ func (r *ReconcileNamespace) checkAndCreateRoles(namespace *corev1.Namespace) er func (r *ReconcileNamespace) checkAndCreateRoleBindings(namespace *corev1.Namespace) error { workspaceName := namespace.Labels[constants.WorkspaceLabelKey] - creatorName := namespace.Annotations[constants.CreatorLabelAnnotationKey] + creatorName := namespace.Annotations[constants.CreatorAnnotationKey] creator := rbac.Subject{APIGroup: "rbac.authorization.k8s.io", Kind: "User", Name: creatorName} diff --git a/pkg/controller/workspace/workspace_controller.go b/pkg/controller/workspace/workspace_controller.go index 0ff7597aa..72d3a5ee0 100644 --- a/pkg/controller/workspace/workspace_controller.go +++ b/pkg/controller/workspace/workspace_controller.go @@ -517,7 +517,7 @@ func getWorkspaceAdmin(workspaceName string) *rbac.ClusterRole { admin := &rbac.ClusterRole{} admin.Name = getWorkspaceAdminRoleName(workspaceName) admin.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName} - admin.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceAdmin, constants.DescriptionAnnotationKey: workspaceAdminDescription} + admin.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceAdmin, constants.DescriptionAnnotationKey: workspaceAdminDescription, constants.CreatorAnnotationKey: constants.System} admin.Rules = []rbac.PolicyRule{ { Verbs: []string{"*"}, @@ -539,7 +539,7 @@ func getWorkspaceRegular(workspaceName string) *rbac.ClusterRole { regular := &rbac.ClusterRole{} regular.Name = getWorkspaceRegularRoleName(workspaceName) regular.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName} - regular.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceRegular, constants.DescriptionAnnotationKey: workspaceRegularDescription} + regular.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceRegular, constants.DescriptionAnnotationKey: workspaceRegularDescription, constants.CreatorAnnotationKey: constants.System} regular.Rules = []rbac.PolicyRule{ { Verbs: []string{"get"}, @@ -567,7 +567,7 @@ func getWorkspaceViewer(workspaceName string) *rbac.ClusterRole { viewer := &rbac.ClusterRole{} viewer.Name = getWorkspaceViewerRoleName(workspaceName) viewer.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName} - viewer.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceViewer, constants.DescriptionAnnotationKey: workspaceViewerDescription} + viewer.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceViewer, constants.DescriptionAnnotationKey: workspaceViewerDescription, constants.CreatorAnnotationKey: constants.System} viewer.Rules = []rbac.PolicyRule{ { Verbs: []string{"get", "list"}, diff --git a/pkg/models/iam/am.go b/pkg/models/iam/am.go index d65e1e504..c4da73533 100644 --- a/pkg/models/iam/am.go +++ b/pkg/models/iam/am.go @@ -451,7 +451,7 @@ func NamespaceUsers(namespaceName string) ([]*models.User, error) { if subject.Kind == rbacv1.UserKind && !k8sutil.ContainsUser(users, subject.Name) { // show creator - if roleBinding.Name == NamespaceAdminRoleBindName && subject.Name != namespace.Annotations[constants.CreatorLabelAnnotationKey] { + if roleBinding.Name == NamespaceAdminRoleBindName && subject.Name != namespace.Annotations[constants.CreatorAnnotationKey] { continue } diff --git a/pkg/models/resources/clusterroles.go b/pkg/models/resources/clusterroles.go index 9bd2fbfbc..6f6353fc9 100644 --- a/pkg/models/resources/clusterroles.go +++ b/pkg/models/resources/clusterroles.go @@ -145,7 +145,7 @@ func (s *clusterRoleSearcher) search(namespace string, conditions *params.Condit } func isUserFacingClusterRole(role *rbac.ClusterRole) bool { - if role.Annotations[constants.CreatorLabelAnnotationKey] != "" && role.Labels[constants.WorkspaceLabelKey] == "" { + if role.Annotations[constants.CreatorAnnotationKey] != "" && role.Labels[constants.WorkspaceLabelKey] == "" { return true } return false diff --git a/pkg/models/tenant/namespaces.go b/pkg/models/tenant/namespaces.go index 23f4fa531..121a5726f 100644 --- a/pkg/models/tenant/namespaces.go +++ b/pkg/models/tenant/namespaces.go @@ -18,6 +18,7 @@ package tenant import ( + "github.com/golang/glog" "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/labels" @@ -90,20 +91,31 @@ func (*namespaceSearcher) GetNamespaces(username string) ([]*v1.Namespace, error if err != nil { return nil, err } - namespaces := make([]*v1.Namespace, 0) namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister() for _, role := range roles { namespace, err := namespaceLister.Get(role.Namespace) if err != nil { + glog.Errorf("get namespace failed: %+v", err) return nil, err } - namespaces = append(namespaces, namespace) + if !containsNamespace(namespaces, namespace) { + namespaces = append(namespaces, namespace) + } } return namespaces, nil } +func containsNamespace(namespaces []*v1.Namespace, namespace *v1.Namespace) bool { + for _, item := range namespaces { + if item.Name == namespace.Name { + return true + } + } + return false +} + func (s *namespaceSearcher) search(username string, conditions *params.Conditions, orderBy string, reverse bool) ([]*v1.Namespace, error) { rules, err := iam.GetUserClusterRules(username) diff --git a/pkg/models/tenant/tenant.go b/pkg/models/tenant/tenant.go index 642402abc..a695e3245 100644 --- a/pkg/models/tenant/tenant.go +++ b/pkg/models/tenant/tenant.go @@ -39,7 +39,7 @@ func CreateNamespace(workspaceName string, namespace *v1.Namespace, username str namespace.Labels = make(map[string]string, 0) } if username != "" { - namespace.Annotations[constants.CreatorLabelAnnotationKey] = username + namespace.Annotations[constants.CreatorAnnotationKey] = username } namespace.Labels[constants.WorkspaceLabelKey] = workspaceName @@ -87,20 +87,14 @@ func appendAnnotations(username string, workspace *v1alpha1.Workspace) *v1alpha1 ns, err := ListNamespaces(username, ¶ms.Conditions{Match: map[string]string{constants.WorkspaceLabelKey: workspace.Name}}, "", false, 1, 0) if err == nil { workspace.Annotations["kubesphere.io/namespace-count"] = strconv.Itoa(ns.TotalCount) - } else { - workspace.Annotations["kubesphere.io/namespace-count"] = "-1" } devops, err := ListDevopsProjects(workspace.Name, username, ¶ms.Conditions{}, "", false, 1, 0) if err == nil { workspace.Annotations["kubesphere.io/devops-count"] = strconv.Itoa(devops.TotalCount) - } else { - workspace.Annotations["kubesphere.io/devops-count"] = "-1" } userCount, err := ws.WorkspaceUserCount(workspace.Name) if err == nil { workspace.Annotations["kubesphere.io/member-count"] = strconv.Itoa(userCount) - } else { - workspace.Annotations["kubesphere.io/member-count"] = "-1" } return workspace }