admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: duplicate namespace

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-05-06 15:48:32 +08:00
committed by zryfish
parent 0a37bfd0a4
commit e115feeb8a
7 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/constants/constants.go
View File

@@ -37,7 +37,8 @@ const (
WorkspaceLabelKey = "kubesphere.io/workspace" WorkspaceLabelKey = "kubesphere.io/workspace"
DisplayNameAnnotationKey = "displayName" DisplayNameAnnotationKey = "displayName"
DescriptionAnnotationKey = "desc" DescriptionAnnotationKey = "desc"
CreatorLabelAnnotationKey = "creator" CreatorAnnotationKey = "creator"
System = "system"
OpenPitrixRuntimeAnnotationKey = "openpitrix_runtime" OpenPitrixRuntimeAnnotationKey = "openpitrix_runtime"
WorkspaceAdmin = "workspace-admin" WorkspaceAdmin = "workspace-admin"
ClusterAdmin = "cluster-admin" ClusterAdmin = "cluster-admin"

2
pkg/controller/namespace/namespace_controller.go
View File

@@ -204,7 +204,7 @@ func (r *ReconcileNamespace) checkAndCreateRoles(namespace *corev1.Namespace) er
func (r *ReconcileNamespace) checkAndCreateRoleBindings(namespace *corev1.Namespace) error { func (r *ReconcileNamespace) checkAndCreateRoleBindings(namespace *corev1.Namespace) error {
workspaceName := namespace.Labels[constants.WorkspaceLabelKey] workspaceName := namespace.Labels[constants.WorkspaceLabelKey]
creatorName := namespace.Annotations[constants.CreatorLabelAnnotationKey] creatorName := namespace.Annotations[constants.CreatorAnnotationKey]
creator := rbac.Subject{APIGroup: "rbac.authorization.k8s.io", Kind: "User", Name: creatorName} creator := rbac.Subject{APIGroup: "rbac.authorization.k8s.io", Kind: "User", Name: creatorName}

6
pkg/controller/workspace/workspace_controller.go
View File

@@ -517,7 +517,7 @@ func getWorkspaceAdmin(workspaceName string) *rbac.ClusterRole {
admin := &rbac.ClusterRole{} admin := &rbac.ClusterRole{}
admin.Name = getWorkspaceAdminRoleName(workspaceName) admin.Name = getWorkspaceAdminRoleName(workspaceName)
admin.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName} admin.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName}
admin.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceAdmin, constants.DescriptionAnnotationKey: workspaceAdminDescription} admin.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceAdmin, constants.DescriptionAnnotationKey: workspaceAdminDescription, constants.CreatorAnnotationKey: constants.System}
admin.Rules = []rbac.PolicyRule{ admin.Rules = []rbac.PolicyRule{
{ {
Verbs: []string{"*"}, Verbs: []string{"*"},
@@ -539,7 +539,7 @@ func getWorkspaceRegular(workspaceName string) *rbac.ClusterRole {
regular := &rbac.ClusterRole{} regular := &rbac.ClusterRole{}
regular.Name = getWorkspaceRegularRoleName(workspaceName) regular.Name = getWorkspaceRegularRoleName(workspaceName)
regular.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName} regular.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName}
regular.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceRegular, constants.DescriptionAnnotationKey: workspaceRegularDescription} regular.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceRegular, constants.DescriptionAnnotationKey: workspaceRegularDescription, constants.CreatorAnnotationKey: constants.System}
regular.Rules = []rbac.PolicyRule{ regular.Rules = []rbac.PolicyRule{
{ {
Verbs: []string{"get"}, Verbs: []string{"get"},
@@ -567,7 +567,7 @@ func getWorkspaceViewer(workspaceName string) *rbac.ClusterRole {
viewer := &rbac.ClusterRole{} viewer := &rbac.ClusterRole{}
viewer.Name = getWorkspaceViewerRoleName(workspaceName) viewer.Name = getWorkspaceViewerRoleName(workspaceName)
viewer.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName} viewer.Labels = map[string]string{constants.WorkspaceLabelKey: workspaceName}
viewer.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceViewer, constants.DescriptionAnnotationKey: workspaceViewerDescription} viewer.Annotations = map[string]string{constants.DisplayNameAnnotationKey: constants.WorkspaceViewer, constants.DescriptionAnnotationKey: workspaceViewerDescription, constants.CreatorAnnotationKey: constants.System}
viewer.Rules = []rbac.PolicyRule{ viewer.Rules = []rbac.PolicyRule{
{ {
Verbs: []string{"get", "list"}, Verbs: []string{"get", "list"},

2
pkg/models/iam/am.go
View File

@@ -451,7 +451,7 @@ func NamespaceUsers(namespaceName string) ([]*models.User, error) {
if subject.Kind == rbacv1.UserKind && !k8sutil.ContainsUser(users, subject.Name) { if subject.Kind == rbacv1.UserKind && !k8sutil.ContainsUser(users, subject.Name) {
// show creator // show creator
if roleBinding.Name == NamespaceAdminRoleBindName && subject.Name != namespace.Annotations[constants.CreatorLabelAnnotationKey] { if roleBinding.Name == NamespaceAdminRoleBindName && subject.Name != namespace.Annotations[constants.CreatorAnnotationKey] {
continue continue
} }

2
pkg/models/resources/clusterroles.go
View File

@@ -145,7 +145,7 @@ func (s *clusterRoleSearcher) search(namespace string, conditions *params.Condit
} }
func isUserFacingClusterRole(role *rbac.ClusterRole) bool { func isUserFacingClusterRole(role *rbac.ClusterRole) bool {
if role.Annotations[constants.CreatorLabelAnnotationKey] != "" && role.Labels[constants.WorkspaceLabelKey] == "" { if role.Annotations[constants.CreatorAnnotationKey] != "" && role.Labels[constants.WorkspaceLabelKey] == "" {
return true return true
} }
return false return false

14
pkg/models/tenant/namespaces.go
View File

@@ -18,6 +18,7 @@
package tenant package tenant
import ( import (
"github.com/golang/glog"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
@@ -90,20 +91,31 @@ func (*namespaceSearcher) GetNamespaces(username string) ([]*v1.Namespace, error
if err != nil { if err != nil {
return nil, err return nil, err
} }
namespaces := make([]*v1.Namespace, 0) namespaces := make([]*v1.Namespace, 0)
namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister() namespaceLister := informers.SharedInformerFactory().Core().V1().Namespaces().Lister()
for _, role := range roles { for _, role := range roles {
namespace, err := namespaceLister.Get(role.Namespace) namespace, err := namespaceLister.Get(role.Namespace)
if err != nil { if err != nil {
glog.Errorf("get namespace failed: %+v", err)
return nil, err return nil, err
} }
if !containsNamespace(namespaces, namespace) {
namespaces = append(namespaces, namespace) namespaces = append(namespaces, namespace)
} }
}
return namespaces, nil return namespaces, nil
} }
func containsNamespace(namespaces []*v1.Namespace, namespace *v1.Namespace) bool {
for _, item := range namespaces {
if item.Name == namespace.Name {
return true
}
}
return false
}
func (s *namespaceSearcher) search(username string, conditions *params.Conditions, orderBy string, reverse bool) ([]*v1.Namespace, error) { func (s *namespaceSearcher) search(username string, conditions *params.Conditions, orderBy string, reverse bool) ([]*v1.Namespace, error) {
rules, err := iam.GetUserClusterRules(username) rules, err := iam.GetUserClusterRules(username)

8
pkg/models/tenant/tenant.go
View File

@@ -39,7 +39,7 @@ func CreateNamespace(workspaceName string, namespace *v1.Namespace, username str
namespace.Labels = make(map[string]string, 0) namespace.Labels = make(map[string]string, 0)
} }
if username != "" { if username != "" {
namespace.Annotations[constants.CreatorLabelAnnotationKey] = username namespace.Annotations[constants.CreatorAnnotationKey] = username
} }
namespace.Labels[constants.WorkspaceLabelKey] = workspaceName namespace.Labels[constants.WorkspaceLabelKey] = workspaceName
@@ -87,20 +87,14 @@ func appendAnnotations(username string, workspace *v1alpha1.Workspace) *v1alpha1
ns, err := ListNamespaces(username, &params.Conditions{Match: map[string]string{constants.WorkspaceLabelKey: workspace.Name}}, "", false, 1, 0) ns, err := ListNamespaces(username, &params.Conditions{Match: map[string]string{constants.WorkspaceLabelKey: workspace.Name}}, "", false, 1, 0)
if err == nil { if err == nil {
workspace.Annotations["kubesphere.io/namespace-count"] = strconv.Itoa(ns.TotalCount) workspace.Annotations["kubesphere.io/namespace-count"] = strconv.Itoa(ns.TotalCount)
} else {
workspace.Annotations["kubesphere.io/namespace-count"] = "-1"
} }
devops, err := ListDevopsProjects(workspace.Name, username, &params.Conditions{}, "", false, 1, 0) devops, err := ListDevopsProjects(workspace.Name, username, &params.Conditions{}, "", false, 1, 0)
if err == nil { if err == nil {
workspace.Annotations["kubesphere.io/devops-count"] = strconv.Itoa(devops.TotalCount) workspace.Annotations["kubesphere.io/devops-count"] = strconv.Itoa(devops.TotalCount)
} else {
workspace.Annotations["kubesphere.io/devops-count"] = "-1"
} }
userCount, err := ws.WorkspaceUserCount(workspace.Name) userCount, err := ws.WorkspaceUserCount(workspace.Name)
if err == nil { if err == nil {
workspace.Annotations["kubesphere.io/member-count"] = strconv.Itoa(userCount) workspace.Annotations["kubesphere.io/member-count"] = strconv.Itoa(userCount)
} else {
workspace.Annotations["kubesphere.io/member-count"] = "-1"
} }
return workspace return workspace
} }