fix cannot create success login (#2576)
Signed-off-by: Jeff <zw0948@gmail.com>
This commit is contained in:
zryfish
154
pkg/apis/auditing/v1alpha1/zz_generated.deepcopy.go
generated
154
pkg/apis/auditing/v1alpha1/zz_generated.deepcopy.go
generated
@@ -1,6 +1,7 @@
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright 2020 The KubeSphere Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
@@ -20,15 +21,104 @@ limitations under the License.
|
||||
package v1alpha1
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
auditregistrationv1alpha1 "k8s.io/api/auditregistration/v1alpha1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *AuditSinkPolicy) DeepCopyInto(out *AuditSinkPolicy) {
|
||||
*out = *in
|
||||
if in.ArchivingRuleSelector != nil {
|
||||
in, out := &in.ArchivingRuleSelector, &out.ArchivingRuleSelector
|
||||
*out = new(v1.LabelSelector)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.AlertingRuleSelector != nil {
|
||||
in, out := &in.AlertingRuleSelector, &out.AlertingRuleSelector
|
||||
*out = new(v1.LabelSelector)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkPolicy.
|
||||
func (in *AuditSinkPolicy) DeepCopy() *AuditSinkPolicy {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(AuditSinkPolicy)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *DynamicAuditConfig) DeepCopyInto(out *DynamicAuditConfig) {
|
||||
*out = *in
|
||||
if in.Throttle != nil {
|
||||
in, out := &in.Throttle, &out.Throttle
|
||||
*out = new(auditregistrationv1alpha1.WebhookThrottleConfig)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.Policy != nil {
|
||||
in, out := &in.Policy, &out.Policy
|
||||
*out = new(auditregistrationv1alpha1.Policy)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicAuditConfig.
|
||||
func (in *DynamicAuditConfig) DeepCopy() *DynamicAuditConfig {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(DynamicAuditConfig)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *PolicyRule) DeepCopyInto(out *PolicyRule) {
|
||||
*out = *in
|
||||
if in.List != nil {
|
||||
in, out := &in.List, &out.List
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.
|
||||
func (in *PolicyRule) DeepCopy() *PolicyRule {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(PolicyRule)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *Receiver) DeepCopyInto(out *Receiver) {
|
||||
*out = *in
|
||||
in.ReceiverConfig.DeepCopyInto(&out.ReceiverConfig)
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Receiver.
|
||||
func (in *Receiver) DeepCopy() *Receiver {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(Receiver)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *Rule) DeepCopyInto(out *Rule) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
out.Spec = in.Spec
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
}
|
||||
|
||||
@@ -85,6 +175,13 @@ func (in *RuleList) DeepCopyObject() runtime.Object {
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *RuleSpec) DeepCopyInto(out *RuleSpec) {
|
||||
*out = *in
|
||||
if in.PolicyRules != nil {
|
||||
in, out := &in.PolicyRules, &out.PolicyRules
|
||||
*out = make([]PolicyRule, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleSpec.
|
||||
@@ -117,7 +214,7 @@ func (in *Webhook) DeepCopyInto(out *Webhook) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
out.Spec = in.Spec
|
||||
in.Spec.DeepCopyInto(&out.Spec)
|
||||
out.Status = in.Status
|
||||
}
|
||||
|
||||
@@ -174,6 +271,57 @@ func (in *WebhookList) DeepCopyObject() runtime.Object {
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *WebhookSpec) DeepCopyInto(out *WebhookSpec) {
|
||||
*out = *in
|
||||
if in.Replicas != nil {
|
||||
in, out := &in.Replicas, &out.Replicas
|
||||
*out = new(int32)
|
||||
**out = **in
|
||||
}
|
||||
if in.ImagePullSecrets != nil {
|
||||
in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
|
||||
*out = make([]corev1.LocalObjectReference, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.Args != nil {
|
||||
in, out := &in.Args, &out.Args
|
||||
*out = make([]string, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
if in.NodeSelector != nil {
|
||||
in, out := &in.NodeSelector, &out.NodeSelector
|
||||
*out = make(map[string]string, len(*in))
|
||||
for key, val := range *in {
|
||||
(*out)[key] = val
|
||||
}
|
||||
}
|
||||
if in.Affinity != nil {
|
||||
in, out := &in.Affinity, &out.Affinity
|
||||
*out = new(corev1.Affinity)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.Tolerations != nil {
|
||||
in, out := &in.Tolerations, &out.Tolerations
|
||||
*out = make([]corev1.Toleration, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
if in.Resources != nil {
|
||||
in, out := &in.Resources, &out.Resources
|
||||
*out = new(corev1.ResourceRequirements)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.Receivers != nil {
|
||||
in, out := &in.Receivers, &out.Receivers
|
||||
*out = make([]Receiver, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
if in.AuditSinkPolicy != nil {
|
||||
in, out := &in.AuditSinkPolicy, &out.AuditSinkPolicy
|
||||
*out = new(AuditSinkPolicy)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookSpec.
|
||||
|
||||
@@ -125,9 +125,6 @@ const (
|
||||
// UserDisabled means the user is disabled.
|
||||
UserAuthLimitExceeded UserState = "AuthLimitExceeded"
|
||||
|
||||
LoginFailure LoginRecordType = "LoginFailure"
|
||||
LoginSuccess LoginRecordType = "LoginSuccess"
|
||||
|
||||
AuthenticatedSuccessfully = "authenticated successfully"
|
||||
)
|
||||
|
||||
@@ -290,7 +287,10 @@ type RoleBaseList struct {
|
||||
// +genclient:nonNamespaced
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
// +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".spec.type"
|
||||
// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".status.reason"
|
||||
// +kubebuilder:printcolumn:name="Provider",type="string",JSONPath=".spec.provider"
|
||||
// +kubebuilder:printcolumn:name="From",type="string",JSONPath=".spec.sourceIP"
|
||||
// +kubebuilder:printcolumn:name="Success",type="string",JSONPath=".spec.success"
|
||||
// +kubebuilder:printcolumn:name="Reason",type="string",JSONPath=".spec.reason"
|
||||
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
|
||||
// +kubebuilder:resource:categories="iam",scope="Cluster"
|
||||
type LoginRecord struct {
|
||||
@@ -300,12 +300,27 @@ type LoginRecord struct {
|
||||
}
|
||||
|
||||
type LoginRecordSpec struct {
|
||||
SourceIP string `json:"sourceIP"`
|
||||
Type LoginRecordType `json:"type"`
|
||||
Reason string `json:"reason"`
|
||||
// Which authentication method used, BasicAuth/OAuth
|
||||
Type LoginType `json:"type"`
|
||||
// Provider of authentication, Ldap/Github etc.
|
||||
Provider string `json:"provider"`
|
||||
// Source IP of client
|
||||
SourceIP string `json:"sourceIP"`
|
||||
// User agent of login attempt
|
||||
UserAgent string `json:"userAgent,omitempty"`
|
||||
// Successful login attempt or not
|
||||
Success bool `json:"success"`
|
||||
// States failed login attempt reason
|
||||
Reason string `json:"reason"`
|
||||
}
|
||||
|
||||
type LoginRecordType string
|
||||
type LoginType string
|
||||
|
||||
const (
|
||||
BasicAuth LoginType = "Basic"
|
||||
OAuth LoginType = "OAuth"
|
||||
Token LoginType = "Token"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
|
||||
224
pkg/apis/storage/v1alpha1/zz_generated.deepcopy.go
generated
224
pkg/apis/storage/v1alpha1/zz_generated.deepcopy.go
generated
@@ -1,7 +1,7 @@
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright The Kubernetes Authors.
|
||||
Copyright 2020 The KubeSphere Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
@@ -16,37 +16,22 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
||||
// Code generated by controller-gen. DO NOT EDIT.
|
||||
|
||||
package v1alpha1
|
||||
|
||||
import "k8s.io/apimachinery/pkg/runtime"
|
||||
import (
|
||||
runtime "k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *PluginInfo) DeepCopyInto(out *PluginInfo) {
|
||||
*out = *in
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new ProvisionerCapabilitySpecPluginInfo.
|
||||
func (in *PluginInfo) DeepCopy() *PluginInfo {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(PluginInfo)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *CapabilityFeatures) DeepCopyInto(out *CapabilityFeatures) {
|
||||
*out = *in
|
||||
out.Volume = in.Volume
|
||||
out.Snapshot = in.Snapshot
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new CapabilityFeatures.
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilityFeatures.
|
||||
func (in *CapabilityFeatures) DeepCopy() *CapabilityFeatures {
|
||||
if in == nil {
|
||||
return nil
|
||||
@@ -56,93 +41,30 @@ func (in *CapabilityFeatures) DeepCopy() *CapabilityFeatures {
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *StorageClassCapability) DeepCopyInto(out *StorageClassCapability) {
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *PluginInfo) DeepCopyInto(out *PluginInfo) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
out.Spec = in.Spec
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new StorageClassCapability.
|
||||
func (in *StorageClassCapability) DeepCopy() *StorageClassCapability {
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginInfo.
|
||||
func (in *PluginInfo) DeepCopy() *PluginInfo {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(StorageClassCapability)
|
||||
out := new(PluginInfo)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deep copy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *StorageClassCapability) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *StorageClassCapabilityList) DeepCopyInto(out *StorageClassCapabilityList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]StorageClassCapability, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new StorageClassCapabilityList.
|
||||
func (in *StorageClassCapabilityList) DeepCopy() *StorageClassCapabilityList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(StorageClassCapabilityList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deep copy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *StorageClassCapabilityList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *StorageClassCapabilitySpec) DeepCopyInto(out *StorageClassCapabilitySpec) {
|
||||
*out = *in
|
||||
out.Features = in.Features
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new StorageClassCapabilitySpec.
|
||||
func (in *StorageClassCapabilitySpec) DeepCopy() *StorageClassCapabilitySpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(StorageClassCapabilitySpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ProvisionerCapability) DeepCopyInto(out *ProvisionerCapability) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
out.Spec = in.Spec
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new ProvisionerCapability.
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProvisionerCapability.
|
||||
func (in *ProvisionerCapability) DeepCopy() *ProvisionerCapability {
|
||||
if in == nil {
|
||||
return nil
|
||||
@@ -152,7 +74,7 @@ func (in *ProvisionerCapability) DeepCopy() *ProvisionerCapability {
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deep copy function, copying the receiver, creating a new runtime.Object.
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *ProvisionerCapability) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
@@ -160,7 +82,7 @@ func (in *ProvisionerCapability) DeepCopyObject() runtime.Object {
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ProvisionerCapabilityList) DeepCopyInto(out *ProvisionerCapabilityList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
@@ -172,10 +94,9 @@ func (in *ProvisionerCapabilityList) DeepCopyInto(out *ProvisionerCapabilityList
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new ProvisionerCapabilityList.
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProvisionerCapabilityList.
|
||||
func (in *ProvisionerCapabilityList) DeepCopy() *ProvisionerCapabilityList {
|
||||
if in == nil {
|
||||
return nil
|
||||
@@ -185,7 +106,7 @@ func (in *ProvisionerCapabilityList) DeepCopy() *ProvisionerCapabilityList {
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deep copy function, copying the receiver, creating a new runtime.Object.
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *ProvisionerCapabilityList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
@@ -193,15 +114,14 @@ func (in *ProvisionerCapabilityList) DeepCopyObject() runtime.Object {
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deep copy function, copying the receiver, writing into out. in must be non-nil.
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ProvisionerCapabilitySpec) DeepCopyInto(out *ProvisionerCapabilitySpec) {
|
||||
*out = *in
|
||||
out.PluginInfo = in.PluginInfo
|
||||
out.Features = in.Features
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deep copy function, copying the receiver, creating a new ProvisionerCapabilitySpec.
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProvisionerCapabilitySpec.
|
||||
func (in *ProvisionerCapabilitySpec) DeepCopy() *ProvisionerCapabilitySpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
@@ -210,3 +130,107 @@ func (in *ProvisionerCapabilitySpec) DeepCopy() *ProvisionerCapabilitySpec {
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *SnapshotFeature) DeepCopyInto(out *SnapshotFeature) {
|
||||
*out = *in
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SnapshotFeature.
|
||||
func (in *SnapshotFeature) DeepCopy() *SnapshotFeature {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(SnapshotFeature)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *StorageClassCapability) DeepCopyInto(out *StorageClassCapability) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
|
||||
out.Spec = in.Spec
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageClassCapability.
|
||||
func (in *StorageClassCapability) DeepCopy() *StorageClassCapability {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(StorageClassCapability)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *StorageClassCapability) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *StorageClassCapabilityList) DeepCopyInto(out *StorageClassCapabilityList) {
|
||||
*out = *in
|
||||
out.TypeMeta = in.TypeMeta
|
||||
in.ListMeta.DeepCopyInto(&out.ListMeta)
|
||||
if in.Items != nil {
|
||||
in, out := &in.Items, &out.Items
|
||||
*out = make([]StorageClassCapability, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageClassCapabilityList.
|
||||
func (in *StorageClassCapabilityList) DeepCopy() *StorageClassCapabilityList {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(StorageClassCapabilityList)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
|
||||
func (in *StorageClassCapabilityList) DeepCopyObject() runtime.Object {
|
||||
if c := in.DeepCopy(); c != nil {
|
||||
return c
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *StorageClassCapabilitySpec) DeepCopyInto(out *StorageClassCapabilitySpec) {
|
||||
*out = *in
|
||||
out.Features = in.Features
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StorageClassCapabilitySpec.
|
||||
func (in *StorageClassCapabilitySpec) DeepCopy() *StorageClassCapabilitySpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(StorageClassCapabilitySpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *VolumeFeature) DeepCopyInto(out *VolumeFeature) {
|
||||
*out = *in
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VolumeFeature.
|
||||
func (in *VolumeFeature) DeepCopy() *VolumeFeature {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(VolumeFeature)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
@@ -43,11 +43,6 @@ func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.R
|
||||
}
|
||||
|
||||
resp, ok, err := a.auth.AuthenticatePassword(req.Context(), username, password)
|
||||
// if we authenticated successfully, go ahead and remove the bearer token so that no one
|
||||
// is ever tempted to use it inside of the API server
|
||||
if ok {
|
||||
req.Header.Del("Authorization")
|
||||
}
|
||||
|
||||
// If the token authenticator didn't error, provide a default error
|
||||
if !ok && err == nil {
|
||||
|
||||
@@ -26,12 +26,16 @@ import (
|
||||
"k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/klog"
|
||||
iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/request"
|
||||
"kubesphere.io/kubesphere/pkg/models/iam/im"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// WithAuthentication installs authentication handler to handler chain.
|
||||
// The following part is a little bit ugly, WithAuthentication also logs user failed login attempt
|
||||
// if using basic auth. But only treats request with requestURI `/oauth/authorize` as login attempt
|
||||
func WithAuthentication(handler http.Handler, auth authenticator.Request, loginRecorder im.LoginRecorder) http.Handler {
|
||||
if auth == nil {
|
||||
klog.Warningf("Authentication is disabled")
|
||||
@@ -41,15 +45,24 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, loginR
|
||||
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
resp, ok, err := auth.AuthenticateRequest(req)
|
||||
username, _, usingBasicAuth := req.BasicAuth()
|
||||
|
||||
defer func() {
|
||||
// if we authenticated successfully, go ahead and remove the bearer token so that no one
|
||||
// is ever tempted to use it inside of the API server
|
||||
if usingBasicAuth && ok {
|
||||
req.Header.Del("Authorization")
|
||||
}
|
||||
}()
|
||||
|
||||
if err != nil || !ok {
|
||||
if err != nil {
|
||||
klog.Errorf("Unable to authenticate the request due to error: %v", err)
|
||||
if err.Error() == im.AuthFailedIncorrectPassword.Error() { // log failed login attempts
|
||||
username, _, _ := req.BasicAuth()
|
||||
if usingBasicAuth { // log failed login attempts
|
||||
go func(user string) {
|
||||
if loginRecorder != nil && len(user) != 0 {
|
||||
err = loginRecorder.RecordLogin(user, err, req)
|
||||
klog.Errorf("Failed to record unsuccessful login attempt for user %s", user)
|
||||
err = loginRecorder.RecordLogin(user, iamv1alpha2.BasicAuth, "", err, req)
|
||||
klog.Errorf("Failed to record unsuccessful login attempt for user %s, error: %v", user, err)
|
||||
}
|
||||
}(username)
|
||||
}
|
||||
@@ -67,6 +80,13 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, loginR
|
||||
return
|
||||
}
|
||||
|
||||
go func() {
|
||||
if loginRecorder != nil && usingBasicAuth && strings.HasPrefix(req.URL.Path, "/oauth/authorize") {
|
||||
err = loginRecorder.RecordLogin(username, iamv1alpha2.BasicAuth, "", nil, req)
|
||||
klog.Errorf("Failed to record unsuccessful login attempt for user %s, error: %v", username, err)
|
||||
}
|
||||
}()
|
||||
|
||||
req = req.WithContext(request.WithUser(req.Context(), resp.User))
|
||||
handler.ServeHTTP(w, req)
|
||||
})
|
||||
|
||||
@@ -528,8 +528,7 @@ func (c *Controller) deleteRoleBindings(user *iamv1alpha2.User) error {
|
||||
return err
|
||||
} else {
|
||||
for _, namespace := range result.Items {
|
||||
if err := c.k8sClient.RbacV1().RoleBindings(namespace.Name).
|
||||
DeleteCollection(deleteOptions, listOptions); err != nil {
|
||||
if err = c.k8sClient.RbacV1().RoleBindings(namespace.Name).DeleteCollection(deleteOptions, listOptions); err != nil {
|
||||
klog.Error(err)
|
||||
return err
|
||||
}
|
||||
@@ -590,8 +589,7 @@ func (c *Controller) syncUserStatus(user *iamv1alpha2.User) (*iamv1alpha2.User,
|
||||
now := time.Now()
|
||||
failedLoginAttempts := 0
|
||||
for _, loginRecord := range records {
|
||||
if loginRecord.Spec.Type == iamv1alpha2.LoginFailure &&
|
||||
loginRecord.CreationTimestamp.Add(c.authenticationOptions.AuthenticateRateLimiterDuration).After(now) {
|
||||
if !loginRecord.Spec.Success && loginRecord.CreationTimestamp.Add(c.authenticationOptions.AuthenticateRateLimiterDuration).After(now) {
|
||||
failedLoginAttempts++
|
||||
}
|
||||
}
|
||||
|
||||
@@ -133,7 +133,7 @@ func (h *handler) Authorize(req *restful.Request, resp *restful.Response) {
|
||||
http.Redirect(resp, req.Request, redirectURL, http.StatusFound)
|
||||
}
|
||||
|
||||
func (h *handler) OAuthCallBack(req *restful.Request, resp *restful.Response) {
|
||||
func (h *handler) oAuthCallBack(req *restful.Request, resp *restful.Response) {
|
||||
|
||||
code := req.QueryParameter("code")
|
||||
name := req.PathParameter("callback")
|
||||
@@ -161,7 +161,7 @@ func (h *handler) OAuthCallBack(req *restful.Request, resp *restful.Response) {
|
||||
identity, err := oauthIdentityProvider.IdentityExchange(code)
|
||||
|
||||
if err != nil {
|
||||
err := apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err))
|
||||
err = apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err))
|
||||
resp.WriteError(http.StatusUnauthorized, err)
|
||||
return
|
||||
}
|
||||
@@ -217,7 +217,7 @@ func (h *handler) OAuthCallBack(req *restful.Request, resp *restful.Response) {
|
||||
return
|
||||
}
|
||||
|
||||
if err = h.loginRecorder.RecordLogin(authenticated.Name, nil, req.Request); err != nil {
|
||||
if err = h.loginRecorder.RecordLogin(authenticated.Name, iamv1alpha2.OAuth, providerOptions.Name, nil, req.Request); err != nil {
|
||||
klog.Error(err)
|
||||
err := apierrors.NewInternalError(err)
|
||||
resp.WriteError(http.StatusInternalServerError, err)
|
||||
@@ -273,9 +273,9 @@ func (h *handler) passwordGrant(username string, password string, req *restful.R
|
||||
authenticated, err := h.authenticator.Authenticate(username, password)
|
||||
if err != nil {
|
||||
if err == im.AuthFailedIncorrectPassword {
|
||||
if err := h.loginRecorder.RecordLogin(username, err, req.Request); err != nil {
|
||||
if err := h.loginRecorder.RecordLogin(username, iamv1alpha2.Token, "", err, req.Request); err != nil {
|
||||
klog.Error(err)
|
||||
err := apierrors.NewInternalError(err)
|
||||
err = apierrors.NewInternalError(err)
|
||||
response.WriteError(http.StatusInternalServerError, err)
|
||||
return
|
||||
}
|
||||
@@ -284,7 +284,7 @@ func (h *handler) passwordGrant(username string, password string, req *restful.R
|
||||
err == im.AuthFailedIdentityMappingNotMatch ||
|
||||
err == im.AuthRateLimitExceeded {
|
||||
klog.V(4).Info(err)
|
||||
err := apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err))
|
||||
err = apierrors.NewUnauthorized(fmt.Sprintf("Unauthorized: %s", err))
|
||||
response.WriteError(http.StatusUnauthorized, err)
|
||||
return
|
||||
}
|
||||
@@ -302,7 +302,7 @@ func (h *handler) passwordGrant(username string, password string, req *restful.R
|
||||
return
|
||||
}
|
||||
|
||||
if err = h.loginRecorder.RecordLogin(authenticated.GetName(), nil, req.Request); err != nil {
|
||||
if err = h.loginRecorder.RecordLogin(authenticated.GetName(), iamv1alpha2.Token, "", nil, req.Request); err != nil {
|
||||
klog.Error(err)
|
||||
err := apierrors.NewInternalError(err)
|
||||
response.WriteError(http.StatusInternalServerError, err)
|
||||
|
||||
@@ -91,7 +91,7 @@ func AddToContainer(c *restful.Container, im im.IdentityManagementInterface, tok
|
||||
"otherwise, REQUIRED. The scope of the access token as described by [RFC6479] Section 3.3.").Required(false)).
|
||||
Param(ws.QueryParameter("state", "if the \"state\" parameter was present in the client authorization request."+
|
||||
"The exact value received from the client.").Required(true)).
|
||||
To(handler.OAuthCallBack).
|
||||
To(handler.oAuthCallBack).
|
||||
Returns(http.StatusOK, api.StatusOK, oauth.Token{}))
|
||||
|
||||
c.Add(ws)
|
||||
|
||||
@@ -29,7 +29,7 @@ import (
|
||||
)
|
||||
|
||||
type LoginRecorder interface {
|
||||
RecordLogin(username string, authErr error, req *http.Request) error
|
||||
RecordLogin(username string, loginType iamv1alpha2.LoginType, provider string, authErr error, req *http.Request) error
|
||||
}
|
||||
|
||||
type loginRecorder struct {
|
||||
@@ -42,7 +42,7 @@ func NewLoginRecorder(ksClient kubesphere.Interface) LoginRecorder {
|
||||
}
|
||||
}
|
||||
|
||||
func (l *loginRecorder) RecordLogin(username string, authErr error, req *http.Request) error {
|
||||
func (l *loginRecorder) RecordLogin(username string, loginType iamv1alpha2.LoginType, provider string, authErr error, req *http.Request) error {
|
||||
loginEntry := &iamv1alpha2.LoginRecord{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: fmt.Sprintf("%s-", username),
|
||||
@@ -51,14 +51,17 @@ func (l *loginRecorder) RecordLogin(username string, authErr error, req *http.Re
|
||||
},
|
||||
},
|
||||
Spec: iamv1alpha2.LoginRecordSpec{
|
||||
SourceIP: net.GetRequestIP(req),
|
||||
Type: iamv1alpha2.LoginSuccess,
|
||||
Reason: iamv1alpha2.AuthenticatedSuccessfully,
|
||||
Type: loginType,
|
||||
Provider: provider,
|
||||
Success: true,
|
||||
Reason: iamv1alpha2.AuthenticatedSuccessfully,
|
||||
SourceIP: net.GetRequestIP(req),
|
||||
UserAgent: req.UserAgent(),
|
||||
},
|
||||
}
|
||||
|
||||
if authErr != nil {
|
||||
loginEntry.Spec.Type = iamv1alpha2.LoginFailure
|
||||
loginEntry.Spec.Success = false
|
||||
loginEntry.Spec.Reason = authErr.Error()
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user