Merge pull request #2392 from shaowenchen/fix_devops

add interface for iam
2020-07-17 12:57:48 +08:00
parent 97580d3776 895d8b838f
commit f706d264dd
8 changed files with 523 additions and 88 deletions
--- a/pkg/simple/client/devops/jenkins/jenkins.go
+++ b/pkg/simple/client/devops/jenkins/jenkins.go
@@ -214,7 +214,9 @@ func (j *Jenkins) Poll() (int, error) {
 	return resp.StatusCode, nil
 }

-func (j *Jenkins) GetGlobalRole(roleName string) (*GlobalRole, error) {
+// query roleName exist or not
+// if return roleName means exist
+func (j *Jenkins) GetGlobalRole(roleName string) (string, error) {
 	roleResponse := &GlobalRoleResponse{
 		RoleName: roleName,
 	}
@@ -226,15 +228,29 @@ func (j *Jenkins) GetGlobalRole(roleName string) (*GlobalRole, error) {
 			"type":     GLOBAL_ROLE,
 		})
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 	if response.StatusCode != http.StatusOK {
-		return nil, errors.New(strconv.Itoa(response.StatusCode))
+		return "", errors.New(strconv.Itoa(response.StatusCode))
 	}
 	if stringResponse == "{}" {
-		return nil, nil
+		return "", nil
 	}
 	err = json.Unmarshal([]byte(stringResponse), roleResponse)
+	if err != nil {
+		return "", err
+	}
+	return roleResponse.RoleName, nil
+}
+
+func (j *Jenkins) GetGlobalRoleHandler(roleName string) (*GlobalRole, error) {
+	name, err := j.GetGlobalRole(roleName)
+	if err != nil {
+		return nil, err
+	}
+	roleResponse := &GlobalRoleResponse{
+		RoleName: name,
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -244,6 +260,50 @@ func (j *Jenkins) GetGlobalRole(roleName string) (*GlobalRole, error) {
 	}, nil
 }

+// assign a global roleName to username(sid)
+func (j *Jenkins) AssignGlobalRole(roleName string, sid string) error {
+	globalRole, err := j.GetGlobalRoleHandler(roleName)
+	if err != nil {
+		return err
+	}
+	param := map[string]string{
+		"type":     GLOBAL_ROLE,
+		"roleName": globalRole.Raw.RoleName,
+		"sid":      sid,
+	}
+	responseString := ""
+	response, err := j.Requester.Post("/role-strategy/strategy/assignRole", nil, &responseString, param)
+	if err != nil {
+		return err
+	}
+	if response.StatusCode != http.StatusOK {
+		return errors.New(strconv.Itoa(response.StatusCode))
+	}
+	return nil
+}
+
+// unassign a global roleName to username(sid)
+func (j *Jenkins) UnAssignGlobalRole(roleName string, sid string) error {
+	globalRole, err := j.GetGlobalRoleHandler(roleName)
+	if err != nil {
+		return err
+	}
+	param := map[string]string{
+		"type":     GLOBAL_ROLE,
+		"roleName": globalRole.Raw.RoleName,
+		"sid":      sid,
+	}
+	responseString := ""
+	response, err := j.Requester.Post("/role-strategy/strategy/unassignRole", nil, &responseString, param)
+	if err != nil {
+		return err
+	}
+	if response.StatusCode != http.StatusOK {
+		return errors.New(strconv.Itoa(response.StatusCode))
+	}
+	return nil
+}
+
 func (j *Jenkins) GetProjectRole(roleName string) (*ProjectRole, error) {
 	roleResponse := &ProjectRoleResponse{
 		RoleName: roleName,
@@ -274,13 +334,52 @@ func (j *Jenkins) GetProjectRole(roleName string) (*ProjectRole, error) {
 	}, nil
 }

-func (j *Jenkins) AddGlobalRole(roleName string, ids GlobalPermissionIds, overwrite bool) (*GlobalRole, error) {
-	responseRole := &GlobalRole{
-		Jenkins: j,
-		Raw: GlobalRoleResponse{
-			RoleName:      roleName,
-			PermissionIds: ids,
-		}}
+// assign a project roleName to username(sid)
+func (j *Jenkins) AssignProjectRole(roleName string, sid string) error {
+	projectRole, err := j.GetProjectRole(roleName)
+	if err != nil {
+		return err
+	}
+	param := map[string]string{
+		"type":     PROJECT_ROLE,
+		"roleName": projectRole.Raw.RoleName,
+		"sid":      sid,
+	}
+	responseString := ""
+	response, err := j.Requester.Post("/role-strategy/strategy/assignRole", nil, &responseString, param)
+	if err != nil {
+		return err
+	}
+	if response.StatusCode != http.StatusOK {
+		return errors.New(strconv.Itoa(response.StatusCode))
+	}
+	return nil
+}
+
+// unassign a project roleName to username(sid)
+func (j *Jenkins) UnAssignProjectRole(roleName string, sid string) error {
+	projectRole, err := j.GetProjectRole(roleName)
+	if err != nil {
+		return err
+	}
+	param := map[string]string{
+		"type":     PROJECT_ROLE,
+		"roleName": projectRole.Raw.RoleName,
+		"sid":      sid,
+	}
+	responseString := ""
+	response, err := j.Requester.Post("/role-strategy/strategy/unassignRole", nil, &responseString, param)
+	if err != nil {
+		return err
+	}
+	if response.StatusCode != http.StatusOK {
+		return errors.New(strconv.Itoa(response.StatusCode))
+	}
+	return nil
+}
+
+// add a global roleName
+func (j *Jenkins) AddGlobalRole(roleName string, ids devops.GlobalPermissionIds, overwrite bool) error {
 	var idArray []string
 	values := reflect.ValueOf(ids)
 	for i := 0; i < values.NumField(); i++ {
@@ -298,14 +397,15 @@ func (j *Jenkins) AddGlobalRole(roleName string, ids GlobalPermissionIds, overwr
 	responseString := ""
 	response, err := j.Requester.Post("/role-strategy/strategy/addRole", nil, &responseString, param)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if response.StatusCode != http.StatusOK {
-		return nil, errors.New(strconv.Itoa(response.StatusCode))
+		return errors.New(strconv.Itoa(response.StatusCode))
 	}
-	return responseRole, nil
+	return nil
 }

+// delete roleName from the project
 func (j *Jenkins) DeleteProjectRoles(roleName ...string) error {
 	responseString := ""

@@ -323,14 +423,8 @@ func (j *Jenkins) DeleteProjectRoles(roleName ...string) error {
 	return nil
 }

-func (j *Jenkins) AddProjectRole(roleName string, pattern string, ids ProjectPermissionIds, overwrite bool) (*ProjectRole, error) {
-	responseRole := &ProjectRole{
-		Jenkins: j,
-		Raw: ProjectRoleResponse{
-			RoleName:      roleName,
-			PermissionIds: ids,
-			Pattern:       pattern,
-		}}
+// add roleName for project
+func (j *Jenkins) AddProjectRole(roleName string, pattern string, ids devops.ProjectPermissionIds, overwrite bool) error {
 	var idArray []string
 	values := reflect.ValueOf(ids)
 	for i := 0; i < values.NumField(); i++ {
@@ -349,12 +443,12 @@ func (j *Jenkins) AddProjectRole(roleName string, pattern string, ids ProjectPer
 	responseString := ""
 	response, err := j.Requester.Post("/role-strategy/strategy/addRole", nil, &responseString, param)
 	if err != nil {
-		return nil, err
+		return err
 	}
 	if response.StatusCode != http.StatusOK {
-		return nil, errors.New(strconv.Itoa(response.StatusCode))
+		return errors.New(strconv.Itoa(response.StatusCode))
 	}
-	return responseRole, nil
+	return nil
 }

 func (j *Jenkins) DeleteUserInProject(username string) error {
--- a/pkg/simple/client/devops/jenkins/role.go
+++ b/pkg/simple/client/devops/jenkins/role.go
@@ -2,6 +2,7 @@ package jenkins

 import (
 	"errors"
+	"kubesphere.io/kubesphere/pkg/simple/client/devops"
 	"net/http"
 	"reflect"
 	"strconv"
@@ -9,8 +10,8 @@ import (
 )

 type GlobalRoleResponse struct {
-	RoleName      string              `json:"roleName"`
-	PermissionIds GlobalPermissionIds `json:"permissionIds"`
+	RoleName      string                     `json:"roleName"`
+	PermissionIds devops.GlobalPermissionIds `json:"permissionIds"`
 }

 type GlobalRole struct {
@@ -18,71 +19,18 @@ type GlobalRole struct {
 	Raw     GlobalRoleResponse
 }

-type GlobalPermissionIds struct {
-	Administer              bool `json:"hudson.model.Hudson.Administer"`
-	GlobalRead              bool `json:"hudson.model.Hudson.Read"`
-	CredentialCreate        bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.Create"`
-	CredentialUpdate        bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.Update"`
-	CredentialView          bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.View"`
-	CredentialDelete        bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.Delete"`
-	CredentialManageDomains bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains"`
-	SlaveCreate             bool `json:"hudson.model.Computer.Create"`
-	SlaveConfigure          bool `json:"hudson.model.Computer.Configure"`
-	SlaveDelete             bool `json:"hudson.model.Computer.Delete"`
-	SlaveBuild              bool `json:"hudson.model.Computer.Build"`
-	SlaveConnect            bool `json:"hudson.model.Computer.Connect"`
-	SlaveDisconnect         bool `json:"hudson.model.Computer.Disconnect"`
-	ItemBuild               bool `json:"hudson.model.Item.Build"`
-	ItemCreate              bool `json:"hudson.model.Item.Create"`
-	ItemRead                bool `json:"hudson.model.Item.Read"`
-	ItemConfigure           bool `json:"hudson.model.Item.Configure"`
-	ItemCancel              bool `json:"hudson.model.Item.Cancel"`
-	ItemMove                bool `json:"hudson.model.Item.Move"`
-	ItemDiscover            bool `json:"hudson.model.Item.Discover"`
-	ItemWorkspace           bool `json:"hudson.model.Item.Workspace"`
-	ItemDelete              bool `json:"hudson.model.Item.Delete"`
-	RunUpdate               bool `json:"hudson.model.Run.Update"`
-	RunDelete               bool `json:"hudson.model.Run.Delete"`
-	ViewCreate              bool `json:"hudson.model.View.Create"`
-	ViewConfigure           bool `json:"hudson.model.View.Configure"`
-	ViewRead                bool `json:"hudson.model.View.Read"`
-	ViewDelete              bool `json:"hudson.model.View.Delete"`
-	SCMTag                  bool `json:"hudson.scm.SCM.Tag"`
-}
-
 type ProjectRole struct {
 	Jenkins *Jenkins
 	Raw     ProjectRoleResponse
 }

 type ProjectRoleResponse struct {
-	RoleName      string               `json:"roleName"`
-	PermissionIds ProjectPermissionIds `json:"permissionIds"`
-	Pattern       string               `json:"pattern"`
+	RoleName      string                      `json:"roleName"`
+	PermissionIds devops.ProjectPermissionIds `json:"permissionIds"`
+	Pattern       string                      `json:"pattern"`
 }

-type ProjectPermissionIds struct {
-	CredentialCreate        bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.Create"`
-	CredentialUpdate        bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.Update"`
-	CredentialView          bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.View"`
-	CredentialDelete        bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.Delete"`
-	CredentialManageDomains bool `json:"com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains"`
-	ItemBuild               bool `json:"hudson.model.Item.Build"`
-	ItemCreate              bool `json:"hudson.model.Item.Create"`
-	ItemRead                bool `json:"hudson.model.Item.Read"`
-	ItemConfigure           bool `json:"hudson.model.Item.Configure"`
-	ItemCancel              bool `json:"hudson.model.Item.Cancel"`
-	ItemMove                bool `json:"hudson.model.Item.Move"`
-	ItemDiscover            bool `json:"hudson.model.Item.Discover"`
-	ItemWorkspace           bool `json:"hudson.model.Item.Workspace"`
-	ItemDelete              bool `json:"hudson.model.Item.Delete"`
-	RunUpdate               bool `json:"hudson.model.Run.Update"`
-	RunDelete               bool `json:"hudson.model.Run.Delete"`
-	RunReplay               bool `json:"hudson.model.Run.Replay"`
-	SCMTag                  bool `json:"hudson.scm.SCM.Tag"`
-}
-
-func (j *GlobalRole) Update(ids GlobalPermissionIds) error {
+func (j *GlobalRole) Update(ids devops.GlobalPermissionIds) error {
 	var idArray []string
 	values := reflect.ValueOf(ids)
 	for i := 0; i < values.NumField(); i++ {
@@ -108,6 +56,7 @@ func (j *GlobalRole) Update(ids GlobalPermissionIds) error {
 	return nil
 }

+// call jenkins api to update global role
 func (j *GlobalRole) AssignRole(sid string) error {
 	param := map[string]string{
 		"type":     GLOBAL_ROLE,
@@ -142,7 +91,9 @@ func (j *GlobalRole) UnAssignRole(sid string) error {
 	return nil
 }

-func (j *ProjectRole) Update(pattern string, ids ProjectPermissionIds) error {
+// update ProjectPermissionIds to Project
+// pattern string means some project, like project-name/*
+func (j *ProjectRole) Update(pattern string, ids devops.ProjectPermissionIds) error {
 	var idArray []string
 	values := reflect.ValueOf(ids)
 	for i := 0; i < values.NumField(); i++ {