392 lines
11 KiB
Go
392 lines
11 KiB
Go
package v1alpha2
|
|
|
|
import (
|
|
"github.com/emicklei/go-restful"
|
|
v1 "k8s.io/api/core/v1"
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
k8serr "k8s.io/apimachinery/pkg/api/errors"
|
|
"k8s.io/apimachinery/pkg/util/net"
|
|
"k8s.io/klog"
|
|
"kubesphere.io/kubesphere/pkg/api"
|
|
"kubesphere.io/kubesphere/pkg/constants"
|
|
"kubesphere.io/kubesphere/pkg/informers"
|
|
"kubesphere.io/kubesphere/pkg/models/iam"
|
|
"kubesphere.io/kubesphere/pkg/models/monitoring"
|
|
"kubesphere.io/kubesphere/pkg/models/resources/v1alpha2"
|
|
"kubesphere.io/kubesphere/pkg/models/tenant"
|
|
apierr "kubesphere.io/kubesphere/pkg/server/errors"
|
|
"kubesphere.io/kubesphere/pkg/server/params"
|
|
"kubesphere.io/kubesphere/pkg/simple/client/k8s"
|
|
"kubesphere.io/kubesphere/pkg/simple/client/mysql"
|
|
"kubesphere.io/kubesphere/pkg/utils/sliceutil"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
type tenantHandler struct {
|
|
tenant tenant.Interface
|
|
am iam.AccessManagementInterface
|
|
}
|
|
|
|
func newTenantHandler(k8sClient k8s.Client, factory informers.InformerFactory, db *mysql.Database) *tenantHandler {
|
|
|
|
return &tenantHandler{
|
|
tenant: tenant.New(k8sClient.Kubernetes(), factory.KubernetesSharedInformerFactory(), factory.KubeSphereSharedInformerFactory(), db),
|
|
am: iam.NewAMOperator(k8sClient.Kubernetes(), factory.KubernetesSharedInformerFactory()),
|
|
}
|
|
}
|
|
|
|
func (h *tenantHandler) ListWorkspaceRules(req *restful.Request, resp *restful.Response) {
|
|
workspace := req.PathParameter("workspace")
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
|
|
rules, err := h.tenant.GetWorkspaceSimpleRules(workspace, username)
|
|
|
|
if err != nil {
|
|
klog.Errorln(err)
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
resp.WriteEntity(rules)
|
|
}
|
|
|
|
func (h *tenantHandler) ListWorkspaces(req *restful.Request, resp *restful.Response) {
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
orderBy := params.GetStringValueWithDefault(req, params.OrderByParam, v1alpha2.CreateTime)
|
|
limit, offset := params.ParsePaging(req)
|
|
reverse := params.GetBoolValueWithDefault(req, params.ReverseParam, true)
|
|
conditions, err := params.ParseConditions(req)
|
|
|
|
if err != nil {
|
|
klog.Errorln(err)
|
|
api.HandleBadRequest(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
result, err := h.tenant.ListWorkspaces(username, conditions, orderBy, reverse, limit, offset)
|
|
|
|
if err != nil {
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
resp.WriteAsJson(result)
|
|
}
|
|
|
|
func (h *tenantHandler) DescribeWorkspace(req *restful.Request, resp *restful.Response) {
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
workspaceName := req.PathParameter("workspace")
|
|
|
|
result, err := h.tenant.DescribeWorkspace(username, workspaceName)
|
|
|
|
if err != nil {
|
|
if k8serr.IsNotFound(err) {
|
|
api.HandleNotFound(resp, nil, err)
|
|
} else {
|
|
api.HandleInternalError(resp, nil, err)
|
|
}
|
|
return
|
|
}
|
|
|
|
resp.WriteAsJson(result)
|
|
}
|
|
|
|
func (h *tenantHandler) ListNamespaces(req *restful.Request, resp *restful.Response) {
|
|
workspace := req.PathParameter("workspace")
|
|
username := req.PathParameter("member")
|
|
// /workspaces/{workspace}/members/{username}/namespaces
|
|
if username == "" {
|
|
// /workspaces/{workspace}/namespaces
|
|
username = req.HeaderParameter(constants.UserNameHeader)
|
|
}
|
|
|
|
orderBy := params.GetStringValueWithDefault(req, params.OrderByParam, v1alpha2.CreateTime)
|
|
limit, offset := params.ParsePaging(req)
|
|
reverse := params.GetBoolValueWithDefault(req, params.ReverseParam, true)
|
|
conditions, err := params.ParseConditions(req)
|
|
|
|
if err != nil {
|
|
api.HandleBadRequest(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
conditions.Match[constants.WorkspaceLabelKey] = workspace
|
|
|
|
result, err := h.tenant.ListNamespaces(username, conditions, orderBy, reverse, limit, offset)
|
|
|
|
if err != nil {
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
namespaces := make([]*v1.Namespace, 0)
|
|
|
|
for _, item := range result.Items {
|
|
namespaces = append(namespaces, item.(*v1.Namespace).DeepCopy())
|
|
}
|
|
|
|
namespaces = monitoring.GetNamespacesWithMetrics(namespaces)
|
|
|
|
items := make([]interface{}, 0)
|
|
|
|
for _, item := range namespaces {
|
|
items = append(items, item)
|
|
}
|
|
|
|
result.Items = items
|
|
|
|
resp.WriteAsJson(result)
|
|
}
|
|
|
|
func (h *tenantHandler) CreateNamespace(req *restful.Request, resp *restful.Response) {
|
|
workspace := req.PathParameter("workspace")
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
var namespace v1.Namespace
|
|
err := req.ReadEntity(&namespace)
|
|
if err != nil {
|
|
api.HandleNotFound(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
_, err = h.tenant.DescribeWorkspace("", workspace)
|
|
|
|
if err != nil {
|
|
if k8serr.IsNotFound(err) {
|
|
api.HandleForbidden(resp, nil, err)
|
|
} else {
|
|
api.HandleInternalError(resp, nil, err)
|
|
}
|
|
return
|
|
}
|
|
|
|
created, err := h.tenant.CreateNamespace(workspace, &namespace, username)
|
|
|
|
if err != nil {
|
|
if k8serr.IsAlreadyExists(err) {
|
|
resp.WriteHeaderAndEntity(http.StatusConflict, err)
|
|
} else {
|
|
api.HandleInternalError(resp, nil, err)
|
|
}
|
|
return
|
|
}
|
|
resp.WriteAsJson(created)
|
|
}
|
|
|
|
func (h *tenantHandler) DeleteNamespace(req *restful.Request, resp *restful.Response) {
|
|
workspace := req.PathParameter("workspace")
|
|
namespace := req.PathParameter("namespace")
|
|
|
|
err := h.tenant.DeleteNamespace(workspace, namespace)
|
|
|
|
if err != nil {
|
|
if k8serr.IsNotFound(err) {
|
|
api.HandleNotFound(resp, nil, err)
|
|
} else {
|
|
api.HandleInternalError(resp, nil, err)
|
|
}
|
|
return
|
|
}
|
|
|
|
resp.WriteAsJson(apierr.None)
|
|
}
|
|
|
|
func (h *tenantHandler) ListDevopsProjects(req *restful.Request, resp *restful.Response) {
|
|
|
|
workspace := req.PathParameter("workspace")
|
|
username := req.PathParameter("member")
|
|
if username == "" {
|
|
username = req.HeaderParameter(constants.UserNameHeader)
|
|
}
|
|
orderBy := params.GetStringValueWithDefault(req, params.OrderByParam, v1alpha2.CreateTime)
|
|
limit, offset := params.ParsePaging(req)
|
|
reverse := params.GetBoolValueWithDefault(req, params.ReverseParam, true)
|
|
conditions, err := params.ParseConditions(req)
|
|
|
|
if err != nil {
|
|
api.HandleBadRequest(resp, nil, err)
|
|
return
|
|
}
|
|
conditions.Match["workspace"] = workspace
|
|
|
|
result, err := h.tenant.ListDevopsProjects(username, conditions, orderBy, reverse, limit, offset)
|
|
|
|
if err != nil {
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
resp.WriteEntity(result)
|
|
}
|
|
|
|
func (h *tenantHandler) GetDevOpsProjectsCount(req *restful.Request, resp *restful.Response) {
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
|
|
result, err := h.tenant.ListDevopsProjects(username, nil, "", false, 1, 0)
|
|
if err != nil {
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
resp.WriteEntity(struct {
|
|
Count int `json:"count"`
|
|
}{Count: result.TotalCount})
|
|
}
|
|
func (h *tenantHandler) DeleteDevopsProject(req *restful.Request, resp *restful.Response) {
|
|
projectId := req.PathParameter("devops")
|
|
workspace := req.PathParameter("workspace")
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
|
|
_, err := h.tenant.DescribeWorkspace("", workspace)
|
|
|
|
if err != nil {
|
|
api.HandleInternalError(resp, req, err)
|
|
return
|
|
}
|
|
|
|
err = h.tenant.DeleteDevOpsProject(username, projectId)
|
|
|
|
if err != nil {
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
resp.WriteEntity(apierr.None)
|
|
}
|
|
|
|
func (h *tenantHandler) CreateDevopsProject(req *restful.Request, resp *restful.Response) {
|
|
|
|
}
|
|
|
|
func (h *tenantHandler) ListNamespaceRules(req *restful.Request, resp *restful.Response) {
|
|
namespace := req.PathParameter("namespace")
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
|
|
rules, err := h.tenant.GetNamespaceSimpleRules(namespace, username)
|
|
|
|
if err != nil {
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
resp.WriteAsJson(rules)
|
|
}
|
|
|
|
func (h *tenantHandler) ListDevopsRules(req *restful.Request, resp *restful.Response) {
|
|
|
|
devops := req.PathParameter("devops")
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
|
|
rules, err := h.tenant.GetUserDevopsSimpleRules(username, devops)
|
|
|
|
if err != nil {
|
|
api.HandleInternalError(resp, nil, err)
|
|
return
|
|
}
|
|
|
|
resp.WriteAsJson(rules)
|
|
}
|
|
|
|
//TODO(wansir): We need move this part to logging module
|
|
//func (h *tenantHandler) LogQuery(req *restful.Request, resp *restful.Response) {
|
|
// operation := req.QueryParameter("operation")
|
|
// req, err := h.regenerateLoggingRequest(req)
|
|
// switch {
|
|
// case err != nil:
|
|
// api.HandleInternalError(resp, err)
|
|
// case req != nil:
|
|
// loggingv1alpha2.Get(req, loggingv1alpha2.LevelCluster, h.k8s, h.lo, resp)
|
|
// default:
|
|
// if operation == "export" {
|
|
// resp.Header().Set(restful.HEADER_ContentType, "text/plain")
|
|
// resp.Header().Set("Content-Disposition", "attachment")
|
|
// resp.Write(nil)
|
|
// } else {
|
|
// resp.WriteAsJson(v1alpha2.APIResponse{Logs: new(loggingclient.Logs)})
|
|
// }
|
|
// }
|
|
//}
|
|
|
|
// override namespace query conditions
|
|
//TODO(wansir): We need move this part to logging module
|
|
func (h *tenantHandler) regenerateLoggingRequest(req *restful.Request) (*restful.Request, error) {
|
|
|
|
username := req.HeaderParameter(constants.UserNameHeader)
|
|
|
|
// regenerate the request for log query
|
|
newUrl := net.FormatURL("http", "127.0.0.1", 80, "/kapis/logging.kubesphere.io/v1alpha2/cluster")
|
|
values := req.Request.URL.Query()
|
|
|
|
clusterRoleRules, err := h.am.GetClusterPolicyRules(username)
|
|
|
|
if err != nil {
|
|
klog.Errorln(err)
|
|
return nil, err
|
|
}
|
|
|
|
hasClusterLogAccess := iam.RulesMatchesRequired(clusterRoleRules, rbacv1.PolicyRule{Verbs: []string{"get"}, Resources: []string{"*"}, APIGroups: []string{"logging.kubesphere.io"}})
|
|
// if the user is not a cluster admin
|
|
if !hasClusterLogAccess {
|
|
queryNamespaces := strings.Split(req.QueryParameter("namespaces"), ",")
|
|
// then the user can only view logs of namespaces he belongs to
|
|
namespaces := make([]string, 0)
|
|
roles, err := h.am.GetRoles("", username)
|
|
if err != nil {
|
|
klog.Errorln(err)
|
|
return nil, err
|
|
}
|
|
for _, role := range roles {
|
|
if !sliceutil.HasString(namespaces, role.Namespace) && iam.RulesMatchesRequired(role.Rules, rbacv1.PolicyRule{Verbs: []string{"get"}, Resources: []string{"*"}, APIGroups: []string{"logging.kubesphere.io"}}) {
|
|
namespaces = append(namespaces, role.Namespace)
|
|
}
|
|
}
|
|
|
|
// if the user belongs to no namespace
|
|
// then no log visible
|
|
if len(namespaces) == 0 {
|
|
return nil, nil
|
|
} else if len(queryNamespaces) == 1 && queryNamespaces[0] == "" {
|
|
values.Set("namespaces", strings.Join(namespaces, ","))
|
|
} else {
|
|
inter := intersection(queryNamespaces, namespaces)
|
|
if len(inter) == 0 {
|
|
return nil, nil
|
|
}
|
|
values.Set("namespaces", strings.Join(inter, ","))
|
|
}
|
|
}
|
|
|
|
newUrl.RawQuery = values.Encode()
|
|
|
|
// forward the request to logging model
|
|
newHttpRequest, _ := http.NewRequest(http.MethodGet, newUrl.String(), nil)
|
|
return restful.NewRequest(newHttpRequest), nil
|
|
}
|
|
|
|
func intersection(s1, s2 []string) (inter []string) {
|
|
hash := make(map[string]bool)
|
|
for _, e := range s1 {
|
|
hash[e] = true
|
|
}
|
|
for _, e := range s2 {
|
|
// If elements present in the hashmap then append intersection list.
|
|
if hash[e] {
|
|
inter = append(inter, e)
|
|
}
|
|
}
|
|
//Remove dups from slice.
|
|
inter = removeDups(inter)
|
|
return
|
|
}
|
|
|
|
//Remove dups from slice.
|
|
func removeDups(elements []string) (nodups []string) {
|
|
encountered := make(map[string]bool)
|
|
for _, element := range elements {
|
|
if !encountered[element] {
|
|
nodups = append(nodups, element)
|
|
encountered[element] = true
|
|
}
|
|
}
|
|
return
|
|
}
|