447a51f08b
* feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> * feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> --------- Signed-off-by: ci-bot <ci-bot@kubesphere.io> Co-authored-by: ks-ci-bot <ks-ci-bot@example.com> Co-authored-by: joyceliu <joyceliu@yunify.com>
186 lines
8.6 KiB
Go
186 lines
8.6 KiB
Go
/*
|
|
* Please refer to the LICENSE file in the root directory of the project.
|
|
* https://github.com/kubesphere/kubesphere/blob/master/LICENSE
|
|
*/
|
|
|
|
package v1beta1
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
restfulspec "github.com/emicklei/go-restful-openapi/v2"
|
|
"github.com/emicklei/go-restful/v3"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
iamv1beta1 "kubesphere.io/api/iam/v1beta1"
|
|
|
|
"kubesphere.io/kubesphere/pkg/api"
|
|
apiserverruntime "kubesphere.io/kubesphere/pkg/apiserver/runtime"
|
|
"kubesphere.io/kubesphere/pkg/server/errors"
|
|
)
|
|
|
|
var GroupVersion = schema.GroupVersion{Group: "iam.kubesphere.io", Version: "v1beta1"}
|
|
|
|
func (h *handler) AddToContainer(container *restful.Container) error {
|
|
ws := apiserverruntime.NewWebService(GroupVersion)
|
|
|
|
ws.Route(ws.POST("/users").
|
|
To(h.CreateUser).
|
|
Doc("Create user").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagIdentityManagement}).
|
|
Returns(http.StatusOK, api.StatusOK, iamv1beta1.User{}).
|
|
Reads(iamv1beta1.User{}))
|
|
ws.Route(ws.PUT("/users/{user}").
|
|
To(h.UpdateUser).
|
|
Doc("Update user").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagIdentityManagement}).
|
|
Reads(iamv1beta1.User{}).
|
|
Param(ws.PathParameter("user", "username")).
|
|
Returns(http.StatusOK, api.StatusOK, iamv1beta1.User{}))
|
|
ws.Route(ws.DELETE("/users/{user}").
|
|
To(h.DeleteUser).
|
|
Doc("Delete user").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagIdentityManagement}).
|
|
Param(ws.PathParameter("user", "username")).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
ws.Route(ws.PUT("/users/{user}/password").
|
|
To(h.ModifyPassword).
|
|
Doc("Reset password").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagIdentityManagement}).
|
|
Reads(PasswordReset{}).
|
|
Param(ws.PathParameter("user", "username")).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
ws.Route(ws.GET("/users/{user}").
|
|
To(h.DescribeUser).
|
|
Doc("Get user").
|
|
Notes("Retrieve user details.").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagIdentityManagement}).
|
|
Param(ws.PathParameter("user", "username")).
|
|
Returns(http.StatusOK, api.StatusOK, iamv1beta1.User{}))
|
|
ws.Route(ws.GET("/users").
|
|
To(h.ListUsers).
|
|
Doc("List users").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagIdentityManagement}).
|
|
Param(ws.QueryParameter("globalrole", "specific golalrole name")).
|
|
Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []runtime.Object{&iamv1beta1.User{}}}))
|
|
ws.Route(ws.GET("/users/{user}/loginrecords").
|
|
To(h.ListUserLoginRecords).
|
|
Doc("List login records").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagIdentityManagement}).
|
|
Param(ws.PathParameter("user", "username of the user")).
|
|
Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []runtime.Object{&iamv1beta1.LoginRecord{}}}))
|
|
|
|
// members
|
|
ws.Route(ws.GET("/clustermembers").
|
|
To(h.ListClusterMembers).
|
|
Doc("List all members of cluster").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.QueryParameter("clusterrole", "specific the cluster role name")).
|
|
Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []runtime.Object{&iamv1beta1.User{}}}))
|
|
ws.Route(ws.POST("/clustermembers").
|
|
To(h.CreateClusterMembers).
|
|
Doc("Add members to cluster").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Reads([]Member{}).
|
|
Returns(http.StatusOK, api.StatusOK, []Member{}))
|
|
ws.Route(ws.DELETE("/clustermembers/{clustermember}").
|
|
To(h.RemoveClusterMember).
|
|
Doc("Delete member from cluster").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("clustermember", "cluster member's username")).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
ws.Route(ws.PUT("/clustermembers/{clustermember}").
|
|
To(h.UpdateClusterMember).
|
|
Doc("Update member from the cluster").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("clustermember", "the member name from cluster")).
|
|
Reads(Member{}).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
|
|
ws.Route(ws.GET("/workspaces/{workspace}/workspacemembers").
|
|
To(h.ListWorkspaceMembers).
|
|
Doc("List all members in the specified workspace").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("workspace", "The specified workspace.")).
|
|
Param(ws.QueryParameter("workspacerole", "specific the workspace role name")).
|
|
Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []runtime.Object{&iamv1beta1.User{}}}))
|
|
ws.Route(ws.PUT("/workspaces/{workspace}/workspacemembers/{workspacemember}").
|
|
To(h.UpdateWorkspaceMember).
|
|
Doc("Update member from the workspace").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("workspace", "The specified workspace.")).
|
|
Param(ws.PathParameter("workspacemember", "the member from workspace")).
|
|
Reads(Member{}).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
ws.Route(ws.POST("/workspaces/{workspace}/workspacemembers").
|
|
To(h.CreateWorkspaceMembers).
|
|
Doc("Add members to the specified workspace").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("workspace", "The specified workspace.")).
|
|
Reads([]Member{}).
|
|
Returns(http.StatusOK, api.StatusOK, []Member{}))
|
|
ws.Route(ws.DELETE("/workspaces/{workspace}/workspacemembers/{workspacemember}").
|
|
To(h.RemoveWorkspaceMember).
|
|
Doc("Delete a member from the workspace").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("workspace", "The specified workspace.")).
|
|
Param(ws.PathParameter("workspacemember", "Workspace member's name.")).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
ws.Route(ws.GET("/workspaces/{workspace}/workspacemembers/{workspacemember}").
|
|
To(h.DescribeWorkspaceMember).
|
|
Doc("Get workspace member").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("workspace", "The specified workspace.")).
|
|
Param(ws.PathParameter("workspacemember", "Workspace member's name.")).
|
|
Returns(http.StatusOK, api.StatusOK, iamv1beta1.User{}))
|
|
|
|
ws.Route(ws.GET("/namespaces/{namespace}/namespacemembers").
|
|
To(h.ListNamespaceMembers).
|
|
Doc("List all members in the specified namespace").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.QueryParameter("role", "specific the role name")).
|
|
Param(ws.PathParameter("namespace", "The specified namespace.")).
|
|
Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []runtime.Object{&iamv1beta1.User{}}}))
|
|
ws.Route(ws.POST("/namespaces/{namespace}/namespacemembers").
|
|
To(h.CreateNamespaceMembers).
|
|
Doc("Add members to the namespace in bulk.").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Reads([]Member{}).
|
|
Returns(http.StatusOK, api.StatusOK, []Member{}).
|
|
Param(ws.PathParameter("namespace", "The specified namespace.")))
|
|
ws.Route(ws.DELETE("/namespaces/{namespace}/namespacemembers/{member}").
|
|
To(h.RemoveNamespaceMember).
|
|
Doc("Delete a member from the namespace").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("namespace", "The specified namespace.")).
|
|
Param(ws.PathParameter("member", "namespace member's username")).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
ws.Route(ws.PUT("/namespaces/{namespace}/namespacemembers/{namespacemember}").
|
|
To(h.UpdateNamespaceMember).
|
|
Doc("Update member from the namespace").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("namespace", "The specified namespace.")).
|
|
Param(ws.PathParameter("namespacemember", "the member from namespace")).
|
|
Reads(Member{}).
|
|
Returns(http.StatusOK, api.StatusOK, errors.None))
|
|
|
|
ws.Route(ws.GET("/users/{username}/roletemplates").
|
|
To(h.ListRoleTemplateOfUser).
|
|
Doc("List all role templates of the specified user").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Param(ws.PathParameter("username", "the name of the specified user")).
|
|
Param(ws.QueryParameter("scope", "the scope of role templates")).
|
|
Returns(http.StatusOK, api.StatusOK, api.ListResult{Items: []runtime.Object{&iamv1beta1.RoleTemplate{}}}))
|
|
|
|
ws.Route(ws.POST("/subjectaccessreviews").
|
|
To(h.CreateSubjectAccessReview).
|
|
Doc("Create subject access review").
|
|
Notes("Evaluates all of the request attributes against all policies and allows or denies the request.").
|
|
Metadata(restfulspec.KeyOpenAPITags, []string{api.TagAccessManagement}).
|
|
Reads(iamv1beta1.SubjectAccessReview{}).
|
|
Returns(http.StatusOK, api.StatusOK, iamv1beta1.SubjectAccessReview{}))
|
|
|
|
container.Add(ws)
|
|
return nil
|
|
}
|