Skip to content

Commit

Permalink
feat: support listing cluster that user has the cluster`s rolebinding (
Browse files Browse the repository at this point in the history
…kubesphere#1973)

* feat: support list cluster that user has the cluster`s rolebinding

Signed-off-by: wenhaozhou <[email protected]>

* update

Signed-off-by: wenhaozhou <[email protected]>

* Update pkg/apiserver/query/field.go

* Update pkg/models/tenant/tenant.go

Co-authored-by: hongming <[email protected]>

* update

Signed-off-by: wenhaozhou <[email protected]>

---------

Signed-off-by: wenhaozhou <[email protected]>
Co-authored-by: hongming <[email protected]>
Signed-off-by: wenhaozhou <[email protected]>
  • Loading branch information
zhou1203 and wansir committed Oct 31, 2024
1 parent c54d646 commit 5dcb456
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 3 deletions.
74 changes: 74 additions & 0 deletions pkg/models/tenant/tenant.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"context"
"encoding/json"
"fmt"
"strconv"
"strings"

"kubesphere.io/kubesphere/pkg/constants"
Expand All @@ -35,6 +36,7 @@ import (
"kubesphere.io/kubesphere/pkg/apiserver/authorization/authorizer"
"kubesphere.io/kubesphere/pkg/apiserver/query"
"kubesphere.io/kubesphere/pkg/apiserver/request"
clusterutils "kubesphere.io/kubesphere/pkg/controller/cluster/utils"
"kubesphere.io/kubesphere/pkg/models/iam/am"
"kubesphere.io/kubesphere/pkg/models/iam/im"
resources "kubesphere.io/kubesphere/pkg/models/resources/v1alpha3"
Expand All @@ -43,6 +45,11 @@ import (
jsonpatchutil "kubesphere.io/kubesphere/pkg/utils/josnpatchutil"
)

const (
orphanFinalizer = "orphan.finalizers.kubesphere.io"
queryRoleBindingExists = "roleBindingExists"
)

type Interface interface {
ListWorkspaces(user user.Info, queryParam *query.Query) (*api.ListResult, error)
GetWorkspace(workspace string) (*tenantv1beta1.Workspace, error)
Expand Down Expand Up @@ -543,6 +550,27 @@ func (t *tenantOperator) ListClusters(user user.Info, queryParam *query.Query) (
items = append(items, cluster)
}

clusterByRoleBinding := false
if v, ok := queryParam.Filters[queryRoleBindingExists]; ok && v != "" {
clusterByRoleBinding, err = strconv.ParseBool(string(v))
if err != nil {
return nil, err
}
}

if clusterByRoleBinding {
byRoleBinding, err := t.getClusterByRoleBinding(context.Background(), user)
if err != nil {
return nil, err
}
for _, cluster := range byRoleBinding {
// duplicate cluster will not append to results
if !grantedClusters.Has(cluster.Name) {
items = append(items, cluster)
}
}
}

// apply additional labelSelector
if queryParam.LabelSelector != "" {
queryParam.Filters[query.FieldLabel] = query.Value(queryParam.LabelSelector)
Expand All @@ -558,6 +586,35 @@ func (t *tenantOperator) ListClusters(user user.Info, queryParam *query.Query) (
return result, nil
}

func (t *tenantOperator) getClusterByRoleBinding(ctx context.Context, user user.Info) ([]*clusterv1alpha1.Cluster, error) {
result := []*clusterv1alpha1.Cluster{}
clusters, err := t.clusterClient.ListClusters(ctx)
if err != nil {
return nil, err
}

for _, cluster := range clusters {
if !clusterutils.IsClusterReady(&cluster) {
continue
}
rtClient, err := t.clusterClient.GetRuntimeClient(cluster.Name)
if err != nil {
return nil, err
}

rbList := &iamv1beta1.RoleBindingList{}
err = rtClient.List(ctx, rbList, runtimeclient.MatchingLabels{iamv1beta1.UserReferenceLabel: user.GetName()})
if err != nil {
return nil, err
}
if len(rbList.Items) != 0 {
result = append(result, &cluster)
}

}
return result, nil
}

func (t *tenantOperator) DeleteWorkspaceTemplate(workspaceName string, opts metav1.DeleteOptions) error {
workspace := &tenantv1beta1.WorkspaceTemplate{}
if err := t.client.Get(context.Background(), types.NamespacedName{Name: workspaceName}, workspace); err != nil {
Expand Down Expand Up @@ -597,6 +654,23 @@ func contains(objects []runtime.Object, object runtime.Object) bool {
return false
}

func stringSet(strs []string) map[string]struct{} {
m := make(map[string]struct{})
for _, str := range strs {
m[str] = struct{}{}
}
return m
}

func stringContains(str string, subStrs []string) bool {
for _, sub := range subStrs {
if strings.Contains(str, sub) {
return true
}
}
return false
}

func (t *tenantOperator) checkWorkspaceTemplatePermission(user user.Info, workspace string) error {
deleteWST := authorizer.AttributesRecord{
User: user,
Expand Down
3 changes: 0 additions & 3 deletions pkg/utils/clusterclient/clusterclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,9 +125,6 @@ func (c *clusterClients) addCluster(obj interface{}) (*ClusterClient, error) {
if err != nil {
return nil, err
}
if err != nil {
return nil, err
}
client, err := runtimeclient.New(restConfig, runtimeclient.Options{
HTTPClient: httpClient,
Scheme: scheme.Scheme,
Expand Down

0 comments on commit 5dcb456

Please sign in to comment.