代码拉取完成,页面将自动刷新
package systemaccount
import (
"fmt"
"github.com/rancher/rancher/pkg/randomtoken"
"github.com/rancher/rancher/pkg/ref"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/rancher/types/config"
"github.com/rancher/types/user"
errors2 "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
clusterOwnerRole = "cluster-owner"
projectMemberRole = "project-member"
)
func NewManager(management *config.ManagementContext) *Manager {
return &Manager{
userManager: management.UserManager,
crtbs: management.Management.ClusterRoleTemplateBindings(""),
crts: management.Management.ClusterRegistrationTokens(""),
prtbs: management.Management.ProjectRoleTemplateBindings(""),
tokens: management.Management.Tokens(""),
users: management.Management.Users(""),
}
}
func NewManagerFromScale(management *config.ScaledContext) *Manager {
return &Manager{
userManager: management.UserManager,
crtbs: management.Management.ClusterRoleTemplateBindings(""),
crts: management.Management.ClusterRegistrationTokens(""),
prtbs: management.Management.ProjectRoleTemplateBindings(""),
tokens: management.Management.Tokens(""),
users: management.Management.Users(""),
}
}
type Manager struct {
userManager user.Manager
crtbs v3.ClusterRoleTemplateBindingInterface
crts v3.ClusterRegistrationTokenInterface
prtbs v3.ProjectRoleTemplateBindingInterface
tokens v3.TokenInterface
users v3.UserInterface
}
func (s *Manager) CreateSystemAccount(cluster *v3.Cluster) error {
user, err := s.GetSystemUser(cluster.Name)
if err != nil {
return err
}
bindingName := user.Name + "-admin"
_, err = s.crtbs.GetNamespaced(cluster.Name, bindingName, v1.GetOptions{})
if err == nil {
return nil
}
_, err = s.crtbs.Create(&v3.ClusterRoleTemplateBinding{
ObjectMeta: v1.ObjectMeta{
Name: bindingName,
Namespace: cluster.Name,
},
ClusterName: cluster.Name,
UserName: user.Name,
RoleTemplateName: clusterOwnerRole,
})
return err
}
func (s *Manager) GetSystemUser(clusterName string) (*v3.User, error) {
return s.userManager.EnsureUser(fmt.Sprintf("system://%s", clusterName), "System account for Cluster "+clusterName)
}
func (s *Manager) GetOrCreateSystemClusterToken(clusterName string) (string, error) {
token := ""
crt, err := s.crts.GetNamespaced(clusterName, "system", v1.GetOptions{})
if errors2.IsNotFound(err) {
token, err = randomtoken.Generate()
if err != nil {
return "", err
}
crt = &v3.ClusterRegistrationToken{
ObjectMeta: v1.ObjectMeta{
Name: "system",
Namespace: clusterName,
},
Spec: v3.ClusterRegistrationTokenSpec{
ClusterName: clusterName,
},
Status: v3.ClusterRegistrationTokenStatus{
Token: token,
},
}
if _, err := s.crts.Create(crt); err != nil {
return "", err
}
} else if err != nil {
return "", err
} else {
token = crt.Status.Token
}
return token, nil
}
func (s *Manager) GetOrCreateProjectSystemAccount(projectID string) error {
_, projectName := ref.Parse(projectID)
user, err := s.GetProjectSystemUser(projectName)
if err != nil {
return err
}
bindingName := user.Name + "-member"
_, err = s.prtbs.GetNamespaced(projectName, bindingName, v1.GetOptions{})
if err == nil {
return nil
} else if errors2.IsNotFound(err) {
_, err = s.prtbs.Create(&v3.ProjectRoleTemplateBinding{
ObjectMeta: v1.ObjectMeta{
Name: bindingName,
Namespace: projectName,
},
ProjectName: projectID,
UserName: user.Name,
RoleTemplateName: projectMemberRole,
})
}
return err
}
func (s *Manager) GetProjectSystemUser(projectName string) (*v3.User, error) {
return s.userManager.EnsureUser(fmt.Sprintf("system://%s", projectName), "System account for Project "+projectName)
}
func (s *Manager) GetOrCreateProjectSystemToken(projectName string) (string, error) {
user, err := s.GetProjectSystemUser(projectName)
if err != nil {
return "", err
}
return s.userManager.EnsureToken(projectName+"-pipeline", "Pipeline token for project "+projectName, user.Name)
}
func (s *Manager) RemoveSystemAccount(userID string) error {
u, err := s.userManager.GetUserByPrincipalID(fmt.Sprintf("system://%s", userID))
if err != nil {
return err
}
if u == nil {
// user not found, must have been removed
return nil
}
if err := s.users.Delete(u.Name, &v1.DeleteOptions{}); err != nil && !errors2.IsNotFound(err) && !errors2.IsGone(err) {
return err
}
return nil
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。