37 Star 411 Fork 76

GVPrancher/rancher

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
systemaccount.go 4.49 KB
一键复制 编辑 原始数据 按行查看 历史
package systemaccount
import (
"fmt"
"github.com/rancher/rancher/pkg/randomtoken"
"github.com/rancher/rancher/pkg/ref"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/rancher/types/config"
"github.com/rancher/types/user"
errors2 "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
clusterOwnerRole = "cluster-owner"
projectMemberRole = "project-member"
)
func NewManager(management *config.ManagementContext) *Manager {
return &Manager{
userManager: management.UserManager,
crtbs: management.Management.ClusterRoleTemplateBindings(""),
crts: management.Management.ClusterRegistrationTokens(""),
prtbs: management.Management.ProjectRoleTemplateBindings(""),
tokens: management.Management.Tokens(""),
users: management.Management.Users(""),
}
}
func NewManagerFromScale(management *config.ScaledContext) *Manager {
return &Manager{
userManager: management.UserManager,
crtbs: management.Management.ClusterRoleTemplateBindings(""),
crts: management.Management.ClusterRegistrationTokens(""),
prtbs: management.Management.ProjectRoleTemplateBindings(""),
tokens: management.Management.Tokens(""),
users: management.Management.Users(""),
}
}
type Manager struct {
userManager user.Manager
crtbs v3.ClusterRoleTemplateBindingInterface
crts v3.ClusterRegistrationTokenInterface
prtbs v3.ProjectRoleTemplateBindingInterface
tokens v3.TokenInterface
users v3.UserInterface
}
func (s *Manager) CreateSystemAccount(cluster *v3.Cluster) error {
user, err := s.GetSystemUser(cluster.Name)
if err != nil {
return err
}
bindingName := user.Name + "-admin"
_, err = s.crtbs.GetNamespaced(cluster.Name, bindingName, v1.GetOptions{})
if err == nil {
return nil
}
_, err = s.crtbs.Create(&v3.ClusterRoleTemplateBinding{
ObjectMeta: v1.ObjectMeta{
Name: bindingName,
Namespace: cluster.Name,
},
ClusterName: cluster.Name,
UserName: user.Name,
RoleTemplateName: clusterOwnerRole,
})
return err
}
func (s *Manager) GetSystemUser(clusterName string) (*v3.User, error) {
return s.userManager.EnsureUser(fmt.Sprintf("system://%s", clusterName), "System account for Cluster "+clusterName)
}
func (s *Manager) GetOrCreateSystemClusterToken(clusterName string) (string, error) {
token := ""
crt, err := s.crts.GetNamespaced(clusterName, "system", v1.GetOptions{})
if errors2.IsNotFound(err) {
token, err = randomtoken.Generate()
if err != nil {
return "", err
}
crt = &v3.ClusterRegistrationToken{
ObjectMeta: v1.ObjectMeta{
Name: "system",
Namespace: clusterName,
},
Spec: v3.ClusterRegistrationTokenSpec{
ClusterName: clusterName,
},
Status: v3.ClusterRegistrationTokenStatus{
Token: token,
},
}
if _, err := s.crts.Create(crt); err != nil {
return "", err
}
} else if err != nil {
return "", err
} else {
token = crt.Status.Token
}
return token, nil
}
func (s *Manager) GetOrCreateProjectSystemAccount(projectID string) error {
_, projectName := ref.Parse(projectID)
user, err := s.GetProjectSystemUser(projectName)
if err != nil {
return err
}
bindingName := user.Name + "-member"
_, err = s.prtbs.GetNamespaced(projectName, bindingName, v1.GetOptions{})
if err == nil {
return nil
} else if errors2.IsNotFound(err) {
_, err = s.prtbs.Create(&v3.ProjectRoleTemplateBinding{
ObjectMeta: v1.ObjectMeta{
Name: bindingName,
Namespace: projectName,
},
ProjectName: projectID,
UserName: user.Name,
RoleTemplateName: projectMemberRole,
})
}
return err
}
func (s *Manager) GetProjectSystemUser(projectName string) (*v3.User, error) {
return s.userManager.EnsureUser(fmt.Sprintf("system://%s", projectName), "System account for Project "+projectName)
}
func (s *Manager) GetOrCreateProjectSystemToken(projectName string) (string, error) {
user, err := s.GetProjectSystemUser(projectName)
if err != nil {
return "", err
}
return s.userManager.EnsureToken(projectName+"-pipeline", "Pipeline token for project "+projectName, user.Name)
}
func (s *Manager) RemoveSystemAccount(userID string) error {
u, err := s.userManager.GetUserByPrincipalID(fmt.Sprintf("system://%s", userID))
if err != nil {
return err
}
if u == nil {
// user not found, must have been removed
return nil
}
if err := s.users.Delete(u.Name, &v1.DeleteOptions{}); err != nil && !errors2.IsNotFound(err) && !errors2.IsGone(err) {
return err
}
return nil
}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/rancher/rancher.git
git@gitee.com:rancher/rancher.git
rancher
rancher
rancher
v2.2.4-rc20

搜索帮助

0d507c66 1850385 C8b1a773 1850385