feature(main): fix user group role (labring#1754)

Signed-off-by: cuisongliu <[email protected]>
TomatoQt · Sep 14, 2022 · 26469b1 · 26469b1
1 parent bbd304c
commit 26469b1
Show file tree

Hide file tree

Showing 9 changed files with 83 additions and 33 deletions.
diff --git a/controllers/user/.gitignore b/controllers/user/.gitignore
@@ -13,6 +13,7 @@ testbin/*
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
+deploy/registry
 
 # Kubernetes Generated files - skip generated files, except for vendored files
 

diff --git a/controllers/user/api/v1/user_types.go b/controllers/user/api/v1/user_types.go
@@ -26,9 +26,6 @@ import (
 
 // UserSpec defines the desired state of User
 type UserSpec struct {
-	// display name of the user
-	DisplayName string `json:"displayName"`
-
 	// expirationSeconds is the requested duration of validity of the issued
 	// certificate. The certificate signer may issue a certificate with a different
 	// validity duration so a client must check the delta between the notBefore and

diff --git a/controllers/user/config/crd/bases/user.sealos.io_users.yaml b/controllers/user/config/crd/bases/user.sealos.io_users.yaml
@@ -58,11 +58,6 @@ spec:
                   expirationSeconds is 600, i.e. 10 minutes."
                 format: int32
                 type: integer
-              displayName:
-                description: display name of the user
-                type: string
-            required:
-            - displayName
             type: object
           status:
             description: UserStatus defines the observed state of User

diff --git a/controllers/user/config/manager/manager.yaml b/controllers/user/config/manager/manager.yaml
@@ -16,7 +16,7 @@ spec:
   selector:
     matchLabels:
       control-plane: controller-manager
-  replicas: 1
+  replicas: 3
   template:
     metadata:
       annotations:
@@ -68,3 +68,19 @@ spec:
             memory: 64Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-api-service
+  namespace: system
+spec:
+  ports:
+    - name: http
+      port: 8088
+      protocol: TCP
+      targetPort: 8088
+  selector:
+    control-plane: controller-manager
diff --git a/controllers/user/controllers/usergroupnamespacebinding_controller.go b/controllers/user/controllers/usergroupnamespacebinding_controller.go
@@ -167,7 +167,17 @@ func (r *UserGroupNamespaceBindingController) syncRoleBinding(ctx context.Contex
 				roleBinding.Name = user.Subject.Name + "-role"
 				roleBinding.Namespace = ugBinding.Subject.Name
 
-				if change, err = controllerutil.CreateOrUpdate(ctx, r.Client, roleBinding, func() error {
+				if err = r.Get(ctx, client.ObjectKeyFromObject(roleBinding), roleBinding); err != nil {
+					if !apierrors.IsNotFound(err) {
+						return err
+					}
+				}
+				if !roleBinding.CreationTimestamp.IsZero() {
+					r.Logger.V(1).Info("namespace UserGroupBinding roleBinding is created", "OperationResult", change, "user", roleBinding.Name, "namespace", roleBinding.Namespace)
+					return nil
+				}
+
+				if change, err = controllerutil.CreateOrUpdate(ctx, r.Client, user.DeepCopy(), func() error {
 					if err = controllerutil.SetControllerReference(ugBinding, roleBinding, r.Scheme); err != nil {
 						return err
 					}

diff --git a/controllers/user/deploy/manifests/deploy.yaml b/controllers/user/deploy/manifests/deploy.yaml
@@ -429,11 +429,6 @@ spec:
                   expirationSeconds is 600, i.e. 10 minutes."
                 format: int32
                 type: integer
-              displayName:
-                description: display name of the user
-                type: string
-            required:
-            - displayName
             type: object
           status:
             description: UserStatus defines the observed state of User
@@ -831,6 +826,22 @@ metadata:
 ---
 apiVersion: v1
 kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: user-controller-manager-api-service
+  namespace: user-system
+spec:
+  ports:
+  - name: http
+    port: 8088
+    protocol: TCP
+    targetPort: 8088
+  selector:
+    control-plane: controller-manager
+---
+apiVersion: v1
+kind: Service
 metadata:
   labels:
     control-plane: controller-manager
@@ -853,7 +864,7 @@ metadata:
   name: user-controller-manager
   namespace: user-system
 spec:
-  replicas: 1
+  replicas: 3
   selector:
     matchLabels:
       control-plane: controller-manager

diff --git a/controllers/user/deploy/manifests/rbac.yaml b/controllers/user/deploy/manifests/rbac.yaml
@@ -15,9 +15,6 @@ rules:
       - deletecollection
       - patch
       - update
-      - list
-      - get
-      - watch
 ---
 ## 新增、删除用户，管理员只允许移入移除用户
 apiVersion: rbac.authorization.k8s.io/v1
@@ -35,9 +32,6 @@ rules:
       - deletecollection
       - patch
       - update
-      - list
-      - get
-      - watch
   - apiGroups:
       - user.sealos.io
     resources:
@@ -47,14 +41,14 @@ rules:
       - get
       - watch
 ---
-##普通用户创建namespace，只允许创建管理员
+##普通用户创建namespace,usergroup
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: sealos-user-user-role
 rules:
   - apiGroups:
-    - user.sealos.io
+      - user.sealos.io
     resources:
       - 'usergroupbindings'
     verbs:
@@ -63,6 +57,13 @@ rules:
       - deletecollection
       - patch
       - update
-      - list
-      - get
-      - watch
+  - apiGroups:
+      - user.sealos.io
+    resources:
+      - 'usergroups'
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - patch
+      - update
diff --git a/controllers/user/main.go b/controllers/user/main.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"flag"
 	"os"
+	"sync"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -131,9 +132,25 @@ func main() {
 	}
 	ctx, cancel := context.WithCancel(context.TODO())
 	defer cancel()
-	setupLog.Info("starting manager")
-	if err := mgr.Start(ctx); err != nil {
-		setupLog.Error(err, "problem running manager")
-		os.Exit(1)
-	}
+	go func() {
+		setupLog.Info("starting manager")
+		if err := mgr.Start(ctx); err != nil {
+			setupLog.Error(err, "failed to running manager")
+			os.Exit(1)
+		}
+	}()
+	done := make(chan struct{})
+	go func() {
+		if mgr.GetCache().WaitForCacheSync(context.Background()) {
+			done <- struct{}{}
+		}
+	}()
+	<-done
+	go func(mgr ctrl.Manager) {
+		//TODO add apiserver
+	}(mgr)
+
+	var wg sync.WaitGroup
+	wg.Add(1)
+	wg.Wait()
 }
diff --git a/pkg/image/types/types.go b/pkg/image/types/types.go
@@ -62,7 +62,9 @@ func (opts *BuildOptions) String() string {
 	opts.AllPlatforms = false
 	opts.DisableCompression = true
 	opts.Pull = PullTypeIfMissing
-	opts.Platform = fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)
+	if opts.Platform == "" {
+		opts.Platform = fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)
+	}
 	var sb strings.Builder
 	if opts.NoCache {
 		sb.WriteString(" --no-cache ")
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,7 @@ testbin/* @@
     # Output of the go coverage tool, specifically when used with LiteIDE
     *.out
+    deploy/registry
     # Kubernetes Generated files - skip generated files, except for vendored files
@@ Expand Down @@