Fix auth subresource use store

pkg/auth/registry/group/storage/binding.go

@@ -38,7 +38,7 @@ import (
 
 // BindingREST implements the REST endpoint.
 type BindingREST struct {
- *registry.Store
+ groupStore *registry.Store
 
  authClient authinternalclient.AuthInterface
 }
@@ -51,16 +51,19 @@ func (r *BindingREST) New() runtime.Object {
  return &auth.Binding{}
 }
 
+// NewList returns an empty object that can be used with the List call.
+func (r *BindingREST) NewList() runtime.Object {
+ return &auth.LocalIdentityList{}
+}
+
 func (r *BindingREST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
  requestInfo, ok := request.RequestInfoFrom(ctx)
  if !ok {
  return nil, errors.NewBadRequest("unable to get request info from context")
  }
 
- log.Info("requestinfo", log.Any("requestInfo", requestInfo))
-
  bind := obj.(*auth.Binding)
- polObj, err := r.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
+ polObj, err := r.groupStore.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }
@@ -86,7 +89,7 @@ func (r *BindingREST) List(ctx context.Context, options *metainternal.ListOption
  return nil, errors.NewBadRequest("unable to get request info from context")
  }
 
- grpObj, err := r.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
+ grpObj, err := r.groupStore.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }

pkg/auth/registry/group/storage/unbinding.go

@@ -36,7 +36,7 @@ import (
 
 // UnbindingREST implements the REST endpoint.
 type UnbindingREST struct {
- *registry.Store
+ groupStore *registry.Store
 
  authClient authinternalclient.AuthInterface
 }
@@ -55,10 +55,8 @@ func (r *UnbindingREST) Create(ctx context.Context, obj runtime.Object, createVa
  return nil, errors.NewBadRequest("unable to get request info from context")
  }
 
- log.Info("requestinfo", log.Any("requestInfo", requestInfo))
-
  bind := obj.(*auth.Binding)
- polObj, err := r.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
+ polObj, err := r.groupStore.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }

pkg/auth/registry/localidentity/storage/group.go

@@ -40,20 +40,25 @@ import (
 
 // GroupREST implements the REST endpoint, list policies bound to the user.
 type GroupREST struct {
- *registry.Store
-
- authClient authinternalclient.AuthInterface
- enforcer *casbin.SyncedEnforcer
+ localIdentityStore *registry.Store
+ authClient authinternalclient.AuthInterface
+ enforcer *casbin.SyncedEnforcer
 }
 
 var _ = rest.Lister(&GroupREST{})
 
-// New returns an empty object that can be used with Create after request data
-// has been put into it.
+// NewList returns an empty object that can be used with the List call.
 func (r *GroupREST) NewList() runtime.Object {
  return &auth.GroupList{}
 }
 
+// New returns an empty object that can be used with Create and Update after
+// request data has been put into it.
+func (r *GroupREST) New() runtime.Object {
+ return &auth.Group{}
+}
+
+// List selects resources in the storage which match to the selector. 'options' can be nil.
 func (r *GroupREST) List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) {
  requestInfo, ok := request.RequestInfoFrom(ctx)
  if !ok {
@@ -62,10 +67,11 @@ func (r *GroupREST) List(ctx context.Context, options *metainternalversion.ListO
 
  userID := requestInfo.Name
 
- localIdentity, err := r.authClient.LocalIdentities().Get(userID, metav1.GetOptions{})
+ obj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }
+ localIdentity := obj.(*auth.LocalIdentity)
 
  roles, err := r.enforcer.GetRolesForUser(util.UserKey(localIdentity.Spec.TenantID, localIdentity.Spec.Username))
  if err != nil {

pkg/auth/registry/localidentity/storage/password.go

@@ -22,12 +22,12 @@ import (
  "context"
 
  "k8s.io/apimachinery/pkg/api/errors"
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/apimachinery/pkg/runtime"
  "k8s.io/apiserver/pkg/endpoints/request"
  "k8s.io/apiserver/pkg/registry/generic/registry"
  "k8s.io/apiserver/pkg/registry/rest"
- apierrors "k8s.io/apimachinery/pkg/api/errors"
 
  "tkestack.io/tke/api/auth"
  authinternalclient "tkestack.io/tke/api/client/clientset/internalversion/typed/auth/internalversion"
@@ -37,8 +37,8 @@ import (
 
 // PasswordREST implements the REST endpoint.
 type PasswordREST struct {
- *registry.Store
- authClient authinternalclient.AuthInterface
+ localIdentityStore *registry.Store
+ authClient  authinternalclient.AuthInterface
 }
 
 var _ = rest.Creater(&PasswordREST{})
@@ -49,7 +49,7 @@ func (r *PasswordREST) New() runtime.Object {
  return &auth.PasswordReq{}
 }
 
-// Create used to update password of the
+// Create used to update password of the local identity.
 func (r *PasswordREST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
  requestInfo, ok := request.RequestInfoFrom(ctx)
  if !ok {
@@ -58,10 +58,11 @@ func (r *PasswordREST) Create(ctx context.Context, obj runtime.Object, createVal
 
  userID := requestInfo.Name
 
- localIdentity, err := r.authClient.LocalIdentities().Get(userID, metav1.GetOptions{})
+ obj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }
+ localIdentity := obj.(*auth.LocalIdentity)
 
  passwordReq := obj.(*auth.PasswordReq)
 
@@ -70,6 +71,6 @@ func (r *PasswordREST) Create(ctx context.Context, obj runtime.Object, createVal
  return nil, apierrors.NewBadRequest(err.Error())
  }
 
- objUpdated, _, err := r.Store.Update(ctx, userID, rest.DefaultUpdatedObjectInfo(localIdentity), rest.ValidateAllObjectFunc, rest.ValidateAllObjectUpdateFunc, false, &metav1.UpdateOptions{})
+ objUpdated, _, err := r.localIdentityStore.Update(ctx, userID, rest.DefaultUpdatedObjectInfo(localIdentity), rest.ValidateAllObjectFunc, rest.ValidateAllObjectUpdateFunc, false, &metav1.UpdateOptions{})
  return objUpdated, err
 }

pkg/auth/registry/localidentity/storage/policy.go

@@ -40,20 +40,24 @@ import (
 
 // PolicyREST implements the REST endpoint, list policies bound to the user.
 type PolicyREST struct {
- *registry.Store
-
- authClient authinternalclient.AuthInterface
- enforcer *casbin.SyncedEnforcer
+ localIdentityStore *registry.Store
+ authClient authinternalclient.AuthInterface
+ enforcer *casbin.SyncedEnforcer
 }
 
 var _ = rest.Lister(&PolicyREST{})
 
-// New returns an empty object that can be used with Create after request data
-// has been put into it.
+// NewList returns an empty object that can be used with the List call.
 func (r *PolicyREST) NewList() runtime.Object {
  return &auth.PolicyList{}
 }
 
+// New returns an empty object that can be used with Create after request data
+// has been put into it.
+func (r *PolicyREST) New() runtime.Object {
+ return &auth.Policy{}
+}
+
 func (r *PolicyREST) List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) {
  requestInfo, ok := request.RequestInfoFrom(ctx)
  if !ok {
@@ -62,10 +66,11 @@ func (r *PolicyREST) List(ctx context.Context, options *metainternalversion.List
 
  userID := requestInfo.Name
 
- localIdentity, err := r.authClient.LocalIdentities().Get(userID, metav1.GetOptions{})
+ obj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }
+ localIdentity := obj.(*auth.LocalIdentity)
 
  roles, err := r.enforcer.GetRolesForUser(util.UserKey(localIdentity.Spec.TenantID, localIdentity.Spec.Username))
  if err != nil {

pkg/auth/registry/localidentity/storage/role.go

@@ -40,20 +40,24 @@ import (
 
 // RoleREST implements the REST endpoint, list policies bound to the user.
 type RoleREST struct {
- *registry.Store
-
- authClient authinternalclient.AuthInterface
- enforcer *casbin.SyncedEnforcer
+ localIdentityStore *registry.Store
+ authClient authinternalclient.AuthInterface
+ enforcer *casbin.SyncedEnforcer
 }
 
 var _ = rest.Lister(&RoleREST{})
 
-// New returns an empty object that can be used with Create after request data
-// has been put into it.
+// NewList returns an empty object that can be used with the List call.
 func (r *RoleREST) NewList() runtime.Object {
  return &auth.RoleList{}
 }
 
+// New returns an empty object that can be used with Create after request data
+// has been put into it.
+func (r *RoleREST) New() runtime.Object {
+ return &auth.Role{}
+}
+
 func (r *RoleREST) List(ctx context.Context, options *metainternalversion.ListOptions) (runtime.Object, error) {
  requestInfo, ok := request.RequestInfoFrom(ctx)
  if !ok {
@@ -62,10 +66,11 @@ func (r *RoleREST) List(ctx context.Context, options *metainternalversion.ListOp
 
  userID := requestInfo.Name
 
- localIdentity, err := r.authClient.LocalIdentities().Get(userID, metav1.GetOptions{})
+ obj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }
+ localIdentity := obj.(*auth.LocalIdentity)
 
  roles, err := r.enforcer.GetRolesForUser(util.UserKey(localIdentity.Spec.TenantID, localIdentity.Spec.Username))
  if err != nil {

pkg/auth/registry/policy/storage/binding.go

@@ -38,7 +38,7 @@ import (
 
 // BindingREST implements the REST endpoint.
 type BindingREST struct {
- *registry.Store
+ policyStore *registry.Store
 
  authClient authinternalclient.AuthInterface
 }
@@ -51,16 +51,19 @@ func (r *BindingREST) New() runtime.Object {
  return &auth.Binding{}
 }
 
+// NewList returns an empty object that can be used with the List call.
+func (r *BindingREST) NewList() runtime.Object {
+ return &auth.LocalIdentityList{}
+}
+
 func (r *BindingREST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
  requestInfo, ok := request.RequestInfoFrom(ctx)
  if !ok {
  return nil, errors.NewBadRequest("unable to get request info from context")
  }
 
- log.Info("requestinfo", log.Any("requestInfo", requestInfo))
-
  bind := obj.(*auth.Binding)
- polObj, err := r.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
+ polObj, err := r.policyStore.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }
@@ -86,7 +89,7 @@ func (r *BindingREST) List(ctx context.Context, options *metainternal.ListOption
  return nil, errors.NewBadRequest("unable to get request info from context")
  }
 
- polObj, err := r.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
+ polObj, err := r.policyStore.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }

pkg/auth/registry/policy/storage/unbinding.go

@@ -37,7 +37,7 @@ import (
 
 // UnbindingREST implements the REST endpoint.
 type UnbindingREST struct {
- *registry.Store
+ policyStore *registry.Store
 
  authClient authinternalclient.AuthInterface
 }
@@ -56,10 +56,8 @@ func (r *UnbindingREST) Create(ctx context.Context, obj runtime.Object, createVa
  return nil, errors.NewBadRequest("unable to get request info from context")
  }
 
- log.Info("requestinfo", log.Any("requestInfo", requestInfo))
-
  bind := obj.(*auth.Binding)
- polObj, err := r.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
+ polObj, err := r.policyStore.Get(ctx, requestInfo.Name, &metav1.GetOptions{})
  if err != nil {
  return nil, err
  }