From 2c4b7113b7cb2e82f3f6cbaecef6bafa08127ce9 Mon Sep 17 00:00:00 2001 From: liangyuzhou Date: Wed, 25 Dec 2019 17:18:07 +0800 Subject: [PATCH] style: fix lint error --- cmd/tke-auth-api/app/config/config.go | 2 +- .../app/options/feature.go | 4 +++- .../app/options/options.go | 21 ++++++++--------- .../oidc/identityprovider/interface.go | 9 ++------ .../oidc/identityprovider/local/local.go | 19 ++++++++------- pkg/auth/authorization/local/authorizer.go | 2 +- .../deletion/policied_resources_deleter.go | 3 +++ .../localidentity/storage/password.go | 4 ++-- pkg/auth/registry/localidentity/validation.go | 7 +++--- pkg/auth/registry/rule/strategy.go | 3 +-- pkg/auth/registry/rule/validation.go | 4 ++-- pkg/auth/util/adapter.go | 23 +------------------ pkg/auth/util/dex/conn.go | 8 +++---- pkg/auth/util/sign.go | 3 --- pkg/auth/util/user.go | 7 ++---- .../leaderelection/resourcelock/auth_lock.go | 3 --- .../resourcelock/resourcelock.go | 2 +- 17 files changed, 44 insertions(+), 80 deletions(-) diff --git a/cmd/tke-auth-api/app/config/config.go b/cmd/tke-auth-api/app/config/config.go index a033c21a6..a9a8e91f7 100644 --- a/cmd/tke-auth-api/app/config/config.go +++ b/cmd/tke-auth-api/app/config/config.go @@ -308,7 +308,7 @@ func setupCasbinEnforcer(authorizationOptions *options.AuthorizationOptions) (*c func setupDefaultConnectorConfig(authClient authinternalclient.AuthInterface, versionInformers versionedinformers.SharedInformerFactory, store dexstorage.Storage, auth *options.AuthOptions) error { // create dex local identity provider for tke connector. dexserver.ConnectorsConfig[local.TkeConnectorType] = func() dexserver.ConnectorConfig { - return new(local.DefaultIdentityProvdier) + return new(local.DefaultIdentityProvider) } local.SetupRestClient(authClient) diff --git a/cmd/tke-auth-controller/app/options/feature.go b/cmd/tke-auth-controller/app/options/feature.go index a005c1c3b..b1ba9b36e 100644 --- a/cmd/tke-auth-controller/app/options/feature.go +++ b/cmd/tke-auth-controller/app/options/feature.go @@ -54,7 +54,9 @@ type FeatureOptions struct { } func NewFeatureOptions() *FeatureOptions { - return &FeatureOptions{CasbinReloadInterval: 5*time.Second} + return &FeatureOptions{ + CasbinReloadInterval: 5 * time.Second, + } } // AddFlags adds flags for console to the specified FlagSet object. diff --git a/cmd/tke-auth-controller/app/options/options.go b/cmd/tke-auth-controller/app/options/options.go index af52386a7..d7721e846 100644 --- a/cmd/tke-auth-controller/app/options/options.go +++ b/cmd/tke-auth-controller/app/options/options.go @@ -27,23 +27,22 @@ import ( // Options is the main context object for the TKE controller manager. type Options struct { - Log *log.Options - Debug *apiserveroptions.DebugOptions - SecureServing *apiserveroptions.SecureServingOptions - Component *controlleroptions.ComponentOptions - AuthAPIClient *controlleroptions.APIServerClientOptions - + Log *log.Options + Debug *apiserveroptions.DebugOptions + SecureServing *apiserveroptions.SecureServingOptions + Component *controlleroptions.ComponentOptions + AuthAPIClient *controlleroptions.APIServerClientOptions FeatureOptions *FeatureOptions } // NewOptions creates a new Options with a default config. func NewOptions(serverName string, allControllers []string, disabledByDefaultControllers []string) *Options { return &Options{ - Log: log.NewOptions(), - Debug: apiserveroptions.NewDebugOptions(), - SecureServing: apiserveroptions.NewSecureServingOptions(serverName, 9458), - Component: controlleroptions.NewComponentOptions(allControllers, disabledByDefaultControllers), - AuthAPIClient: controlleroptions.NewAPIServerClientOptions("auth", true), + Log: log.NewOptions(), + Debug: apiserveroptions.NewDebugOptions(), + SecureServing: apiserveroptions.NewSecureServingOptions(serverName, 9458), + Component: controlleroptions.NewComponentOptions(allControllers, disabledByDefaultControllers), + AuthAPIClient: controlleroptions.NewAPIServerClientOptions("auth", true), FeatureOptions: NewFeatureOptions(), } } diff --git a/pkg/auth/authentication/oidc/identityprovider/interface.go b/pkg/auth/authentication/oidc/identityprovider/interface.go index 1d1667188..8df687bfa 100644 --- a/pkg/auth/authentication/oidc/identityprovider/interface.go +++ b/pkg/auth/authentication/oidc/identityprovider/interface.go @@ -20,16 +20,11 @@ package identityprovider import ( "context" - "github.com/dexidp/dex/connector" dexlog "github.com/dexidp/dex/pkg/log" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/dexidp/dex/storage" - metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion" - - + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "tkestack.io/tke/api/auth" ) @@ -44,7 +39,7 @@ type IdentityProvider interface { } // IdentityProvidersStore represents identity providers for every tenantID. -var IdentityProvidersStore = make(map[string] IdentityProvider) +var IdentityProvidersStore = make(map[string]IdentityProvider) // UserGetter is an object that can get the user that match the provided field and label criteria. type UserGetter interface { diff --git a/pkg/auth/authentication/oidc/identityprovider/local/local.go b/pkg/auth/authentication/oidc/identityprovider/local/local.go index 1d9cf78e8..4fae1e7ad 100644 --- a/pkg/auth/authentication/oidc/identityprovider/local/local.go +++ b/pkg/auth/authentication/oidc/identityprovider/local/local.go @@ -58,14 +58,14 @@ var ( ) // Config holds the configuration parameters for tke local connector login. -type DefaultIdentityProvdier struct { +type DefaultIdentityProvider struct { tenantID string localIdentityLister authv1lister.LocalIdentityLister localGroupLister authv1lister.LocalGroupLister } func NewDefaultIdentityProvider(tenantID string, versionInformers versionedinformers.SharedInformerFactory) identityprovider.IdentityProvider { - return &DefaultIdentityProvdier{ + return &DefaultIdentityProvider{ tenantID: tenantID, localIdentityLister: versionInformers.Auth().V1().LocalIdentities().Lister(), localGroupLister: versionInformers.Auth().V1().LocalGroups().Lister(), @@ -73,7 +73,7 @@ func NewDefaultIdentityProvider(tenantID string, versionInformers versionedinfor } // Open returns a strategy for logging in through TKE -func (c *DefaultIdentityProvdier) Open(id string, logger dexlog.Logger) ( +func (c *DefaultIdentityProvider) Open(id string, logger dexlog.Logger) ( connector.Connector, error) { if authClient == nil { @@ -83,12 +83,12 @@ func (c *DefaultIdentityProvdier) Open(id string, logger dexlog.Logger) ( return &localConnector{authClient: authClient, tenantID: id}, nil } -func (c *DefaultIdentityProvdier) Connector() (*dexstorage.Connector, error) { +func (c *DefaultIdentityProvider) Connector() (*dexstorage.Connector, error) { if c.tenantID == "" { return nil, fmt.Errorf("must specify tenantID") } - bytes, err := json.Marshal(DefaultIdentityProvdier{}) + bytes, err := json.Marshal(DefaultIdentityProvider{}) if err != nil { return nil, err } @@ -99,7 +99,6 @@ func (c *DefaultIdentityProvdier) Connector() (*dexstorage.Connector, error) { Name: c.tenantID, Config: bytes, }, nil - } func SetupRestClient(authInterface authinternalclient.AuthInterface) { @@ -190,7 +189,7 @@ func (p *localConnector) Refresh(ctx context.Context, s connector.Scopes, identi } // Get is an object that can get the user that match the provided field and label criteria. -func (c *DefaultIdentityProvdier) GetUser(ctx context.Context, name string, options *metav1.GetOptions) (*auth.User, error) { +func (c *DefaultIdentityProvider) GetUser(ctx context.Context, name string, options *metav1.GetOptions) (*auth.User, error) { _, tenantID := authentication.GetUsernameAndTenantID(ctx) if tenantID != "" && tenantID != c.tenantID { return nil, apierrors.NewBadRequest("must in the same tenant") @@ -210,7 +209,7 @@ func (c *DefaultIdentityProvdier) GetUser(ctx context.Context, name string, opti } // List is an object that can list users that match the provided field and label criteria. -func (c *DefaultIdentityProvdier) ListUsers(ctx context.Context, options *metainternal.ListOptions) (*auth.UserList, error) { +func (c *DefaultIdentityProvider) ListUsers(ctx context.Context, options *metainternal.ListOptions) (*auth.UserList, error) { keyword := "" limit := 50 if options.FieldSelector != nil { @@ -260,7 +259,7 @@ func (c *DefaultIdentityProvdier) ListUsers(ctx context.Context, options *metain } // Get is an object that can get the user that match the provided field and label criteria. -func (c *DefaultIdentityProvdier) GetGroup(ctx context.Context, name string, options *metav1.GetOptions) (*auth.Group, error) { +func (c *DefaultIdentityProvider) GetGroup(ctx context.Context, name string, options *metav1.GetOptions) (*auth.Group, error) { _, tenantID := authentication.GetUsernameAndTenantID(ctx) if tenantID != "" && tenantID != c.tenantID { return nil, apierrors.NewBadRequest("must in the same tenant") @@ -280,7 +279,7 @@ func (c *DefaultIdentityProvdier) GetGroup(ctx context.Context, name string, opt } // List is an object that can list users that match the provided field and label criteria. -func (c *DefaultIdentityProvdier) ListGroups(ctx context.Context, options *metainternal.ListOptions) (*auth.GroupList, error) { +func (c *DefaultIdentityProvider) ListGroups(ctx context.Context, options *metainternal.ListOptions) (*auth.GroupList, error) { keyword := "" limit := 50 if options.FieldSelector != nil { diff --git a/pkg/auth/authorization/local/authorizer.go b/pkg/auth/authorization/local/authorizer.go index 918c1f5a7..f1aa19b9e 100644 --- a/pkg/auth/authorization/local/authorizer.go +++ b/pkg/auth/authorization/local/authorizer.go @@ -96,7 +96,7 @@ func (a *Authorizer) Authorize(ctx context.Context, attr authorizer.Attributes) } } - allow, err := a.enforcer.Enforce(fmt.Sprintf(util.UserKey(tenantID, subject)), resource, action) + allow, err := a.enforcer.Enforce(util.UserKey(tenantID, subject), resource, action) if err != nil { log.Error("Casbin enforcer failed", log.Any("att", attr), log.String("subj", subject), log.String("act", action), log.String("res", resource), log.Err(err)) return authorizer.DecisionDeny, "", err diff --git a/pkg/auth/controller/policy/deletion/policied_resources_deleter.go b/pkg/auth/controller/policy/deletion/policied_resources_deleter.go index d2fc11be7..e39ccabd6 100644 --- a/pkg/auth/controller/policy/deletion/policied_resources_deleter.go +++ b/pkg/auth/controller/policy/deletion/policied_resources_deleter.go @@ -282,6 +282,9 @@ func detachRelatedRoles(deleter *policiedResourcesDeleter, policy *v1.Policy) er log.Info("Policy controller - deleteRelatedRules", log.String("policyName", policy.ObjectMeta.Name)) roles, err := deleter.enforcer.GetRolesForUser(policy.ObjectMeta.Name) + if err != nil { + return err + } var errs []error diff --git a/pkg/auth/registry/localidentity/storage/password.go b/pkg/auth/registry/localidentity/storage/password.go index 2c509f046..c834b7e5f 100644 --- a/pkg/auth/registry/localidentity/storage/password.go +++ b/pkg/auth/registry/localidentity/storage/password.go @@ -58,11 +58,11 @@ func (r *PasswordREST) Create(ctx context.Context, obj runtime.Object, createVal userID := requestInfo.Name - obj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{}) + localIdentityObj, err := r.localIdentityStore.Get(ctx, userID, &metav1.GetOptions{}) if err != nil { return nil, err } - localIdentity := obj.(*auth.LocalIdentity) + localIdentity := localIdentityObj.(*auth.LocalIdentity) passwordReq := obj.(*auth.PasswordReq) diff --git a/pkg/auth/registry/localidentity/validation.go b/pkg/auth/registry/localidentity/validation.go index bf7d54418..a5fa13f72 100644 --- a/pkg/auth/registry/localidentity/validation.go +++ b/pkg/auth/registry/localidentity/validation.go @@ -138,12 +138,11 @@ func ValidateLocalIdentityPasswordUpdate(localIdentity *auth.LocalIdentity, pass return fmt.Errorf("must specify hashedPassword") } - if bcrypted, err := util.BcryptPassword(passwordReq.HashedPassword); err != nil { + bcrypted, err := util.BcryptPassword(passwordReq.HashedPassword) + if err != nil { return fmt.Errorf("bcrypt password failed: %v", err) - } else { - localIdentity.Spec.HashedPassword = bcrypted } - + localIdentity.Spec.HashedPassword = bcrypted return nil } diff --git a/pkg/auth/registry/rule/strategy.go b/pkg/auth/registry/rule/strategy.go index 83f3371a1..092a08d43 100644 --- a/pkg/auth/registry/rule/strategy.go +++ b/pkg/auth/registry/rule/strategy.go @@ -56,7 +56,6 @@ func (Strategy) DefaultGarbageCollectionRule(ctx context.Context) rest.GarbageCo // PrepareForUpdate is invoked on update before validation to normalize the // object. func (Strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { - return } // NamespaceScoped is false for policies. @@ -106,7 +105,7 @@ func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) { if !ok { return nil, nil, fmt.Errorf("not a rule") } - return labels.Set(rule.ObjectMeta.Labels), ToSelectableFields(rule), nil + return rule.ObjectMeta.Labels, ToSelectableFields(rule), nil } // MatchRule returns a generic matcher for a given label and field selector. diff --git a/pkg/auth/registry/rule/validation.go b/pkg/auth/registry/rule/validation.go index ed3192848..f930149d0 100644 --- a/pkg/auth/registry/rule/validation.go +++ b/pkg/auth/registry/rule/validation.go @@ -42,8 +42,8 @@ func ValidateRule(rule *auth.Rule) field.ErrorList { // ValidateRuleUpdate tests if required fields in the policy are set during // an update. func ValidateRuleUpdate(rule *auth.Rule, old *auth.Rule) field.ErrorList { - //allErrs := apiMachineryValidation.ValidateObjectMetaUpdate(&policy.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata")) + // allErrs := apiMachineryValidation.ValidateObjectMetaUpdate(&policy.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata")) allErrs := field.ErrorList{} allErrs = append(allErrs, ValidateRule(rule)...) - return nil + return allErrs } diff --git a/pkg/auth/util/adapter.go b/pkg/auth/util/adapter.go index 67a97d6cb..00ff5cc09 100644 --- a/pkg/auth/util/adapter.go +++ b/pkg/auth/util/adapter.go @@ -36,11 +36,6 @@ import ( authv1lister "tkestack.io/tke/api/client/listers/auth/v1" ) -const ( - // placeHolder represent the NULL value in the Casbin Rule. - placeHolder = "_" -) - // RestAdapter is the policy storage adapter for Casbin. With this library, Casbin can load policy // from kubernetes rest storage and save policy to it. Rest adapter support the Auto-Save feature for Casbin policy. // This means it can support adding a single policy rule to the storage, or removing a single policy @@ -68,7 +63,7 @@ func (a *RestAdapter) LoadPolicy(model model.Model) error { } // Uncomment this line to see when the policy is loaded. - //log.Info("List rules", log.Int("rules", len(rules))) + // log.Info("List rules", log.Int("rules", len(rules))) for _, rule := range rules { a.loadPolicy(rule, model) @@ -139,45 +134,29 @@ func (a *RestAdapter) destroy() error { func ConvertRule(ptype string, line []string) (rule authv1.Rule) { rule = authv1.Rule{} rule.Spec.PType = ptype - policys := []string{ptype} - length := len(line) if len(line) > 0 { rule.Spec.V0 = line[0] - policys = append(policys, line[0]) } if len(line) > 1 { rule.Spec.V1 = line[1] - policys = append(policys, line[1]) } if len(line) > 2 { rule.Spec.V2 = line[2] - policys = append(policys, line[2]) } if len(line) > 3 { rule.Spec.V3 = line[3] - policys = append(policys, line[3]) } if len(line) > 4 { rule.Spec.V4 = line[4] - policys = append(policys, line[4]) } if len(line) > 5 { rule.Spec.V5 = line[5] - policys = append(policys, line[5]) } - if len(line) > 6 { rule.Spec.V6 = line[6] - policys = append(policys, line[6]) } - for i := 0; i < 7-length; i++ { - policys = append(policys, placeHolder) - } - - //rule.ObjectMeta.Name = strings.Join(policys, "::") - return rule } diff --git a/pkg/auth/util/dex/conn.go b/pkg/auth/util/dex/conn.go index 713e8c002..fdbf095e7 100644 --- a/pkg/auth/util/dex/conn.go +++ b/pkg/auth/util/dex/conn.go @@ -35,13 +35,12 @@ type conn struct { func (c *conn) CreateConnector(connector dexstorage.Connector) error { idp := fromDexConnector(connector) - idp, err := c.authClient.IdentityProviders().Create(idp) + _, err := c.authClient.IdentityProviders().Create(idp) if err != nil { if apierrors.IsAlreadyExists(err) { return dexstorage.ErrAlreadyExists - } else { - return err } + return err } return nil } @@ -51,9 +50,8 @@ func (c *conn) GetConnector(id string) (conn dexstorage.Connector, err error) { if err != nil { if apierrors.IsNotFound(err) { return conn, dexstorage.ErrNotFound - } else { - return conn, err } + return conn, err } return toDexConnector(idp), nil diff --git a/pkg/auth/util/sign.go b/pkg/auth/util/sign.go index ae534cd6c..2d73a6112 100644 --- a/pkg/auth/util/sign.go +++ b/pkg/auth/util/sign.go @@ -34,9 +34,6 @@ import ( ) var ( - minExpire = 1 * time.Second - maxExpire = 100 * 365 * 24 * time.Hour - DefaultAPISigningKey = "default-api-signing-key" ) diff --git a/pkg/auth/util/user.go b/pkg/auth/util/user.go index 342852664..4de1b5d98 100644 --- a/pkg/auth/util/user.go +++ b/pkg/auth/util/user.go @@ -20,13 +20,11 @@ package util import ( "fmt" - "strings" - apierrors "k8s.io/apimachinery/pkg/api/errors" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" + "strings" "tkestack.io/tke/api/auth" - authinternalclient "tkestack.io/tke/api/client/clientset/internalversion/typed/auth/internalversion" ) @@ -85,4 +83,3 @@ func ParseTenantAndName(str string) (string, string) { func CombineTenantAndName(tenantID, name string) string { return fmt.Sprintf("%s::%s", tenantID, name) } - diff --git a/pkg/util/leaderelection/resourcelock/auth_lock.go b/pkg/util/leaderelection/resourcelock/auth_lock.go index 518bad285..4eb47f443 100644 --- a/pkg/util/leaderelection/resourcelock/auth_lock.go +++ b/pkg/util/leaderelection/resourcelock/auth_lock.go @@ -25,7 +25,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "tkestack.io/tke/api/auth/v1" authv1client "tkestack.io/tke/api/client/clientset/versioned/typed/auth/v1" - "tkestack.io/tke/pkg/util/log" ) // BusinessConfigMapLock defines the structure of using configmap resources to implement @@ -65,8 +64,6 @@ func (cml *AuthConfigMapLock) Create(ler LeaderElectionRecord) error { return err } - log.Info("xxx", ) - cml.cm, err = cml.Client.ConfigMaps().Create(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: cml.ConfigMapMeta.Name, diff --git a/pkg/util/leaderelection/resourcelock/resourcelock.go b/pkg/util/leaderelection/resourcelock/resourcelock.go index 10e0450aa..b026c7eee 100644 --- a/pkg/util/leaderelection/resourcelock/resourcelock.go +++ b/pkg/util/leaderelection/resourcelock/resourcelock.go @@ -20,11 +20,11 @@ package resourcelock import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + authv1 "tkestack.io/tke/api/client/clientset/versioned/typed/auth/v1" businessv1 "tkestack.io/tke/api/client/clientset/versioned/typed/business/v1" monitorv1 "tkestack.io/tke/api/client/clientset/versioned/typed/monitor/v1" notifyv1 "tkestack.io/tke/api/client/clientset/versioned/typed/notify/v1" platformv1 "tkestack.io/tke/api/client/clientset/versioned/typed/platform/v1" - authv1 "tkestack.io/tke/api/client/clientset/versioned/typed/auth/v1" ) const (