Skip to content

Commit

Permalink
Add fieldSelector keyword query for tke-auth resources (tkestack#147)
Browse files Browse the repository at this point in the history
  • Loading branch information
@yadzhang
yadzhang committed Feb 24, 2020
1 parent de1e816 commit 954ec63
Show file tree
Hide file tree
Showing 6 changed files with 103 additions and 4 deletions.
4 changes: 4 additions & 0 deletions api/auth/v1/conversion.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ func AddFieldLabelConversionsForLocalIdentity(scheme *runtime.Scheme) error {
switch label {
case "spec.tenantID",
"spec.username",
"keyword",
"metadata.name":
return label, value, nil
default:
Expand Down Expand Up @@ -93,6 +94,7 @@ func AddFieldLabelConversionsForPolicy(scheme *runtime.Scheme) error {
"spec.category",
"spec.displayName",
"spec.type",
"keyword",
"metadata.name":
return label, value, nil
default:
Expand Down Expand Up @@ -167,6 +169,7 @@ func AddFieldLabelConversionsForLocalGroup(scheme *runtime.Scheme) error {
case "spec.displayName",
"spec.tenantID",
"spec.username",
"keyword",
"metadata.name":
return label, value, nil
default:
Expand All @@ -185,6 +188,7 @@ func AddFieldLabelConversionsForRole(scheme *runtime.Scheme) error {
case "spec.displayName",
"spec.tenantID",
"spec.username",
"keyword",
"metadata.name":
return label, value, nil
default:
Expand Down
19 changes: 18 additions & 1 deletion pkg/auth/registry/localgroup/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ package storage
import (
"context"
"fmt"
"strings"
"sync"

"github.com/casbin/casbin/v2"
Expand Down Expand Up @@ -148,8 +149,24 @@ func (r *REST) ShortNames() []string {

// List selects resources in the storage which match to the selector. 'options' can be nil.
func (r *REST) List(ctx context.Context, options *metainternal.ListOptions) (runtime.Object, error) {
keyword := util.InterceptKeyword(options)
wrappedOptions := apiserverutil.PredicateListOptions(ctx, options)
return r.Store.List(ctx, wrappedOptions)
obj, err := r.Store.List(ctx, wrappedOptions)
if err != nil {
return obj, err
}

groupList := obj.(*auth.LocalGroupList)
if keyword != "" {
var newList []auth.LocalGroup
for _, val := range groupList.Items {
if val.Name == keyword || strings.Contains(val.Spec.Description, keyword) || strings.Contains(val.Spec.DisplayName, keyword) {
newList = append(newList, val)
}
}
groupList.Items = newList
}
return groupList, nil
}

// DeleteCollection selects all resources in the storage matching given 'listOptions'
Expand Down
14 changes: 13 additions & 1 deletion pkg/auth/registry/localidentity/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ package storage
import (
"context"
"fmt"
"strings"
"sync"

"github.com/casbin/casbin/v2"
Expand Down Expand Up @@ -133,18 +134,29 @@ func ValidateExportObjectAndTenantID(ctx context.Context, store *registry.Store,

// ValidateListObject validate if list by admin, if true not return hashed password.
func ValidateListObjectAndTenantID(ctx context.Context, store *registry.Store, options *metainternal.ListOptions) (runtime.Object, error) {
keyword := util.InterceptKeyword(options)
wrappedOptions := apiserverutil.PredicateListOptions(ctx, options)
obj, err := store.List(ctx, wrappedOptions)
if err != nil {
return obj, err
}

identityList := obj.(*auth.LocalIdentityList)
if keyword != "" {
var newList []auth.LocalIdentity
for _, val := range identityList.Items {
if val.Name == keyword || strings.Contains(val.Spec.Username, keyword) || strings.Contains(val.Spec.DisplayName, keyword) {
newList = append(newList, val)
}
}
identityList.Items = newList
}

_, tenantID := authentication.GetUsernameAndTenantID(ctx)
if tenantID == "" {
return obj, err
}

identityList := obj.(*auth.LocalIdentityList)
for i := range identityList.Items {
identityList.Items[i].Spec.HashedPassword = ""
}
Expand Down
20 changes: 19 additions & 1 deletion pkg/auth/registry/policy/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ package storage
import (
"context"
"fmt"
"strings"
"sync"

"github.com/casbin/casbin/v2"
Expand Down Expand Up @@ -148,8 +149,25 @@ func (r *REST) ShortNames() []string {

// List selects resources in the storage which match to the selector. 'options' can be nil.
func (r *REST) List(ctx context.Context, options *metainternal.ListOptions) (runtime.Object, error) {
keyword := util.InterceptKeyword(options)
wrappedOptions := apiserverutil.PredicateListOptions(ctx, options)
return r.Store.List(ctx, wrappedOptions)
obj, err := r.Store.List(ctx, wrappedOptions)
if err != nil {
return obj, err
}

policyList := obj.(*auth.PolicyList)
if keyword != "" {
var newList []auth.Policy
for _, val := range policyList.Items {
if val.Name == keyword || strings.Contains(val.Spec.Description, keyword) || strings.Contains(val.Spec.DisplayName, keyword) {
newList = append(newList, val)
}
}
policyList.Items = newList
}

return policyList, nil
}

// DeleteCollection selects all resources in the storage matching given 'listOptions'
Expand Down
20 changes: 19 additions & 1 deletion pkg/auth/registry/role/storage/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ package storage
import (
"context"
"fmt"
"strings"
"sync"

"github.com/casbin/casbin/v2"
Expand Down Expand Up @@ -152,8 +153,25 @@ func (r *REST) ShortNames() []string {

// List selects resources in the storage which match to the selector. 'options' can be nil.
func (r *REST) List(ctx context.Context, options *metainternal.ListOptions) (runtime.Object, error) {
keyword := util.InterceptKeyword(options)
wrappedOptions := apiserverutil.PredicateListOptions(ctx, options)
return r.Store.List(ctx, wrappedOptions)
obj, err := r.Store.List(ctx, wrappedOptions)
if err != nil {
return obj, err
}

roleList := obj.(*auth.RoleList)
if keyword != "" {
var newList []auth.Role
for _, val := range roleList.Items {
if val.Name == keyword || strings.Contains(val.Spec.Description, keyword) || strings.Contains(val.Spec.DisplayName, keyword) {
newList = append(newList, val)
}
}
roleList.Items = newList
}

return roleList, nil
}

// DeleteCollection selects all resources in the storage matching given 'listOptions'
Expand Down
30 changes: 30 additions & 0 deletions pkg/auth/util/query.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ package util

import (
"strconv"
"strings"

metainternal "k8s.io/apimachinery/pkg/apis/meta/internalversion"
"k8s.io/apimachinery/pkg/fields"

"tkestack.io/tke/api/auth"
)
Expand All @@ -43,3 +45,31 @@ func ParseQueryKeywordAndLimit(options *metainternal.ListOptions) (string, int)

return keyword, limit
}

func InterceptKeyword(options *metainternal.ListOptions) string {
keyword := ""
found := false
if options.FieldSelector != nil {
keyword, found = options.FieldSelector.RequiresExactMatch(auth.KeywordQueryTag)
if found {
removeKeywordFromField(options)
}
}

return keyword
}

func removeKeywordFromField(options *metainternal.ListOptions) {
strs := strings.Split(options.FieldSelector.String(), ",")
var remain []string
for _, str := range strs {
s, _ := fields.ParseSelector(str)
_, found := s.RequiresExactMatch(auth.KeywordQueryTag)
if !found {
remain = append(remain, str)
}
}

selector, _ := fields.ParseSelector(strings.Join(remain, ","))
options.FieldSelector = selector
}

0 comments on commit 954ec63

Please sign in to comment.