Make category cannot have same name

TomatoAres · Dec 25, 2019 · cba0676 · cba0676
1 parent 00b31b9
commit cba0676
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 12 deletions.
diff --git a/api/auth/v1/conversion.go b/api/auth/v1/conversion.go
@@ -129,7 +129,6 @@ func AddFieldLabelConversionsForCategory(scheme *runtime.Scheme) error {
  func(label, value string) (string, string, error) {
  switch label {
  case "spec.username",
- "spec.tenantID",
  "spec.categoryName",
  "metadata.name":
  return label, value, nil

diff --git a/cmd/tke-auth-controller/app/app.go b/cmd/tke-auth-controller/app/app.go
@@ -19,10 +19,10 @@
 package app
 
 import (
+ commonapiserver "k8s.io/apiserver/pkg/server"
  "tkestack.io/tke/cmd/tke-auth-controller/app/config"
  "tkestack.io/tke/cmd/tke-auth-controller/app/options"
  "tkestack.io/tke/pkg/app"
- commonapiserver "k8s.io/apiserver/pkg/server"
  "tkestack.io/tke/pkg/util/log"
 )
 

diff --git a/pkg/auth/apiserver/apiserver.go b/pkg/auth/apiserver/apiserver.go
@@ -133,7 +133,7 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget)
  restStorageProviders := []storage.RESTStorageProvider{
  &authrest.StorageProvider{
  LoopbackClientConfig: c.GenericConfig.LoopbackClientConfig,
- Enforcer: c.ExtraConfig.CasbinEnforcer,
+ Enforcer:  c.ExtraConfig.CasbinEnforcer,
  PrivilegedUsername: c.ExtraConfig.PrivilegedUsername,
  },
  }

diff --git a/pkg/auth/handler/identityprovider/handler.go b/pkg/auth/handler/identityprovider/handler.go
@@ -21,7 +21,6 @@ package identityprovider
 import (
  "net/http"
 
-
  "tkestack.io/tke/pkg/auth/types"
  "tkestack.io/tke/pkg/auth/util"
  "tkestack.io/tke/pkg/util/etcd"
@@ -31,7 +30,7 @@ import (
  "github.com/dexidp/dex/storage"
  "github.com/emicklei/go-restful"
  "k8s.io/apimachinery/pkg/api/errors"
- "k8s.io/apimachinery/pkg/apis/meta/v1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
 )
 

diff --git a/pkg/auth/registry/category/storage/storage.go b/pkg/auth/registry/category/storage/storage.go
@@ -19,10 +19,20 @@
 package storage
 
 import (
+ "context"
+ "fmt"
+
+ apierrors "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/fields"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/apimachinery/pkg/runtime"
  "k8s.io/apiserver/pkg/registry/generic"
  "k8s.io/apiserver/pkg/registry/generic/registry"
+ "k8s.io/apiserver/pkg/registry/rest"
+
  "tkestack.io/tke/api/auth"
+ authinternalclient "tkestack.io/tke/api/client/clientset/internalversion/typed/auth/internalversion"
  "tkestack.io/tke/pkg/auth/registry/category"
  "tkestack.io/tke/pkg/util/log"
 )
@@ -33,7 +43,7 @@ type Storage struct {
 }
 
 // NewStorage returns a Storage object that will work against signing key.
-func NewStorage(optsGetter generic.RESTOptionsGetter) *Storage {
+func NewStorage(optsGetter generic.RESTOptionsGetter, authClient authinternalclient.AuthInterface) *Storage {
  strategy := category.NewStrategy()
  store := &registry.Store{
  NewFunc: func() runtime.Object { return &auth.Category{} },
@@ -53,12 +63,35 @@ func NewStorage(optsGetter generic.RESTOptionsGetter) *Storage {
  log.Panic("Failed to create category etcd rest storage", log.Err(err))
  }
 
- return &Storage{
- &REST{store},
- }
+ return &Storage{&REST{store, authClient}}
 }
 
 // REST implements a RESTStorage for signing keys against etcd.
 type REST struct {
  *registry.Store
+
+ authClient authinternalclient.AuthInterface
+}
+
+func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
+
+ cat := obj.(*auth.Category)
+
+ categorySelector := fields.AndSelectors(
+ fields.OneTermEqualSelector("spec.categoryName", cat.Spec.CategoryName))
+
+ categoryList, err := r.authClient.Categories().List(metav1.ListOptions{FieldSelector: categorySelector.String()})
+ if err != nil {
+ return nil, err
+ }
+
+ if len(categoryList.Items) != 0 {
+ return nil, apierrors.NewConflict(
+ auth.Resource("categories"),
+ cat.Spec.CategoryName,
+ fmt.Errorf("categoryName must be different"),
+ )
+ }
+
+ return r.Store.Create(ctx, obj, createValidation, options)
 }
diff --git a/pkg/auth/registry/rest/rest.go b/pkg/auth/registry/rest/rest.go
@@ -96,7 +96,7 @@ func (s *StorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIRes
  apiSignRest := apisignstorage.NewStorage(restOptionsGetter)
  storageMap["apisigningkeys"] = apiSignRest
 
- categoryRest := categorystorage.NewStorage(restOptionsGetter)
+ categoryRest := categorystorage.NewStorage(restOptionsGetter, authClient)
  storageMap["categories"] = categoryRest
 
  policyRest := policystorage.NewStorage(restOptionsGetter, s.Enforcer, authClient, s.PrivilegedUsername)

diff --git a/pkg/auth/util/convert.go b/pkg/auth/util/convert.go
@@ -20,11 +20,11 @@ package util
 
 import "tkestack.io/tke/api/auth"
 
-func ConvertPolicyToRuleArray(policy *auth.Policy) [][]string{
+func ConvertPolicyToRuleArray(policy *auth.Policy) [][]string {
  var rules [][]string
  for _, act := range policy.Spec.Statement.Actions {
  for _, res := range policy.Spec.Statement.Resources {
- rule := []string {policy.Name, res, act, string(policy.Spec.Statement.Effect)}
+ rule := []string{policy.Name, res, act, string(policy.Spec.Statement.Effect)}
  rules = append(rules, rule)
  }
  }