From cba0676583d40bbac8bfd007df8538ac627dd5a1 Mon Sep 17 00:00:00 2001
From: yadongzhang <yadongzhang@tencent.com>
Date: Thu, 12 Dec 2019 00:18:39 +0800
Subject: [PATCH] Make category cannot have same name

---
 api/auth/v1/conversion.go                     |  1 -
 cmd/tke-auth-controller/app/app.go            |  2 +-
 pkg/auth/apiserver/apiserver.go               |  2 +-
 pkg/auth/handler/identityprovider/handler.go  |  3 +-
 pkg/auth/registry/category/storage/storage.go | 41 +++++++++++++++++--
 pkg/auth/registry/rest/rest.go                |  2 +-
 pkg/auth/util/convert.go                      |  4 +-
 7 files changed, 43 insertions(+), 12 deletions(-)

diff --git a/api/auth/v1/conversion.go b/api/auth/v1/conversion.go
index 0f2360243..9791bf5fd 100644
--- a/api/auth/v1/conversion.go
+++ b/api/auth/v1/conversion.go
@@ -129,7 +129,6 @@ func AddFieldLabelConversionsForCategory(scheme *runtime.Scheme) error {
 		func(label, value string) (string, string, error) {
 			switch label {
 			case "spec.username",
-				"spec.tenantID",
 				"spec.categoryName",
 				"metadata.name":
 				return label, value, nil
diff --git a/cmd/tke-auth-controller/app/app.go b/cmd/tke-auth-controller/app/app.go
index 57d3c8633..fb97e176d 100644
--- a/cmd/tke-auth-controller/app/app.go
+++ b/cmd/tke-auth-controller/app/app.go
@@ -19,10 +19,10 @@
 package app
 
 import (
+	commonapiserver "k8s.io/apiserver/pkg/server"
 	"tkestack.io/tke/cmd/tke-auth-controller/app/config"
 	"tkestack.io/tke/cmd/tke-auth-controller/app/options"
 	"tkestack.io/tke/pkg/app"
-	commonapiserver "k8s.io/apiserver/pkg/server"
 	"tkestack.io/tke/pkg/util/log"
 )
 
diff --git a/pkg/auth/apiserver/apiserver.go b/pkg/auth/apiserver/apiserver.go
index 649b2a67f..9bf5106ac 100644
--- a/pkg/auth/apiserver/apiserver.go
+++ b/pkg/auth/apiserver/apiserver.go
@@ -133,7 +133,7 @@ func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget)
 	restStorageProviders := []storage.RESTStorageProvider{
 		&authrest.StorageProvider{
 			LoopbackClientConfig: c.GenericConfig.LoopbackClientConfig,
-			Enforcer:       c.ExtraConfig.CasbinEnforcer,
+			Enforcer:             c.ExtraConfig.CasbinEnforcer,
 			PrivilegedUsername:   c.ExtraConfig.PrivilegedUsername,
 		},
 	}
diff --git a/pkg/auth/handler/identityprovider/handler.go b/pkg/auth/handler/identityprovider/handler.go
index e3142f932..0e8904772 100644
--- a/pkg/auth/handler/identityprovider/handler.go
+++ b/pkg/auth/handler/identityprovider/handler.go
@@ -21,7 +21,6 @@ package identityprovider
 import (
 	"net/http"
 
-
 	"tkestack.io/tke/pkg/auth/types"
 	"tkestack.io/tke/pkg/auth/util"
 	"tkestack.io/tke/pkg/util/etcd"
@@ -31,7 +30,7 @@ import (
 	"github.com/dexidp/dex/storage"
 	"github.com/emicklei/go-restful"
 	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
 )
 
diff --git a/pkg/auth/registry/category/storage/storage.go b/pkg/auth/registry/category/storage/storage.go
index 1abb21219..41ffbb2d7 100644
--- a/pkg/auth/registry/category/storage/storage.go
+++ b/pkg/auth/registry/category/storage/storage.go
@@ -19,10 +19,20 @@
 package storage
 
 import (
+	"context"
+	"fmt"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/fields"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apiserver/pkg/registry/generic"
 	"k8s.io/apiserver/pkg/registry/generic/registry"
+	"k8s.io/apiserver/pkg/registry/rest"
+
 	"tkestack.io/tke/api/auth"
+	authinternalclient "tkestack.io/tke/api/client/clientset/internalversion/typed/auth/internalversion"
 	"tkestack.io/tke/pkg/auth/registry/category"
 	"tkestack.io/tke/pkg/util/log"
 )
@@ -33,7 +43,7 @@ type Storage struct {
 }
 
 // NewStorage returns a Storage object that will work against signing key.
-func NewStorage(optsGetter generic.RESTOptionsGetter) *Storage {
+func NewStorage(optsGetter generic.RESTOptionsGetter, authClient authinternalclient.AuthInterface) *Storage {
 	strategy := category.NewStrategy()
 	store := &registry.Store{
 		NewFunc:                  func() runtime.Object { return &auth.Category{} },
@@ -53,12 +63,35 @@ func NewStorage(optsGetter generic.RESTOptionsGetter) *Storage {
 		log.Panic("Failed to create category etcd rest storage", log.Err(err))
 	}
 
-	return &Storage{
-		&REST{store},
-	}
+	return &Storage{&REST{store, authClient}}
 }
 
 // REST implements a RESTStorage for signing keys against etcd.
 type REST struct {
 	*registry.Store
+
+	authClient authinternalclient.AuthInterface
+}
+
+func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
+
+	cat := obj.(*auth.Category)
+
+	categorySelector := fields.AndSelectors(
+		fields.OneTermEqualSelector("spec.categoryName", cat.Spec.CategoryName))
+
+	categoryList, err := r.authClient.Categories().List(metav1.ListOptions{FieldSelector: categorySelector.String()})
+	if err != nil {
+		return nil, err
+	}
+
+	if len(categoryList.Items) != 0 {
+		return nil, apierrors.NewConflict(
+			auth.Resource("categories"),
+			cat.Spec.CategoryName,
+			fmt.Errorf("categoryName must be different"),
+		)
+	}
+
+	return r.Store.Create(ctx, obj, createValidation, options)
 }
diff --git a/pkg/auth/registry/rest/rest.go b/pkg/auth/registry/rest/rest.go
index 3bb5bd985..50aa6320e 100644
--- a/pkg/auth/registry/rest/rest.go
+++ b/pkg/auth/registry/rest/rest.go
@@ -96,7 +96,7 @@ func (s *StorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIRes
 		apiSignRest := apisignstorage.NewStorage(restOptionsGetter)
 		storageMap["apisigningkeys"] = apiSignRest
 
-		categoryRest := categorystorage.NewStorage(restOptionsGetter)
+		categoryRest := categorystorage.NewStorage(restOptionsGetter, authClient)
 		storageMap["categories"] = categoryRest
 
 		policyRest := policystorage.NewStorage(restOptionsGetter, s.Enforcer, authClient, s.PrivilegedUsername)
diff --git a/pkg/auth/util/convert.go b/pkg/auth/util/convert.go
index 035b0192f..06414784d 100644
--- a/pkg/auth/util/convert.go
+++ b/pkg/auth/util/convert.go
@@ -20,11 +20,11 @@ package util
 
 import "tkestack.io/tke/api/auth"
 
-func ConvertPolicyToRuleArray(policy *auth.Policy) [][]string{
+func ConvertPolicyToRuleArray(policy *auth.Policy) [][]string {
 	var rules [][]string
 	for _, act := range policy.Spec.Statement.Actions {
 		for _, res := range policy.Spec.Statement.Resources {
-			rule := []string {policy.Name, res, act, string(policy.Spec.Statement.Effect)}
+			rule := []string{policy.Name, res, act, string(policy.Spec.Statement.Effect)}
 			rules = append(rules, rule)
 		}
 	}