Make localidentity aggregate apiserver

zmyer · Dec 25, 2019 · 0372056 · 0372056
1 parent 12dfcd0
commit 0372056
Show file tree

Hide file tree

Showing 445 changed files with 12,275 additions and 5,477 deletions.
diff --git a/api/auth/install/doc.go b/api/auth/install/doc.go
@@ -0,0 +1,19 @@
+/*
+ * Tencent is pleased to support the open source community by making TKEStack
+ * available.
+ *
+ * Copyright (C) 2012-2019 Tencent. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+ * this file except in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * https://opensource.org/licenses/Apache-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package install // import "tkestack.io/tke/api/auth/install"
diff --git a/...r/apis/config/v1/zz_generated.defaults.go → api/auth/install/install.go b/...r/apis/config/v1/zz_generated.defaults.go → api/auth/install/install.go
@@ -1,5 +1,3 @@
-// +build !ignore_autogenerated
-
 /*
  * Tencent is pleased to support the open source community by making TKEStack
  * available.
@@ -18,22 +16,22 @@
  * specific language governing permissions and limitations under the License.
  */
 
-// Code generated by defaulter-gen. DO NOT EDIT.
-
-package v1
+package install
 
 import (
- runtime "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime"
+ runtimeutil "k8s.io/apimachinery/pkg/util/runtime"
+ "tkestack.io/tke/api/auth"
+ "tkestack.io/tke/api/auth/v1"
 )
 
-// RegisterDefaults adds defaulters functions to the given scheme.
-// Public to allow building arbitrary schemes.
-// All generated defaulters are covering - they call all nested defaulters.
-func RegisterDefaults(scheme *runtime.Scheme) error {
- scheme.AddTypeDefaultingFunc(&MonitorConfiguration{}, func(obj interface{}) { SetObjectDefaults_MonitorConfiguration(obj.(*MonitorConfiguration)) })
- return nil
+func init() {
+ Install(auth.Scheme)
 }
 
-func SetObjectDefaults_MonitorConfiguration(in *MonitorConfiguration) {
- SetDefaults_MonitorConfiguration(in)
+// Install registers the API group and adds types to a scheme
+func Install(scheme *runtime.Scheme) {
+ runtimeutil.Must(auth.AddToScheme(scheme))
+ runtimeutil.Must(v1.AddToScheme(scheme))
+ runtimeutil.Must(scheme.SetVersionPriority(v1.SchemeGroupVersion))
 }
diff --git a/api/auth/register.go b/api/auth/register.go
@@ -59,6 +59,12 @@ var (
 
 // addKnownTypes adds the list of known types to the given scheme.
 func addKnownTypes(scheme *runtime.Scheme) error {
- scheme.AddKnownTypes(SchemeGroupVersion)
+ scheme.AddKnownTypes(SchemeGroupVersion,
+ &LocalIdentity{},
+ &LocalIdentityList{},
+ &APIKey{},
+ &APIKeyList{},
+ &APIKeyReq{},
+ &APIKeyReqPassword{})
  return nil
 }
diff --git a/api/auth/types.go b/api/auth/types.go
@@ -17,3 +17,142 @@
  */
 
 package auth
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// LocalIdentity is an object that contains the metadata about identify used to login
+// to TKE.
+type LocalIdentity struct {
+ metav1.TypeMeta
+ metav1.ObjectMeta
+ // Spec defines the desired identities of identity in this set.
+ Spec LocalIdentitySpec
+ Status LocalIdentityStatus
+}
+
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// LocalIdentityList is the whole list of all identities.
+type LocalIdentityList struct {
+ metav1.TypeMeta
+ metav1.ListMeta
+ // List of identities.
+ Items []LocalIdentity
+}
+
+// LocalIdentitySpec is a description of an identity.
+type LocalIdentitySpec struct {
+ UserName string
+ DisplayName string
+ Email string
+ PhoneNumber string
+ HashedPassword string
+ OriginalPassword string
+ TenantID string
+ Groups []string
+ Extra map[string]string
+}
+
+// LocalIdentityStatus is a description of an identity status.
+type LocalIdentityStatus struct {
+ Locked bool
+
+ // The last time the local identity was updated.
+ // +optional
+ LastUpdateTime metav1.Time
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// APIKey contains expiration time used to apply the api key.
+type APIKey struct {
+ metav1.TypeMeta
+
+ // +optional
+ metav1.ObjectMeta
+
+ // Spec defines the desired identities of APIkey in this set.
+ Spec APIKeySpec
+ Status APIKeyStatus
+}
+
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// LocalIdentityList is the whole list of all identities.
+type APIKeyList struct {
+ metav1.TypeMeta
+ metav1.ListMeta
+ // List of api keys.
+ Items []APIKey
+}
+
+// APIKeySpec is a description of an apiKey.
+type APIKeySpec struct {
+ // APIkey is the jwt token used to authenticate user, and contains user info and sign.
+ APIkey string `json:"apiKey,omitempty"`
+
+ TenantID string `json:"tenantID,omitempty"`
+ // Description describes api keys usage.
+ Description string `json:"description,omitempty"`
+
+ // IssueAt is the created time for api key
+ IssueAt metav1.Time `json:"issue_at,omitempty"`
+
+ // ExpireAt is the expire time for api key
+ ExpireAt metav1.Time `json:"expire_at,omitempty"`
+}
+
+// APIKeyStatus is a description of an api key status.
+type APIKeyStatus struct {
+ // Disabled represents whether the apikey has been disabled.
+ Disabled *bool `json:"disabled,omitempty"`
+
+ // Deleted represents whether the apikey has been deleted.
+ Deleted *bool `json:"deleted,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// APIKeyReq contains expiration time used to apply the api key.
+type APIKeyReq struct {
+ metav1.TypeMeta
+
+ //Exipre is required, holds the duration of the api key become invalid. By default, 168h(= seven days)
+ Expire metav1.Duration `json:"expire,omitempty"`
+
+ // Description describes api keys usage.
+ Description string `json:"description"`
+}
+
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// APIKeyReqPassword contains userinfo and expiration time used to apply the api key.
+type APIKeyReqPassword struct {
+ metav1.TypeMeta
+
+ // TenantID for user
+ TenantID string `json:"tenantID,omitempty"`
+
+ // UserName
+ UserName string `json:"username,omitempty"`
+
+ // Password (encoded by base64)
+ Password string `json:"password,omitempty"`
+
+ // Description describes api keys usage.
+ Description string `json:"description"`
+
+ // Expire holds the duration of the api key become invalid. By default, 168h(= seven days)
+ Expire metav1.Duration `json:"expire,omitempty"`
+}
diff --git a/api/auth/v1/conversion.go b/api/auth/v1/conversion.go
@@ -19,11 +19,16 @@
 package v1
 
 import (
+ "fmt"
+
  "k8s.io/apimachinery/pkg/runtime"
 )
 
 func addConversionFuncs(scheme *runtime.Scheme) error {
- funcs := []func(scheme *runtime.Scheme) error{}
+ funcs := []func(scheme *runtime.Scheme) error{
+ AddFieldLabelConversionsForLocalIdentify,
+ AddFieldLabelConversionsForAPIKey,
+ }
  for _, f := range funcs {
  if err := f(scheme); err != nil {
  return err
@@ -32,3 +37,35 @@ func addConversionFuncs(scheme *runtime.Scheme) error {
 
  return nil
 }
+
+// AddFieldLabelConversionsForLocalIdentify adds a conversion function to convert
+// field selectors of LocalIdentify from the given version to internal version
+// representation.
+func AddFieldLabelConversionsForLocalIdentify(scheme *runtime.Scheme) error {
+ return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("LocalIdentity"),
+ func(label, value string) (string, string, error) {
+ switch label {
+ case "spec.tenantID",
+ "spec.userName":
+ return label, value, nil
+ default:
+ return "", "", fmt.Errorf("field label not supported: %s", label)
+ }
+ })
+}
+
+// AddFieldLabelConversionsForLocalIdentify adds a conversion function to convert
+// field selectors of LocalIdentify from the given version to internal version
+// representation.
+func AddFieldLabelConversionsForAPIKey(scheme *runtime.Scheme) error {
+ return scheme.AddFieldLabelConversionFunc(SchemeGroupVersion.WithKind("APIKey"),
+ func(label, value string) (string, string, error) {
+ switch label {
+ case "spec.tenantID",
+ "spec.apiKey":
+ return label, value, nil
+ default:
+ return "", "", fmt.Errorf("field label not supported: %s", label)
+ }
+ })
+}
diff --git a/api/auth/v1/defaults.go b/api/auth/v1/defaults.go
@@ -23,5 +23,5 @@ import (
 )
 
 func addDefaultingFuncs(scheme *runtime.Scheme) error {
- return nil
+ return RegisterDefaults(scheme)
 }