Merge branch 'master' of github.com:KubeOperator/KubePi

e8d8ed29 · ssongliu · c9fad71b · a90aa757 · e8d8ed29 · e8d8ed29
Commit e8d8ed29 authored 2 years ago by ssongliu
Hide whitespace changes
Inline Side-by-side

Showing

with 95 additions and 81 deletions
+95 -81
--- a/Dockerfile
+++ b/Dockerfile
@@ -51,8 +51,9 @@ RUN ARCH=$(uname -m) && case $ARCH in aarch64) ARCH="arm64";; x86_64) ARCH="amd6
    rm -rf /tmp/* /var/tmp/* /var/cache/apk/* && \
    chmod -R 755 /tmp && mkdir -p /opt/webkubectl

-
-ENV TZ='Asia/Shanghai';
+RUN apk add tzdata && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && echo "Asia/Shanghai" > /etc/timezone \
+    && apk del tzdata

 COPY vimrc.local /etc/vim


--- a/internal/api/v1/ldap/ldap.go
+++ b/internal/api/v1/ldap/ldap.go
@@ -82,14 +82,13 @@ func (h *Handler) TestConnect() iris.Handler {

 func (h *Handler) SyncLdapUser() iris.Handler {
 	return func(ctx *context.Context) {
-		uuid := ctx.Params().Get("id")
-		err := h.ldapService.Sync(uuid, common.DBOptions{})
+		users, err := h.ldapService.GetLdapUser()
 		if err != nil {
 			ctx.StatusCode(iris.StatusInternalServerError)
 			ctx.Values().Set("message", err.Error())
 			return
 		}
-		ctx.Values().Set("data", "")
+		ctx.Values().Set("data", users)
 	}
 }

@@ -132,7 +131,7 @@ func Install(parent iris.Party) {
 	sp.Get("/", handler.ListLdap())
 	sp.Post("/", handler.AddLdap())
 	sp.Put("/", handler.UpdateLdap())
-	sp.Post("/sync/:id", handler.SyncLdapUser())
+	sp.Post("/sync", handler.SyncLdapUser())
 	sp.Post("/test/connect", handler.TestConnect())
 	sp.Post("/test/login", handler.TestLogin())
 	sp.Post("/import", handler.ImportUser())

--- a/internal/api/v1/v1.go
+++ b/internal/api/v1/v1.go
@@ -141,6 +141,22 @@ func logHandler() iris.Handler {
 		log.Operator = profile.Name
 		log.Operation = method

+		//handle ldap operate
+		if strings.Contains(path,"ldap") {
+			if strings.Contains(path,"import") {
+				log.Operation = "import"
+			}
+			if strings.Contains(path,"sync") {
+				log.Operation = "sync"
+			}
+			if strings.Contains(path,"connect") {
+				log.Operation = "testConnect"
+			}
+			if strings.Contains(path,"login") {
+				log.Operation = "testLogin"
+			}
+		}
+
 		pathResource := strings.Split(path, "/")
 		if strings.HasPrefix(currentPath, "clusters/:name") {
 			if len(pathResource) < 3 {

--- a/internal/service/v1/ldap/ldap.go
+++ b/internal/service/v1/ldap/ldap.go
@@ -30,10 +30,11 @@ type Service interface {
 	Delete(id string, options common.DBOptions) error
 	Sync(id string, options common.DBOptions) error
 	Login(user v1User.User, password string, options common.DBOptions) error
-	TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error)
+	TestConnect(ldap *v1Ldap.Ldap) (int, error)
 	TestLogin(username string, password string) error
 	ImportUsers(users []v1User.ImportUser) (v1User.ImportResult, error)
 	CheckStatus() bool
+	GetLdapUser() ([]v1User.ImportUser, error)
 }

 func NewService() Service {
@@ -128,17 +129,19 @@ func (l *service) Delete(id string, options common.DBOptions) error {
 	return db.DeleteStruct(ldap)
 }

-//func (l *service) GetLdapUser()  ([]v1User.ImportUser, error) {
-//	users := []v1User.ImportUser{}
-//
-//}
-
-func (l *service) TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error) {
+func (l *service) GetLdapUser() ([]v1User.ImportUser, error) {
 	users := []v1User.ImportUser{}
+	ldaps, err := l.List(common.DBOptions{})
+	if err != nil {
+		return users, err
+	}
+	if len(ldaps) == 0 {
+		return users, errors.New("请先保存LDAP配置")
+	}
+	ldap := ldaps[0]
 	if !ldap.Enable {
 		return users, errors.New("请先启用LDAP")
 	}
-
 	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return users, err
@@ -162,7 +165,6 @@ func (l *service) TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error) {
 		us := new(v1User.ImportUser)
 		us.Available = true
 		rv := reflect.ValueOf(&us).Elem().Elem()
-
 		for _, at := range entry.Attributes {
 			for k, v := range mappings {
 				if v == at.Name && len(at.Values) > 0 {
@@ -173,23 +175,41 @@ func (l *service) TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error) {
 				}
 			}
 		}
-		if us.Email == "" || us.Name == "" {
+		if us.Name == "" {
 			continue
 		}
-		if us.NickName == "" {
-			us.NickName = us.Name
-		}
 		_, err = l.userService.GetByNameOrEmail(us.Name, common.DBOptions{})
 		if err == nil {
 			us.Available = false
 		}
 		users = append(users, *us)
 	}
-	if len(users) == 0 && len(entries) > 0 {
-		return users, errors.New("Mapping 映射失败!")
+	return users, nil
+}
+
+func (l *service) TestConnect(ldap *v1Ldap.Ldap) (int, error) {
+	users := 0
+	if !ldap.Enable {
+		return users, errors.New("请先启用LDAP")
 	}

-	return users, nil
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
+	if err := lc.Connect(); err != nil {
+		return users, err
+	}
+	attributes, err := ldap.GetAttributes()
+	if err != nil {
+		return users, err
+	}
+	entries, err := lc.Search(ldap.Dn, ldap.Filter, ldap.SizeLimit, ldap.TimeLimit, attributes)
+	if err != nil {
+		return users, err
+	}
+	if len(entries) == 0 {
+		return users, nil
+	}
+
+	return len(entries), nil
 }

 func (l *service) CheckStatus() bool {
@@ -263,6 +283,13 @@ func (l *service) ImportUsers(users []v1User.ImportUser) (v1User.ImportResult, e
 			Type:  v1User.LDAP,
 			Email: imp.Email,
 		}
+		if us.Email == "" {
+			us.Email = us.Name + "@example.com"
+		}
+		if us.NickName == "" {
+			us.NickName = us.Name
+		}
+
 		result.Failures = append(result.Failures, us.Name)
 		tx, err := server.DB().Begin(true)
 		if err != nil {

--- a/pkg/util/ldap/ldap_client.go
+++ b/pkg/util/ldap/ldap_client.go
@@ -47,7 +47,7 @@ func (l *Ldap) Connect() error {

 func (l *Ldap) Search(dn, filter string, sizeLimit, timeLimit int, attributes []string) ([]*ldap.Entry, error) {
 	searchRequest := ldap.NewSearchRequest(dn,
-		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, timeLimit, false,
+		ldap.ScopeWholeSubtree, ldap.DerefAlways, 0, timeLimit, false,
 		filter,
 		attributes,
 		nil)

--- a/pkg/util/podtool/copytopod.go
+++ b/pkg/util/podtool/copytopod.go
@@ -10,7 +10,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"strings"
 )

 func (p *PodTool) CopyToContainer(destPath string) error {
@@ -26,18 +25,17 @@ func (p *PodTool) CopyToContainer(destPath string) error {
 	var stderr bytes.Buffer
 	p.ExecConfig.Stderr = &stderr
 	err := p.Exec(Exec)
+	var stdout bytes.Buffer
+	p.ExecConfig.Stdout = &stdout
 	if err != nil {
-		return fmt.Errorf(err.Error(), stderr)
-	}
-	if len(stderr.Bytes()) != 0 {
-		for _, line := range strings.Split(stderr.String(), "\n") {
-			if len(strings.TrimSpace(line)) == 0 {
-				continue
-			}
-			if !strings.Contains(strings.ToLower(line), "removing") {
-				return fmt.Errorf(line)
-			}
+		result := ""
+		if len(stdout.Bytes()) != 0 {
+			result = stdout.String()
 		}
+		if len(stderr.Bytes()) != 0 {
+			result = stderr.String()
+		}
+		return fmt.Errorf(err.Error(), result)
 	}
 	return nil
 }
@@ -77,16 +75,6 @@ func (p *PodTool) CopyToPod(srcPath, destPath string) error {
 		}
 		return fmt.Errorf(err.Error(), result)
 	}
-	if len(stderr.Bytes()) != 0 {
-		for _, line := range strings.Split(stderr.String(), "\n") {
-			if len(strings.TrimSpace(line)) == 0 {
-				continue
-			}
-			if !strings.Contains(strings.ToLower(line), "removing") {
-				return fmt.Errorf(line)
-			}
-		}
-	}
 	return nil
 }


--- a/web/dashboard/src/business/workloads/pods/podfilebrowser/index.vue
+++ b/web/dashboard/src/business/workloads/pods/podfilebrowser/index.vue
@@ -136,7 +136,7 @@
        <div slot="tip" class="el-upload__tip">{{ $t("business.pod.upload_tip") }}</div>
      </el-upload>
      <span slot="footer" class="dialog-footer">
-        <el-button @click="openUpload=false" :disabled="loading">{{ $t("commons.button.cancel") }}</el-button>
+        <el-button @click="handleUploadClose" :disabled="loading">{{ $t("commons.button.cancel") }}</el-button>
        <el-button type="primary" @click="upload" :loading="loading">{{ $t("commons.button.confirm") }}</el-button>
      </span>
    </el-dialog>

--- a/web/kubepi/src/api/ldap.js
+++ b/web/kubepi/src/api/ldap.js
@@ -14,8 +14,8 @@ export function updateLdap(data){
  return put(`${baseUrl}`, data)
 }

-export function syncLdap(id,data) {
-  return post(`${baseUrl}/sync/${id}`, data)
+export function syncLdap(data) {
+  return post(`${baseUrl}/sync`, data)
 }

 export function testConnect(data) {

--- a/web/kubepi/src/business/user-management/ldap/index.vue
+++ b/web/kubepi/src/business/user-management/ldap/index.vue
@@ -67,10 +67,6 @@
                  $t("business.user.ldap_remake")
                }}
              </el-button>
-              <!--              <el-button @click="sync" :disabled="isSubmitGoing" v-has-permissions="{resource:'ldap',verb:'create'}">{{-->
-              <!--                  $t("commons.button.sync")-->
-              <!--                }}-->
-              <!--              </el-button>-->
              <el-button type="primary" @click="onSubmit" :disabled="isSubmitGoing"
                         v-has-permissions="{resource:'ldap',verb:'create'}">{{ $t("commons.button.confirm") }}
              </el-button>
@@ -104,6 +100,7 @@
      </el-form>
    </el-dialog>
    <el-dialog :visible.sync="importUserPageOpen" :title="$t('business.user.import_user')" style="height: 900px">
+      <span>{{ $t("business.user.ldap_helper") }}</span>
      <div style="text-align: right;margin-bottom: 10px">
        <el-input v-model="searchName" suffix-icon="el-icon-search" style="width: 30%" size="mini" clearable @change="handleSearch" />
      </div>
@@ -159,7 +156,7 @@ export default {
    return {
      form: {
        mapping: "{\n" +
-          "   \"Name\":\"sAMAccountName\",\n" +
+          "   \"Name\":\"cn\",\n" +
          "   \"NickName\":\"cn\",\n" +
          "   \"Email\":\"mail\"\n" +
          "}",
@@ -206,24 +203,6 @@ export default {
    }
  },
  methods: {
-    sync () {
-      if (this.form.uuid === undefined || this.form.uuid === "") {
-        this.$message({
-          type: "warning",
-          message: this.$t("business.user.ldap_sync_error")
-        })
-        return
-      }
-      this.isSubmitGoing = true
-      syncLdap(this.form.uuid, {}).then(() => {
-        this.$message({
-          type: "success",
-          message: this.$t("business.user.ldap_sync")
-        })
-      }).finally(() => {
-        this.isSubmitGoing = false
-      })
-    },
    connectTest () {
      let isFormReady = false
      this.$refs["form"].validate((valid) => {
@@ -234,15 +213,12 @@ export default {
      if (!isFormReady) {
        return
      }
-      this.tableUsers = []
      this.loading = true
      this.connectLoading = true
      testConnect(this.form).then(res => {
-        this.users = res.data
-        this.tableUsers = this.users
        this.$message({
          type: "success",
-          message: this.$t("business.user.test_result", { count: res.data.length })
+          message: this.$t("business.user.test_result", { count: res.data })
        })
      }).finally(() => {
        this.loading = false
@@ -254,12 +230,15 @@ export default {
      this.loginForm = {}
    },
    openImportPage () {
-      this.importUserPageOpen = true
      this.searchName = ""
-      if (this.users.length === 0) {
-        this.connectTest()
-      }
-      this.tableUsers = this.users
+      this.loading = true
+      syncLdap({}).then(res => {
+        this.users = res.data
+        this.tableUsers = this.users
+        this.importUserPageOpen = true
+      }).finally(() => {
+        this.loading = false
+      })
    },
    importAvailable (row) {
      return row.available

--- a/web/kubepi/src/i18n/lang/en-US.js
+++ b/web/kubepi/src/i18n/lang/en-US.js
@@ -189,7 +189,7 @@ const message = {
            ldap_password: "Password",
            ldap_filter_dn: "User Filtering DN",
            ldap_filter_rule: "User Filtering Rules",
-            ldap_helper: "Note: Users without mailboxes will not be synchronized, and those with the same login name as local users will not be synchronized!",
+            ldap_helper: "Note: Users who cannot get the Name mapping attribute will not be matched",
            ldap_sync: "Start syncing, please check the user list later",
            ldap_sync_error: "Please save first",
            type: "Type",

--- a/web/kubepi/src/i18n/lang/zh-CN.js
+++ b/web/kubepi/src/i18n/lang/zh-CN.js
@@ -189,7 +189,7 @@ const message = {
            ldap_password: "密码",
            ldap_filter_dn: "用户过滤 OU",
            ldap_filter_rule: "用户过滤规则",
-            ldap_helper: "注意：没有邮箱的用户不会被同步，与本地用户登录名重复的也不会被同步!",
+            ldap_helper: "注意：无法获取到 Name 映射属性的用户不会匹配",
            ldap_sync: "开始同步，稍后请查看用户列表",
            ldap_sync_error: "请先保存",
            type: "类型",
@@ -269,6 +269,10 @@ const system_logs = {
    clusters_repos: "集群仓库",
    imagerepos: "镜像仓库",
    ldap: "LDAP",
+    sync: "同步",
+    import: "导入",
+    testConnect: "测试",
+    testLogin: "测试",
 }