[Backport release-1.5] Fix: failed to assign the default role for the users who log in from dex (#4504)

* Fix: failed to assign the default role for the users who log in from dex Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit ad501b4582) * Fix: cluster e2e test case Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit 23cd84ba94) * Fix: the ensure namespace error is ignored Signed-off-by: barnettZQG <barnett.zqg@gmail.com> (cherry picked from commit 8beb1c6925) Co-authored-by: barnettZQG <barnett.zqg@gmail.com>
2026-05-20 00:07:27 +00:00 · 2022-07-29 17:19:21 +08:00
parent fafa18e8db
commit db21d74a52
7 changed files with 68 additions and 41 deletions
--- a/pkg/apiserver/domain/model/system_info.go
+++ b/pkg/apiserver/domain/model/system_info.go
@@ -32,11 +32,12 @@ const (
 // SystemInfo systemInfo model
 type SystemInfo struct {
 	BaseModel
-	InstallID              string        `json:"installID"`
-	EnableCollection       bool          `json:"enableCollection"`
-	StatisticInfo          StatisticInfo `json:"statisticInfo,omitempty"`
-	LoginType              string        `json:"loginType"`
-	DexUserDefaultProjects []ProjectRef  `json:"projects"`
+	InstallID                   string        `json:"installID"`
+	EnableCollection            bool          `json:"enableCollection"`
+	StatisticInfo               StatisticInfo `json:"statisticInfo,omitempty"`
+	LoginType                   string        `json:"loginType"`
+	DexUserDefaultProjects      []ProjectRef  `json:"projects"`
+	DexUserDefaultPlatformRoles []string      `json:"dexUserDefaultPlatformRoles"`
 }

 // ProjectRef set the project name and roles
--- a/pkg/apiserver/domain/service/authentication.go
+++ b/pkg/apiserver/domain/service/authentication.go
@@ -484,6 +484,10 @@ func (d *dexHandlerImpl) login(ctx context.Context) (*apisv1.UserBase, error) {
 		}
 		userBase = convertUserBase(u)
 	} else {
+		systemInfo, err := d.systemInfoService.GetSystemInfo(ctx)
+		if err != nil {
+			log.Logger.Errorf("failed to get the system info %s", err.Error())
+		}
 		user := &model.User{
 			Email:         claims.Email,
 			Name:          strings.ToLower(claims.Sub),
@@ -491,18 +495,17 @@ func (d *dexHandlerImpl) login(ctx context.Context) (*apisv1.UserBase, error) {
 			Alias:         claims.Name,
 			LastLoginTime: time.Now(),
 		}
+		if systemInfo != nil {
+			user.UserRoles = systemInfo.DexUserDefaultPlatformRoles
+		}
 		if err := d.Store.Add(ctx, user); err != nil {
 			log.Logger.Errorf("failed to save the user from the dex: %s", err.Error())
 			return nil, err
 		}
-		systemInfo, err := d.systemInfoService.GetSystemInfo(ctx)
-		if err != nil {
-			log.Logger.Errorf("failed to get the system info %s", err.Error())
-		}
 		if systemInfo != nil {
 			for _, project := range systemInfo.DexUserDefaultProjects {
 				_, err := d.projectService.AddProjectUser(ctx, project.Name, apisv1.AddProjectUserRequest{
-					UserName:  claims.Sub,
+					UserName:  strings.ToLower(claims.Sub),
 					UserRoles: project.Roles,
 				})
 				if err != nil {
--- a/pkg/apiserver/domain/service/authentication_test.go
+++ b/pkg/apiserver/domain/service/authentication_test.go
@@ -23,6 +23,7 @@ import (
 	"io/ioutil"
 	"reflect"
 	"strconv"
+	"strings"
 	"time"

 	. "github.com/agiledragon/gomonkey/v2"
@@ -65,7 +66,7 @@ var _ = Describe("Test authentication service functions", func() {
 	})
 	It("Test Dex login", func() {
 		testIDToken := &oidc.IDToken{}
-		sub := "248289761001"
+		sub := "248289761001Abv"
 		patch := ApplyMethod(reflect.TypeOf(testIDToken), "Claims", func(_ *oidc.IDToken, v interface{}) error {
 			return json.Unmarshal([]byte(fmt.Sprintf(`{"email":"test@test.com", "name":"show name", "sub": "%s"}`, sub)), v)
 		})
@@ -78,13 +79,14 @@ var _ = Describe("Test authentication service functions", func() {
 		err = projectService.Init(context.TODO())
 		Expect(err).Should(BeNil())

-		_, err = sysService.UpdateSystemInfo(context.TODO(), apisv1.SystemInfoRequest{
-			LoginType: "local",
-			DexUserDefaultProjects: []model.ProjectRef{{
-				Name:  "default",
-				Roles: []string{"app-developer"},
-			}},
-		})
+		info, err := sysService.Get(context.TODO())
+		Expect(err).Should(BeNil())
+		info.DexUserDefaultProjects = []model.ProjectRef{{
+			Name:  "default",
+			Roles: []string{"app-developer"},
+		}}
+		info.DexUserDefaultPlatformRoles = []string{"admin"}
+		err = ds.Put(context.TODO(), info)
 		Expect(err).Should(BeNil())

 		dexHandler := dexHandlerImpl{
@@ -96,9 +98,14 @@ var _ = Describe("Test authentication service functions", func() {
 		resp, err := dexHandler.login(context.Background())
 		Expect(err).Should(BeNil())
 		Expect(resp.Email).Should(Equal("test@test.com"))
-		Expect(resp.Name).Should(Equal(sub))
+		Expect(resp.Name).Should(Equal(strings.ToLower(sub)))
 		Expect(resp.Alias).Should(Equal("show name"))

+		newUser, err := userService.GetUser(context.TODO(), resp.Name)
+		Expect(err).Should(BeNil())
+		Expect(newUser.DexSub).Should(Equal(sub))
+		Expect(newUser.UserRoles).Should(Equal([]string{"admin"}))
+
 		projects, err := projectService.ListUserProjects(context.TODO(), sub)
 		Expect(err).Should(BeNil())
 		Expect(len(projects)).Should(Equal(1))
--- a/pkg/apiserver/domain/service/system_info.go
+++ b/pkg/apiserver/domain/service/system_info.go
@@ -113,8 +113,9 @@ func (u systemInfoServiceImpl) UpdateSystemInfo(ctx context.Context, sysInfo v1.
 			CreateTime: info.CreateTime,
 			UpdateTime: time.Now(),
 		},
-		StatisticInfo:          info.StatisticInfo,
-		DexUserDefaultProjects: sysInfo.DexUserDefaultProjects,
+		StatisticInfo:               info.StatisticInfo,
+		DexUserDefaultProjects:      sysInfo.DexUserDefaultProjects,
+		DexUserDefaultPlatformRoles: info.DexUserDefaultPlatformRoles,
 	}

 	if sysInfo.LoginType == model.LoginTypeDex {
@@ -167,10 +168,11 @@ func (u systemInfoServiceImpl) Init(ctx context.Context) error {

 func convertInfoToBase(info *model.SystemInfo) v1.SystemInfo {
 	return v1.SystemInfo{
-		PlatformID:             info.InstallID,
-		EnableCollection:       info.EnableCollection,
-		LoginType:              info.LoginType,
-		InstallTime:            info.CreateTime,
-		DexUserDefaultProjects: info.DexUserDefaultProjects,
+		PlatformID:                  info.InstallID,
+		EnableCollection:            info.EnableCollection,
+		LoginType:                   info.LoginType,
+		InstallTime:                 info.CreateTime,
+		DexUserDefaultProjects:      info.DexUserDefaultProjects,
+		DexUserDefaultPlatformRoles: info.DexUserDefaultPlatformRoles,
 	}
 }
--- a/pkg/apiserver/interfaces/api/dto/v1/types.go
+++ b/pkg/apiserver/interfaces/api/dto/v1/types.go
@@ -1194,11 +1194,12 @@ type SystemInfoResponse struct {

 // SystemInfo system info
 type SystemInfo struct {
-	PlatformID             string             `json:"platformID"`
-	EnableCollection       bool               `json:"enableCollection"`
-	LoginType              string             `json:"loginType" validate:"oneof=dex local"`
-	InstallTime            time.Time          `json:"installTime,omitempty"`
-	DexUserDefaultProjects []model.ProjectRef `json:"dexUserDefaultProjects,omitempty"`
+	PlatformID                  string             `json:"platformID"`
+	EnableCollection            bool               `json:"enableCollection"`
+	LoginType                   string             `json:"loginType" validate:"oneof=dex local"`
+	InstallTime                 time.Time          `json:"installTime,omitempty"`
+	DexUserDefaultProjects      []model.ProjectRef `json:"dexUserDefaultProjects,omitempty"`
+	DexUserDefaultPlatformRoles []string           `json:"dexUserDefaultPlatformRoles,omitempty"`
 }

 // StatisticInfo generated by cronJob running in backend
--- a/pkg/multicluster/cluster_management.go
+++ b/pkg/multicluster/cluster_management.go
@@ -20,6 +20,8 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"strings"
+	"time"

 	"github.com/briandowns/spinner"
 	prismclusterv1alpha1 "github.com/kubevela/prism/pkg/apis/cluster/v1alpha1"
@@ -89,9 +91,20 @@ func (clusterConfig *KubeClusterConfig) PostRegistration(ctx context.Context, cl
 	if clusterConfig.CreateNamespace == "" {
 		return nil
 	}
-	if err := ensureNamespaceExists(ctx, cli, clusterConfig.ClusterName, clusterConfig.CreateNamespace); err != nil {
-		_ = DetachCluster(ctx, cli, clusterConfig.ClusterName, DetachClusterManagedClusterKubeConfigPathOption(clusterConfig.FilePath))
-		return fmt.Errorf("failed to ensure %s namespace installed in cluster %s: %w", clusterConfig.CreateNamespace, clusterConfig.ClusterName, err)
+	// retry 3 times.
+	for i := 0; i < 3; i++ {
+		if err := ensureNamespaceExists(ctx, cli, clusterConfig.ClusterName, clusterConfig.CreateNamespace); err != nil {
+			// Cluster gateway discovers the cluster maybe be deferred, so we should retry.
+			if strings.Contains(err.Error(), "no such cluster") {
+				if i < 2 {
+					time.Sleep(time.Second * 1)
+					continue
+				}
+			}
+			_ = DetachCluster(ctx, cli, clusterConfig.ClusterName, DetachClusterManagedClusterKubeConfigPathOption(clusterConfig.FilePath))
+			return fmt.Errorf("failed to ensure %s namespace installed in cluster %s: %w", clusterConfig.CreateNamespace, clusterConfig.ClusterName, err)
+		}
+		break
 	}
 	return nil
 }