Merge branch 'master' of github.com:KubeOperator/KubePi

Author: ssongliu

Dockerfile

@@ -51,8 +51,9 @@ RUN ARCH=$(uname -m) && case $ARCH in aarch64) ARCH="arm64";; x86_64) ARCH="amd6
     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* && \
     chmod -R 755 /tmp && mkdir -p /opt/webkubectl
 
-
-ENV TZ='Asia/Shanghai';
+RUN apk add tzdata && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && echo "Asia/Shanghai" > /etc/timezone \
+    && apk del tzdata
 
 COPY vimrc.local /etc/vim
 

internal/api/v1/ldap/ldap.go

@@ -82,14 +82,13 @@ func (h *Handler) TestConnect() iris.Handler {
 
 func (h *Handler) SyncLdapUser() iris.Handler {
 	return func(ctx *context.Context) {
-		uuid := ctx.Params().Get("id")
-		err := h.ldapService.Sync(uuid, common.DBOptions{})
+		users, err := h.ldapService.GetLdapUser()
 		if err != nil {
 			ctx.StatusCode(iris.StatusInternalServerError)
 			ctx.Values().Set("message", err.Error())
 			return
 		}
-		ctx.Values().Set("data", "")
+		ctx.Values().Set("data", users)
 	}
 }
 
@@ -132,7 +131,7 @@ func Install(parent iris.Party) {
 	sp.Get("/", handler.ListLdap())
 	sp.Post("/", handler.AddLdap())
 	sp.Put("/", handler.UpdateLdap())
-	sp.Post("/sync/:id", handler.SyncLdapUser())
+	sp.Post("/sync", handler.SyncLdapUser())
 	sp.Post("/test/connect", handler.TestConnect())
 	sp.Post("/test/login", handler.TestLogin())
 	sp.Post("/import", handler.ImportUser())

internal/api/v1/v1.go

@@ -141,6 +141,22 @@ func logHandler() iris.Handler {
 		log.Operator = profile.Name
 		log.Operation = method
 
+		//handle ldap operate
+		if strings.Contains(path,"ldap") {
+			if strings.Contains(path,"import") {
+				log.Operation = "import"
+			}
+			if strings.Contains(path,"sync") {
+				log.Operation = "sync"
+			}
+			if strings.Contains(path,"connect") {
+				log.Operation = "testConnect"
+			}
+			if strings.Contains(path,"login") {
+				log.Operation = "testLogin"
+			}
+		}
+
 		pathResource := strings.Split(path, "/")
 		if strings.HasPrefix(currentPath, "clusters/:name") {
 			if len(pathResource) < 3 {

internal/service/v1/ldap/ldap.go

@@ -30,10 +30,11 @@ type Service interface {
 	Delete(id string, options common.DBOptions) error
 	Sync(id string, options common.DBOptions) error
 	Login(user v1User.User, password string, options common.DBOptions) error
-	TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error)
+	TestConnect(ldap *v1Ldap.Ldap) (int, error)
 	TestLogin(username string, password string) error
 	ImportUsers(users []v1User.ImportUser) (v1User.ImportResult, error)
 	CheckStatus() bool
+	GetLdapUser() ([]v1User.ImportUser, error)
 }
 
 func NewService() Service {
@@ -128,17 +129,19 @@ func (l *service) Delete(id string, options common.DBOptions) error {
 	return db.DeleteStruct(ldap)
 }
 
-//func (l *service) GetLdapUser()  ([]v1User.ImportUser, error) {
-//	users := []v1User.ImportUser{}
-//
-//}
-
-func (l *service) TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error) {
+func (l *service) GetLdapUser() ([]v1User.ImportUser, error) {
 	users := []v1User.ImportUser{}
+	ldaps, err := l.List(common.DBOptions{})
+	if err != nil {
+		return users, err
+	}
+	if len(ldaps) == 0 {
+		return users, errors.New("请先保存LDAP配置")
+	}
+	ldap := ldaps[0]
 	if !ldap.Enable {
 		return users, errors.New("请先启用LDAP")
 	}
-
 	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
 	if err := lc.Connect(); err != nil {
 		return users, err
@@ -162,7 +165,6 @@ func (l *service) TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error) {
 		us := new(v1User.ImportUser)
 		us.Available = true
 		rv := reflect.ValueOf(&us).Elem().Elem()
-
 		for _, at := range entry.Attributes {
 			for k, v := range mappings {
 				if v == at.Name && len(at.Values) > 0 {
@@ -173,23 +175,41 @@ func (l *service) TestConnect(ldap *v1Ldap.Ldap) ([]v1User.ImportUser, error) {
 				}
 			}
 		}
-		if us.Email == "" || us.Name == "" {
+		if us.Name == "" {
 			continue
 		}
-		if us.NickName == "" {
-			us.NickName = us.Name
-		}
 		_, err = l.userService.GetByNameOrEmail(us.Name, common.DBOptions{})
 		if err == nil {
 			us.Available = false
 		}
 		users = append(users, *us)
 	}
-	if len(users) == 0 && len(entries) > 0 {
-		return users, errors.New("Mapping 映射失败!")
+	return users, nil
+}
+
+func (l *service) TestConnect(ldap *v1Ldap.Ldap) (int, error) {
+	users := 0
+	if !ldap.Enable {
+		return users, errors.New("请先启用LDAP")
 	}
 
-	return users, nil
+	lc := ldapClient.NewLdapClient(ldap.Address, ldap.Port, ldap.Username, ldap.Password, ldap.TLS)
+	if err := lc.Connect(); err != nil {
+		return users, err
+	}
+	attributes, err := ldap.GetAttributes()
+	if err != nil {
+		return users, err
+	}
+	entries, err := lc.Search(ldap.Dn, ldap.Filter, ldap.SizeLimit, ldap.TimeLimit, attributes)
+	if err != nil {
+		return users, err
+	}
+	if len(entries) == 0 {
+		return users, nil
+	}
+
+	return len(entries), nil
 }
 
 func (l *service) CheckStatus() bool {
@@ -263,6 +283,13 @@ func (l *service) ImportUsers(users []v1User.ImportUser) (v1User.ImportResult, e
 			Type:  v1User.LDAP,
 			Email: imp.Email,
 		}
+		if us.Email == "" {
+			us.Email = us.Name + "@example.com"
+		}
+		if us.NickName == "" {
+			us.NickName = us.Name
+		}
+
 		result.Failures = append(result.Failures, us.Name)
 		tx, err := server.DB().Begin(true)
 		if err != nil {

pkg/util/ldap/ldap_client.go

@@ -47,7 +47,7 @@ func (l *Ldap) Connect() error {
 
 func (l *Ldap) Search(dn, filter string, sizeLimit, timeLimit int, attributes []string) ([]*ldap.Entry, error) {
 	searchRequest := ldap.NewSearchRequest(dn,
-		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, timeLimit, false,
+		ldap.ScopeWholeSubtree, ldap.DerefAlways, 0, timeLimit, false,
 		filter,
 		attributes,
 		nil)

pkg/util/podtool/copytopod.go

@@ -10,7 +10,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"strings"
 )
 
 func (p *PodTool) CopyToContainer(destPath string) error {
@@ -26,18 +25,17 @@ func (p *PodTool) CopyToContainer(destPath string) error {
 	var stderr bytes.Buffer
 	p.ExecConfig.Stderr = &stderr
 	err := p.Exec(Exec)
+	var stdout bytes.Buffer
+	p.ExecConfig.Stdout = &stdout
 	if err != nil {
-		return fmt.Errorf(err.Error(), stderr)
-	}
-	if len(stderr.Bytes()) != 0 {
-		for _, line := range strings.Split(stderr.String(), "\n") {
-			if len(strings.TrimSpace(line)) == 0 {
-				continue
-			}
-			if !strings.Contains(strings.ToLower(line), "removing") {
-				return fmt.Errorf(line)
-			}
+		result := ""
+		if len(stdout.Bytes()) != 0 {
+			result = stdout.String()
 		}
+		if len(stderr.Bytes()) != 0 {
+			result = stderr.String()
+		}
+		return fmt.Errorf(err.Error(), result)
 	}
 	return nil
 }
@@ -77,16 +75,6 @@ func (p *PodTool) CopyToPod(srcPath, destPath string) error {
 		}
 		return fmt.Errorf(err.Error(), result)
 	}
-	if len(stderr.Bytes()) != 0 {
-		for _, line := range strings.Split(stderr.String(), "\n") {
-			if len(strings.TrimSpace(line)) == 0 {
-				continue
-			}
-			if !strings.Contains(strings.ToLower(line), "removing") {
-				return fmt.Errorf(line)
-			}
-		}
-	}
 	return nil
 }
 

web/dashboard/src/business/workloads/pods/podfilebrowser/index.vue

@@ -136,7 +136,7 @@
         <div slot="tip" class="el-upload__tip">{{ $t("business.pod.upload_tip") }}</div>
       </el-upload>
       <span slot="footer" class="dialog-footer">
-        <el-button @click="openUpload=false" :disabled="loading">{{ $t("commons.button.cancel") }}</el-button>
+        <el-button @click="handleUploadClose" :disabled="loading">{{ $t("commons.button.cancel") }}</el-button>
         <el-button type="primary" @click="upload" :loading="loading">{{ $t("commons.button.confirm") }}</el-button>
       </span>
     </el-dialog>

web/kubepi/src/api/ldap.js

@@ -14,8 +14,8 @@ export function updateLdap(data){
   return put(`${baseUrl}`, data)
 }
 
-export function syncLdap(id,data) {
-  return post(`${baseUrl}/sync/${id}`, data)
+export function syncLdap(data) {
+  return post(`${baseUrl}/sync`, data)
 }
 
 export function testConnect(data) {

web/kubepi/src/business/user-management/ldap/index.vue

@@ -67,10 +67,6 @@
                   $t("business.user.ldap_remake")
                 }}
               </el-button>
-              <!--              <el-button @click="sync" :disabled="isSubmitGoing" v-has-permissions="{resource:'ldap',verb:'create'}">{{-->
-              <!--                  $t("commons.button.sync")-->
-              <!--                }}-->
-              <!--              </el-button>-->
               <el-button type="primary" @click="onSubmit" :disabled="isSubmitGoing"
                          v-has-permissions="{resource:'ldap',verb:'create'}">{{ $t("commons.button.confirm") }}
               </el-button>
@@ -104,6 +100,7 @@
       </el-form>
     </el-dialog>
     <el-dialog :visible.sync="importUserPageOpen" :title="$t('business.user.import_user')" style="height: 900px">
+      <span>{{ $t("business.user.ldap_helper") }}</span>
       <div style="text-align: right;margin-bottom: 10px">
         <el-input v-model="searchName" suffix-icon="el-icon-search" style="width: 30%" size="mini" clearable @change="handleSearch" />
       </div>
@@ -159,7 +156,7 @@ export default {
     return {
       form: {
         mapping: "{\n" +
-          "   \"Name\":\"sAMAccountName\",\n" +
+          "   \"Name\":\"cn\",\n" +
           "   \"NickName\":\"cn\",\n" +
           "   \"Email\":\"mail\"\n" +
           "}",
@@ -206,24 +203,6 @@ export default {
     }
   },
   methods: {
-    sync () {
-      if (this.form.uuid === undefined || this.form.uuid === "") {
-        this.$message({
-          type: "warning",
-          message: this.$t("business.user.ldap_sync_error")
-        })
-        return
-      }
-      this.isSubmitGoing = true
-      syncLdap(this.form.uuid, {}).then(() => {
-        this.$message({
-          type: "success",
-          message: this.$t("business.user.ldap_sync")
-        })
-      }).finally(() => {
-        this.isSubmitGoing = false
-      })
-    },
     connectTest () {
       let isFormReady = false
       this.$refs["form"].validate((valid) => {
@@ -234,15 +213,12 @@ export default {
       if (!isFormReady) {
         return
       }
-      this.tableUsers = []
       this.loading = true
       this.connectLoading = true
       testConnect(this.form).then(res => {
-        this.users = res.data
-        this.tableUsers = this.users
         this.$message({
           type: "success",
-          message: this.$t("business.user.test_result", { count: res.data.length })
+          message: this.$t("business.user.test_result", { count: res.data })
         })
       }).finally(() => {
         this.loading = false
@@ -254,12 +230,15 @@ export default {
       this.loginForm = {}
     },
     openImportPage () {
-      this.importUserPageOpen = true
       this.searchName = ""
-      if (this.users.length === 0) {
-        this.connectTest()
-      }
-      this.tableUsers = this.users
+      this.loading = true
+      syncLdap({}).then(res => {
+        this.users = res.data
+        this.tableUsers = this.users
+        this.importUserPageOpen = true
+      }).finally(() => {
+        this.loading = false
+      })
     },
     importAvailable (row) {
       return row.available

web/kubepi/src/i18n/lang/en-US.js

@@ -189,7 +189,7 @@ const message = {
             ldap_password: "Password",
             ldap_filter_dn: "User Filtering DN",
             ldap_filter_rule: "User Filtering Rules",
-            ldap_helper: "Note: Users without mailboxes will not be synchronized, and those with the same login name as local users will not be synchronized!",
+            ldap_helper: "Note: Users who cannot get the Name mapping attribute will not be matched",
             ldap_sync: "Start syncing, please check the user list later",
             ldap_sync_error: "Please save first",
             type: "Type",