adapt old rolebinding

bxy4543 · Sep 4, 2024 · d5321d6 · d5321d6
1 parent e40fd26
commit d5321d6
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 8 deletions.
diff --git a/controllers/user/controllers/adapt_rolebinding_controller.go b/controllers/user/controllers/adapt_rolebinding_controller.go
@@ -20,10 +20,13 @@ import (
 	"context"
 
 	"github.com/labring/sealos/controllers/user/controllers/helper/config"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 
 	v1 "k8s.io/api/rbac/v1"
+
+	userv1 "github.com/labring/sealos/controllers/user/api/v1"
 	"sigs.k8s.io/controller-runtime/pkg/event"
 
 	"github.com/go-logr/logr"
@@ -53,13 +56,23 @@ func (r *AdaptRoleBindingReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}
 
 	if rolebinding.Subjects[0].Namespace != config.GetUserSystemNamespace() {
+		userName := rolebinding.GetAnnotations()[userAnnotationOwnerKey]
+		user := &userv1.User{}
+		if err := r.Get(ctx, client.ObjectKey{Name: userName}, user); err != nil {
+			r.Logger.Error(err, "get user failed")
+			return ctrl.Result{}, err
+		}
 		appendSubject := rolebinding.Subjects[0].DeepCopy()
 		appendSubject.Namespace = config.GetUserSystemNamespace()
 		rolebinding.Subjects = append(rolebinding.Subjects, *appendSubject)
 		if err := r.Update(ctx, rolebinding); err != nil {
 			r.Logger.Error(err, "update rolebinding failed")
 			return ctrl.Result{}, err
 		}
+		if err := controllerutil.SetControllerReference(user, rolebinding, r.Scheme); err != nil {
+			r.Logger.Error(err, "set controller reference failed")
+			return ctrl.Result{}, err
+		}
 	}
 	return ctrl.Result{}, nil
 }
@@ -114,7 +127,7 @@ func isWorkspaceObject(obj client.Object) bool {
 	}
 
 	for _, sub := range rolebinding.Subjects {
-		if sub.Kind == config.GetUserSystemNamespace() {
+		if sub.Namespace == config.GetUserSystemNamespace() {
 			return false
 		}
 	}

diff --git a/controllers/user/controllers/operationrequest_controller.go b/controllers/user/controllers/operationrequest_controller.go
@@ -136,24 +136,26 @@ func (r *OperationReqReconciler) reconcile(ctx context.Context, request *userv1.
 	)
 
 	user := &userv1.User{}
+	if err := r.Get(ctx, client.ObjectKey{Name: config.GetUserNameByNamespace(request.Namespace)}, user); err != nil {
+		r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to get user", "Failed to get user %s", request.Spec.User)
+		return ctrl.Result{}, err
+	}
 	if request.Spec.Role == userv1.OwnerRoleType {
-		if err := r.Get(ctx, client.ObjectKey{Name: config.GetUserNameByNamespace(request.Namespace)}, user); err != nil {
-			r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to get user", "Failed to get user %s", request.Spec.User)
-			return ctrl.Result{}, err
-		}
-
 		if user.Name == user.Annotations[userv1.UserAnnotationOwnerKey] {
 			// 不允许转移个人空间
 			r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to grant role", "Failed to grant role %s to user %s, cannot transfer personal workspace", request.Spec.Role, request.Spec.User)
 			return ctrl.Result{}, r.updateRequestStatus(ctx, request, userv1.RequestFailed)
 		}
 	}
+	setUpOwnerReferenceFc := func() error {
+		return ctrl.SetControllerReference(user, rolebinding, r.Scheme)
+	}
 
 	// handle OperationRequest, create or delete rolebinding
 	switch request.Spec.Action {
 	case userv1.Grant:
 		r.Recorder.Eventf(request, v1.EventTypeNormal, "Grant", "Grant role %s to user %s", request.Spec.Role, request.Spec.User)
-		if _, err := ctrl.CreateOrUpdate(ctx, r.Client, rolebinding, func() error { return nil }); err != nil {
+		if _, err := ctrl.CreateOrUpdate(ctx, r.Client, rolebinding, setUpOwnerReferenceFc); err != nil {
 			r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to create/update rolebinding", "Failed to create rolebinding %s/%s", rolebinding.Namespace, rolebinding.Name)
 			return ctrl.Result{}, err
 		}
@@ -177,7 +179,7 @@ func (r *OperationReqReconciler) reconcile(ctx context.Context, request *userv1.
 			r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to delete rolebinding", "Failed to delete rolebinding %s/%s", rolebinding.Namespace, rolebinding.Name)
 			return ctrl.Result{}, err
 		}
-		if _, err := ctrl.CreateOrUpdate(ctx, r.Client, rolebinding, func() error { return nil }); err != nil {
+		if _, err := ctrl.CreateOrUpdate(ctx, r.Client, rolebinding, setUpOwnerReferenceFc); err != nil {
 			r.Recorder.Eventf(request, v1.EventTypeWarning, "Failed to create/update rolebinding", "Failed to create rolebinding %s/%s", rolebinding.Namespace, rolebinding.Name)
 			return ctrl.Result{}, err
 		}