Skip to content

Commit

Permalink
update types dependency for 2.4
Browse files Browse the repository at this point in the history
JacieChao committed Apr 26, 2021
1 parent 55414fd commit 6658aa1
Showing 884 changed files with 134,805 additions and 62,674 deletions.
53 changes: 26 additions & 27 deletions go.mod
Original file line number Diff line number Diff line change
@@ -3,41 +3,40 @@ module github.com/JacieChao/rancher-upgrade-authtool
go 1.13

replace (
k8s.io/api => k8s.io/api v0.0.0-20190918155943-95b840bb6a1f
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.0.0-20190918161926-8f644eb6e783
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655
k8s.io/apiserver => k8s.io/apiserver v0.0.0-20190918160949-bfa5e2e684ad
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20190918162238-f783a3654da8
k8s.io/client-go => github.com/rancher/client-go v1.16.0-rancher.3
k8s.io/cloud-provider => k8s.io/cloud-provider v0.0.0-20190918163234-a9c1f33e9fb9
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.0.0-20190918163108-da9fdfce26bb
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20190912054826-cd179ad6a269
k8s.io/component-base => k8s.io/component-base v0.0.0-20190918160511-547f6c5d7090
k8s.io/cri-api => k8s.io/cri-api v0.0.0-20190828162817-608eb1dad4ac
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.0.0-20190918163402-db86a8c7bb21
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.0.0-20190918161219-8c8f079fddc3
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.0.0-20190918162944-7a93a0ddadd8
k8s.io/kube-proxy => k8s.io/kube-proxy v0.0.0-20190918162534-de037b596c1e
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.0.0-20190918162820-3b5c1246eb18
k8s.io/kubectl => k8s.io/kubectl v0.0.0-20190918164019-21692a0861df
k8s.io/kubelet => k8s.io/kubelet v0.0.0-20190918162654-250a1838aa2c
k8s.io/kubernetes => k8s.io/kubernetes v1.16.0
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.0.0-20190918163543-cfa506e53441
k8s.io/metrics => k8s.io/metrics v0.0.0-20190918162108-227c654b2546
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.0.0-20190918161442-d4c9c65c82af
k8s.io/api => k8s.io/api v0.18.8
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.18.8
k8s.io/apimachinery => k8s.io/apimachinery v0.18.8
k8s.io/apiserver => k8s.io/apiserver v0.18.8
k8s.io/cli-runtime => k8s.io/cli-runtime v0.18.8
k8s.io/client-go => github.com/rancher/client-go v1.18.8-rancher.4
k8s.io/cloud-provider => k8s.io/cloud-provider v0.18.8
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.18.8
k8s.io/code-generator => k8s.io/code-generator v0.18.8
k8s.io/component-base => k8s.io/component-base v0.18.8
k8s.io/cri-api => k8s.io/cri-api v0.18.8
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.18.8
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.18.8
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.18.8
k8s.io/kube-proxy => k8s.io/kube-proxy v0.18.8
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.18.8
k8s.io/kubectl => k8s.io/kubectl v0.18.8
k8s.io/kubelet => k8s.io/kubelet v0.18.8
k8s.io/kubernetes => k8s.io/kubernetes v1.18.8
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.18.8
k8s.io/metrics => k8s.io/metrics v0.18.8
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.18.8
)

require (
github.com/mitchellh/mapstructure v1.1.2
github.com/pkg/errors v0.9.1
github.com/rancher/types v0.0.0-20200312010455-14e9ee6d634f
github.com/rancher/types v0.0.0-20210123000350-7cb436b3f0b0
github.com/sirupsen/logrus v1.4.2
github.com/urfave/cli v1.22.3
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/ldap.v2 v2.5.1
k8s.io/api v0.17.0 // indirect
k8s.io/apimachinery v0.17.0
k8s.io/client-go v11.0.1-0.20190805182715-88a2adca7e76+incompatible
k8s.io/apimachinery v0.18.8
k8s.io/client-go v12.0.0+incompatible
)

replace github.com/rancher/types => github.com/cnrancher/pandaria-types v0.0.0-20200304070203-6c21b862a381
replace github.com/rancher/types => github.com/cnrancher/pandaria-types v0.0.0-20210125041031-77784311ff33
525 changes: 60 additions & 465 deletions go.sum

Large diffs are not rendered by default.

13 changes: 0 additions & 13 deletions main.go
Original file line number Diff line number Diff line change
@@ -27,19 +27,6 @@ func main() {
return tool.Upgrade(&config)
},
},
{
Name: "rollback",
Aliases: []string{"r"},
Usage: "rollback rancher user to old version",
Action: func(c *cli.Context) error {
if config.AuthType == "0" {
config.AuthConfigType = tool.ActiveDirectoryAuth
} else if config.AuthType == "1" {
config.AuthConfigType = tool.OpenLDAPAuth
}
return tool.Rollback(&config)
},
},
}
app.Flags = []cli.Flag{
cli.BoolFlag{
4 changes: 2 additions & 2 deletions tool/rollback.go
Original file line number Diff line number Diff line change
@@ -65,7 +65,7 @@ func Rollback(c *Config) error {
return err
}
logrus.Infof("Get Active Directory Auth config: %++v", *authConfig)
lConn, err = NewLDAPConn(authConfig.Servers, authConfig.TLS, authConfig.Port, authConfig.ConnectionTimeout, caPool)
lConn, err = NewLDAPConn(authConfig.Servers, authConfig.TLS, authConfig.StartTLS, authConfig.Port, authConfig.ConnectionTimeout, caPool)
if err != nil {
return err
}
@@ -86,7 +86,7 @@ func Rollback(c *Config) error {
return err
}
logrus.Infof("Get OpenLDAP Auth config: %++v", *ldapConfig)
lConn, err = NewLDAPConn(ldapConfig.Servers, ldapConfig.TLS, ldapConfig.Port, ldapConfig.ConnectionTimeout, caPool)
lConn, err = NewLDAPConn(ldapConfig.Servers, ldapConfig.TLS, ldapConfig.StartTLS, ldapConfig.Port, ldapConfig.ConnectionTimeout, caPool)
if err != nil {
return err
}
63 changes: 57 additions & 6 deletions tool/upgrade.go
Original file line number Diff line number Diff line change
@@ -68,7 +68,7 @@ func Upgrade(c *Config) error {
return err
}
logrus.Infof("Get Active Directory Auth config: %++v", *authConfig)
lConn, err = NewLDAPConn(authConfig.Servers, authConfig.TLS, authConfig.Port, authConfig.ConnectionTimeout, caPool)
lConn, err = NewLDAPConn(authConfig.Servers, authConfig.TLS, authConfig.StartTLS, authConfig.Port, authConfig.ConnectionTimeout, caPool)
if err != nil {
return err
}
@@ -97,7 +97,7 @@ func Upgrade(c *Config) error {
return err
}
logrus.Infof("Get OpenLDAP Auth config: %++v", *ldapConfig)
lConn, err = NewLDAPConn(ldapConfig.Servers, ldapConfig.TLS, ldapConfig.Port, ldapConfig.ConnectionTimeout, caPool)
lConn, err = NewLDAPConn(ldapConfig.Servers, ldapConfig.TLS, ldapConfig.StartTLS, ldapConfig.Port, ldapConfig.ConnectionTimeout, caPool)
if err != nil {
return err
}
@@ -129,6 +129,19 @@ func Upgrade(c *Config) error {
if groupSearchDN == "" {
groupSearchDN = baseDN
}

grbList, err := management.GlobalRoleBindings("").List(metav1.ListOptions{})
if err != nil {
return err
}
beforeUpdateGRB := []v3.GlobalRoleBinding{}
for _, grb := range grbList.Items {
if grb.GroupPrincipalName != "" && strings.HasPrefix(grb.GroupPrincipalName, groupScopeType) {
beforeUpdateGRB = append(beforeUpdateGRB, grb)
}
}
logrus.Infof("find %d global role bindings to update for group principal", len(beforeUpdateGRB))

crtbList, err := management.ClusterRoleTemplateBindings("").List(metav1.ListOptions{})
if err != nil {
return err
@@ -160,7 +173,7 @@ func Upgrade(c *Config) error {
preparedUsers, failedUsers := prepareUsers(beforeUpdate, lConn, userScopeType, c.AuthConfigType,
objectFilter, uidAttribute, searchAttribute)

preparedCRTB, failedCRTB, preparedPRTB, failedPRTB := preparePermissions(beforeUpdateCRTB, beforeUpdatePRTB,
preparedCRTB, failedCRTB, preparedPRTB, failedPRTB, preparedGRB, failedGRB := preparePermissions(beforeUpdateCRTB, beforeUpdatePRTB, beforeUpdateGRB,
lConn, groupScopeType, userScopeType, groupFilter,
objectFilter, gidAttribute, uidAttribute, groupSearchAttribute, searchAttribute)

@@ -177,6 +190,20 @@ func Upgrade(c *Config) error {
preparedPRTB = append(preparedPRTB, newPRTB...)

logrus.Println("Step 4. Sync cluster permission with unique attribute id")
logrus.Infof("RESULT:: Will update %d grb", len(preparedGRB))
for _, grb := range preparedGRB {
if !c.IsDryRun {
_, err = management.GlobalRoleBindings("").Update(&grb)
if err != nil {
logrus.Errorf("failed to update grb %s, with error: %v", grb.Name, err)
logrus.Infof("failed grb is: %++v", grb)
continue
}
} else {
logrus.Infof("Update GRB %s, with group principal %s", grb.Name, grb.GroupPrincipalName)
}
}

logrus.Infof("RESULT:: Will update %d crtb", len(preparedCRTB))
for _, crtb := range preparedCRTB {
if !c.IsDryRun {
@@ -238,6 +265,10 @@ func Upgrade(c *Config) error {
logrus.Warnf("Find multiple results or not exist principal for prtb %s, ns %s, please manual check dn or remove permission", manuprtb.Name, manuprtb.Namespace)
}

for _, manugrb := range failedGRB {
logrus.Warnf("please manual check global role binding permission %v", manugrb.Name)
}

return nil
}

@@ -375,11 +406,11 @@ func getUniqueAttribute(entry *ldapv2.Entry, scopeType, scope, uniqueAttribute s
return principalIDOfDN, principalOfUID, uniqueID
}

func preparePermissions(beforeCRTB []v3.ClusterRoleTemplateBinding, beforePRTB []v3.ProjectRoleTemplateBinding,
func preparePermissions(beforeCRTB []v3.ClusterRoleTemplateBinding, beforePRTB []v3.ProjectRoleTemplateBinding, beforeGRB []v3.GlobalRoleBinding,
lConn *ldapv2.Conn, groupScopeType, userScopeType, groupFilter, objectFilter,
gidAttribute, uidAttribute string, groupSearchAttribute, searchAttribute []string) (preparedCRTB []v3.ClusterRoleTemplateBinding,
failedCRTB []v3.ClusterRoleTemplateBinding, preparedPRTB []v3.ProjectRoleTemplateBinding,
failedPRTB []v3.ProjectRoleTemplateBinding) {
failedPRTB []v3.ProjectRoleTemplateBinding, preparedGRB []v3.GlobalRoleBinding, failedGRB []v3.GlobalRoleBinding) {

preparedCRTB = []v3.ClusterRoleTemplateBinding{}
failedCRTB = []v3.ClusterRoleTemplateBinding{}
@@ -455,7 +486,27 @@ func preparePermissions(beforeCRTB []v3.ClusterRoleTemplateBinding, beforePRTB [
preparedPRTB = append(preparedPRTB, prtb)
}

return preparedCRTB, failedCRTB, preparedPRTB, failedPRTB
preparedGRB = []v3.GlobalRoleBinding{}
failedGRB = []v3.GlobalRoleBinding{}
for _, grb := range beforeGRB {
if grb.GroupPrincipalName != "" && strings.HasPrefix(grb.GroupPrincipalName, groupScopeType) {
principalID := grb.GroupPrincipalName
_, principalUID, _, err := generateNewPrincipalByDN(lConn, principalID, groupScopeType, groupFilter, gidAttribute, groupSearchAttribute)
if err != nil {
if strings.EqualFold(err.Error(), NoResultFoundError) {
logrus.Warnf("No identies found using current principalID: %s for grb %s", principalID, grb.Name)
failedGRB = append(failedGRB, grb)
} else {
logrus.Errorf("failed to get group using principalID %s for grb %s, err: %v", principalID, grb.Name, err)
}
continue
}
grb.GroupPrincipalName = principalUID
preparedGRB = append(preparedGRB, grb)
}
}

return preparedCRTB, failedCRTB, preparedPRTB, failedPRTB, preparedGRB, failedGRB
}

func prepareDNChangedUsers(failedUsers map[string]v3.User, preparedUsers map[string]v3.User,
12 changes: 10 additions & 2 deletions tool/utils.go
Original file line number Diff line number Diff line change
@@ -75,7 +75,7 @@ func GetDNAndScopeFromPrincipalID(principalID string) (string, string, error) {
return externalID, scope, nil
}

func NewLDAPConn(servers []string, TLS bool, port int64, connectionTimeout int64, caPool *x509.CertPool) (*ldapv2.Conn, error) {
func NewLDAPConn(servers []string, TLS, startTLS bool, port int64, connectionTimeout int64, caPool *x509.CertPool) (*ldapv2.Conn, error) {
var lConn *ldapv2.Conn
var err error
var tlsConfig *tls.Config
@@ -85,12 +85,20 @@ func NewLDAPConn(servers []string, TLS bool, port int64, connectionTimeout int64
return nil, errors.New("invalid server config. only exactly 1 server is currently supported")
}
server := servers[0]
tlsConfig = &tls.Config{RootCAs: caPool, InsecureSkipVerify: false, ServerName: server}
if TLS {
tlsConfig = &tls.Config{RootCAs: caPool, InsecureSkipVerify: false, ServerName: server}
lConn, err = ldapv2.DialTLS("tcp", fmt.Sprintf("%s:%d", server, port), tlsConfig)
if err != nil {
return nil, fmt.Errorf("Error creating ssl connection: %v", err)
}
} else if startTLS {
lConn, err = ldapv2.Dial("tcp", fmt.Sprintf("%s:%d", server, port))
if err != nil {
return nil, fmt.Errorf("Error creating connection for startTLS: %v", err)
}
if err := lConn.StartTLS(tlsConfig); err != nil {
return nil, fmt.Errorf("Error upgrading startTLS connection: %v", err)
}
} else {
lConn, err = ldapv2.Dial("tcp", fmt.Sprintf("%s:%d", server, port))
if err != nil {
8 changes: 8 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/.travis.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 22 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/LICENSE.txt

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

67 changes: 67 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/README.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/go.mod

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Empty file.
236 changes: 236 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash.go
13 changes: 13 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go
215 changes: 215 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
76 changes: 76 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash_other.go
15 changes: 15 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
46 changes: 46 additions & 0 deletions vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
2 changes: 2 additions & 0 deletions vendor/github.com/gogo/protobuf/proto/encode.go
20 changes: 13 additions & 7 deletions vendor/github.com/gogo/protobuf/proto/lib.go
71 changes: 41 additions & 30 deletions vendor/github.com/gogo/protobuf/proto/properties.go
17 changes: 10 additions & 7 deletions vendor/github.com/gogo/protobuf/proto/table_marshal.go
19 changes: 19 additions & 0 deletions vendor/github.com/gogo/protobuf/proto/table_merge.go
22 changes: 13 additions & 9 deletions vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
6 changes: 4 additions & 2 deletions vendor/github.com/gogo/protobuf/proto/text.go
5 changes: 2 additions & 3 deletions vendor/github.com/golang/protobuf/proto/properties.go
141 changes: 141 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/any.go
200 changes: 200 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/any/any.pb.go
154 changes: 154 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/any/any.proto
35 changes: 35 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/doc.go
102 changes: 102 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/duration.go
161 changes: 161 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go
117 changes: 117 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/duration/duration.proto
132 changes: 132 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/timestamp.go
179 changes: 179 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go
135 changes: 135 additions & 0 deletions vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto
83 changes: 61 additions & 22 deletions vendor/github.com/google/go-cmp/cmp/compare.go
4 changes: 2 additions & 2 deletions vendor/github.com/google/go-cmp/cmp/export_panic.go
6 changes: 4 additions & 2 deletions vendor/github.com/google/go-cmp/cmp/export_unsafe.go
4 changes: 3 additions & 1 deletion vendor/github.com/google/go-cmp/cmp/internal/value/sort.go
9 changes: 6 additions & 3 deletions vendor/github.com/google/go-cmp/cmp/internal/value/zero.go
55 changes: 40 additions & 15 deletions vendor/github.com/google/go-cmp/cmp/options.go
71 changes: 70 additions & 1 deletion vendor/github.com/google/go-cmp/cmp/path.go
2 changes: 1 addition & 1 deletion vendor/github.com/google/go-cmp/cmp/report_compare.go
1 change: 0 additions & 1 deletion vendor/github.com/google/go-cmp/cmp/report_reflect.go
4 changes: 2 additions & 2 deletions vendor/github.com/google/go-cmp/cmp/report_slices.go
7 changes: 6 additions & 1 deletion vendor/github.com/google/go-cmp/cmp/report_text.go
2 changes: 1 addition & 1 deletion vendor/github.com/google/gofuzz/README.md
35 changes: 27 additions & 8 deletions vendor/github.com/google/gofuzz/fuzz.go
2 changes: 2 additions & 0 deletions vendor/github.com/hashicorp/golang-lru/go.mod
Loading

0 comments on commit 6658aa1

Please sign in to comment.