fix(vine): add keycloak support

ulagbulag · Jul 16, 2024 · fcd3321 · fcd3321
1 parent 9a11f02
commit fcd3321
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 7 deletions.
diff --git a/crates/ark/cli/src/commands/session.rs b/crates/ark/cli/src/commands/session.rs
@@ -21,6 +21,7 @@ impl Command {
                     box_quota: _,
                     user:
                         UserSpec {
+                            alias: _,
                             name,
                             contact: _,
                             detail: _,

diff --git a/crates/vine/api/src/user.rs b/crates/vine/api/src/user.rs
@@ -49,14 +49,22 @@ use serde::{Deserialize, Serialize};
 )]
 #[serde(rename_all = "camelCase")]
 pub struct UserSpec {
+    #[serde(default)]
+    pub alias: Option<String>,
     pub name: String,
+    #[serde(default)]
     pub contact: UserContact,
+    #[serde(default)]
     pub detail: BTreeMap<String, String>,
 }
 
 impl UserCrd {
+    pub fn perferred_name(&self) -> String {
+        self.spec.alias.clone().unwrap_or_else(|| self.name_any())
+    }
+
     pub fn user_namespace(&self) -> String {
-        Self::user_namespace_with(&self.name_any())
+        Self::user_namespace_with(&self.perferred_name())
     }
 
     pub fn user_namespace_with(user_name: &str) -> String {

diff --git a/crates/vine/api/src/user_auth.rs b/crates/vine/api/src/user_auth.rs
@@ -57,7 +57,7 @@ pub struct UserAuthOAuth2Common {
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, JsonSchema)]
 pub struct UserAuthPayload {
     /// User primary id
-    #[serde(default)]
+    #[serde(default, alias = "sub")]
     id: Option<String>,
     /// User e-mail address
     email: String,
@@ -77,8 +77,8 @@ impl UserAuthPayload {
         fn encode(s: &str) -> String {
             s.to_lowercase()
                 // common special words
-                .replace('.', "-d-")
                 .replace('-', "-s-")
+                .replace('.', "-d-")
                 .replace('@', "-at-")
                 // other special words
                 .replace('_', "-u-")
@@ -101,8 +101,9 @@ impl UserAuthPayload {
             }
         };
 
-        id().or_else(email)
-            .or_else(name)
+        name()
+            .or_else(email)
+            .or_else(id)
             .ok_or_else(|| anyhow!("failed to parse primary key: {:?}", self))
     }
 }

diff --git a/crates/vine/rbac/src/auth.rs b/crates/vine/rbac/src/auth.rs
@@ -332,6 +332,7 @@ async fn execute_with_timestamp(
             return Ok(UserAuthError::UserNotRegistered.into());
         }
     };
+    let user_name = user.perferred_name();
 
     // get available boxes
     let boxes = {

diff --git a/crates/vine/rbac/src/session.rs b/crates/vine/rbac/src/session.rs
@@ -44,6 +44,7 @@ where
             }
         }
     };
+    let user_name = user.perferred_name();
 
     // check the box state
     {
@@ -58,7 +59,7 @@ where
     let node = {
         let api = Api::<Node>::all(client.clone());
         match api.get_opt(box_name).await? {
-            Some(node) => match assert_allocable(&node, box_name, user_name, now) {
+            Some(node) => match assert_allocable(&node, box_name, &user_name, now) {
                 Some(error) => return Ok(error),
                 None => node,
             },
@@ -169,7 +170,7 @@ where
     match box_quota {
         // Login Successed!
         Some(box_quota) => {
-            let namespace = UserCrd::user_namespace_with(user_name);
+            let namespace = UserCrd::user_namespace_with(&user_name);
             let session_manager =
                 SessionManager::try_new(namespace.clone(), client.clone()).await?;