From fcd33210cc46fc8ddaafa716f6501b703f2066e2 Mon Sep 17 00:00:00 2001 From: Ho Kim Date: Tue, 16 Jul 2024 07:38:02 +0000 Subject: [PATCH] fix(vine): add keycloak support --- crates/ark/cli/src/commands/session.rs | 1 + crates/vine/api/src/user.rs | 10 +++++++++- crates/vine/api/src/user_auth.rs | 9 +++++---- crates/vine/rbac/src/auth.rs | 1 + crates/vine/rbac/src/session.rs | 5 +++-- 5 files changed, 19 insertions(+), 7 deletions(-) diff --git a/crates/ark/cli/src/commands/session.rs b/crates/ark/cli/src/commands/session.rs index 40668d77..b376b56b 100644 --- a/crates/ark/cli/src/commands/session.rs +++ b/crates/ark/cli/src/commands/session.rs @@ -21,6 +21,7 @@ impl Command { box_quota: _, user: UserSpec { + alias: _, name, contact: _, detail: _, diff --git a/crates/vine/api/src/user.rs b/crates/vine/api/src/user.rs index 0a7d8468..e523301d 100644 --- a/crates/vine/api/src/user.rs +++ b/crates/vine/api/src/user.rs @@ -49,14 +49,22 @@ use serde::{Deserialize, Serialize}; )] #[serde(rename_all = "camelCase")] pub struct UserSpec { + #[serde(default)] + pub alias: Option, pub name: String, + #[serde(default)] pub contact: UserContact, + #[serde(default)] pub detail: BTreeMap, } impl UserCrd { + pub fn perferred_name(&self) -> String { + self.spec.alias.clone().unwrap_or_else(|| self.name_any()) + } + pub fn user_namespace(&self) -> String { - Self::user_namespace_with(&self.name_any()) + Self::user_namespace_with(&self.perferred_name()) } pub fn user_namespace_with(user_name: &str) -> String { diff --git a/crates/vine/api/src/user_auth.rs b/crates/vine/api/src/user_auth.rs index 80aac454..a7ee1020 100644 --- a/crates/vine/api/src/user_auth.rs +++ b/crates/vine/api/src/user_auth.rs @@ -57,7 +57,7 @@ pub struct UserAuthOAuth2Common { #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, JsonSchema)] pub struct UserAuthPayload { /// User primary id - #[serde(default)] + #[serde(default, alias = "sub")] id: Option, /// User e-mail address email: String, @@ -77,8 +77,8 @@ impl UserAuthPayload { fn encode(s: &str) -> String { s.to_lowercase() // common special words - .replace('.', "-d-") .replace('-', "-s-") + .replace('.', "-d-") .replace('@', "-at-") // other special words .replace('_', "-u-") @@ -101,8 +101,9 @@ impl UserAuthPayload { } }; - id().or_else(email) - .or_else(name) + name() + .or_else(email) + .or_else(id) .ok_or_else(|| anyhow!("failed to parse primary key: {:?}", self)) } } diff --git a/crates/vine/rbac/src/auth.rs b/crates/vine/rbac/src/auth.rs index 38f254d3..8dd089a1 100644 --- a/crates/vine/rbac/src/auth.rs +++ b/crates/vine/rbac/src/auth.rs @@ -332,6 +332,7 @@ async fn execute_with_timestamp( return Ok(UserAuthError::UserNotRegistered.into()); } }; + let user_name = user.perferred_name(); // get available boxes let boxes = { diff --git a/crates/vine/rbac/src/session.rs b/crates/vine/rbac/src/session.rs index 81461529..a62dc504 100644 --- a/crates/vine/rbac/src/session.rs +++ b/crates/vine/rbac/src/session.rs @@ -44,6 +44,7 @@ where } } }; + let user_name = user.perferred_name(); // check the box state { @@ -58,7 +59,7 @@ where let node = { let api = Api::::all(client.clone()); match api.get_opt(box_name).await? { - Some(node) => match assert_allocable(&node, box_name, user_name, now) { + Some(node) => match assert_allocable(&node, box_name, &user_name, now) { Some(error) => return Ok(error), None => node, }, @@ -169,7 +170,7 @@ where match box_quota { // Login Successed! Some(box_quota) => { - let namespace = UserCrd::user_namespace_with(user_name); + let namespace = UserCrd::user_namespace_with(&user_name); let session_manager = SessionManager::try_new(namespace.clone(), client.clone()).await?;