Merge pull request #295 from caliskanugur/fix/add-project-member-1.31…

…-support Fix(extensions/users): Update AddProjectMember Watcher to Include Namespace of the Project
rancher · Oct 3, 2024 · d7020ff · d7020ff
2 parents 2cec075 + df32426
commit d7020ff
Showing 1 changed file with 19 additions and 16 deletions.
diff --git a/extensions/users/users.go b/extensions/users/users.go
@@ -8,14 +8,6 @@ import (
 
 	"github.com/rancher/norman/types"
 	v3 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
-	"github.com/rancher/shepherd/clients/rancher"
-	management "github.com/rancher/shepherd/clients/rancher/generated/management/v3"
-	extauthz "github.com/rancher/shepherd/extensions/kubeapi/authorization"
-	password "github.com/rancher/shepherd/extensions/users/passwordgenerator"
-	"github.com/rancher/shepherd/pkg/api/scheme"
-	namegen "github.com/rancher/shepherd/pkg/namegenerator"
-	"github.com/rancher/shepherd/pkg/ref"
-	"github.com/rancher/shepherd/pkg/wait"
 	authzv1 "k8s.io/api/authorization/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -25,6 +17,15 @@ import (
 	"k8s.io/apimachinery/pkg/selection"
 	kwait "k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/apimachinery/pkg/watch"
+
+	"github.com/rancher/shepherd/clients/rancher"
+	management "github.com/rancher/shepherd/clients/rancher/generated/management/v3"
+	extauthz "github.com/rancher/shepherd/extensions/kubeapi/authorization"
+	password "github.com/rancher/shepherd/extensions/users/passwordgenerator"
+	"github.com/rancher/shepherd/pkg/api/scheme"
+	namegen "github.com/rancher/shepherd/pkg/namegenerator"
+	"github.com/rancher/shepherd/pkg/ref"
+	"github.com/rancher/shepherd/pkg/wait"
 )
 
 const (
@@ -36,8 +37,8 @@ var timeout = int64(60 * 3)
 // UserConfig sets and returns username and password of the user
 func UserConfig() (user *management.User) {
 	enabled := true
-	var username = namegen.AppendRandomString("testuser-")
-	var testpassword = password.GenerateUserPassword("testpass-")
+	username := namegen.AppendRandomString("testuser-")
+	testpassword := password.GenerateUserPassword("testpass-")
 	user = &management.User{
 		Username: username,
 		Password: testpassword,
@@ -76,23 +77,25 @@ func CreateUserWithRole(rancherClient *rancher.Client, user *management.User, ro
 // If a list of ResourceAttributes is given, then the function blocks until all
 // attributes are allowed by SelfSubjectAccessReviews OR the function times out.
 func AddProjectMember(rancherClient *rancher.Client, project *management.Project,
-	user *management.User, projectRole string, attrs []*authzv1.ResourceAttributes) error {
-
+	user *management.User, projectRole string, attrs []*authzv1.ResourceAttributes,
+) error {
 	role := &management.ProjectRoleTemplateBinding{
 		ProjectID:       project.ID,
 		UserPrincipalID: user.PrincipalIDs[0],
 		RoleTemplateID:  projectRole,
 	}
 
-	name := strings.Split(project.ID, ":")[1]
+	projectID := strings.Split(project.ID, ":")
+	namespace := string(projectID[0])
+	name := string(projectID[1])
 
 	adminClient, err := rancher.NewClient(rancherClient.RancherConfig.AdminToken, rancherClient.Session)
 	if err != nil {
 		return err
 	}
 
 	opts := metav1.ListOptions{
-		FieldSelector:  "metadata.name=" + name,
+		FieldSelector:  fmt.Sprintf("metadata.name=%v,metadata.namespace=%v", name, namespace),
 		TimeoutSeconds: &timeout,
 	}
 	watchInterface, err := adminClient.GetManagementWatchInterface(management.ProjectType, opts)
@@ -184,8 +187,8 @@ func RemoveProjectMember(rancherClient *rancher.Client, user *management.User) e
 // If a list of ResourceAttributes is given, then the function blocks until all
 // attributes are allowed by SelfSubjectAccessReviews OR the function times out.
 func AddClusterRoleToUser(rancherClient *rancher.Client, cluster *management.Cluster,
-	user *management.User, clusterRole string, attrs []*authzv1.ResourceAttributes) error {
-
+	user *management.User, clusterRole string, attrs []*authzv1.ResourceAttributes,
+) error {
 	role := &management.ClusterRoleTemplateBinding{
 		ClusterID:       cluster.Resource.ID,
 		UserPrincipalID: user.PrincipalIDs[0],