diff --git a/saas/backend/api/authorization/migrations/0015_auto_20231128_1444.py b/saas/backend/api/authorization/migrations/0015_auto_20231128_1444.py new file mode 100644 index 000000000..2572794c7 --- /dev/null +++ b/saas/backend/api/authorization/migrations/0015_auto_20231128_1444.py @@ -0,0 +1,42 @@ +# Generated by Django 3.2.16 on 2023-11-28 06:44 + +from django.db import migrations + +from backend.api.authorization.constants import AuthorizationAPIEnum +from backend.api.constants import ALLOW_ANY + + +def init_allow_list(apps, schema_editor): + """初始化授权API白名单""" + AuthAPIAllowListConfig = apps.get_model("authorization", "AuthAPIAllowListConfig") + # 查询已存在白名单,避免重复 + all_allow_list = AuthAPIAllowListConfig.objects.all() + allow_set = set([(a.type, a.system_id, a.object_id) for a in all_allow_list]) + # 新建关联实例授权API 白名单 + system_resource_types = { + "bk_job": ["ticket"], + } + auth_api_allow_list_config = [] + for system_id, resource_types in system_resource_types.items(): + for resource_type_id in resource_types: + # 已存在,则直接忽略 + if (AuthorizationAPIEnum.CREATOR_AUTHORIZATION_INSTANCE.value, system_id, resource_type_id) in allow_set: + continue + auth_api_allow_list_config.append( + AuthAPIAllowListConfig( + type=AuthorizationAPIEnum.CREATOR_AUTHORIZATION_INSTANCE.value, + system_id=system_id, + object_id=resource_type_id, + ) + ) + if len(auth_api_allow_list_config) != 0: + AuthAPIAllowListConfig.objects.bulk_create(auth_api_allow_list_config) + + +class Migration(migrations.Migration): + + dependencies = [ + ('authorization', '0014_auto_20231109_1046'), + ] + + operations = [migrations.RunPython(init_allow_list)] diff --git a/saas/backend/service/constants.py b/saas/backend/service/constants.py index 8d2369d73..ed6f4af4b 100644 --- a/saas/backend/service/constants.py +++ b/saas/backend/service/constants.py @@ -240,6 +240,7 @@ class ProcessorNodeType(LowerStrEnum): ProcessorNodeType.SUPER_MANAGER.value, ProcessorNodeType.SYSTEM_MANAGER.value, ProcessorNodeType.INSTANCE_APPROVER.value, + ProcessorNodeType.INSTANCE_APPROVER_MERGE.value, ProcessorNodeType.GRADE_MANAGER.value, ), ApplicationType.JOIN_GROUP.value: (