Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: 上云环境针对0区域限制新增主机校验提到API层级 (closed #2501) #2508

Merged
merged 1 commit into from
Dec 18, 2024
Merged

feat: 上云环境针对0区域限制新增主机校验提到API层级 (closed #2501) #2508

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion apps/node_man/handlers/validator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,9 @@
from django.utils.translation import ugettext_lazy as _

from apps.adapters.api.gse import get_gse_api_helper
from apps.backend.components.collections.base import DBHelperMixin
from apps.node_man import constants as const
from apps.node_man import tools
from apps.node_man import models, tools
from apps.node_man.exceptions import (
ApIDNotExistsError,
CloudNotExistError,
Expand Down Expand Up @@ -479,6 +480,12 @@ def install_validate(
else:
host_id__agent_state_info_map = {}

add_host_biz_blacklist = []
if job_type in [const.JobType.INSTALL_AGENT]:
add_host_biz_blacklist: typing.List[int] = models.GlobalSettings.get_config(
models.GlobalSettings.KeyEnum.ADD_HOST_BIZ_BLACKLIST.value, default=[]
)

for host in hosts:
ap_id = host.get("ap_id")
bk_biz_id = host["bk_biz_id"]
Expand All @@ -501,6 +508,19 @@ def install_validate(
"msg": "",
}

# 检查:bk_biz_id和bk_cloud_id是否在新增主机黑名单
if all(
[
job_type in [const.JobType.INSTALL_AGENT],
bk_cloud_id in DBHelperMixin().add_host_cloud_blacklist,
bk_biz_id in add_host_biz_blacklist,
]
):
error_host["msg"] = _("管控区域【ID:{bk_cloud_id}】已被管理员限制新增主机").format(bk_cloud_id=bk_cloud_id)
error_host["exception"] = "limit_add_host"
ip_filter_list.append(error_host)
continue

# 检查:是否有操作系统参数
if not host.get("os_type") and node_type != const.NodeType.PROXY:
raise NotExistsOs(_("主机(IP:{ip}) 没有操作系统, 请【重装】并补全相关信息").format(ip=ip))
Expand Down
2 changes: 2 additions & 0 deletions apps/node_man/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,8 @@ class KeyEnum(Enum):
NEED_CLEAN_SUBSCRIPTION_APP_CODE = "NEED_CLEAN_SUBSCRIPTION_APP_CODE"
# 腾讯云安全组策略配置
TXY_POLICY_CONFIGS = "TXY_POLICY_CONFIGS"
# 业务新增主机黑名单,用于限制指定业务通过安装 Agent 新增主机,配置样例:[1, 2]
ADD_HOST_BIZ_BLACKLIST = "ADD_HOST_BIZ_BLACKLIST"

key = models.CharField(_("键"), max_length=255, db_index=True, primary_key=True)
v_json = JSONField(_("值"))
Expand Down