From d4edc6192e3af19d196e0b1d512570716d5ab0c6 Mon Sep 17 00:00:00 2001 From: jpyoung3 <809608046@qq.com> Date: Mon, 9 Dec 2024 11:11:03 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E4=B8=8A=E4=BA=91=E7=8E=AF=E5=A2=83?= =?UTF-8?q?=E9=92=88=E5=AF=B90=E5=8C=BA=E5=9F=9F=E9=99=90=E5=88=B6?= =?UTF-8?q?=E6=96=B0=E5=A2=9E=E4=B8=BB=E6=9C=BA=E6=A0=A1=E9=AA=8C=E6=8F=90?= =?UTF-8?q?=E5=88=B0API=E5=B1=82=E7=BA=A7=20(closed=20#2501)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit  Conflicts:  apps/node_man/models.py --- apps/node_man/handlers/validator.py | 22 +++++++++++++++++++++- apps/node_man/models.py | 2 ++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/apps/node_man/handlers/validator.py b/apps/node_man/handlers/validator.py index 7b31a5a00..88d4ac39a 100644 --- a/apps/node_man/handlers/validator.py +++ b/apps/node_man/handlers/validator.py @@ -16,8 +16,9 @@ from django.utils.translation import ugettext_lazy as _ from apps.adapters.api.gse import get_gse_api_helper +from apps.backend.components.collections.base import DBHelperMixin from apps.node_man import constants as const -from apps.node_man import tools +from apps.node_man import models, tools from apps.node_man.exceptions import ( ApIDNotExistsError, CloudNotExistError, @@ -479,6 +480,12 @@ def install_validate( else: host_id__agent_state_info_map = {} + add_host_biz_blacklist = [] + if job_type in [const.JobType.INSTALL_AGENT]: + add_host_biz_blacklist: typing.List[int] = models.GlobalSettings.get_config( + models.GlobalSettings.KeyEnum.ADD_HOST_BIZ_BLACKLIST.value, default=[] + ) + for host in hosts: ap_id = host.get("ap_id") bk_biz_id = host["bk_biz_id"] @@ -501,6 +508,19 @@ def install_validate( "msg": "", } + # 检查:bk_biz_id和bk_cloud_id是否在新增主机黑名单 + if all( + [ + job_type in [const.JobType.INSTALL_AGENT], + bk_cloud_id in DBHelperMixin().add_host_cloud_blacklist, + bk_biz_id in add_host_biz_blacklist, + ] + ): + error_host["msg"] = _("管控区域【ID:{bk_cloud_id}】已被管理员限制新增主机").format(bk_cloud_id=bk_cloud_id) + error_host["exception"] = "limit_add_host" + ip_filter_list.append(error_host) + continue + # 检查:是否有操作系统参数 if not host.get("os_type") and node_type != const.NodeType.PROXY: raise NotExistsOs(_("主机(IP:{ip}) 没有操作系统, 请【重装】并补全相关信息").format(ip=ip)) diff --git a/apps/node_man/models.py b/apps/node_man/models.py index 6ee548e5d..95676c0c7 100644 --- a/apps/node_man/models.py +++ b/apps/node_man/models.py @@ -173,6 +173,8 @@ class KeyEnum(Enum): NEED_CLEAN_SUBSCRIPTION_APP_CODE = "NEED_CLEAN_SUBSCRIPTION_APP_CODE" # 腾讯云安全组策略配置 TXY_POLICY_CONFIGS = "TXY_POLICY_CONFIGS" + # 业务新增主机黑名单,用于限制指定业务通过安装 Agent 新增主机,配置样例:[1, 2] + ADD_HOST_BIZ_BLACKLIST = "ADD_HOST_BIZ_BLACKLIST" key = models.CharField(_("键"), max_length=255, db_index=True, primary_key=True) v_json = JSONField(_("值"))