diff --git a/apps/node_man/exceptions.py b/apps/node_man/exceptions.py index a1c7cb2a4..127e9ba3f 100644 --- a/apps/node_man/exceptions.py +++ b/apps/node_man/exceptions.py @@ -220,3 +220,9 @@ class YunTiPolicyConfigNotExistsError(NodeManBaseException): MESSAGE = _("云梯策略配置不存在") MESSAGE_TPL = _("云梯策略配置不存在") ERROR_CODE = 43 + + +class LimitAddHostError(NodeManBaseException): + MESSAGE = _("管控区域已被管理员限制新增主机") + MESSAGE_TPL = _("管控区域【ID:{id}】已被管理员限制新增主机【IP:{ip}】") + ERROR_CODE = 44 diff --git a/apps/node_man/handlers/validator.py b/apps/node_man/handlers/validator.py index 7b31a5a00..f2e12b343 100644 --- a/apps/node_man/handlers/validator.py +++ b/apps/node_man/handlers/validator.py @@ -16,8 +16,9 @@ from django.utils.translation import ugettext_lazy as _ from apps.adapters.api.gse import get_gse_api_helper +from apps.backend.components.collections.base import DBHelperMixin from apps.node_man import constants as const -from apps.node_man import tools +from apps.node_man import exceptions, models, tools from apps.node_man.exceptions import ( ApIDNotExistsError, CloudNotExistError, @@ -435,6 +436,16 @@ def install_validate( :param host_infos_gby_ip_key: DB中内网IP信息 :return: 列表,ip被占用及其原因 """ + add_host_biz_blacklist: typing.List[int] = models.GlobalSettings.get_config( + models.GlobalSettings.KeyEnum.ADD_HOST_BIZ_BLACKLIST.value, default=[] + ) + if job_type in const.JobType.INSTALL_AGENT: + for host in hosts: + except_bk_cloud_id = host.get("bk_cloud_id") + bk_biz_id = host.get("bk_biz_id") + if except_bk_cloud_id in DBHelperMixin().add_host_cloud_blacklist and bk_biz_id in add_host_biz_blacklist: + raise exceptions.LimitAddHostError(id=except_bk_cloud_id, ip=host["inner_ip"] or host["inner_ipv6"]) + accept_list = [] ip_filter_list = [] proxy_not_alive = [] diff --git a/apps/node_man/models.py b/apps/node_man/models.py index 8dc074de9..7631312b8 100644 --- a/apps/node_man/models.py +++ b/apps/node_man/models.py @@ -170,6 +170,8 @@ class KeyEnum(Enum): INSTALL_CHANNEL_ID_NETWORK_SEGMENT = "INSTALL_CHANNEL_ID_NETWORK_SEGMENT" # 需要执行清理订阅的APP_CODE NEED_CLEAN_SUBSCRIPTION_APP_CODE = "NEED_CLEAN_SUBSCRIPTION_APP_CODE" + # 业务新增主机黑名单,用于限制指定业务通过安装 Agent 新增主机,配置样例:[1, 2] + ADD_HOST_BIZ_BLACKLIST = "ADD_HOST_BIZ_BLACKLIST" key = models.CharField(_("键"), max_length=255, db_index=True, primary_key=True) v_json = JSONField(_("值"))