From f5f4160639d8bf26280793ae578761a9cdc179a4 Mon Sep 17 00:00:00 2001 From: jpyoung3 <809608046@qq.com> Date: Mon, 9 Dec 2024 11:11:03 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E4=B8=8A=E4=BA=91=E7=8E=AF=E5=A2=83?= =?UTF-8?q?=E9=92=88=E5=AF=B90=E5=8C=BA=E5=9F=9F=E9=99=90=E5=88=B6?= =?UTF-8?q?=E6=96=B0=E5=A2=9E=E4=B8=BB=E6=9C=BA=E6=A0=A1=E9=AA=8C=E6=8F=90?= =?UTF-8?q?=E5=88=B0API=E5=B1=82=E7=BA=A7=20(closed=20#2501)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/node_man/exceptions.py | 6 ++++++ apps/node_man/handlers/validator.py | 13 ++++++++++++- apps/node_man/models.py | 2 ++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/apps/node_man/exceptions.py b/apps/node_man/exceptions.py index a1c7cb2a4..127e9ba3f 100644 --- a/apps/node_man/exceptions.py +++ b/apps/node_man/exceptions.py @@ -220,3 +220,9 @@ class YunTiPolicyConfigNotExistsError(NodeManBaseException): MESSAGE = _("云梯策略配置不存在") MESSAGE_TPL = _("云梯策略配置不存在") ERROR_CODE = 43 + + +class LimitAddHostError(NodeManBaseException): + MESSAGE = _("管控区域已被管理员限制新增主机") + MESSAGE_TPL = _("管控区域【ID:{id}】已被管理员限制新增主机【IP:{ip}】") + ERROR_CODE = 44 diff --git a/apps/node_man/handlers/validator.py b/apps/node_man/handlers/validator.py index 7b31a5a00..f2e12b343 100644 --- a/apps/node_man/handlers/validator.py +++ b/apps/node_man/handlers/validator.py @@ -16,8 +16,9 @@ from django.utils.translation import ugettext_lazy as _ from apps.adapters.api.gse import get_gse_api_helper +from apps.backend.components.collections.base import DBHelperMixin from apps.node_man import constants as const -from apps.node_man import tools +from apps.node_man import exceptions, models, tools from apps.node_man.exceptions import ( ApIDNotExistsError, CloudNotExistError, @@ -435,6 +436,16 @@ def install_validate( :param host_infos_gby_ip_key: DB中内网IP信息 :return: 列表,ip被占用及其原因 """ + add_host_biz_blacklist: typing.List[int] = models.GlobalSettings.get_config( + models.GlobalSettings.KeyEnum.ADD_HOST_BIZ_BLACKLIST.value, default=[] + ) + if job_type in const.JobType.INSTALL_AGENT: + for host in hosts: + except_bk_cloud_id = host.get("bk_cloud_id") + bk_biz_id = host.get("bk_biz_id") + if except_bk_cloud_id in DBHelperMixin().add_host_cloud_blacklist and bk_biz_id in add_host_biz_blacklist: + raise exceptions.LimitAddHostError(id=except_bk_cloud_id, ip=host["inner_ip"] or host["inner_ipv6"]) + accept_list = [] ip_filter_list = [] proxy_not_alive = [] diff --git a/apps/node_man/models.py b/apps/node_man/models.py index 8dc074de9..7631312b8 100644 --- a/apps/node_man/models.py +++ b/apps/node_man/models.py @@ -170,6 +170,8 @@ class KeyEnum(Enum): INSTALL_CHANNEL_ID_NETWORK_SEGMENT = "INSTALL_CHANNEL_ID_NETWORK_SEGMENT" # 需要执行清理订阅的APP_CODE NEED_CLEAN_SUBSCRIPTION_APP_CODE = "NEED_CLEAN_SUBSCRIPTION_APP_CODE" + # 业务新增主机黑名单,用于限制指定业务通过安装 Agent 新增主机,配置样例:[1, 2] + ADD_HOST_BIZ_BLACKLIST = "ADD_HOST_BIZ_BLACKLIST" key = models.CharField(_("键"), max_length=255, db_index=True, primary_key=True) v_json = JSONField(_("值"))