def can_access_webconsole(app_code: str, project_id_or_code: str) -> bool: """蓝鲸应用是否可以访问webconsole接口 NOTE:存储内容包含app_code和project信息(包含project_code和project_id),格式app_code:project_id_or_code """ func_code = "APP_ACCESS_WEBCONSOLE" enabled, wlist = get_func_controller(func_code) return enabled or f"{app_code}:{project_id_or_code}" in wlist
def notify_manager(message): """管理员通知""" wx_message = '[%s-%s] %s' % (settings.PLAT_SHOW_NAME, settings.PAAS_ENV, message) enabled, wlist = get_func_controller(constants.NOTIFY_MANAGER_FUNC_CODE) send_message(wlist, wx_message, title=None, send_way='wx') send_message(wlist, message, title=None, send_way='rtx')
def _register_function_controller(self, func_code, cluster_list): enabled, wlist = get_func_controller(func_code) for cluster_info in cluster_list: cluster_info.setdefault("func_wlist", set()) # 白名单控制 if enabled or cluster_info["cluster_id"] in wlist: cluster_info["func_wlist"].add(func_code)
def skip_authentication(app_code): """检查app是否在白名单中""" # 当功能开关为白名单时,注意下面的含义 # enable: True/False; True表示此功能完全开放,False表示此功能只针对白名单中的开放 enabled, wlist = get_func_controller(APP_CODE_SKIP_AUTH_WHITE_LIST) if enabled or app_code in wlist: return True return False
def _register_function_controller(self, func_code, project_list): enabled, wlist = get_func_controller(func_code) for project in project_list: # 黑名单控制 if project["project_id"] in wlist: continue project["func_wlist"].add(func_code)
def register_function_controller(self, cluster_info): """注册功能白名单""" for func_code in getattr(settings, "CLUSTER_FUNC_CODES", []): enabled, wlist = get_func_controller(func_code) cluster_info.setdefault("func_wlist", set()) # 白名单控制 if enabled or cluster_info["cluster_id"] in wlist: cluster_info["func_wlist"].add(func_code)
def allowed_login_web_console(username: str) -> bool: """是否允许登入 web_console 白名单 """ func_code = "LOGIN_WEB_CONSOLE" enabled, wlist = get_func_controller(func_code) # 必须是开启, 且在白名单内才可使用 if enabled and username in wlist: return True return False
def is_app_open_api_trusted(app_code: str) -> bool: """ 校验访问 open api 的蓝鲸应用是可信任的,用以通过传递的username获取用户信息 :param app_code: 蓝鲸应用编码 :return: 返回是否可信任 """ func_code = "TRUSTED_APPS_FOR_OPEN_API" enabled, wlist = get_func_controller(func_code) wlist.extend(["bk_bcs_monitor", "bk_harbor", "bk_bcs", "workbench", "helm-plugin"]) return enabled or app_code in wlist
def handle_k8s_api_version(config_profile, cluster_id, cluster_version, controller_type): # 由功能开关控制是否在配置文件中添加 apiVersion 字段 enabled, wlist = get_func_controller("IS_ADD_APIVERSION") if enabled or (cluster_id in wlist): # apiVersion 根据k8s版本自动匹配 if cluster_version: # 获取资源在 k8s 配置文件中的 kind api_version = API_VERSION.get(cluster_version, {}).get(controller_type) if api_version: config_profile["apiVersion"] = api_version return config_profile
def create_project_notify(project_name, creator, is_secrecy, biz_id): """创建项目通知""" message = ['用户【%s】创建新项目【%s】' % (creator, project_name)] message.append("保密性:【%s】" % ('保密' if is_secrecy else '非保密')) if biz_id: app = cc.get_application() app = app.get(str(biz_id)) or {} biz_name = '%s(%s)' % (app.get('DisplayName') or '-', biz_id) message.append('绑定的业务:【%s】' % biz_name) link = '%s/admin/configcenter/project/' % settings.PAAS_HOST message.append("请及时审批:| %s" % link) message = ','.join(message) enabled, wlist = get_func_controller(constants.NOTIFY_PROJECT_APPROVAL_FUNC_CODE) send_message(wlist, message, title=None, send_way='rtx')
def check_bcs_api_gateway_enabled(cluster_id: str) -> bool: """校验是否通过 bcs-api-gateway 链路访问集群 apiserver""" func_code = "BCS_API_GATEWAY_FOR_CLUSTER" enabled, wlist = get_func_controller(func_code) return enabled or cluster_id in wlist