def can_access_webconsole(app_code: str, project_id_or_code: str) -> bool:
"""蓝鲸应用是否可以访问webconsole接口
NOTE:存储内容包含app_code和project信息(包含project_code和project_id),格式app_code:project_id_or_code
"""
func_code = "APP_ACCESS_WEBCONSOLE"
enabled, wlist = get_func_controller(func_code)
return enabled or f"{app_code}:{project_id_or_code}" in wlist
def notify_manager(message):
"""管理员通知"""
wx_message = '[%s-%s] %s' % (settings.PLAT_SHOW_NAME, settings.PAAS_ENV, message)
enabled, wlist = get_func_controller(constants.NOTIFY_MANAGER_FUNC_CODE)
send_message(wlist, wx_message, title=None, send_way='wx')
send_message(wlist, message, title=None, send_way='rtx')
def _register_function_controller(self, func_code, cluster_list):
enabled, wlist = get_func_controller(func_code)
for cluster_info in cluster_list:
cluster_info.setdefault("func_wlist", set())
# 白名单控制
if enabled or cluster_info["cluster_id"] in wlist:
cluster_info["func_wlist"].add(func_code)
def skip_authentication(app_code):
"""检查app是否在白名单中"""
# 当功能开关为白名单时,注意下面的含义
# enable: True/False; True表示此功能完全开放,False表示此功能只针对白名单中的开放
enabled, wlist = get_func_controller(APP_CODE_SKIP_AUTH_WHITE_LIST)
if enabled or app_code in wlist:
return True
return False
def _register_function_controller(self, func_code, project_list):
enabled, wlist = get_func_controller(func_code)
for project in project_list:
# 黑名单控制
if project["project_id"] in wlist:
continue
project["func_wlist"].add(func_code)
def register_function_controller(self, cluster_info):
"""注册功能白名单"""
for func_code in getattr(settings, "CLUSTER_FUNC_CODES", []):
enabled, wlist = get_func_controller(func_code)
cluster_info.setdefault("func_wlist", set())
# 白名单控制
if enabled or cluster_info["cluster_id"] in wlist:
cluster_info["func_wlist"].add(func_code)
def allowed_login_web_console(username: str) -> bool:
"""是否允许登入 web_console 白名单
"""
func_code = "LOGIN_WEB_CONSOLE"
enabled, wlist = get_func_controller(func_code)
# 必须是开启, 且在白名单内才可使用
if enabled and username in wlist:
return True
return False
def is_app_open_api_trusted(app_code: str) -> bool:
"""
校验访问 open api 的蓝鲸应用是可信任的,用以通过传递的username获取用户信息
:param app_code: 蓝鲸应用编码
:return: 返回是否可信任
"""
func_code = "TRUSTED_APPS_FOR_OPEN_API"
enabled, wlist = get_func_controller(func_code)
wlist.extend(["bk_bcs_monitor", "bk_harbor", "bk_bcs", "workbench", "helm-plugin"])
return enabled or app_code in wlist
def handle_k8s_api_version(config_profile, cluster_id, cluster_version, controller_type):
# 由功能开关控制是否在配置文件中添加 apiVersion 字段
enabled, wlist = get_func_controller("IS_ADD_APIVERSION")
if enabled or (cluster_id in wlist):
# apiVersion 根据k8s版本自动匹配
if cluster_version:
# 获取资源在 k8s 配置文件中的 kind
api_version = API_VERSION.get(cluster_version, {}).get(controller_type)
if api_version:
config_profile["apiVersion"] = api_version
return config_profile
def create_project_notify(project_name, creator, is_secrecy, biz_id):
"""创建项目通知"""
message = ['用户【%s】创建新项目【%s】' % (creator, project_name)]
message.append("保密性:【%s】" % ('保密' if is_secrecy else '非保密'))
if biz_id:
app = cc.get_application()
app = app.get(str(biz_id)) or {}
biz_name = '%s(%s)' % (app.get('DisplayName') or '-', biz_id)
message.append('绑定的业务:【%s】' % biz_name)
link = '%s/admin/configcenter/project/' % settings.PAAS_HOST
message.append("请及时审批:| %s" % link)
message = ','.join(message)
enabled, wlist = get_func_controller(constants.NOTIFY_PROJECT_APPROVAL_FUNC_CODE)
send_message(wlist, message, title=None, send_way='rtx')
def check_bcs_api_gateway_enabled(cluster_id: str) -> bool:
"""校验是否通过 bcs-api-gateway 链路访问集群 apiserver"""
func_code = "BCS_API_GATEWAY_FOR_CLUSTER"
enabled, wlist = get_func_controller(func_code)
return enabled or cluster_id in wlist
