[方案] 环境属性配置表达式及执行上下文 #391
Assignees
Labels
Layer: Product
Product
Priority: High
Size: L
<= 1 week
Type: Enhancement
New feature or request
Type: Proposal
Milestone
Comments
wklken
added
Type: Enhancement
This was referenced Nov 16, 2021
Closed
|
|
|
|
|
需要将 operator改成列表 => 测试 |
|
done
|
Closed
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
注册操作
operator 只是考虑到未来给接入系统留配置的入口, 但是前期及很长一段时间, 都不会用到, 甚至永久不会用; 基本都是固定类型, 固定前端交互, 最多timestamp的时候, 默认给用户展示between或lte;
所以, operators未来再考虑加入; 协议上先不暴露给接入系统, 用户也感知不到
[ { "id": "biz_create", "name": "业务创建", "name_en": "biz_create", "description": "业务创建是...", "description_en": "biz_create is...", "type": "create", "related_resource_types": [], "related_environments": [ { "type": "period_daily", => 数据 两个值 "operators": ["between"] // 不需要填, 默认值 }, { "type": "current_timestamp", => 数据 单值/两个值 "operators": ["lte/gte/between"] // 必填, 三选一 }, { "type": "source_ip", => 数据 list "operators": ["ip_match"] // 不需要填, 默认值 }, { "type": "source_system" => 数据 list "operators": ["in"] // 不需要填, 默认值 }, { "type": "is_secure_transport" => 数据 bool "operators": ["eq"] // 不需要填, 默认值 } ], "version": 1 } ]注意, 如果未来需要加入周期性限制, 例如
周一到周五的 20:10 - 21:20, 那么通过以下方式扩展current_weekday in [1 2 3 4 5]current_seconds < X AND current_seconds > Y(从 00:00到当前的秒数)后台表达式
注意资源的field是
resource.system + . + resource.Type + . + resource.attr_name; 而环境属性是system + . + _bk_iam_env_ + . + attr_name, 环境属性的system是系统的system, 跟具体某个resource无关{ "AND": { "content": [ { "StringEquals": { "bk_cmdb.host.id": ["123"] } }, // period_daily { "Eq": { // period daily "bk_cmdb._bk_iam_env_.tz": " Asia/Shanghai" } }, { "NumericLte": { // period daily "bk_cmdb._bk_iam_env_.hms": 220000 } }, { "NumericGte": { "bk_cmdb._bk_iam_env_.ts": 80000 } }, // period_weekly { "Eq": { // period_weekly "bk_cmdb._bk_iam_env_.tz": " Asia/Shanghai" } }, { "In": { // pperiod_weekly "bk_cmdb._bk_iam_env_.weekday": [ 1, 3, 5, 7] } }, // period_monthly { "Eq": { // period_monthly "bk_cmdb._bk_iam_env_.tz": " Asia/Shanghai" } }, { "In": { // period_monthly "bk_cmdb._bk_iam_env_.monthday": [ 30, 31] } }, // current_timestamp { "NumericLte": { => 如果只选择了Lte/Gte, 那么只有一个; "bk_cmdb._bk_iam_env_.ts": 1637032667 } }, { "NumericGte": { => 如果是between, 二者都有 "bk_cmdb._bk_iam_env_.ts": 1637032667 } }, // ip { "IpMatch": { "bk_cmdb._bk_iam_env_.ip": ["192.168.1.1", "9.168.1.1/16"] } }, // source system { "StringEquals": { "bk_cmdb._bk_iam_env_.system": ["bk_cmdb", "bk_job"] } }, // is secure { "Bool": { "bk_cmdb._bk_iam_env_.is_secure_transport": true } } ] } }注意:
开启环境属性, 不一定会有tz, 而是 有配置时间相关环境属性, 一定会配置tz执行上下文
evalContext
{ "bk_cmdb._bk_iam_env_": { "ts": 1637032693, // 是一个int64 "tz": "Asia/Shanghai", "hms": 093012, "system": "bk_job", "ip": "192.168.223.1", "is_secure_transport": true } }注意:
false操作符支持
待合并: TencentBlueKing/bk-iam#34
TODO:
_bk_iam_env_对象的注入 [Backend] 环境属性timestamp执行 #383The text was updated successfully, but these errors were encountered: