Merge pull request #2027 from panxunying/pr_0930

cherry-pick:2021
koderover · Sep 30, 2022 · 16e4465 · 16e4465
2 parents b7eca3b + 5c39dd6
commit 16e4465
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 41 deletions.
diff --git a/pkg/microservice/aslan/core/collaboration/service/collaboration_instance.go b/pkg/microservice/aslan/core/collaboration/service/collaboration_instance.go
@@ -1470,7 +1470,7 @@ func DeleteCIResources(userName, requestID string, cis []*models.CollaborationIn
 	for _, re := range res {
 		for _, rule := range re.Rules {
 			for _, attribute := range rule.MatchAttributes {
-				if attribute.Key != "placeholder" && attribute.Key != "production" &&
+				if attribute.Key != "placeholder" &&
 					!labelSet.Has(attribute.Key+"-"+attribute.Value) {
 					labels = append(labels, mongodb2.Label{
 						Key:   attribute.Key,

diff --git a/pkg/microservice/aslan/core/environment/service/bundle.go b/pkg/microservice/aslan/core/environment/service/bundle.go
@@ -17,8 +17,6 @@ limitations under the License.
 package service
 
 import (
-	"strconv"
-
 	"go.uber.org/zap"
 
 	commonConfig "github.com/koderover/zadig/pkg/config"
@@ -85,13 +83,6 @@ func GetBundleResources(logger *zap.SugaredLogger) ([]*resourceSpec, error) {
 			}
 		}
 
-		clusterID := env.ClusterID
-		production := false
-		cluster, ok := clusterMap[clusterID]
-		if ok {
-			production = cluster.Production
-		}
-		resourceSpec.Spec = append(resourceSpec.Spec, "production:"+strconv.FormatBool(production))
 		res = append(res, resourceSpec)
 	}
 

diff --git a/pkg/microservice/policy/core/service/bundle/opa_bundle.go b/pkg/microservice/policy/core/service/bundle/opa_bundle.go
@@ -250,6 +250,9 @@ func generateOPARoles(roles []*models.Role, policyMetas []*models.PolicyMeta) *o
 		verbAttrMap := make(map[string]sets.String)
 		resourceVerbs := make(map[string]sets.String)
 		for _, r := range ro.Rules {
+			if r.Resources[0] == "ProductionEnvironment" {
+				continue
+			}
 			for _, verb := range r.Verbs {
 				if verbs, ok := resourceVerbs[r.Resources[0]]; ok {
 					for _, v := range r.Verbs {
@@ -285,6 +288,9 @@ func generateOPARoles(roles []*models.Role, policyMetas []*models.PolicyMeta) *o
 			opaRole.Rules = append(opaRole.Rules, ruleList...)
 		}
 		for _, r := range ro.Rules {
+			if r.Resources[0] == "ProductionEnvironment" {
+				continue
+			}
 			if r.Kind != models.KindResource {
 				if len(r.Verbs) == 1 && r.Verbs[0] == models.MethodAll {
 					r.Verbs = AllMethods

diff --git a/pkg/microservice/policy/core/service/bundle/resource_endpoint_mapping.go b/pkg/microservice/policy/core/service/bundle/resource_endpoint_mapping.go
@@ -120,7 +120,7 @@ func getResourceActionMappings(isPolicy bool, policies []*models.PolicyMeta) res
 			for _, ar := range r.Rules {
 				var as []*Attribute
 				for _, a := range ar.MatchAttributes {
-					if a.Key == "production" && isPolicy {
+					if isPolicy {
 						continue
 					}
 					as = append(as, &Attribute{Key: a.Key, Value: a.Value})

diff --git a/pkg/microservice/policy/core/service/policy_meta_registration.go b/pkg/microservice/policy/core/service/policy_meta_registration.go
@@ -78,7 +78,7 @@ func GetPolicyRegistrationDefinitions(scope, envType string, _ *zap.SugaredLogge
 		return nil, err
 	}
 	systemScopeSet := sets.NewString("TestCenter", "DataCenter", "Template", "DeliveryCenter")
-	projectScopeSet := sets.NewString("Workflow", "Environment", "ProductionEnvironment", "Test", "Delivery", "Build", "Service", "Scan")
+	projectScopeSet := sets.NewString("Workflow", "Environment", "Test", "Delivery", "Build", "Service", "Scan")
 	systemPolicyMetas, projectPolicyMetas, filteredPolicyMetas := []*models.PolicyMeta{}, []*models.PolicyMeta{}, []*models.PolicyMeta{}
 	for _, v := range policieMetas {
 		if systemScopeSet.Has(v.Resource) {

diff --git a/pkg/microservice/policy/core/yamlconfig/meta.go b/pkg/microservice/policy/core/yamlconfig/meta.go
@@ -121,26 +121,12 @@ func processMetas(metas []*types.PolicyMeta) []*types.PolicyMeta {
 					if rule.ResourceType == "" {
 						rule.ResourceType = "Environment"
 					}
-					if rule.Filter {
-						rule.MatchAttributes = []*types.Attribute{
-							{
-								Key:   "production",
-								Value: "false",
-							},
-						}
-					}
 					if strings.Contains(rule.Endpoint, ":name") {
 						idRegex := strings.ReplaceAll(rule.Endpoint, ":name", `([\w\W].*)`)
 						idRegex = strings.ReplaceAll(idRegex, "?*", `[\w\W].*`)
 						endpoint := strings.ReplaceAll(rule.Endpoint, ":name", "?*")
 						rule.Endpoint = endpoint
 						rule.IDRegex = idRegex
-						rule.MatchAttributes = []*types.Attribute{
-							{
-								Key:   "production",
-								Value: "false",
-							},
-						}
 					}
 
 					tmpRules = append(tmpRules, rule)
@@ -151,17 +137,6 @@ func processMetas(metas []*types.PolicyMeta) []*types.PolicyMeta {
 			if err := deepcopy.FromTo(meta, proEnvMeta); err != nil {
 				log.DPanic(err)
 			}
-			proEnvMeta.Resource = "ProductionEnvironment"
-			proEnvMeta.Alias = "环境(生产/预发布)"
-			for _, ru := range proEnvMeta.Rules {
-				for _, r := range ru.Rules {
-					for _, a := range r.MatchAttributes {
-						if a.Key == "production" {
-							a.Value = "true"
-						}
-					}
-				}
-			}
 		}
 	}
 	metas = append(metas, proEnvMeta)

diff --git a/pkg/microservice/policy/core/yamlconfig/role.yaml b/pkg/microservice/policy/core/yamlconfig/role.yaml
@@ -53,10 +53,6 @@ preset_roles:
           - get_environment
         resources:
           - Environment
-      - verbs:
-          - get_environment
-        resources:
-          - ProductionEnvironment
       - verbs:
           - get_service
         resources: