diff --git a/pkg/microservice/aslan/core/collaboration/service/collaboration_instance.go b/pkg/microservice/aslan/core/collaboration/service/collaboration_instance.go index b82f6ac7cd..e6d412df6b 100644 --- a/pkg/microservice/aslan/core/collaboration/service/collaboration_instance.go +++ b/pkg/microservice/aslan/core/collaboration/service/collaboration_instance.go @@ -1470,7 +1470,7 @@ func DeleteCIResources(userName, requestID string, cis []*models.CollaborationIn for _, re := range res { for _, rule := range re.Rules { for _, attribute := range rule.MatchAttributes { - if attribute.Key != "placeholder" && attribute.Key != "production" && + if attribute.Key != "placeholder" && !labelSet.Has(attribute.Key+"-"+attribute.Value) { labels = append(labels, mongodb2.Label{ Key: attribute.Key, diff --git a/pkg/microservice/aslan/core/environment/service/bundle.go b/pkg/microservice/aslan/core/environment/service/bundle.go index 405a50a3e0..45ef1452e3 100644 --- a/pkg/microservice/aslan/core/environment/service/bundle.go +++ b/pkg/microservice/aslan/core/environment/service/bundle.go @@ -17,8 +17,6 @@ limitations under the License. package service import ( - "strconv" - "go.uber.org/zap" commonConfig "github.com/koderover/zadig/pkg/config" @@ -85,13 +83,6 @@ func GetBundleResources(logger *zap.SugaredLogger) ([]*resourceSpec, error) { } } - clusterID := env.ClusterID - production := false - cluster, ok := clusterMap[clusterID] - if ok { - production = cluster.Production - } - resourceSpec.Spec = append(resourceSpec.Spec, "production:"+strconv.FormatBool(production)) res = append(res, resourceSpec) } diff --git a/pkg/microservice/policy/core/service/bundle/opa_bundle.go b/pkg/microservice/policy/core/service/bundle/opa_bundle.go index 9e6107df2a..9f05641196 100644 --- a/pkg/microservice/policy/core/service/bundle/opa_bundle.go +++ b/pkg/microservice/policy/core/service/bundle/opa_bundle.go @@ -250,6 +250,9 @@ func generateOPARoles(roles []*models.Role, policyMetas []*models.PolicyMeta) *o verbAttrMap := make(map[string]sets.String) resourceVerbs := make(map[string]sets.String) for _, r := range ro.Rules { + if r.Resources[0] == "ProductionEnvironment" { + continue + } for _, verb := range r.Verbs { if verbs, ok := resourceVerbs[r.Resources[0]]; ok { for _, v := range r.Verbs { @@ -285,6 +288,9 @@ func generateOPARoles(roles []*models.Role, policyMetas []*models.PolicyMeta) *o opaRole.Rules = append(opaRole.Rules, ruleList...) } for _, r := range ro.Rules { + if r.Resources[0] == "ProductionEnvironment" { + continue + } if r.Kind != models.KindResource { if len(r.Verbs) == 1 && r.Verbs[0] == models.MethodAll { r.Verbs = AllMethods diff --git a/pkg/microservice/policy/core/service/bundle/resource_endpoint_mapping.go b/pkg/microservice/policy/core/service/bundle/resource_endpoint_mapping.go index 5518ca7860..dfa4eaac19 100644 --- a/pkg/microservice/policy/core/service/bundle/resource_endpoint_mapping.go +++ b/pkg/microservice/policy/core/service/bundle/resource_endpoint_mapping.go @@ -120,7 +120,7 @@ func getResourceActionMappings(isPolicy bool, policies []*models.PolicyMeta) res for _, ar := range r.Rules { var as []*Attribute for _, a := range ar.MatchAttributes { - if a.Key == "production" && isPolicy { + if isPolicy { continue } as = append(as, &Attribute{Key: a.Key, Value: a.Value}) diff --git a/pkg/microservice/policy/core/service/policy_meta_registration.go b/pkg/microservice/policy/core/service/policy_meta_registration.go index 30f20f04d0..8c3f3ea38e 100644 --- a/pkg/microservice/policy/core/service/policy_meta_registration.go +++ b/pkg/microservice/policy/core/service/policy_meta_registration.go @@ -78,7 +78,7 @@ func GetPolicyRegistrationDefinitions(scope, envType string, _ *zap.SugaredLogge return nil, err } systemScopeSet := sets.NewString("TestCenter", "DataCenter", "Template", "DeliveryCenter") - projectScopeSet := sets.NewString("Workflow", "Environment", "ProductionEnvironment", "Test", "Delivery", "Build", "Service", "Scan") + projectScopeSet := sets.NewString("Workflow", "Environment", "Test", "Delivery", "Build", "Service", "Scan") systemPolicyMetas, projectPolicyMetas, filteredPolicyMetas := []*models.PolicyMeta{}, []*models.PolicyMeta{}, []*models.PolicyMeta{} for _, v := range policieMetas { if systemScopeSet.Has(v.Resource) { diff --git a/pkg/microservice/policy/core/yamlconfig/meta.go b/pkg/microservice/policy/core/yamlconfig/meta.go index 13084ed485..650b1a5c51 100644 --- a/pkg/microservice/policy/core/yamlconfig/meta.go +++ b/pkg/microservice/policy/core/yamlconfig/meta.go @@ -121,26 +121,12 @@ func processMetas(metas []*types.PolicyMeta) []*types.PolicyMeta { if rule.ResourceType == "" { rule.ResourceType = "Environment" } - if rule.Filter { - rule.MatchAttributes = []*types.Attribute{ - { - Key: "production", - Value: "false", - }, - } - } if strings.Contains(rule.Endpoint, ":name") { idRegex := strings.ReplaceAll(rule.Endpoint, ":name", `([\w\W].*)`) idRegex = strings.ReplaceAll(idRegex, "?*", `[\w\W].*`) endpoint := strings.ReplaceAll(rule.Endpoint, ":name", "?*") rule.Endpoint = endpoint rule.IDRegex = idRegex - rule.MatchAttributes = []*types.Attribute{ - { - Key: "production", - Value: "false", - }, - } } tmpRules = append(tmpRules, rule) @@ -151,17 +137,6 @@ func processMetas(metas []*types.PolicyMeta) []*types.PolicyMeta { if err := deepcopy.FromTo(meta, proEnvMeta); err != nil { log.DPanic(err) } - proEnvMeta.Resource = "ProductionEnvironment" - proEnvMeta.Alias = "环境(生产/预发布)" - for _, ru := range proEnvMeta.Rules { - for _, r := range ru.Rules { - for _, a := range r.MatchAttributes { - if a.Key == "production" { - a.Value = "true" - } - } - } - } } } metas = append(metas, proEnvMeta) diff --git a/pkg/microservice/policy/core/yamlconfig/role.yaml b/pkg/microservice/policy/core/yamlconfig/role.yaml index 3dcbf17ba4..3e6b0888b1 100644 --- a/pkg/microservice/policy/core/yamlconfig/role.yaml +++ b/pkg/microservice/policy/core/yamlconfig/role.yaml @@ -53,10 +53,6 @@ preset_roles: - get_environment resources: - Environment - - verbs: - - get_environment - resources: - - ProductionEnvironment - verbs: - get_service resources: