fix(backend): 权限规则创建账户不允许使用特殊名称 #8181

# Reviewed, transaction id: 25160
TencentBlueKing · Nov 28, 2024 · a01a317 · a01a317
1 parent eeb744f
commit a01a317
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 1 deletion.
diff --git a/dbm-ui/backend/configuration/constants.py b/dbm-ui/backend/configuration/constants.py
@@ -10,6 +10,7 @@
 """
 from django.utils.translation import ugettext as _
 
+from backend.db_services.dbpermission.constants import AccountType
 from blue_krill.data_types.enum import EnumField, StructuredEnum
 
 # 平台业务ID
@@ -228,3 +229,41 @@ class BizSettingsEnum(str, StructuredEnum):
     DBType.MySQL: MYSQL_ADMIN_USER,
     DBType.Sqlserver: SQLSERVER_ADMIN_USER,
 }
+
+# 权限规则账号创建不允许的账号名映射
+ACCOUNT_RULES_MAP = {
+    AccountType.SQLServer: ["mssql_exporter", "dbm_admin", "sa", "sqlserver"],
+    AccountType.MONGODB: ["dba", "apppdba", "monitor", "appmonitor"],
+    AccountType.MYSQL: [
+        "gcs_admin",
+        "gcs_dba",
+        "MONITOR",
+        "GM",
+        "ADMIN",
+        "repl",
+        "dba_bak_all_sel",
+        "yw",
+        "partition_yw",
+        "spider",
+        "mysql.session",
+        "mysql.sys",
+        "gcs_spider",
+        "sync",
+    ],
+    AccountType.TENDBCLUSTER: [
+        "gcs_admin",
+        "gcs_dba",
+        "MONITOR",
+        "GM",
+        "ADMIN",
+        "repl",
+        "dba_bak_all_sel",
+        "yw",
+        "partition_yw",
+        "spider",
+        "mysql.session",
+        "mysql.sys",
+        "gcs_spider",
+        "sync",
+    ],
+}
diff --git a/dbm-ui/backend/db_services/dbpermission/db_account/serializers.py b/dbm-ui/backend/db_services/dbpermission/db_account/serializers.py
@@ -14,7 +14,7 @@
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
-from backend.configuration.constants import DBPrivSecurityType
+from backend.configuration.constants import ACCOUNT_RULES_MAP, DBPrivSecurityType
 from backend.configuration.handlers.password import DBPasswordHandler
 from backend.db_meta.enums import ClusterType
 from backend.db_services.dbpermission import constants
@@ -40,6 +40,11 @@ def check_username_valid(cls, account_type, user):
         if len(user) > constants.MAX_ACCOUNT_LENGTH:
             raise serializers.ValidationError(_("账号名称不符合过长，请不要超过31位"))
 
+        # 不允许使用特殊账户名称
+        special_account_names = ACCOUNT_RULES_MAP.get(account_type, [])
+        if user in special_account_names:
+            raise serializers.ValidationError(_("不允许使用特殊账号名称[{}], 请重新更改账号名".format(user)))
+
     @classmethod
     def check_password_valid(cls, password, account_type):
         security_type = DBPrivSecurityType.db_type_to_security_type(account_type)