Merge pull request #964 from pikasTech/fix/sub2api-codex-pool-validate-target-sentinel-scope
修复 codex-pool validate 按 target sentinel 范围校验
This commit is contained in:
@@ -31,6 +31,7 @@ export function remotePythonScript(mode: "sync" | "validate" | "trace" | "cleanu
|
|||||||
set -u
|
set -u
|
||||||
python3 - <<'PY'
|
python3 - <<'PY'
|
||||||
import base64
|
import base64
|
||||||
|
import hashlib
|
||||||
import json
|
import json
|
||||||
import re
|
import re
|
||||||
import secrets
|
import secrets
|
||||||
@@ -1022,6 +1023,16 @@ def safe_kube_json(args, label):
|
|||||||
return None, {"label": label, "exitCode": proc.returncode, "error": str(exc), "stdoutTail": text(proc.stdout, 1000)}
|
return None, {"label": label, "exitCode": proc.returncode, "error": str(exc), "stdoutTail": text(proc.stdout, 1000)}
|
||||||
|
|
||||||
def sentinel_runtime_status():
|
def sentinel_runtime_status():
|
||||||
|
if not TARGET_SENTINEL_ENABLED:
|
||||||
|
return {
|
||||||
|
"ok": True,
|
||||||
|
"action": "skipped-target-disabled",
|
||||||
|
"desired": {
|
||||||
|
"monitorEnabled": SENTINEL_CONFIG.get("monitor", {}).get("enabled"),
|
||||||
|
"actionsEnabled": SENTINEL_CONFIG.get("actions", {}).get("enabled"),
|
||||||
|
},
|
||||||
|
"valuesPrinted": False,
|
||||||
|
}
|
||||||
cfg = SENTINEL_CONFIG
|
cfg = SENTINEL_CONFIG
|
||||||
cronjob_name = cfg.get("cronJobName")
|
cronjob_name = cfg.get("cronJobName")
|
||||||
secret_name = cfg.get("credentialsSecretName")
|
secret_name = cfg.get("credentialsSecretName")
|
||||||
@@ -2349,6 +2360,9 @@ def api_key_preview(api_key):
|
|||||||
return "***"
|
return "***"
|
||||||
return api_key[:10] + "..." + api_key[-4:]
|
return api_key[:10] + "..." + api_key[-4:]
|
||||||
|
|
||||||
|
def secret_fingerprint(value):
|
||||||
|
return "sha256:" + hashlib.sha256(value.encode("utf-8")).hexdigest()[:16]
|
||||||
|
|
||||||
def run_sync():
|
def run_sync():
|
||||||
global MANUAL_ACCOUNT_PROTECTIONS
|
global MANUAL_ACCOUNT_PROTECTIONS
|
||||||
payload = json.loads(base64.b64decode(PAYLOAD_B64).decode("utf-8"))
|
payload = json.loads(base64.b64decode(PAYLOAD_B64).decode("utf-8"))
|
||||||
@@ -2427,7 +2441,7 @@ def run_sync():
|
|||||||
"sub2apiId": api_key_result["id"],
|
"sub2apiId": api_key_result["id"],
|
||||||
"groupId": api_key_result["groupId"],
|
"groupId": api_key_result["groupId"],
|
||||||
"userId": api_key_result["userId"],
|
"userId": api_key_result["userId"],
|
||||||
"keyPreview": api_key_preview(api_key),
|
"apiKeyFingerprint": secret_fingerprint(api_key),
|
||||||
"valuesPrinted": False,
|
"valuesPrinted": False,
|
||||||
},
|
},
|
||||||
"ownerBalance": owner_balance,
|
"ownerBalance": owner_balance,
|
||||||
@@ -2473,7 +2487,7 @@ def run_validate():
|
|||||||
"sub2apiId": key_item.get("id") if isinstance(key_item, dict) else None,
|
"sub2apiId": key_item.get("id") if isinstance(key_item, dict) else None,
|
||||||
"userId": key_item.get("user_id") if isinstance(key_item, dict) else None,
|
"userId": key_item.get("user_id") if isinstance(key_item, dict) else None,
|
||||||
"groupId": key_item.get("group_id") if isinstance(key_item, dict) else None,
|
"groupId": key_item.get("group_id") if isinstance(key_item, dict) else None,
|
||||||
"keyPreview": api_key_preview(api_key),
|
"apiKeyFingerprint": secret_fingerprint(api_key),
|
||||||
"valuesPrinted": False,
|
"valuesPrinted": False,
|
||||||
},
|
},
|
||||||
"ownerBalance": owner_balance,
|
"ownerBalance": owner_balance,
|
||||||
|
|||||||
Reference in New Issue
Block a user