zyc/AirGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: sync disable/enable state correctly

Browse Source 
- Disable: sync volc_login_allowed=False
- Enable: sync volc_login_allowed from actual LoginProfile state
- Sync: check AK status to detect AirGate-disabled accounts
  (all AKs inactive = disabled, even if user Status=active)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
seaislee1209 2026-03-28 22:09:14 +08:00
parent 9cfd550485
commit bae68ea6a1
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
backend/apps/monitor/views.py
View File

@ -213,14 +213,20 @@ def iam_user_sync_view(request):
except Exception: except Exception:
pass pass
# Sync account status from Volcengine user status (not login profile) # Sync account status: check both user status and AK status
volc_status = u.get("Status", "active") volc_status = u.get("Status", "active")
if volc_status == "active": if volc_status != "active":
obj.status = IAMUser.Status.ACTIVE
elif volc_status == "disabled":
obj.status = IAMUser.Status.DISABLED obj.status = IAMUser.Status.DISABLED
else: else:
obj.status = IAMUser.Status.UNKNOWN # User is active, but check if all AKs are inactive (stopped by AirGate)
all_inactive = False
try:
keys = svc.list_access_keys(username)
if keys and all(k.get("Status") == "inactive" for k in keys):
all_inactive = True
except Exception:
pass
obj.status = IAMUser.Status.DISABLED if all_inactive else IAMUser.Status.ACTIVE
# Sync volc login status separately # Sync volc login status separately
try: try:
@ -579,7 +585,8 @@ def iam_user_disable_view(request, pk):
user.status = IAMUser.Status.DISABLED user.status = IAMUser.Status.DISABLED
user.saved_policies_on_disable = saved_policies user.saved_policies_on_disable = saved_policies
user.save(update_fields=['status', 'saved_policies_on_disable']) user.volc_login_allowed = False
user.save(update_fields=['status', 'saved_policies_on_disable', 'volc_login_allowed'])
policy_count = len(saved_policies) policy_count = len(saved_policies)
error_info = f",移除失败: {detach_errors}" if detach_errors else "" error_info = f",移除失败: {detach_errors}" if detach_errors else ""
@ -629,7 +636,8 @@ def iam_user_enable_view(request, pk):
user.status = IAMUser.Status.ACTIVE user.status = IAMUser.Status.ACTIVE
user.saved_policies_on_disable = [] user.saved_policies_on_disable = []
user.save(update_fields=['status', 'saved_policies_on_disable']) user.volc_login_allowed = svc._has_login_profile(user.username)
user.save(update_fields=['status', 'saved_policies_on_disable', 'volc_login_allowed'])
error_info = f",恢复失败: {restore_errors}" if restore_errors else "" error_info = f",恢复失败: {restore_errors}" if restore_errors else ""
AlertRecord.objects.create( AlertRecord.objects.create(