Merge pull request TencentBlueKing#5391 from wcy00000000000000/v3.10.x-bugfix

删除权限中心action之前先删除相关的权限策略

Author: breezelxp

src/ac/iam/client.go

@@ -476,3 +476,25 @@ func (c *iamClient) UpdateCommonActions(ctx context.Context, commonActions []Com
 
 	return nil
 }
+
+func (c *iamClient) DeleteActionPolicies(ctx context.Context, actionID ActionID) error {
+	resp := new(BaseResponse)
+	result := c.client.Delete().
+		SubResourcef("/api/v1/model/systems/%s/actions/%s/policies", c.Config.SystemID, actionID).
+		WithContext(ctx).
+		WithHeaders(c.basicHeader).
+		Do()
+	err := result.Into(resp)
+	if err != nil {
+		return err
+	}
+
+	if resp.Code != 0 {
+		return &AuthError{
+			RequestID: result.Header.Get(IamRequestHeader),
+			Reason:    fmt.Errorf("delete action %s policies failed, code: %d, msg: %s", actionID, resp.Code, resp.Message),
+		}
+	}
+
+	return nil
+}

src/ac/iam/iam.go

@@ -194,6 +194,11 @@ func (i Iam) RegisterSystem(ctx context.Context, host string) error {
 		removedResourceActionIDs := make([]ActionID, actionLen)
 		idx := 0
 		for resourceActionID := range removedResourceActionMap {
+			if err = i.client.DeleteActionPolicies(ctx, resourceActionID); err != nil {
+				blog.Errorf("delete action %s policies failed, err: %v", resourceActionID, err)
+				return err
+			}
+
 			removedResourceActionIDs[idx] = resourceActionID
 			idx++
 		}