2022-07-12 02:54:23 +00:00
|
|
|
|
from django.db import models
|
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
|
from simple_history.models import HistoricalRecords
|
|
|
|
|
|
2023-01-16 11:02:09 +00:00
|
|
|
|
from assets.models.base import AbsConnectivity
|
2023-02-16 06:21:24 +00:00
|
|
|
|
from common.utils import lazyproperty
|
2023-12-05 03:16:34 +00:00
|
|
|
|
from labels.mixins import LabeledMixin
|
2023-01-16 11:02:09 +00:00
|
|
|
|
from .base import BaseAccount
|
2023-07-31 09:39:30 +00:00
|
|
|
|
from .mixins import VaultModelMixin
|
2023-08-08 02:16:23 +00:00
|
|
|
|
from ..const import Source
|
2022-07-12 02:54:23 +00:00
|
|
|
|
|
2023-08-08 02:16:23 +00:00
|
|
|
|
__all__ = ['Account', 'AccountHistoricalRecords']
|
2022-07-12 02:54:23 +00:00
|
|
|
|
|
|
|
|
|
|
2022-10-09 09:43:13 +00:00
|
|
|
|
class AccountHistoricalRecords(HistoricalRecords):
|
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
|
|
|
self.included_fields = kwargs.pop('included_fields', None)
|
|
|
|
|
super().__init__(*args, **kwargs)
|
|
|
|
|
|
2022-10-20 12:06:58 +00:00
|
|
|
|
def post_save(self, instance, created, using=None, **kwargs):
|
|
|
|
|
if not self.included_fields:
|
|
|
|
|
return super().post_save(instance, created, using=using, **kwargs)
|
|
|
|
|
|
|
|
|
|
check_fields = set(self.included_fields) - {'version'}
|
|
|
|
|
history_attrs = instance.history.all().values(*check_fields).first()
|
|
|
|
|
if history_attrs is None:
|
|
|
|
|
return super().post_save(instance, created, using=using, **kwargs)
|
|
|
|
|
|
|
|
|
|
attrs = {field: getattr(instance, field) for field in check_fields}
|
|
|
|
|
history_attrs = set(history_attrs.items())
|
|
|
|
|
attrs = set(attrs.items())
|
|
|
|
|
diff = attrs - history_attrs
|
|
|
|
|
if not diff:
|
|
|
|
|
return
|
2023-07-31 09:39:30 +00:00
|
|
|
|
return super().post_save(instance, created, using=using, **kwargs)
|
2022-10-20 12:06:58 +00:00
|
|
|
|
|
2022-11-03 08:55:38 +00:00
|
|
|
|
def create_history_model(self, model, inherited):
|
|
|
|
|
if self.included_fields and not self.excluded_fields:
|
|
|
|
|
self.excluded_fields = [
|
|
|
|
|
field.name for field in model._meta.fields
|
|
|
|
|
if field.name not in self.included_fields
|
|
|
|
|
]
|
|
|
|
|
return super().create_history_model(model, inherited)
|
2022-10-09 09:43:13 +00:00
|
|
|
|
|
|
|
|
|
|
2023-12-05 03:16:34 +00:00
|
|
|
|
class Account(AbsConnectivity, LabeledMixin, BaseAccount):
|
2022-09-13 06:06:25 +00:00
|
|
|
|
asset = models.ForeignKey(
|
|
|
|
|
'assets.Asset', related_name='accounts',
|
|
|
|
|
on_delete=models.CASCADE, verbose_name=_('Asset')
|
|
|
|
|
)
|
|
|
|
|
su_from = models.ForeignKey(
|
2023-01-16 11:02:09 +00:00
|
|
|
|
'accounts.Account', related_name='su_to', null=True,
|
2022-09-13 06:06:25 +00:00
|
|
|
|
on_delete=models.SET_NULL, verbose_name=_("Su from")
|
|
|
|
|
)
|
2022-07-15 10:57:52 +00:00
|
|
|
|
version = models.IntegerField(default=0, verbose_name=_('Version'))
|
2023-07-31 09:39:30 +00:00
|
|
|
|
history = AccountHistoricalRecords(included_fields=['id', '_secret', 'secret_type', 'version'])
|
2022-12-27 09:45:41 +00:00
|
|
|
|
source = models.CharField(max_length=30, default=Source.LOCAL, verbose_name=_('Source'))
|
2023-04-03 10:18:31 +00:00
|
|
|
|
source_id = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Source ID'))
|
2022-07-12 02:54:23 +00:00
|
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
|
verbose_name = _('Account')
|
2022-09-13 13:07:20 +00:00
|
|
|
|
unique_together = [
|
2022-09-20 05:54:25 +00:00
|
|
|
|
('username', 'asset', 'secret_type'),
|
2022-09-13 13:07:20 +00:00
|
|
|
|
('name', 'asset'),
|
|
|
|
|
]
|
2022-07-12 02:54:23 +00:00
|
|
|
|
permissions = [
|
2022-07-27 08:51:39 +00:00
|
|
|
|
('view_accountsecret', _('Can view asset account secret')),
|
|
|
|
|
('view_historyaccount', _('Can view asset history account')),
|
|
|
|
|
('view_historyaccountsecret', _('Can view asset history account secret')),
|
2023-02-21 05:39:28 +00:00
|
|
|
|
('verify_account', _('Can verify account')),
|
|
|
|
|
('push_account', _('Can push account')),
|
2023-12-06 10:48:35 +00:00
|
|
|
|
('remove_account', _('Can remove account')),
|
2022-07-12 02:54:23 +00:00
|
|
|
|
]
|
2022-07-13 08:36:49 +00:00
|
|
|
|
|
2023-02-22 03:18:42 +00:00
|
|
|
|
def __str__(self):
|
2023-12-21 06:02:24 +00:00
|
|
|
|
if self.asset_id:
|
|
|
|
|
host = self.asset.name
|
|
|
|
|
else:
|
|
|
|
|
host = 'Dynamic'
|
|
|
|
|
return '{}({})'.format(self.name, host)
|
2023-02-22 03:18:42 +00:00
|
|
|
|
|
2022-09-06 11:57:03 +00:00
|
|
|
|
@lazyproperty
|
2022-09-23 10:59:19 +00:00
|
|
|
|
def platform(self):
|
|
|
|
|
return self.asset.platform
|
2022-09-06 11:57:03 +00:00
|
|
|
|
|
2022-12-15 08:02:34 +00:00
|
|
|
|
@lazyproperty
|
|
|
|
|
def alias(self):
|
|
|
|
|
if self.username.startswith('@'):
|
|
|
|
|
return self.username
|
|
|
|
|
return self.name
|
|
|
|
|
|
2022-12-26 10:58:21 +00:00
|
|
|
|
@lazyproperty
|
|
|
|
|
def has_secret(self):
|
|
|
|
|
return bool(self.secret)
|
|
|
|
|
|
2023-07-19 03:36:42 +00:00
|
|
|
|
@lazyproperty
|
|
|
|
|
def versions(self):
|
|
|
|
|
return self.history.count()
|
|
|
|
|
|
2022-12-06 09:32:48 +00:00
|
|
|
|
def get_su_from_accounts(self):
|
2022-12-08 05:37:35 +00:00
|
|
|
|
""" 排除自己和以自己为 su-from 的账号 """
|
|
|
|
|
return self.asset.accounts.exclude(id=self.id).exclude(su_from=self)
|
2022-12-06 09:32:48 +00:00
|
|
|
|
|
2023-12-18 09:31:35 +00:00
|
|
|
|
def make_account_ansible_vars(self, su_from):
|
2023-10-09 06:35:21 +00:00
|
|
|
|
var = {
|
|
|
|
|
'ansible_user': su_from.username,
|
|
|
|
|
}
|
|
|
|
|
if not su_from.secret:
|
|
|
|
|
return var
|
2023-12-18 09:31:35 +00:00
|
|
|
|
var['ansible_password'] = self.escape_jinja2_syntax(su_from.secret)
|
2023-10-09 06:35:21 +00:00
|
|
|
|
var['ansible_ssh_private_key_file'] = su_from.private_key_path
|
|
|
|
|
return var
|
|
|
|
|
|
|
|
|
|
def get_ansible_become_auth(self):
|
|
|
|
|
su_from = self.su_from
|
|
|
|
|
platform = self.platform
|
|
|
|
|
auth = {'ansible_become': False}
|
|
|
|
|
if not (platform.su_enabled and su_from):
|
|
|
|
|
return auth
|
|
|
|
|
|
|
|
|
|
auth.update(self.make_account_ansible_vars(su_from))
|
2024-08-14 06:53:07 +00:00
|
|
|
|
|
|
|
|
|
become_method = platform.ansible_become_method
|
2023-10-09 06:35:21 +00:00
|
|
|
|
password = su_from.secret if become_method == 'sudo' else self.secret
|
|
|
|
|
auth['ansible_become'] = True
|
|
|
|
|
auth['ansible_become_method'] = become_method
|
|
|
|
|
auth['ansible_become_user'] = self.username
|
2023-12-18 09:31:35 +00:00
|
|
|
|
auth['ansible_become_password'] = self.escape_jinja2_syntax(password)
|
2023-10-09 06:35:21 +00:00
|
|
|
|
return auth
|
|
|
|
|
|
2023-12-18 09:31:35 +00:00
|
|
|
|
@staticmethod
|
|
|
|
|
def escape_jinja2_syntax(value):
|
|
|
|
|
if not isinstance(value, str):
|
|
|
|
|
return value
|
|
|
|
|
|
2023-12-19 06:57:51 +00:00
|
|
|
|
def escape(v):
|
|
|
|
|
v = v.replace('{{', '__TEMP_OPEN_BRACES__') \
|
|
|
|
|
.replace('}}', '__TEMP_CLOSE_BRACES__')
|
2023-12-18 09:31:35 +00:00
|
|
|
|
|
2023-12-19 06:57:51 +00:00
|
|
|
|
v = v.replace('__TEMP_OPEN_BRACES__', '{{ "{{" }}') \
|
|
|
|
|
.replace('__TEMP_CLOSE_BRACES__', '{{ "}}" }}')
|
2023-12-18 09:31:35 +00:00
|
|
|
|
|
2023-12-19 06:57:51 +00:00
|
|
|
|
return v.replace('{%', '{{ "{%" }}').replace('%}', '{{ "%}" }}')
|
|
|
|
|
|
2023-12-20 08:35:36 +00:00
|
|
|
|
return escape(value)
|
2023-12-18 09:31:35 +00:00
|
|
|
|
|
2022-08-19 10:49:00 +00:00
|
|
|
|
|
2023-07-31 09:39:30 +00:00
|
|
|
|
def replace_history_model_with_mixin():
|
|
|
|
|
"""
|
|
|
|
|
替换历史模型中的父类为指定的Mixin类。
|
|
|
|
|
|
|
|
|
|
Parameters:
|
|
|
|
|
model (class): 历史模型类,例如 Account.history.model
|
|
|
|
|
mixin_class (class): 要替换为的Mixin类
|
|
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
|
None
|
|
|
|
|
"""
|
|
|
|
|
model = Account.history.model
|
|
|
|
|
model.__bases__ = (VaultModelMixin,) + model.__bases__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
replace_history_model_with_mixin()
|