jumpserver/apps/accounts/api/automations/gather_account.py

# -*- coding: utf-8 -*-
#
from django.http import HttpResponse
from django.shortcuts import get_object_or_404
from rest_framework import status
from rest_framework.decorators import action
from rest_framework.response import Response

from accounts import serializers
from accounts.const import AutomationTypes
from accounts.filters import GatheredAccountFilterSet
from accounts.models import GatherAccountsAutomation, AutomationExecution, Account
from accounts.models import GatheredAccount
from assets.models import Asset
from common.utils.http import is_true
from orgs.mixins.api import OrgBulkModelViewSet
from .base import AutomationExecutionViewSet

__all__ = [
    "DiscoverAccountsAutomationViewSet",
    "DiscoverAccountsExecutionViewSet",
    "GatheredAccountViewSet",
]

from ...risk_handlers import RiskHandler


class DiscoverAccountsAutomationViewSet(OrgBulkModelViewSet):
    model = GatherAccountsAutomation
    filterset_fields = ("name",)
    search_fields = filterset_fields
    serializer_class = serializers.DiscoverAccountAutomationSerializer


class DiscoverAccountsExecutionViewSet(AutomationExecutionViewSet):
    rbac_perms = (
        ("list", "accounts.view_gatheraccountsexecution"),
        ("retrieve", "accounts.view_gatheraccountsexecution"),
        ("create", "accounts.add_gatheraccountsexecution"),
        ("adhoc", "accounts.add_gatheraccountsexecution"),
        ("report", "accounts.view_gatheraccountsexecution"),
    )

    tp = AutomationTypes.gather_accounts

    def get_queryset(self):
        queryset = super().get_queryset()
        queryset = queryset.filter(automation__type=self.tp)
        return queryset

    @action(methods=["get"], detail=False, url_path="adhoc")
    def adhoc(self, request, *args, **kwargs):
        asset_id = request.query_params.get("asset_id")
        if not asset_id:
            return Response(status=400, data={"asset_id": "This field is required."})

        get_object_or_404(Asset, pk=asset_id)
        execution = AutomationExecution()
        execution.snapshot = {
            "assets": [asset_id],
            "nodes": [],
            "type": "gather_accounts",
            "is_sync_account": False,
            "check_risk": True,
            "name": "Adhoc gather accounts: {}".format(asset_id),
        }
        execution.save()
        execution.start()
        report = execution.manager.gen_report()
        return HttpResponse(report)


class GatheredAccountViewSet(OrgBulkModelViewSet):
    model = GatheredAccount
    search_fields = ("username",)
    filterset_class = GatheredAccountFilterSet
    ordering = ("status",)
    serializer_classes = {
        "default": serializers.DiscoverAccountSerializer,
        "status": serializers.DiscoverAccountActionSerializer,
        "details": serializers.DiscoverAccountDetailsSerializer
    }
    rbac_perms = {
        "status": "assets.change_gatheredaccount",
        "details": "assets.view_gatheredaccount"
    }

    @action(methods=["put"], detail=False, url_path="status")
    def status(self, request, *args, **kwargs):
        ids = request.data.get('ids', [])
        new_status = request.data.get("status")
        updated_instances = GatheredAccount.objects.filter(id__in=ids)
        updated_instances.update(status=new_status)
        if new_status == "confirmed":
            GatheredAccount.sync_accounts(updated_instances)

        return Response(status=status.HTTP_200_OK)

    def perform_destroy(self, instance):
        request = self.request
        params = request.query_params
        is_delete_remote = params.get("is_delete_remote")
        is_delete_account = params.get("is_delete_account")
        asset_id = params.get("asset")
        username = params.get("username")
        if is_true(is_delete_remote):
            self._delete_remote(asset_id, username)
        if is_true(is_delete_account):
            account = get_object_or_404(Account, username=username, asset_id=asset_id)
            account.delete()
        super().perform_destroy(instance)

    def _delete_remote(self, asset_id, username):
        asset = get_object_or_404(Asset, pk=asset_id)
        handler = RiskHandler(asset, username, request=self.request)
        handler.handle_delete_remote()

    @action(methods=["get"], detail=True, url_path="details")
    def details(self, request, *args, **kwargs):
        pk = kwargs.get('pk')
        account = get_object_or_404(GatheredAccount, pk=pk)
        serializer = self.get_serializer(account.detail)
        return Response(data=serializer.data)
merge: with pam (#14911) * perf: change i18n * perf: pam * perf: change translate * perf: add check account * perf: add date field * perf: add account filter * perf: remove some js * perf: add account status action * perf: update pam * perf: 修改 discover account * perf: update filter * perf: update gathered account * perf: 修改账号同步 * perf: squash migrations * perf: update pam * perf: change i18n * perf: update account risk * perf: 更新风险发现 * perf: remove css * perf: Admin connection token * perf: Add a switch to check connectivity after changing the password, and add a custom ssh command for push tasks * perf: Modify account migration files * perf: update pam * perf: remove to check account dir * perf: Admin connection token * perf: update check account * perf: 优化发送结果 * perf: update pam * perf: update bulk update create * perf: prepaire using thread timer for bulk_create_decorator * perf: update bulk create decorator * perf: 优化 playbook manager * perf: 优化收集账号的报表 * perf: Update poetry * perf: Update Dockerfile with new base image tag * fix: Account migrate 0012 file * perf: 修改备份 * perf: update pam * fix: Expand resource_type filter to include raw type * feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> * perf: Change secret dashboard (#14551) Co-authored-by: feng <1304903146@qq.com> * perf: update migrations * perf: 修改支持 pam * perf: Change secret record table dashboard * perf: update status * fix: Automation send report * perf: Change secret report * feat: windows accounts gather * perf: update change status * perf: Account backup * perf: Account backup report * perf: Account migrate * perf: update service to application * perf: update migrations * perf: update logo * feat: oracle accounts gather (#14571) * feat: oracle accounts gather * feat: sqlserver accounts gather * feat: postgresql accounts gather * feat: mysql accounts gather --------- Co-authored-by: wangruidong <940853815@qq.com> * feat: mongodb accounts gather * perf: Change secret * perf: Migrate * perf: Merge conflicting migration files * perf: Change secret * perf: Automation filter org * perf: Account push * perf: Random secret string * perf: Enhance SQL query and update risk handling in accounts * perf: Ticket filter assignee_id * perf: 修改 account remote * perf: 修改一些 adhoc 任务 * perf: Change secret * perf: Remove push account extra api * perf: update status * perf: The entire organization can view activity log * fix: risk field check * perf: add account details api * perf: add demo mode * perf: Delete gather_account * perf: Perfect solution to account version problem * perf: Update status action to handle multiple accounts * perf: Add GatherAccountDetailField and update serializers * perf: Display account history in combination with password change records * perf: Lina translate * fix: Update mysql_filter to handle nested user info * perf: Admin connection token validate_permission account * perf: copy move account * perf: account filter risk * perf: account risk filter * perf: Copy move account failed message * fix: gather account sync account to asset * perf: Pam dashboard * perf: Account dashboard total accounts * perf: Pam dashboard * perf: Change secret filter account secret_reset * perf: 修改 risk filter * perf: pam translate * feat: Check for leaked duplicate passwords. (#14711) * feat: Check for leaked duplicate passwords. * perf: Use SQLite instead of txt as leak password database --------- Co-authored-by: jiangweidong <1053570670@qq.com> Co-authored-by: 老广 <ibuler@qq.com> * perf: merge with remote * perf: Add risk change_password_add handle * perf: Pam dashboard * perf: check account manager import * perf: 重构扫描 * perf: 修改 db * perf: Gather account manager * perf: update change db lib * perf: dashboard * perf: Account gather * perf: 修改 asset get queryset * perf: automation report * perf: Pam account * perf: Pam dashboard api * perf: risk add account * perf: 修改 risk check * perf: Risk account * perf: update risk add reopen action * perf: add pylintrc * Revert "perf: automation report" This reverts commit 22aee542071638bcefae5a244bcabf76f794d7c3. * perf: check account engine * perf: Perf: Optimism Gather Report Style * Perf: Remove unuser actions * Perf: Perf push account * perf: perf gather account * perf: Automation report * perf: Push account recorder * perf: Push account record * perf: Pam dashboard * perf: perf * perf: update intergration * perf: integrations application detail add account tab page * feat: Custom change password supports configuration of interactive items * perf: Go and Python demo code * perf: Custom secret change * perf: add user filter * perf: translate * perf: Add demo code docs * perf: update some i18n * perf: update some i18n * perf: Add Java, Node, Go, and cURL demo code * perf: Translate * perf: Change secret translate * perf: Translate * perf: update some i18n * perf: translate * perf: Ansible playbook * perf: update some choice * perf: update some choice * perf: update account serializer remote unused code * perf: conflict * perf: update import --------- Co-authored-by: ibuler <ibuler@qq.com> Co-authored-by: feng <1304903146@qq.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: wangruidong <940853815@qq.com> Co-authored-by: jiangweidong <1053570670@qq.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> Co-authored-by: zhaojisen <1301338853@qq.com> 2025-02-21 08:39:57 +00:00			`# -- coding: utf-8 --`
			`#`
			`from django.http import HttpResponse`
			`from django.shortcuts import get_object_or_404`
			`from rest_framework import status`
			`from rest_framework.decorators import action`
			`from rest_framework.response import Response`

			`from accounts import serializers`
			`from accounts.const import AutomationTypes`
			`from accounts.filters import GatheredAccountFilterSet`
			`from accounts.models import GatherAccountsAutomation, AutomationExecution, Account`
			`from accounts.models import GatheredAccount`
			`from assets.models import Asset`
			`from common.utils.http import is_true`
			`from orgs.mixins.api import OrgBulkModelViewSet`
			`from .base import AutomationExecutionViewSet`

			`__all__ = [`
			`"DiscoverAccountsAutomationViewSet",`
			`"DiscoverAccountsExecutionViewSet",`
			`"GatheredAccountViewSet",`
			`]`

			`from ...risk_handlers import RiskHandler`


			`class DiscoverAccountsAutomationViewSet(OrgBulkModelViewSet):`
			`model = GatherAccountsAutomation`
			`filterset_fields = ("name",)`
			`search_fields = filterset_fields`
			`serializer_class = serializers.DiscoverAccountAutomationSerializer`


			`class DiscoverAccountsExecutionViewSet(AutomationExecutionViewSet):`
			`rbac_perms = (`
			`("list", "accounts.view_gatheraccountsexecution"),`
			`("retrieve", "accounts.view_gatheraccountsexecution"),`
			`("create", "accounts.add_gatheraccountsexecution"),`
			`("adhoc", "accounts.add_gatheraccountsexecution"),`
			`("report", "accounts.view_gatheraccountsexecution"),`
			`)`

			`tp = AutomationTypes.gather_accounts`

			`def get_queryset(self):`
			`queryset = super().get_queryset()`
			`queryset = queryset.filter(automation__type=self.tp)`
			`return queryset`

			`@action(methods=["get"], detail=False, url_path="adhoc")`
			`def adhoc(self, request, args, *kwargs):`
			`asset_id = request.query_params.get("asset_id")`
			`if not asset_id:`
			`return Response(status=400, data={"asset_id": "This field is required."})`

			`get_object_or_404(Asset, pk=asset_id)`
			`execution = AutomationExecution()`
			`execution.snapshot = {`
			`"assets": [asset_id],`
			`"nodes": [],`
			`"type": "gather_accounts",`
			`"is_sync_account": False,`
			`"check_risk": True,`
			`"name": "Adhoc gather accounts: {}".format(asset_id),`
			`}`
			`execution.save()`
			`execution.start()`
			`report = execution.manager.gen_report()`
			`return HttpResponse(report)`


			`class GatheredAccountViewSet(OrgBulkModelViewSet):`
			`model = GatheredAccount`
			`search_fields = ("username",)`
			`filterset_class = GatheredAccountFilterSet`
			`ordering = ("status",)`
			`serializer_classes = {`
			`"default": serializers.DiscoverAccountSerializer,`
			`"status": serializers.DiscoverAccountActionSerializer,`
			`"details": serializers.DiscoverAccountDetailsSerializer`
			`}`
			`rbac_perms = {`
			`"status": "assets.change_gatheredaccount",`
			`"details": "assets.view_gatheredaccount"`
			`}`

			`@action(methods=["put"], detail=False, url_path="status")`
			`def status(self, request, args, *kwargs):`
			`ids = request.data.get('ids', [])`
			`new_status = request.data.get("status")`
			`updated_instances = GatheredAccount.objects.filter(id__in=ids)`
			`updated_instances.update(status=new_status)`
			`if new_status == "confirmed":`
			`GatheredAccount.sync_accounts(updated_instances)`

			`return Response(status=status.HTTP_200_OK)`

			`def perform_destroy(self, instance):`
			`request = self.request`
			`params = request.query_params`
			`is_delete_remote = params.get("is_delete_remote")`
			`is_delete_account = params.get("is_delete_account")`
			`asset_id = params.get("asset")`
			`username = params.get("username")`
			`if is_true(is_delete_remote):`
			`self._delete_remote(asset_id, username)`
			`if is_true(is_delete_account):`
			`account = get_object_or_404(Account, username=username, asset_id=asset_id)`
			`account.delete()`
			`super().perform_destroy(instance)`

			`def _delete_remote(self, asset_id, username):`
			`asset = get_object_or_404(Asset, pk=asset_id)`
			`handler = RiskHandler(asset, username, request=self.request)`
			`handler.handle_delete_remote()`

			`@action(methods=["get"], detail=True, url_path="details")`
			`def details(self, request, args, *kwargs):`
			`pk = kwargs.get('pk')`
			`account = get_object_or_404(GatheredAccount, pk=pk)`
			`serializer = self.get_serializer(account.detail)`
			`return Response(data=serializer.data)`