diff --git a/apps/accounts/api/account/pam_dashboard.py b/apps/accounts/api/account/pam_dashboard.py index 35378de37..281ccd040 100644 --- a/apps/accounts/api/account/pam_dashboard.py +++ b/apps/accounts/api/account/pam_dashboard.py @@ -43,25 +43,22 @@ class PamDashboardApi(APIView): 'total_sudo_changed_accounts': ('sudo_changed_count', Q(risk='sudo_changed')), 'total_authorized_keys_changed_accounts': ( 'authorized_keys_changed_count', Q(risk='authorized_keys_changed')), - 'total_account_deleted_accounts': ('account_deleted_count', Q(risk='account_deleted')), 'total_password_expired_accounts': ('password_expired_count', Q(risk='password_expired')), 'total_long_time_password_accounts': ('long_time_password_count', Q(risk='long_time_password')), 'total_weak_password_accounts': ('weak_password_count', Q(risk='weak_password')), 'total_leaked_password_accounts': ('leaked_password_count', Q(risk='leaked_password')), 'total_repeated_password_accounts': ('repeated_password_count', Q(risk='repeated_password')), - 'total_password_error_accounts': ('password_error_count', Q(risk='password_error')), - 'total_no_admin_account_accounts': ('no_admin_account_count', Q(risk='no_admin_account')), } aggregations = { - agg_key: Count('account_id', distinct=True, filter=agg_filter) + agg_key: Count('id', distinct=True, filter=agg_filter) for param_key, (agg_key, agg_filter) in agg_map.items() if _all or query_params.get(param_key) } data = {} if aggregations: - account_stats = AccountRisk.objects.filter(account__isnull=False).aggregate(**aggregations) + account_stats = AccountRisk.objects.aggregate(**aggregations) data = {param_key: account_stats.get(agg_key) for param_key, (agg_key, _) in agg_map.items() if agg_key in account_stats} diff --git a/apps/accounts/migrations/0005_accountrisk_backupaccountautomation_and_more.py b/apps/accounts/migrations/0005_accountrisk_backupaccountautomation_and_more.py index 4dc8d5575..dc3e22adc 100644 --- a/apps/accounts/migrations/0005_accountrisk_backupaccountautomation_and_more.py +++ b/apps/accounts/migrations/0005_accountrisk_backupaccountautomation_and_more.py @@ -142,15 +142,11 @@ class Migration(migrations.Migration): ("groups_changed", "Groups change"), ("sudoers_changed", "Sudo changed"), ("authorized_keys_changed", "Authorized keys changed"), - ("account_deleted", "Account delete"), ("password_expired", "Password expired"), ("long_time_password", "Long time no change"), ("weak_password", "Weak password"), ("leaked_password", "Leaked password"), ("repeated_password", "Repeated password"), - ("password_error", "Password error"), - ("no_admin_account", "No admin account"), - ("others", "Others"), ], max_length=128, verbose_name="Risk", diff --git a/apps/accounts/models/automations/check_account.py b/apps/accounts/models/automations/check_account.py index 3a3a20eea..6ef328ca0 100644 --- a/apps/accounts/models/automations/check_account.py +++ b/apps/accounts/models/automations/check_account.py @@ -1,9 +1,8 @@ -from itertools import islice - from django.db import models from django.db.models import TextChoices from django.utils import timezone from django.utils.translation import gettext_lazy as _ +from itertools import islice from common.const import ConfirmOrIgnore from common.db.models import JMSBaseModel @@ -45,16 +44,12 @@ class RiskChoice(TextChoices): group_changed = 'groups_changed', _('Groups change') # 组变更, 确认 sudo_changed = 'sudoers_changed', _('Sudo changed') # sudo 变更, 确认 authorized_keys_changed = 'authorized_keys_changed', _('Authorized keys changed') # authorized_keys 变更, 确认 - account_deleted = 'account_deleted', _('Account delete') # 账号被删除, 确认 password_expired = 'password_expired', _('Password expired') # 密码过期, 修改密码 long_time_password = 'long_time_password', _('Long time no change') # 好久没改密码的账号, 改密码 weak_password = 'weak_password', _('Weak password') # 弱密码, 改密 leaked_password = 'leaked_password', _('Leaked password') # 可能泄露的密码, 改密 repeated_password = 'repeated_password', _('Repeated password') # 重复度高的密码, 改密 - password_error = 'password_error', _('Password error') # 密码错误, 修改账号 - no_admin_account = 'no_admin_account', _('No admin account') # 无管理员账号, 设置账号 - others = 'others', _('Others') # 其他风险, 确认 class AccountRisk(JMSOrgBaseModel):