Merge remote-tracking branch 'origin/v3' into v3

# Conflicts:
#	apps/rbac/const.py
pull/8991/head
Aaron3S 2022-10-25 18:09:26 +08:00
commit 2509b801c6
8 changed files with 16 additions and 29 deletions

View File

@ -2,15 +2,6 @@
gather_facts: no gather_facts: no
vars: vars:
ansible_python_interpreter: /usr/local/bin/python ansible_python_interpreter: /usr/local/bin/python
jms_account:
username: root
secret: redhat
jms_asset:
address: 127.0.0.1
port: 3306
account:
username: web1
secret: jumpserver
tasks: tasks:
- name: Test MySQL connection - name: Test MySQL connection

View File

@ -1,18 +1,8 @@
- hosts: postgre - hosts: postgre
gather_facts: no gather_facts: no
vars: vars:
ansible_python_interpreter: /usr/local/bin/python # ansible_python_interpreter: /usr/local/bin/python
jms_account: ansible_python_interpreter: /Users/xiaofeng/Desktop/jumpserver/venv/bin/python
username: postgre
secret: postgre
jms_asset:
address: 127.0.0.1
port: 5432
database: testdb
account:
username: test
secret: jumpserver
tasks: tasks:
- name: Test PostgreSQL connection - name: Test PostgreSQL connection
community.postgresql.postgresql_ping: community.postgresql.postgresql_ping:
@ -25,7 +15,8 @@
- name: Display PostgreSQL version - name: Display PostgreSQL version
debug: debug:
var: db_info.version.full var: db_info.server_version.full
when: db_info is succeeded
- name: Change PostgreSQL password - name: Change PostgreSQL password
community.postgresql.postgresql_user: community.postgresql.postgresql_user:
@ -37,6 +28,7 @@
name: "{{ account.username }}" name: "{{ account.username }}"
password: "{{ account.secret }}" password: "{{ account.secret }}"
when: db_info is succeeded when: db_info is succeeded
register: change_info
- name: Verify password - name: Verify password
community.postgresql.postgresql_ping: community.postgresql.postgresql_ping:
@ -45,3 +37,4 @@
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.database }}" db: "{{ jms_asset.database }}"
when: db_info is succeeded and change_info is changed

View File

@ -69,10 +69,10 @@ class ChangeSecretManager(BasePlaybookManager):
def get_ssh_key(self): def get_ssh_key(self):
if self.secret_strategy == SecretStrategy.custom: if self.secret_strategy == SecretStrategy.custom:
ssh_key = self.execution.snapshot['ssh_key'] secret = self.execution.snapshot['secret']
if not ssh_key: if not secret:
raise ValueError("Automation SSH key must be set") raise ValueError("Automation SSH key must be set")
return ssh_key return secret
elif self.secret_strategy == SecretStrategy.random_one: elif self.secret_strategy == SecretStrategy.random_one:
if not self._ssh_key_generated: if not self._ssh_key_generated:
self._ssh_key_generated = self.generate_ssh_key() self._ssh_key_generated = self.generate_ssh_key()

View File

@ -2,7 +2,7 @@
gather_facts: yes gather_facts: yes
tasks: tasks:
- name: Get info - name: Get info
set_fact: ansible.builtin.set_fact:
info: info:
arch: "{{ ansible_architecture }}" arch: "{{ ansible_architecture }}"
distribution: "{{ ansible_distribution }}" distribution: "{{ ansible_distribution }}"

View File

@ -55,7 +55,7 @@ class AccountSerializerCreateMixin(serializers.ModelSerializer):
class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
asset = ObjectRelatedField( asset = ObjectRelatedField(
required=False, queryset=Asset.objects, required=False, queryset=Asset.objects,
label=_('Asset'), attrs=('id', 'name', 'address') label=_('Asset'), attrs=('id', 'name', 'address', 'platform_id')
) )
class Meta(BaseAccountSerializer.Meta): class Meta(BaseAccountSerializer.Meta):

View File

@ -199,8 +199,8 @@ class JMSInventory:
def write_to_file(self, path): def write_to_file(self, path):
path_dir = os.path.dirname(path) path_dir = os.path.dirname(path)
data = self.generate(path_dir)
if not os.path.exists(path_dir): if not os.path.exists(path_dir):
os.makedirs(path_dir, 0o700, True) os.makedirs(path_dir, 0o700, True)
data = self.generate(path_dir)
with open(path, 'w') as f: with open(path, 'w') as f:
f.write(json.dumps(data, indent=4)) f.write(json.dumps(data, indent=4))

View File

@ -39,6 +39,9 @@ exclude_permissions = (
('assets', 'assetuser', '*', '*'), ('assets', 'assetuser', '*', '*'),
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'), ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
# TODO 暂时去掉历史账号的权限
('assets', 'account', '*', 'assethistoryaccount'),
('assets', 'account', '*', 'assethistoryaccountsecret'),
('perms', 'userassetgrantedtreenoderelation', '*', '*'), ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
('perms', 'usergrantedmappingnode', '*', '*'), ('perms', 'usergrantedmappingnode', '*', '*'),

View File

@ -143,4 +143,4 @@ ForgeryPy3==0.3.1
django-debug-toolbar==3.5 django-debug-toolbar==3.5
Pympler==1.0.1 Pympler==1.0.1
IPy==1.1 IPy==1.1
psycopg2==2.9.4