mirror of https://github.com/jumpserver/jumpserver
Merge remote-tracking branch 'origin/v3' into v3
# Conflicts: # apps/rbac/const.pypull/8991/head
commit
2509b801c6
|
@ -2,15 +2,6 @@
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: /usr/local/bin/python
|
ansible_python_interpreter: /usr/local/bin/python
|
||||||
jms_account:
|
|
||||||
username: root
|
|
||||||
secret: redhat
|
|
||||||
jms_asset:
|
|
||||||
address: 127.0.0.1
|
|
||||||
port: 3306
|
|
||||||
account:
|
|
||||||
username: web1
|
|
||||||
secret: jumpserver
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Test MySQL connection
|
- name: Test MySQL connection
|
||||||
|
|
|
@ -1,18 +1,8 @@
|
||||||
- hosts: postgre
|
- hosts: postgre
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: /usr/local/bin/python
|
# ansible_python_interpreter: /usr/local/bin/python
|
||||||
jms_account:
|
ansible_python_interpreter: /Users/xiaofeng/Desktop/jumpserver/venv/bin/python
|
||||||
username: postgre
|
|
||||||
secret: postgre
|
|
||||||
jms_asset:
|
|
||||||
address: 127.0.0.1
|
|
||||||
port: 5432
|
|
||||||
database: testdb
|
|
||||||
account:
|
|
||||||
username: test
|
|
||||||
secret: jumpserver
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Test PostgreSQL connection
|
- name: Test PostgreSQL connection
|
||||||
community.postgresql.postgresql_ping:
|
community.postgresql.postgresql_ping:
|
||||||
|
@ -25,7 +15,8 @@
|
||||||
|
|
||||||
- name: Display PostgreSQL version
|
- name: Display PostgreSQL version
|
||||||
debug:
|
debug:
|
||||||
var: db_info.version.full
|
var: db_info.server_version.full
|
||||||
|
when: db_info is succeeded
|
||||||
|
|
||||||
- name: Change PostgreSQL password
|
- name: Change PostgreSQL password
|
||||||
community.postgresql.postgresql_user:
|
community.postgresql.postgresql_user:
|
||||||
|
@ -37,6 +28,7 @@
|
||||||
name: "{{ account.username }}"
|
name: "{{ account.username }}"
|
||||||
password: "{{ account.secret }}"
|
password: "{{ account.secret }}"
|
||||||
when: db_info is succeeded
|
when: db_info is succeeded
|
||||||
|
register: change_info
|
||||||
|
|
||||||
- name: Verify password
|
- name: Verify password
|
||||||
community.postgresql.postgresql_ping:
|
community.postgresql.postgresql_ping:
|
||||||
|
@ -45,3 +37,4 @@
|
||||||
login_host: "{{ jms_asset.address }}"
|
login_host: "{{ jms_asset.address }}"
|
||||||
login_port: "{{ jms_asset.port }}"
|
login_port: "{{ jms_asset.port }}"
|
||||||
db: "{{ jms_asset.database }}"
|
db: "{{ jms_asset.database }}"
|
||||||
|
when: db_info is succeeded and change_info is changed
|
||||||
|
|
|
@ -69,10 +69,10 @@ class ChangeSecretManager(BasePlaybookManager):
|
||||||
|
|
||||||
def get_ssh_key(self):
|
def get_ssh_key(self):
|
||||||
if self.secret_strategy == SecretStrategy.custom:
|
if self.secret_strategy == SecretStrategy.custom:
|
||||||
ssh_key = self.execution.snapshot['ssh_key']
|
secret = self.execution.snapshot['secret']
|
||||||
if not ssh_key:
|
if not secret:
|
||||||
raise ValueError("Automation SSH key must be set")
|
raise ValueError("Automation SSH key must be set")
|
||||||
return ssh_key
|
return secret
|
||||||
elif self.secret_strategy == SecretStrategy.random_one:
|
elif self.secret_strategy == SecretStrategy.random_one:
|
||||||
if not self._ssh_key_generated:
|
if not self._ssh_key_generated:
|
||||||
self._ssh_key_generated = self.generate_ssh_key()
|
self._ssh_key_generated = self.generate_ssh_key()
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
gather_facts: yes
|
gather_facts: yes
|
||||||
tasks:
|
tasks:
|
||||||
- name: Get info
|
- name: Get info
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
info:
|
info:
|
||||||
arch: "{{ ansible_architecture }}"
|
arch: "{{ ansible_architecture }}"
|
||||||
distribution: "{{ ansible_distribution }}"
|
distribution: "{{ ansible_distribution }}"
|
||||||
|
|
|
@ -55,7 +55,7 @@ class AccountSerializerCreateMixin(serializers.ModelSerializer):
|
||||||
class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
|
class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
|
||||||
asset = ObjectRelatedField(
|
asset = ObjectRelatedField(
|
||||||
required=False, queryset=Asset.objects,
|
required=False, queryset=Asset.objects,
|
||||||
label=_('Asset'), attrs=('id', 'name', 'address')
|
label=_('Asset'), attrs=('id', 'name', 'address', 'platform_id')
|
||||||
)
|
)
|
||||||
|
|
||||||
class Meta(BaseAccountSerializer.Meta):
|
class Meta(BaseAccountSerializer.Meta):
|
||||||
|
|
|
@ -199,8 +199,8 @@ class JMSInventory:
|
||||||
|
|
||||||
def write_to_file(self, path):
|
def write_to_file(self, path):
|
||||||
path_dir = os.path.dirname(path)
|
path_dir = os.path.dirname(path)
|
||||||
data = self.generate(path_dir)
|
|
||||||
if not os.path.exists(path_dir):
|
if not os.path.exists(path_dir):
|
||||||
os.makedirs(path_dir, 0o700, True)
|
os.makedirs(path_dir, 0o700, True)
|
||||||
|
data = self.generate(path_dir)
|
||||||
with open(path, 'w') as f:
|
with open(path, 'w') as f:
|
||||||
f.write(json.dumps(data, indent=4))
|
f.write(json.dumps(data, indent=4))
|
||||||
|
|
|
@ -39,6 +39,9 @@ exclude_permissions = (
|
||||||
('assets', 'assetuser', '*', '*'),
|
('assets', 'assetuser', '*', '*'),
|
||||||
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
|
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
|
||||||
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
|
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
|
||||||
|
# TODO 暂时去掉历史账号的权限
|
||||||
|
('assets', 'account', '*', 'assethistoryaccount'),
|
||||||
|
('assets', 'account', '*', 'assethistoryaccountsecret'),
|
||||||
|
|
||||||
('perms', 'userassetgrantedtreenoderelation', '*', '*'),
|
('perms', 'userassetgrantedtreenoderelation', '*', '*'),
|
||||||
('perms', 'usergrantedmappingnode', '*', '*'),
|
('perms', 'usergrantedmappingnode', '*', '*'),
|
||||||
|
|
|
@ -143,4 +143,4 @@ ForgeryPy3==0.3.1
|
||||||
django-debug-toolbar==3.5
|
django-debug-toolbar==3.5
|
||||||
Pympler==1.0.1
|
Pympler==1.0.1
|
||||||
IPy==1.1
|
IPy==1.1
|
||||||
|
psycopg2==2.9.4
|
||||||
|
|
Loading…
Reference in New Issue