github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: Enhance SQL query and update risk handling in accounts

pull/14628/head
wangruidong 2024-12-09 16:04:07 +08:00 committed by w940853815
parent 6806708820
commit 2e5d1f1cee
4 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
apps/accounts/automations/gather_account/database/sqlserver/main.yml
View File

@ -12,7 +12,26 @@
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
name: '{{ jms_asset.spec_info.db_name }}' name: '{{ jms_asset.spec_info.db_name }}'
script: | script: |
select * from sys.sql_logins SELECT
l.name,
l.modify_date,
l.is_disabled,
l.create_date,
l.default_database_name,
LOGINPROPERTY(name, 'DaysUntilExpiration') AS days_until_expiration,
MAX(s.login_time) AS last_login_time
FROM
sys.sql_logins l
LEFT JOIN
sys.dm_exec_sessions s
ON
l.name = s.login_name
WHERE
s.is_user_process = 1 OR s.login_name IS NULL
GROUP BY
l.name, l.create_date, l.modify_date, l.is_disabled, l.default_database_name
ORDER BY
last_login_time DESC;
output: dict output: dict
register: db_info register: db_info

10
apps/accounts/automations/gather_account/filter.py
View File

@ -72,11 +72,14 @@ class GatherAccountsFilter:
return {} return {}
result = {} result = {}
for user_info in info[0][0]: for user_info in info[0][0]:
days_until_expiration = user_info.get('days_until_expiration')
date_password_expired = timezone.now() + timezone.timedelta(
days=int(days_until_expiration)) if days_until_expiration else None
user = { user = {
'username': user_info.get('name', ''), 'username': user_info.get('name', ''),
'date_password_change': None, 'date_password_change': parse_date(user_info.get('modify_date')),
'date_password_expired': None, 'date_password_expired': date_password_expired,
'date_last_login': None, 'date_last_login': parse_date(user_info.get('last_login_time')),
'groups': '', 'groups': '',
} }
detail = { detail = {
@ -84,6 +87,7 @@ class GatherAccountsFilter:
'is_disabled': user_info.get('is_disabled', ''), 'is_disabled': user_info.get('is_disabled', ''),
'default_database_name': user_info.get('default_database_name', ''), 'default_database_name': user_info.get('default_database_name', ''),
} }
print(user)
user['detail'] = detail user['detail'] = detail
result[user['username']] = user result[user['username']] = user
return result return result

4
apps/accounts/automations/gather_account/manager.py
View File

@ -270,7 +270,7 @@ class GatherAccountsManager(AccountBasePlaybookManager):
lost_users = ori_ga_users - remote_users lost_users = ori_ga_users - remote_users
if lost_users: if lost_users:
queryset.filter(username__in=lost_users).update( queryset.filter(username__in=lost_users).update(
status="", remote_present=False status=ConfirmOrIgnore.pending, remote_present=False
) )
self.summary["lost_accounts"] += len(lost_users) self.summary["lost_accounts"] += len(lost_users)
for username in lost_users: for username in lost_users:
@ -285,7 +285,7 @@ class GatherAccountsManager(AccountBasePlaybookManager):
# 标识状态为 待处理, 让管理员去确认 # 标识状态为 待处理, 让管理员去确认
ga_added_users = ori_ga_users - ori_users ga_added_users = ori_ga_users - ori_users
if ga_added_users: if ga_added_users:
queryset.filter(username__in=ga_added_users).update(status="") queryset.filter(username__in=ga_added_users).update(status=ConfirmOrIgnore.pending)
# 收集的账号 比 账号列表少的 # 收集的账号 比 账号列表少的
# 这个好像不不用对比,原始情况就这样 # 这个好像不不用对比,原始情况就这样

3
apps/accounts/risk_handlers.py
View File

@ -53,7 +53,8 @@ class RiskHandler:
return r.first() return r.first()
def handle_ignore(self): def handle_ignore(self):
pass GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(status=ConfirmOrIgnore.ignored)
self.risk = 'ignored'
def handle_review(self): def handle_review(self):
pass pass