perf: ansible env to jms

2025-03-18 16:02:33 +08:00 · 2025-03-18 16:02:33 +08:00 · 33a47139b3
parent d89164db63
commit 33a47139b3
4 changed files with 38 additions and 26 deletions
--- a/apps/accounts/api/automations/check_account.py
+++ b/apps/accounts/api/automations/check_account.py
@ -129,11 +129,13 @@ class AccountRiskViewSet(OrgBulkModelViewSet):
            s.validated_data, ("asset", "username", "action", "risk")
        )
        handler = RiskHandler(asset=asset, username=username, request=self.request)
-        data = handler.handle(act, risk)
-        if not data:
-            return Response(data={"message": "Success"})
-        s = serializers.AccountRiskSerializer(instance=data)
+
+        try:
+            risk = handler.handle(act, risk)
+            s = serializers.AccountRiskSerializer(instance=risk)
            return Response(data=s.data)
+        except Exception as e:
+            return Response(status=400, data=str(e))


 class CheckAccountEngineViewSet(JMSModelViewSet):
--- a/apps/accounts/risk_handlers.py
+++ b/apps/accounts/risk_handlers.py
@ -117,6 +117,15 @@ class RiskHandler:
    def handle_delete_remote(self):
        self._handle_delete(delete="remote")

+    @staticmethod
+    def start_execution(execution):
+        execution.save()
+        execution.start()
+
+        if execution.status != "success":
+            msg = _("Execution failed: {}").format(execution.status)
+            raise ValidationError(msg)
+
    def _handle_delete(self, delete="both"):
        asset = self.asset
        execution = AutomationExecution()
@ -128,9 +137,7 @@ class RiskHandler:
            "delete": delete,
            "risk": self.risk
        }
-        execution.save()
-        execution.start()
-        return execution.summary
+        self.start_execution(execution)

    def handle_delete_both(self):
        self._handle_delete(delete="both")
@ -138,7 +145,11 @@ class RiskHandler:
    def handle_change_password(self):
        asset = self.asset
        execution = AutomationExecution()
-        account = self.asset.accounts.get(username=self.username)
+        account = self.asset.accounts.filter(username=self.username, secret_type=SecretType.PASSWORD).first()
+
+        if not account:
+            raise ValidationError("Account not found")
+
        execution.snapshot = {
            "assets": [str(asset.id)],
            "accounts": [str(account.id)],
@ -147,9 +158,7 @@ class RiskHandler:
            "secret_strategy": "random",
            "name": "Change account password: {}@{}".format(self.username, asset.name),
        }
-        execution.save()
-        execution.start()
-        return execution.summary
+        self.start_execution(execution)

    def handle_change_password_add(self):
        asset = self.asset
@ -178,10 +187,10 @@ class RiskHandler:
            'check_conn_after_change': True,
            "name": "Push account password: {}@{}".format(self.username, asset.name),
        }
-        execution.save()
-        execution.start()
+        self.start_execution(execution)

-        GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(
-            present=True
+        (
+            GatheredAccount.objects
+            .filter(asset=self.asset, username=self.username)
+            .update(present=True)
        )
-        return execution.summary
--- a/apps/common/management/commands/services/services/celery_base.py
+++ b/apps/common/management/commands/services/services/celery_base.py
@ -12,15 +12,6 @@ class CeleryBaseService(BaseService):
    @property
    def cmd(self):
        print('\n- Start Celery as Distributed Task Queue: {}'.format(self.queue.capitalize()))
-        ansible_config_path = os.path.join(settings.APPS_DIR, 'libs', 'ansible', 'ansible.cfg')
-        ansible_modules_path = os.path.join(settings.APPS_DIR, 'libs', 'ansible', 'modules')
-        os.environ.setdefault('LC_ALL', 'en_US.UTF-8')
-        os.environ.setdefault('LANG', 'en_US.UTF-8')
-        os.environ.setdefault('PYTHONOPTIMIZE', '1')
-        os.environ.setdefault('ANSIBLE_FORCE_COLOR', 'True')
-        os.environ.setdefault('ANSIBLE_CONFIG', ansible_config_path)
-        os.environ.setdefault('ANSIBLE_LIBRARY', ansible_modules_path)
-        os.environ.setdefault('PYTHONPATH', settings.APPS_DIR)

        if os.getuid() == 0:
            os.environ.setdefault('C_FORCE_ROOT', '1')
--- a/10
+++ b/10
@ -20,6 +20,16 @@ sys.path.insert(0, APP_DIR)
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "jumpserver.settings")
 django.setup()

+ansible_config_path = os.path.join(APP_DIR, 'libs', 'ansible', 'ansible.cfg')
+ansible_modules_path = os.path.join(APP_DIR, 'libs', 'ansible', 'modules')
+os.environ.setdefault('LC_ALL', 'en_US.UTF-8')
+os.environ.setdefault('LANG', 'en_US.UTF-8')
+os.environ.setdefault('PYTHONOPTIMIZE', '1')
+os.environ.setdefault('ANSIBLE_FORCE_COLOR', 'True')
+os.environ.setdefault('ANSIBLE_CONFIG', ansible_config_path)
+os.environ.setdefault('ANSIBLE_LIBRARY', ansible_modules_path)
+os.environ.setdefault('PYTHONPATH', APP_DIR)
+
 logging.basicConfig(level=logging.DEBUG, format="%(asctime)s %(message)s", datefmt="%Y-%m-%d %H:%M:%S")

 try: