Merge branch 'v3' of github.com:jumpserver/jumpserver into v3

apps/assets/automations/gather_facts/database/mysql/main.yml

@@ -2,27 +2,21 @@
   gather_facts: no
   vars:
     ansible_python_interpreter: /usr/local/bin/python
-    jms_account:
-      username: root
-      secret: redhat
-    jms_asset:
-      address: 127.0.0.1
-      port: 3306
 
   tasks:
-    - name: Gather facts info
+    - name: Get info
       community.mysql.mysql_info:
         login_user: "{{ jms_account.username }}"
         login_password: "{{ jms_account.secret }}"
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
+        filter: version
       register: db_info
 
-    - name: Get info
+    - name: Define Mysql info by set_fact
       set_fact:
         info:
           version: "{{ db_info.version.full }}"
 
     - debug:
-        var: db_info
-
+        var: info

apps/assets/automations/gather_facts/database/postgresql/main.yml

@@ -2,19 +2,9 @@
   gather_facts: no
   vars:
     ansible_python_interpreter: /usr/local/bin/python
-    jms_account:
-      username: postgre
-      secret: postgre
-    jms_asset:
-      address: 127.0.0.1
-      port: 5432
-      database: testdb
-    account:
-      username: test
-      secret: jumpserver
 
   tasks:
-    - name: Test PostgreSQL connection
+    - name: Get info
       community.postgresql.postgresql_info:
         login_user: "{{ jms_account.username }}"
         login_password: "{{ jms_account.secret }}"
@@ -23,6 +13,10 @@
         login_db: "{{ jms_asset.database }}"
       register: db_info
 
-    - name: Debug it
-      debug:
-        var: db_info
+    - name: Define Postgresql info by set_fact
+      set_fact:
+        info:
+          version: "{{ db_info.server_version.raw }}"
+
+    - debug:
+        var: info

apps/assets/automations/gather_facts/database/sqlserver/main.yml

@@ -1,10 +0,0 @@
-{% for account in accounts %}
-- hosts: {{ account.asset.name }}
-  vars:
-    account:
-      username: {{ account.username }}
-      password: {{ account.password }}
-      public_key: {{ account.public_key }}
-  roles:
-    - change_secret
-{% endfor %}

apps/assets/automations/gather_facts/database/sqlserver/manifest.yml

@@ -1,8 +0,0 @@
-id: gather_facts_sqlserver
-name: Change password for SQLServer
-version: 1
-category: database
-type:
-  - sqlserver
-method: gather_facts
-

apps/assets/automations/gather_facts/database/sqlserver/roles/change_password/tasks/main.yml

@@ -1,27 +0,0 @@
-- name: ping
-  ansible.builtin.ping:
-
-#- name: print variables
-#  debug:
-#    msg: "Username: {{ account.username }}, Password: {{ account.password }}"
-
-- name: Change password
-  user:
-    name: "{{ account.username }}"
-    password: "{{ account.password | password_hash('des') }}"
-    update_password: always
-  when: account.password
-
-- name: Change public key
-  authorized_key:
-    user: "{{ account.username }}"
-    key: "{{ account.public_key }}"
-    state: present
-  when: account.public_key
-
-- name: Verify password
-  ansible.builtin.ping:
-  vars:
-    ansible_user: "{{ account.username }}"
-    ansible_pass: "{{ account.password }}"
-    ansible_ssh_connection: paramiko

apps/assets/automations/gather_facts/host/posix/main.yml

@@ -2,7 +2,7 @@
   gather_facts: yes
   tasks:
     - name: Get info
-      set_fact:
+      ansible.builtin.set_fact:
         info:
           arch: "{{ ansible_architecture }}"
           distribution: "{{ ansible_distribution }}"

apps/assets/automations/gather_facts/manager.py

@@ -1,4 +1,5 @@
 from common.utils import get_logger
+from assets.const import AutomationTypes
 from ..base.manager import BasePlaybookManager
 
 logger = get_logger(__name__)
@@ -11,7 +12,7 @@ class GatherFactsManager(BasePlaybookManager):
 
     @classmethod
     def method_type(cls):
-        return 'gather_facts'
+        return AutomationTypes.gather_facts
 
     def host_callback(self, host, asset=None, **kwargs):
         super().host_callback(host, asset=asset, **kwargs)
@@ -19,14 +20,10 @@ class GatherFactsManager(BasePlaybookManager):
         return host
 
     def on_host_success(self, host, result):
-        info = result.get('Get info', {}).get('res', {}).get('ansible_facts', {}).get('info', {})
+        info = result.get('debug', {}).get('res', {}).get('info', {})
         asset = self.host_asset_mapper.get(host)
         if asset and info:
             asset.info = info
             asset.save()
         else:
             logger.error("Not found info, task name must be 'Get info': {}".format(host))
-
-
-
-

apps/assets/models/automations/base.py

@@ -9,6 +9,7 @@ from common.db.fields import EncryptJsonDictTextField
 from orgs.mixins.models import OrgModelMixin
 from ops.mixin import PeriodTaskModelMixin
 from assets.models import Node, Asset
+from assets.tasks import execute_automation
 
 
 class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin):
@@ -38,7 +39,11 @@ class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin):
         return assets.group_by_platform()
 
     def get_register_task(self):
-        raise NotImplementedError
+        name = f"automation_{self.type}_strategy_period_{str(self.id)[:8]}"
+        task = execute_automation.name
+        args = (str(self.id), Trigger.timing, self._meta.model)
+        kwargs = {}
+        return name, task, args, kwargs
 
     def get_many_to_many_ids(self, field: str):
         return [str(i) for i in getattr(self, field).all().values_list('id', flat=True)]

apps/assets/models/automations/change_secret.py

@@ -4,7 +4,6 @@ from django.utils.translation import ugettext_lazy as _
 from common.db import fields
 from common.const.choices import Trigger
 from common.db.models import JMSBaseModel
-from assets.tasks import execute_change_secret_automation
 from assets.const import AutomationTypes, SecretType, SecretStrategy, SSHKeyStrategy
 from .base import BaseAutomation
 
@@ -35,13 +34,6 @@ class ChangeSecretAutomation(BaseAutomation):
     class Meta:
         verbose_name = _("Change secret automation")
 
-    def get_register_task(self):
-        name = "automation_change_secret_strategy_period_{}".format(str(self.id)[:8])
-        task = execute_change_secret_automation.name
-        args = (str(self.id), Trigger.timing)
-        kwargs = {}
-        return name, task, args, kwargs
-
     def to_attr_json(self):
         attr_json = super().to_attr_json()
         attr_json.update({

apps/assets/models/automations/gather_facts.py

@@ -1,16 +1,15 @@
 from django.utils.translation import ugettext_lazy as _
 
+from assets.const import AutomationTypes
 from .base import BaseAutomation
 
-
 __all__ = ['GatherFactsAutomation']
 
 
 class GatherFactsAutomation(BaseAutomation):
-    class Meta:
-        verbose_name = _("Gather asset facts")
-
     def save(self, *args, **kwargs):
-        self.type = 'gather_facts'
+        self.type = AutomationTypes.gather_facts
         super().save(*args, **kwargs)
 
+    class Meta:
+        verbose_name = _("Gather asset facts")

apps/assets/serializers/account/account.py

@@ -55,7 +55,7 @@ class AccountSerializerCreateMixin(serializers.ModelSerializer):
 class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
     asset = ObjectRelatedField(
         required=False, queryset=Asset.objects,
-        label=_('Asset'), attrs=('id', 'name', 'address')
+        label=_('Asset'), attrs=('id', 'name', 'address', 'platform_id')
     )
 
     class Meta(BaseAccountSerializer.Meta):

apps/assets/tasks/automation.py

@@ -7,12 +7,11 @@ logger = get_logger(__file__)
 
 
 @shared_task
-def execute_change_secret_automation(pid, trigger):
-    from assets.models import ChangeSecretAutomation
+def execute_automation(pid, trigger, mode):
     with tmp_to_root_org():
-        instance = get_object_or_none(ChangeSecretAutomation, pk=pid)
+        instance = get_object_or_none(mode, pk=pid)
     if not instance:
-        logger.error("No automation plan found: {}".format(pid))
+        logger.error("No automation task found: {}".format(pid))
         return
     with tmp_to_org(instance.org):
         instance.execute(trigger)

apps/authentication/migrations/0013_auto_20221025_1908.py

@@ -0,0 +1,29 @@
+# Generated by Django 3.2.14 on 2022-10-25 11:08
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0111_alter_changesecretautomation_secret_strategy'),
+        ('authentication', '0012_auto_20220816_1629'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='connectiontoken',
+            name='type',
+        ),
+        migrations.AddField(
+            model_name='connectiontoken',
+            name='account_display',
+            field=models.CharField(default='', max_length=128, verbose_name='Account display'),
+        ),
+        migrations.AlterField(
+            model_name='connectiontoken',
+            name='account',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='connection_tokens', to='assets.account', verbose_name='Account'),
+        ),
+    ]

apps/authentication/models.py

@@ -63,13 +63,6 @@ def date_expired_default():
 
 
 class ConnectionToken(OrgModelMixin, JMSBaseModel):
-    class Type(models.TextChoices):
-        asset = 'asset', _('Asset')
-        application = 'application', _('Application')
-
-    type = models.CharField(
-        max_length=16, default=Type.asset, choices=Type.choices, verbose_name=_("Type")
-    )
     secret = models.CharField(max_length=64, default='', verbose_name=_("Secret"))
     date_expired = models.DateTimeField(
         default=date_expired_default, verbose_name=_("Date expired")
@@ -85,7 +78,11 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
         related_name='connection_tokens', null=True, blank=True
     )
     asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
-    account = models.CharField(max_length=128, default='', verbose_name=_("Account"))
+    account = models.ForeignKey(
+        'assets.Account', on_delete=models.SET_NULL, verbose_name=_('Account'),
+        related_name='connection_tokens', null=True, blank=True
+    )
+    account_display = models.CharField(max_length=128, default='', verbose_name=_("Account display"))
 
     class Meta:
         ordering = ('-date_expired',)

apps/ops/mixin.py

@@ -1,10 +1,8 @@
 # -*- coding: utf-8 -*-
 #
 import abc
-import uuid
 from django.utils.translation import ugettext_lazy as _
 from django.db import models
-from django import forms
 from rest_framework import serializers
 
 from .celery.utils import (

apps/rbac/const.py

@@ -39,6 +39,9 @@ exclude_permissions = (
     ('assets', 'assetuser', '*', '*'),
     ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
     ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
+    # TODO 暂时去掉历史账号的权限
+    ('assets', 'account', '*', 'assethistoryaccount'),
+    ('assets', 'account', '*', 'assethistoryaccountsecret'),
 
     ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
     ('perms', 'usergrantedmappingnode', '*', '*'),