github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'v3' of github.com:jumpserver/jumpserver into v3

pull/8991/head
ibuler 2022-10-25 19:38:40 +08:00
parent 82aca6b843 11eb505c78
commit 350c9e4a80
17 changed files with 67 additions and 4679 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/assets/automations/gather_facts/database/mysql/main.yml
View File

@ -2,27 +2,21 @@
gather_facts: no gather_facts: no
vars: vars:
ansible_python_interpreter: /usr/local/bin/python ansible_python_interpreter: /usr/local/bin/python
jms_account:
username: root
secret: redhat
jms_asset:
address: 127.0.0.1
port: 3306
tasks: tasks:
- name: Gather facts info - name: Get info
community.mysql.mysql_info: community.mysql.mysql_info:
login_user: "{{ jms_account.username }}" login_user: "{{ jms_account.username }}"
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
filter: version
register: db_info register: db_info
- name: Get info - name: Define Mysql info by set_fact
set_fact: set_fact:
info: info:
version: "{{ db_info.version.full }}" version: "{{ db_info.version.full }}"
- debug: - debug:
var: db_info var: info

4574
apps/assets/automations/gather_facts/database/postgresql/facts.json
View File

File diff suppressed because it is too large Load Diff

22
apps/assets/automations/gather_facts/database/postgresql/main.yml
View File

@ -2,19 +2,9 @@
gather_facts: no gather_facts: no
vars: vars:
ansible_python_interpreter: /usr/local/bin/python ansible_python_interpreter: /usr/local/bin/python
jms_account:
username: postgre
secret: postgre
jms_asset:
address: 127.0.0.1
port: 5432
database: testdb
account:
username: test
secret: jumpserver
tasks: tasks:
- name: Test PostgreSQL connection - name: Get info
community.postgresql.postgresql_info: community.postgresql.postgresql_info:
login_user: "{{ jms_account.username }}" login_user: "{{ jms_account.username }}"
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
@ -23,6 +13,10 @@
login_db: "{{ jms_asset.database }}" login_db: "{{ jms_asset.database }}"
register: db_info register: db_info
- name: Debug it - name: Define Postgresql info by set_fact
debug: set_fact:
var: db_info info:
version: "{{ db_info.server_version.raw }}"
- debug:
var: info

10
apps/assets/automations/gather_facts/database/sqlserver/main.yml
View File

@ -1,10 +0,0 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_secret
{% endfor %}

8
apps/assets/automations/gather_facts/database/sqlserver/manifest.yml
View File

@ -1,8 +0,0 @@
id: gather_facts_sqlserver
name: Change password for SQLServer
version: 1
category: database
type:
- sqlserver
method: gather_facts

27
apps/assets/automations/gather_facts/database/sqlserver/roles/change_password/tasks/main.yml
View File

@ -1,27 +0,0 @@
- name: ping
ansible.builtin.ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ansible.builtin.ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

2
apps/assets/automations/gather_facts/host/posix/main.yml
View File

@ -2,7 +2,7 @@
gather_facts: yes gather_facts: yes
tasks: tasks:
- name: Get info - name: Get info
set_fact: ansible.builtin.set_fact:
info: info:
arch: "{{ ansible_architecture }}" arch: "{{ ansible_architecture }}"
distribution: "{{ ansible_distribution }}" distribution: "{{ ansible_distribution }}"

9
apps/assets/automations/gather_facts/manager.py
View File

@ -1,4 +1,5 @@
from common.utils import get_logger from common.utils import get_logger
from assets.const import AutomationTypes
from ..base.manager import BasePlaybookManager from ..base.manager import BasePlaybookManager
logger = get_logger(__name__) logger = get_logger(__name__)
@ -11,7 +12,7 @@ class GatherFactsManager(BasePlaybookManager):
@classmethod @classmethod
def method_type(cls): def method_type(cls):
return 'gather_facts' return AutomationTypes.gather_facts
def host_callback(self, host, asset=None, **kwargs): def host_callback(self, host, asset=None, **kwargs):
super().host_callback(host, asset=asset, **kwargs) super().host_callback(host, asset=asset, **kwargs)
@ -19,14 +20,10 @@ class GatherFactsManager(BasePlaybookManager):
return host return host
def on_host_success(self, host, result): def on_host_success(self, host, result):
info = result.get('Get info', {}).get('res', {}).get('ansible_facts', {}).get('info', {}) info = result.get('debug', {}).get('res', {}).get('info', {})
asset = self.host_asset_mapper.get(host) asset = self.host_asset_mapper.get(host)
if asset and info: if asset and info:
asset.info = info asset.info = info
asset.save() asset.save()
else: else:
logger.error("Not found info, task name must be 'Get info': {}".format(host)) logger.error("Not found info, task name must be 'Get info': {}".format(host))

7
apps/assets/models/automations/base.py
View File

@ -9,6 +9,7 @@ from common.db.fields import EncryptJsonDictTextField
from orgs.mixins.models import OrgModelMixin from orgs.mixins.models import OrgModelMixin
from ops.mixin import PeriodTaskModelMixin from ops.mixin import PeriodTaskModelMixin
from assets.models import Node, Asset from assets.models import Node, Asset
from assets.tasks import execute_automation
class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin): class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin):
@ -38,7 +39,11 @@ class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin):
return assets.group_by_platform() return assets.group_by_platform()
def get_register_task(self): def get_register_task(self):
raise NotImplementedError name = f"automation_{self.type}_strategy_period_{str(self.id)[:8]}"
task = execute_automation.name
args = (str(self.id), Trigger.timing, self._meta.model)
kwargs = {}
return name, task, args, kwargs
def get_many_to_many_ids(self, field: str): def get_many_to_many_ids(self, field: str):
return [str(i) for i in getattr(self, field).all().values_list('id', flat=True)] return [str(i) for i in getattr(self, field).all().values_list('id', flat=True)]

8
apps/assets/models/automations/change_secret.py
View File

@ -4,7 +4,6 @@ from django.utils.translation import ugettext_lazy as _
from common.db import fields from common.db import fields
from common.const.choices import Trigger from common.const.choices import Trigger
from common.db.models import JMSBaseModel from common.db.models import JMSBaseModel
from assets.tasks import execute_change_secret_automation
from assets.const import AutomationTypes, SecretType, SecretStrategy, SSHKeyStrategy from assets.const import AutomationTypes, SecretType, SecretStrategy, SSHKeyStrategy
from .base import BaseAutomation from .base import BaseAutomation
@ -35,13 +34,6 @@ class ChangeSecretAutomation(BaseAutomation):
class Meta: class Meta:
verbose_name = _("Change secret automation") verbose_name = _("Change secret automation")
def get_register_task(self):
name = "automation_change_secret_strategy_period_{}".format(str(self.id)[:8])
task = execute_change_secret_automation.name
args = (str(self.id), Trigger.timing)
kwargs = {}
return name, task, args, kwargs
def to_attr_json(self): def to_attr_json(self):
attr_json = super().to_attr_json() attr_json = super().to_attr_json()
attr_json.update({ attr_json.update({

9
apps/assets/models/automations/gather_facts.py
View File

@ -1,16 +1,15 @@
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from assets.const import AutomationTypes
from .base import BaseAutomation from .base import BaseAutomation
__all__ = ['GatherFactsAutomation'] __all__ = ['GatherFactsAutomation']
class GatherFactsAutomation(BaseAutomation): class GatherFactsAutomation(BaseAutomation):
class Meta:
verbose_name = _("Gather asset facts")
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
self.type = 'gather_facts' self.type = AutomationTypes.gather_facts
super().save(*args, **kwargs) super().save(*args, **kwargs)
class Meta:
verbose_name = _("Gather asset facts")

2
apps/assets/serializers/account/account.py
View File

@ -55,7 +55,7 @@ class AccountSerializerCreateMixin(serializers.ModelSerializer):
class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
asset = ObjectRelatedField( asset = ObjectRelatedField(
required=False, queryset=Asset.objects, required=False, queryset=Asset.objects,
label=_('Asset'), attrs=('id', 'name', 'address') label=_('Asset'), attrs=('id', 'name', 'address', 'platform_id')
) )
class Meta(BaseAccountSerializer.Meta): class Meta(BaseAccountSerializer.Meta):

7
apps/assets/tasks/automation.py
View File

@ -7,12 +7,11 @@ logger = get_logger(__file__)
@shared_task @shared_task
def execute_change_secret_automation(pid, trigger): def execute_automation(pid, trigger, mode):
from assets.models import ChangeSecretAutomation
with tmp_to_root_org(): with tmp_to_root_org():
instance = get_object_or_none(ChangeSecretAutomation, pk=pid) instance = get_object_or_none(mode, pk=pid)
if not instance: if not instance:
logger.error("No automation plan found: {}".format(pid)) logger.error("No automation task found: {}".format(pid))
return return
with tmp_to_org(instance.org): with tmp_to_org(instance.org):
instance.execute(trigger) instance.execute(trigger)

29
apps/authentication/migrations/0013_auto_20221025_1908.py Normal file
View File

@ -0,0 +1,29 @@
# Generated by Django 3.2.14 on 2022-10-25 11:08
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('assets', '0111_alter_changesecretautomation_secret_strategy'),
('authentication', '0012_auto_20220816_1629'),
]
operations = [
migrations.RemoveField(
model_name='connectiontoken',
name='type',
),
migrations.AddField(
model_name='connectiontoken',
name='account_display',
field=models.CharField(default='', max_length=128, verbose_name='Account display'),
),
migrations.AlterField(
model_name='connectiontoken',
name='account',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='connection_tokens', to='assets.account', verbose_name='Account'),
),
]

13
apps/authentication/models.py
View File

@ -63,13 +63,6 @@ def date_expired_default():
class ConnectionToken(OrgModelMixin, JMSBaseModel): class ConnectionToken(OrgModelMixin, JMSBaseModel):
class Type(models.TextChoices):
asset = 'asset', _('Asset')
application = 'application', _('Application')
type = models.CharField(
max_length=16, default=Type.asset, choices=Type.choices, verbose_name=_("Type")
)
secret = models.CharField(max_length=64, default='', verbose_name=_("Secret")) secret = models.CharField(max_length=64, default='', verbose_name=_("Secret"))
date_expired = models.DateTimeField( date_expired = models.DateTimeField(
default=date_expired_default, verbose_name=_("Date expired") default=date_expired_default, verbose_name=_("Date expired")
@ -85,7 +78,11 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
related_name='connection_tokens', null=True, blank=True related_name='connection_tokens', null=True, blank=True
) )
asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display")) asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
account = models.CharField(max_length=128, default='', verbose_name=_("Account")) account = models.ForeignKey(
'assets.Account', on_delete=models.SET_NULL, verbose_name=_('Account'),
related_name='connection_tokens', null=True, blank=True
)
account_display = models.CharField(max_length=128, default='', verbose_name=_("Account display"))
class Meta: class Meta:
ordering = ('-date_expired',) ordering = ('-date_expired',)

2
apps/ops/mixin.py
View File

@ -1,10 +1,8 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
import abc import abc
import uuid
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.db import models from django.db import models
from django import forms
from rest_framework import serializers from rest_framework import serializers
from .celery.utils import ( from .celery.utils import (

3
apps/rbac/const.py
View File

@ -39,6 +39,9 @@ exclude_permissions = (
('assets', 'assetuser', '*', '*'), ('assets', 'assetuser', '*', '*'),
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'), ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
# TODO 暂时去掉历史账号的权限
('assets', 'account', '*', 'assethistoryaccount'),
('assets', 'account', '*', 'assethistoryaccountsecret'),
('perms', 'userassetgrantedtreenoderelation', '*', '*'), ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
('perms', 'usergrantedmappingnode', '*', '*'), ('perms', 'usergrantedmappingnode', '*', '*'),