perf: Windows AD

apps/accounts/automations/base/manager.py

@@ -94,6 +94,7 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
         h['account'] = {
             'name': account.name,
             'username': account.username,
+            'full_username': account.full_username,
             'secret_type': secret_type,
             'secret': account.escape_jinja2_syntax(new_secret),
             'private_key_path': private_key_path,

apps/accounts/automations/change_secret/host/windows_ad/main.yml

@@ -0,0 +1,27 @@
+- hosts: demo
+  gather_facts: no
+  tasks:
+    - name: Test privileged account
+      ansible.windows.win_ping:
+
+    - name: Change password
+      community.windows.win_domain_user:
+        name: "{{ account.username }}"
+        password: "{{ account.secret }}"
+        update_password: always
+        password_never_expires: yes
+        state: present
+        groups: "{{ params.groups }}"
+        groups_action: add
+      ignore_errors: true
+      when: account.secret_type == "password"
+
+    - name: Refresh connection
+      ansible.builtin.meta: reset_connection
+
+    - name: Verify password
+      ansible.windows.win_ping:
+      vars:
+        ansible_user: "{{ account.full_username }}"
+        ansible_password: "{{ account.secret }}"
+      when: account.secret_type == "password" and check_conn_after_change

apps/accounts/automations/change_secret/host/windows_ad/manifest.yml

@@ -0,0 +1,27 @@
+id: change_secret_ad_windows
+name: "{{ 'Windows account change secret' | trans }}"
+version: 1
+method: change_secret
+category:
+  - ds
+type:
+  - windows_ad
+params:
+  - name: groups
+    type: str
+    label: '用户组'
+    default: 'Users,Remote Desktop Users'
+    help_text: "{{ 'Params groups help text' | trans }}"
+
+
+i18n:
+  Windows account change secret:
+    zh: '使用 Ansible 模块 win_domain_user 执行 Windows 账号改密'
+    ja: 'Ansible win_domain_user モジュールを使用して Windows アカウントのパスワード変更'
+    en: 'Using Ansible module win_domain_user to change Windows account secret'
+
+  Params groups help text:
+    zh: '请输入用户组，多个用户组使用逗号分隔（需填写已存在的用户组）'
+    ja: 'グループを入力してください。複数のグループはコンマで区切ってください（既存のグループを入力してください）'
+    en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)'
+

apps/accounts/automations/gather_account/host/windows/manifest.yml

@@ -2,9 +2,12 @@ id: gather_accounts_windows
 name: "{{ 'Windows account gather' | trans }}"
 version: 1
 method: gather_accounts
-category: host
+category:
+  - host
+  - ds
 type:
   - windows
+  - windows_ad
 
 i18n:
   Windows account gather:

apps/accounts/automations/push_account/host/windows_ad/main.yml

@@ -0,0 +1,27 @@
+- hosts: demo
+  gather_facts: no
+  tasks:
+    - name: Test privileged account
+      ansible.windows.win_ping:
+
+    - name: Push user password
+      community.windows.win_domain_user:
+        name: "{{ account.username }}"
+        password: "{{ account.secret }}"
+        update_password: always
+        password_never_expires: yes
+        state: present
+        groups: "{{ params.groups }}"
+        groups_action: add
+      ignore_errors: true
+      when: account.secret_type == "password"
+
+    - name: Refresh connection
+      ansible.builtin.meta: reset_connection
+
+    - name: Verify password
+      ansible.windows.win_ping:
+      vars:
+        ansible_user: "{{ account.full_username }}"
+        ansible_password: "{{ account.secret }}"
+      when: account.secret_type == "password" and check_conn_after_change

apps/accounts/automations/push_account/host/windows_ad/manifest.yml

@@ -0,0 +1,25 @@
+id: push_account_ad_windows
+name: "{{ 'Windows account push' | trans }}"
+version: 1
+method: push_account
+category:
+  - ds
+type:
+  - windows_ad
+params:
+  - name: groups
+    type: str
+    label: '用户组'
+    default: 'Users,Remote Desktop Users'
+    help_text: "{{ 'Params groups help text' | trans }}"
+
+i18n:
+  Windows account push:
+    zh: '使用 Ansible 模块 win_domain_user 执行 Windows 账号推送'
+    ja: 'Ansible win_domain_user モジュールを使用して Windows アカウントをプッシュする'
+    en: 'Using Ansible module win_domain_user to push account'
+
+  Params groups help text:
+    zh: '请输入用户组，多个用户组使用逗号分隔（需填写已存在的用户组）'
+    ja: 'グループを入力してください。複数のグループはコンマで区切ってください（既存のグループを入力してください）'
+    en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)'

apps/accounts/automations/remove_account/host/windows_ad/main.yml

@@ -0,0 +1,9 @@
+- hosts: windows
+  gather_facts: no
+  tasks:
+    - name: "Remove account"
+      ansible.windows.win_domain_user:
+        name: "{{ account.username }}"
+        state: absent
+
+

apps/accounts/automations/remove_account/host/windows_ad/manifest.yml

@@ -0,0 +1,14 @@
+id: remove_account_ad_windows
+name: "{{ 'Windows account remove' | trans }}"
+version: 1
+method: remove_account
+category:
+  - ds
+type:
+  - windows_ad
+
+i18n:
+  Windows account remove:
+    zh: 使用 Ansible 模块 win_domain_user 删除账号
+    ja: Ansible モジュール win_domain_user を使用してアカウントを削除する
+    en: Use the Ansible module win_domain_user to delete an account

apps/accounts/automations/verify_account/custom/rdp/main.yml

@@ -10,6 +10,6 @@
       rdp_ping:
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
-        login_user: "{{ account.username }}"
+        login_user: "{{ account.full_username }}"
         login_password: "{{ account.secret }}"
         login_secret_type: "{{ account.secret_type }}"

apps/accounts/automations/verify_account/custom/rdp/manifest.yml

@@ -2,8 +2,10 @@ id: verify_account_by_rdp
 name: "{{ 'Windows rdp account verify' | trans }}"
 category:
   - host
+  - ds
 type:
   - windows
+  - windows_ad
 method: verify_account
 protocol: rdp
 priority: 1

apps/accounts/automations/verify_account/host/windows/main.yml

@@ -7,5 +7,5 @@
     - name: Verify account
       ansible.windows.win_ping:
       vars:
-        ansible_user: "{{ account.username }}"
+        ansible_user: "{{ account.full_username }}"
         ansible_password: "{{ account.secret }}"

apps/accounts/automations/verify_account/host/windows/manifest.yml

@@ -2,9 +2,12 @@ id: verify_account_windows
 name: "{{ 'Windows account verify' | trans }}"
 version: 1
 method: verify_account
-category: host
+category:
+  - host
+  - ds
 type:
   - windows
+  - windows_ad
 
 i18n:
   Windows account verify:

apps/accounts/automations/verify_account/manager.py

@@ -64,6 +64,7 @@ class VerifyAccountManager(AccountBasePlaybookManager):
             h['account'] = {
                 'name': account.name,
                 'username': account.username,
+                'full_username': account.full_username,
                 'secret_type': account.secret_type,
                 'secret': account.escape_jinja2_syntax(secret),
                 'private_key_path': private_key_path,

apps/assets/automations/gather_facts/host/windows/manifest.yml

@@ -2,9 +2,12 @@ id: gather_facts_windows
 name: "{{ 'Gather facts windows' | trans }}"
 version: 1
 method: gather_facts
-category: host
+category:
+  - host
+  - ds
 type:
   - windows
+  - windows_ad
 i18n:
   Gather facts windows:
     zh: '使用 Ansible 指令 gather_facts 从 Windows 获取设备信息'

apps/assets/automations/ping/custom/rdp/manifest.yml

@@ -3,8 +3,10 @@ name: "{{ 'Ping by pyfreerdp' | trans }}"
 category:
   - device
   - host
+  - ds
 type:
   - windows
+  - windows_ad
 method: ping
 protocol: rdp
 priority: 1

apps/assets/automations/ping/custom/ssh/manifest.yml

@@ -3,6 +3,7 @@ name: "{{ 'Ping by paramiko' | trans }}"
 category:
   - device
   - host
+  - ds
 type:
   - all
 method: ping

apps/assets/automations/ping/custom/telnet/manifest.yml

@@ -3,6 +3,7 @@ name: "{{ 'Ping by telnet' | trans }}"
 category:
   - device
   - host
+  - ds
 type:
   - all
 method: ping

apps/assets/automations/ping/host/windows/manifest.yml

@@ -2,9 +2,12 @@ id: win_ping
 name: "{{ 'Windows ping' | trans }}"
 version: 1
 method: ping
-category: host
+category:
+  - host
+  - ds
 type:
   - windows
+  - windows_ad
 i18n:
   Windows ping:
     zh: 使用 Ansible 模块 内置模块 win_ping 来测试可连接性

apps/assets/const/ds.py

@@ -36,6 +36,7 @@ class DirectoryTypes(BaseType):
                 'change_secret_enabled': True,
                 'push_account_enabled': True,
                 'gather_accounts_enabled': True,
+                'remove_account_enabled': True,
             }
         }
         return constrains

apps/assets/migrations/0017_auto_20250407_1124.py

@@ -48,7 +48,7 @@ def add_ds_platforms(apps, schema_editor):
 
             },
             "gather_accounts_enabled": true,
-            "gather_accounts_method": "gather_accounts_ad_windows",
+            "gather_accounts_method": "gather_accounts_windows",
             "gather_accounts_params": {
 
             },

apps/ops/ansible/inventory.py

@@ -2,7 +2,6 @@
 import json
 import os
 import re
-import sys
 from collections import defaultdict
 
 from django.utils.translation import gettext as _
@@ -79,7 +78,7 @@ class JMSInventory:
     @staticmethod
     def make_account_ansible_vars(account, path_dir):
         var = {
-            'ansible_user': account.username,
+            'ansible_user': account.full_username,
         }
         if not account.secret:
             return var
@@ -111,7 +110,8 @@ class JMSInventory:
                     setting = getattr(p, 'setting')
                     host['old_ssh_version'] = setting.get('old_ssh_version', False)
 
-    def make_account_vars(self, host, asset, account, automation, protocol, platform, gateway, path_dir):
+    def make_account_vars(self, host, asset, account, automation, protocol, platform, gateway, path_dir,
+                          ansible_config):
         from accounts.const import AutomationTypes
         if not account:
             host['error'] = _("No account available")
@@ -129,7 +129,8 @@ class JMSInventory:
         elif platform.su_enabled and not su_from and \
                 self.task_type in (AutomationTypes.change_secret, AutomationTypes.push_account):
             host.update(self.make_account_ansible_vars(account, path_dir))
-            host['ansible_become'] = True
+            if ansible_config.get('ansible_shell_type') != 'powershell':
+                host['ansible_become'] = True
             host['ansible_become_user'] = 'root'
             host['ansible_become_password'] = account.escape_jinja2_syntax(account.secret)
         else:
@@ -192,7 +193,6 @@ class JMSInventory:
         secret_info = {k: v for k, v in asset.secret_info.items() if v}
         host = {
             'name': name,
-            'local_python_interpreter': sys.executable,
             'jms_asset': {
                 'id': str(asset.id), 'name': asset.name, 'address': asset.address,
                 'type': tp, 'category': category,
@@ -202,7 +202,7 @@ class JMSInventory:
                 'origin_address': asset.address
             },
             'jms_account': {
-                'id': str(account.id), 'username': account.username,
+                'id': str(account.id), 'username': account.full_username,
                 'secret': account.escape_jinja2_syntax(account.secret),
                 'secret_type': account.secret_type, 'private_key_path': account.get_private_key_path(path_dir)
             } if account else None
@@ -223,7 +223,7 @@ class JMSInventory:
             gateway = asset.domain.select_gateway()
 
         self.make_account_vars(
-            host, asset, account, automation, protocol, platform, gateway, path_dir
+            host, asset, account, automation, protocol, platform, gateway, path_dir, ansible_config
         )
         return host