github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: Change secret

pull/14978/head
feng 2025-03-06 19:11:55 +08:00 committed by feng626
parent bc70c480f7
commit 47029be3da
11 changed files with 74 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
apps/accounts/automations/base/manager.py
View File

@ -1,5 +1,8 @@
import threading
import time
from copy import deepcopy
from celery import current_task
from django.conf import settings
from django.utils import timezone
from django.utils.translation import gettext_lazy as _
@ -124,7 +127,42 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
return inventory_hosts
@staticmethod
def is_running_in_celery():
return getattr(current_task, 'request', None) is not None
def wait_and_save_recorder(self, recorder, max_retries=10, retry_interval=2):
recorder_model = type(recorder)
for attempt in range(max_retries):
exist = recorder_model.objects.filter(
account_id=recorder.account_id, execution=self.execution
).exists()
if exist:
print(f"Data inserted, updating recorder status after {attempt + 1}th query")
recorder.save(update_fields=['status', 'date_finished'])
return True
print(f"Data not ready, waiting {retry_interval} second(s) and retrying ({attempt + 1}/{max_retries})")
time.sleep(retry_interval)
print("\033[31m The data is still not inserted, giving up saving the recorder status.\033[0m")
return False
def save_record(self, recorder):
if self.is_running_in_celery():
self.wait_and_save_recorder(recorder)
else:
thread = threading.Thread(
target=self.wait_and_save_recorder,
args=(recorder,),
daemon=True
)
thread.start()
def on_host_success(self, host, result):
recorder = self.name_recorder_mapper.get(host)
if not recorder:
return
@ -141,10 +179,6 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
account.date_change_secret = timezone.now()
account.change_secret_status = ChangeSecretRecordStatusChoice.success
with safe_db_connection():
recorder.save(update_fields=['status', 'date_finished'])
account.save(update_fields=['secret', 'date_updated', 'date_change_secret', 'change_secret_status'])
self.summary['ok_accounts'] += 1
self.result['ok_accounts'].append(
{
@ -154,6 +188,10 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
)
super().on_host_success(host, result)
with safe_db_connection():
account.save(update_fields=['secret', 'date_updated', 'date_change_secret', 'change_secret_status'])
self.save_record(recorder)
def on_host_error(self, host, error, result):
recorder = self.name_recorder_mapper.get(host)
if not recorder:
@ -161,10 +199,7 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
recorder.status = ChangeSecretRecordStatusChoice.failed.value
recorder.date_finished = timezone.now()
recorder.error = error
try:
recorder.save()
except Exception as e:
print(f"\033[31m Save {host} recorder error: {e} \033[0m\n")
self.summary['fail_accounts'] += 1
self.result['fail_accounts'].append(
{
@ -173,3 +208,6 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
}
)
super().on_host_error(host, error, result)
with safe_db_connection():
self.save_record(recorder)

5
apps/accounts/automations/gather_account/manager.py
View File

@ -378,6 +378,11 @@ class GatherAccountsManager(AccountBasePlaybookManager):
continue
gathered_accounts = GatheredAccount.objects.filter(asset=asset)
GatheredAccount.sync_accounts(gathered_accounts, self.is_sync_account)
GatheredAccount.objects.filter(
asset=asset, username__in=ori_users, present=False
).update(
present=True
)
# 因为有 bulk create, bulk update, 所以这里需要 sleep 一下,等待数据同步
time.sleep(0.5)

4
apps/accounts/risk_handlers.py
View File

@ -171,4 +171,8 @@ class RiskHandler:
}
execution.save()
execution.start()
GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(
present=True
)
return execution.summary

4
apps/accounts/serializers/automations/change_secret.py
View File

@ -86,8 +86,8 @@ class ChangeSecretAutomationSerializer(AuthValidateMixin, BaseAutomationSerializ
msg = _("* Please enter the correct password length")
raise serializers.ValidationError(msg)
if length < 6 or length > 30:
msg = _('* Password length range 6-30 bits')
if length < 8 or length > 36:
msg = _('* Password length range 8-36 bits')
raise serializers.ValidationError(msg)
return password_rules

2
apps/i18n/core/en/LC_MESSAGES/django.po
View File

@ -1395,7 +1395,7 @@ msgid "* Please enter the correct password length"
msgstr ""
#: accounts/serializers/automations/change_secret.py:90
msgid "* Password length range 6-30 bits"
msgid "* Password length range 8-36 bits"
msgstr ""
#: accounts/serializers/automations/change_secret.py:112

4
apps/i18n/core/ja/LC_MESSAGES/django.po
View File

@ -1441,8 +1441,8 @@ msgid "* Please enter the correct password length"
msgstr "* 正しいパスワードの長さを入力してください"
#: accounts/serializers/automations/change_secret.py:90
msgid "* Password length range 6-30 bits"
msgstr "* パスワードの長さ範囲は6-30文字です"
msgid "* Password length range 8-36 bits"
msgstr "* パスワードの長さ範囲は8-36文字です"
#: accounts/serializers/automations/change_secret.py:112
#: accounts/serializers/automations/change_secret.py:147

4
apps/i18n/core/pt_BR/LC_MESSAGES/django.po
View File

@ -1454,8 +1454,8 @@ msgid "* Please enter the correct password length"
msgstr "* Por favor, insira um comprimento de senha correto"
#: accounts/serializers/automations/change_secret.py:90
msgid "* Password length range 6-30 bits"
msgstr "* O comprimento da senha deve estar entre 6 e 30 caracteres"
msgid "* Password length range 8-36 bits"
msgstr "* O comprimento da senha deve estar entre 8 e 36 caracteres"
#: accounts/serializers/automations/change_secret.py:112
#: accounts/serializers/automations/change_secret.py:147

4
apps/i18n/core/zh/LC_MESSAGES/django.po
View File

@ -1414,8 +1414,8 @@ msgid "* Please enter the correct password length"
msgstr "* 请输入正确的密码长度"
#: accounts/serializers/automations/change_secret.py:90
msgid "* Password length range 6-30 bits"
msgstr "* 密码长度范围 6-30 位"
msgid "* Password length range 8-36 bits"
msgstr "* 密码长度范围 8-36 位"
#: accounts/serializers/automations/change_secret.py:112
#: accounts/serializers/automations/change_secret.py:147

4
apps/i18n/core/zh_Hant/LC_MESSAGES/django.po
View File

@ -1416,8 +1416,8 @@ msgid "* Please enter the correct password length"
msgstr "* 請輸入正確的密碼長度"
#: accounts/serializers/automations/change_secret.py:90
msgid "* Password length range 6-30 bits"
msgstr "* 密碼長度範圍 6-30 位"
msgid "* Password length range 8-36 bits"
msgstr "* 密碼長度範圍 8-36 位"
#: accounts/serializers/automations/change_secret.py:112
#: accounts/serializers/automations/change_secret.py:147

5
apps/i18n/lina/en.json
View File

@ -476,6 +476,7 @@
"DisableSuccessMsg": "Successfully disabled",
"DiscoverAccountTask": "Account discovery task | Account discovery tasks",
"DiscoverAccounts": "Discover accounts",
"DiscoverAccountDetail": "Discover account details",
"DiscoverAccountsHelpText": "Collect account information on assets. the collected account information can be imported into the system for centralized management.",
"DiscoveredAccountList": "Discovered accounts",
"DisplayName": "Name",
@ -1506,5 +1507,7 @@
"removeWarningMsg": "Are you sure you want to remove",
"setVariable": "Set variable",
"IgnoreAlert": "Ignore alert",
"DeleteGatherAccountTitle": "Delete gather account"
"DeleteGatherAccountTitle": "Delete gather account",
"DeleteRemoteAccount": "Delete remote account",
"AddAccountAfterChangingPassword": "Add account after changing password"
}

6
apps/i18n/lina/zh.json
View File

@ -473,6 +473,7 @@
"DisableSuccessMsg": "禁用成功",
"DiscoverAccountTask": "账号发现任务",
"DiscoverAccounts": "帐号发现",
"DiscoverAccountDetail": "帐号发现详情",
"DiscoverAccountsHelpText": "采集资产的账务信息,可将采集到的账务信息导入系统进行集中管理。",
"DiscoveredAccountList": "发现账号",
"DisplayName": "名称",
@ -1505,6 +1506,7 @@
"removeWarningMsg": "你确定要移除",
"setVariable": "设置参数",
"IgnoreAlert": "忽略警报",
"DeleteGatherAccountTitle": "删除发现的账号"
"DeleteGatherAccountTitle": "删除发现的账号",
"DeleteRemoteAccount": "删除远端账号",
"AddAccountAfterChangingPassword": "修改密码后添加账号"
}