perf: Change secret

2025-03-06 19:11:55 +08:00 · 2025-03-06 19:11:55 +08:00 · 47029be3da
parent bc70c480f7
commit 47029be3da
11 changed files with 74 additions and 22 deletions
--- a/apps/accounts/automations/base/manager.py
+++ b/apps/accounts/automations/base/manager.py
@ -1,5 +1,8 @@
 import threading
 import time
 from copy import deepcopy
 from celery import current_task
 from django.conf import settings
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
@ -124,7 +127,42 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
        return inventory_hosts
    @staticmethod
    def is_running_in_celery():
        return getattr(current_task, 'request', None) is not None
    def wait_and_save_recorder(self, recorder, max_retries=10, retry_interval=2):
        recorder_model = type(recorder)
        for attempt in range(max_retries):
            exist = recorder_model.objects.filter(
                account_id=recorder.account_id, execution=self.execution
            ).exists()
            if exist:
                print(f"Data inserted, updating recorder status after {attempt + 1}th query")
                recorder.save(update_fields=['status', 'date_finished'])
                return True
            print(f"Data not ready, waiting {retry_interval} second(s) and retrying ({attempt + 1}/{max_retries})")
            time.sleep(retry_interval)
        print("\033[31m The data is still not inserted, giving up saving the recorder status.\033[0m")
        return False
    def save_record(self, recorder):
        if self.is_running_in_celery():
            self.wait_and_save_recorder(recorder)
        else:
            thread = threading.Thread(
                target=self.wait_and_save_recorder,
                args=(recorder,),
                daemon=True
            )
            thread.start()
    def on_host_success(self, host, result):
        recorder = self.name_recorder_mapper.get(host)
        if not recorder:
            return
@ -141,10 +179,6 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
        account.date_change_secret = timezone.now()
        account.change_secret_status = ChangeSecretRecordStatusChoice.success
        with safe_db_connection():
            recorder.save(update_fields=['status', 'date_finished'])
            account.save(update_fields=['secret', 'date_updated', 'date_change_secret', 'change_secret_status'])
        self.summary['ok_accounts'] += 1
        self.result['ok_accounts'].append(
            {
@ -154,6 +188,10 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
        )
        super().on_host_success(host, result)
        with safe_db_connection():
            account.save(update_fields=['secret', 'date_updated', 'date_change_secret', 'change_secret_status'])
            self.save_record(recorder)
    def on_host_error(self, host, error, result):
        recorder = self.name_recorder_mapper.get(host)
        if not recorder:
@ -161,10 +199,7 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
        recorder.status = ChangeSecretRecordStatusChoice.failed.value
        recorder.date_finished = timezone.now()
        recorder.error = error
-        try:
+
            recorder.save()
        except Exception as e:
            print(f"\033[31m Save {host} recorder error: {e} \033[0m\n")
        self.summary['fail_accounts'] += 1
        self.result['fail_accounts'].append(
            {
@ -173,3 +208,6 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
            }
        )
        super().on_host_error(host, error, result)
        with safe_db_connection():
            self.save_record(recorder)
--- a/apps/accounts/automations/gather_account/manager.py
+++ b/apps/accounts/automations/gather_account/manager.py
@ -378,6 +378,11 @@ class GatherAccountsManager(AccountBasePlaybookManager):
                    continue
                gathered_accounts = GatheredAccount.objects.filter(asset=asset)
                GatheredAccount.sync_accounts(gathered_accounts, self.is_sync_account)
                GatheredAccount.objects.filter(
                    asset=asset, username__in=ori_users, present=False
                ).update(
                    present=True
                )
        # 因为有 bulk create, bulk update, 所以这里需要 sleep 一下，等待数据同步
        time.sleep(0.5)
--- a/apps/accounts/risk_handlers.py
+++ b/apps/accounts/risk_handlers.py
@ -171,4 +171,8 @@ class RiskHandler:
        }
        execution.save()
        execution.start()
        GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(
            present=True
        )
        return execution.summary
--- a/apps/accounts/serializers/automations/change_secret.py
+++ b/apps/accounts/serializers/automations/change_secret.py
@ -86,8 +86,8 @@ class ChangeSecretAutomationSerializer(AuthValidateMixin, BaseAutomationSerializ
            msg = _("* Please enter the correct password length")
            raise serializers.ValidationError(msg)
-        if length < 6 or length > 30:
+        if length < 8 or length > 36:
-            msg = _('* Password length range 6-30 bits')
+            msg = _('* Password length range 8-36 bits')
            raise serializers.ValidationError(msg)
        return password_rules
--- a/apps/i18n/core/en/LC_MESSAGES/django.po
+++ b/apps/i18n/core/en/LC_MESSAGES/django.po
@ -1395,7 +1395,7 @@ msgid "* Please enter the correct password length"
 msgstr ""
 #: accounts/serializers/automations/change_secret.py:90
-msgid "* Password length range 6-30 bits"
+msgid "* Password length range 8-36 bits"
 msgstr ""
 #: accounts/serializers/automations/change_secret.py:112
--- a/apps/i18n/core/ja/LC_MESSAGES/django.po
+++ b/apps/i18n/core/ja/LC_MESSAGES/django.po
@ -1441,8 +1441,8 @@ msgid "* Please enter the correct password length"
 msgstr "* 正しいパスワードの長さを入力してください"
 #: accounts/serializers/automations/change_secret.py:90
-msgid "* Password length range 6-30 bits"
+msgid "* Password length range 8-36 bits"
-msgstr "* パスワードの長さ範囲は6-30文字です"
+msgstr "* パスワードの長さ範囲は8-36文字です"
 #: accounts/serializers/automations/change_secret.py:112
 #: accounts/serializers/automations/change_secret.py:147
--- a/apps/i18n/core/pt_BR/LC_MESSAGES/django.po
+++ b/apps/i18n/core/pt_BR/LC_MESSAGES/django.po
@ -1454,8 +1454,8 @@ msgid "* Please enter the correct password length"
 msgstr "* Por favor, insira um comprimento de senha correto"
 #: accounts/serializers/automations/change_secret.py:90
-msgid "* Password length range 6-30 bits"
+msgid "* Password length range 8-36 bits"
-msgstr "* O comprimento da senha deve estar entre 6 e 30 caracteres"
+msgstr "* O comprimento da senha deve estar entre 8 e 36 caracteres"
 #: accounts/serializers/automations/change_secret.py:112
 #: accounts/serializers/automations/change_secret.py:147
--- a/apps/i18n/core/zh/LC_MESSAGES/django.po
+++ b/apps/i18n/core/zh/LC_MESSAGES/django.po
@ -1414,8 +1414,8 @@ msgid "* Please enter the correct password length"
 msgstr "* 请输入正确的密码长度"
 #: accounts/serializers/automations/change_secret.py:90
-msgid "* Password length range 6-30 bits"
+msgid "* Password length range 8-36 bits"
-msgstr "* 密码长度范围 6-30 位"
+msgstr "* 密码长度范围 8-36 位"
 #: accounts/serializers/automations/change_secret.py:112
 #: accounts/serializers/automations/change_secret.py:147
--- a/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po
+++ b/apps/i18n/core/zh_Hant/LC_MESSAGES/django.po
@ -1416,8 +1416,8 @@ msgid "* Please enter the correct password length"
 msgstr "* 請輸入正確的密碼長度"
 #: accounts/serializers/automations/change_secret.py:90
-msgid "* Password length range 6-30 bits"
+msgid "* Password length range 8-36 bits"
-msgstr "* 密碼長度範圍 6-30 位"
+msgstr "* 密碼長度範圍 8-36 位"
 #: accounts/serializers/automations/change_secret.py:112
 #: accounts/serializers/automations/change_secret.py:147
--- a/apps/i18n/lina/en.json
+++ b/apps/i18n/lina/en.json
@ -476,6 +476,7 @@
    "DisableSuccessMsg": "Successfully disabled",
    "DiscoverAccountTask": "Account discovery task | Account discovery tasks",
    "DiscoverAccounts": "Discover accounts",
    "DiscoverAccountDetail": "Discover account details",
    "DiscoverAccountsHelpText": "Collect account information on assets. the collected account information can be imported into the system for centralized management.",
    "DiscoveredAccountList": "Discovered accounts",
    "DisplayName": "Name",
@ -1506,5 +1507,7 @@
    "removeWarningMsg": "Are you sure you want to remove",
    "setVariable": "Set variable",
    "IgnoreAlert": "Ignore alert",
-    "DeleteGatherAccountTitle": "Delete gather account"
+    "DeleteGatherAccountTitle": "Delete gather account",
    "DeleteRemoteAccount": "Delete remote account",
    "AddAccountAfterChangingPassword": "Add account after changing password"
 }
--- a/apps/i18n/lina/zh.json
+++ b/apps/i18n/lina/zh.json
@ -473,6 +473,7 @@
    "DisableSuccessMsg": "禁用成功",
    "DiscoverAccountTask": "账号发现任务",
    "DiscoverAccounts": "帐号发现",
    "DiscoverAccountDetail": "帐号发现详情",
    "DiscoverAccountsHelpText": "采集资产的账务信息，可将采集到的账务信息导入系统进行集中管理。",
    "DiscoveredAccountList": "发现账号",
    "DisplayName": "名称",
@ -1505,6 +1506,7 @@
    "removeWarningMsg": "你确定要移除",
    "setVariable": "设置参数",
    "IgnoreAlert": "忽略警报",
-    "DeleteGatherAccountTitle": "删除发现的账号"
+    "DeleteGatherAccountTitle": "删除发现的账号",
-
+    "DeleteRemoteAccount": "删除远端账号",
    "AddAccountAfterChangingPassword": "修改密码后添加账号"
 }