From 4c233cfb694fd889271e3c93b378bac8cb254b6e Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 22 Feb 2023 11:18:42 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=20account=EF=BC=8C?= =?UTF-8?q?=E5=8E=BB=E6=8E=89=E7=89=88=E6=9C=AC=E5=A5=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../automations/change_secret/manager.py | 14 +++++++--- .../automations/push_account/manager.py | 4 +-- .../migrations/0008_alter_account_options.py | 17 ------------ apps/accounts/models/account.py | 17 ++++++------ apps/accounts/serializers/account/account.py | 4 +-- apps/accounts/signal_handlers.py | 26 +++++++++---------- apps/assets/api/asset/asset.py | 4 +-- apps/assets/automations/base/manager.py | 9 ++++--- apps/jumpserver/conf.py | 2 +- 9 files changed, 43 insertions(+), 54 deletions(-) delete mode 100644 apps/accounts/migrations/0008_alter_account_options.py diff --git a/apps/accounts/automations/change_secret/manager.py b/apps/accounts/automations/change_secret/manager.py index c076ab56b..be2768eda 100644 --- a/apps/accounts/automations/change_secret/manager.py +++ b/apps/accounts/automations/change_secret/manager.py @@ -8,7 +8,7 @@ from django.utils import timezone from openpyxl import Workbook from accounts.const import AutomationTypes, SecretType, SSHKeyStrategy, SecretStrategy -from accounts.models import ChangeSecretRecord +from accounts.models import ChangeSecretRecord, Account from accounts.notifications import ChangeSecretExecutionTaskMsg from accounts.serializers import ChangeSecretRecordBackUpSerializer from assets.const import HostTypes @@ -86,6 +86,10 @@ class ChangeSecretManager(AccountBasePlaybookManager): accounts = accounts.filter(username__in=self.snapshot_account_usernames) accounts = accounts.filter(secret_type=self.secret_type) + if not accounts: + print('没有发现待改密账号: %s 用户名: %s 类型: %s' % (asset.name, account.username, self.secret_type)) + return [] + method_attr = getattr(automation, self.method_type() + '_method') method_hosts = self.method_hosts_mapper[method_attr] method_hosts = [h for h in method_hosts if h != host['name']] @@ -137,10 +141,12 @@ class ChangeSecretManager(AccountBasePlaybookManager): recorder.status = 'success' recorder.date_finished = timezone.now() recorder.save() - print('recorder.new_secret', recorder.new_secret) - account = recorder.account + account = Account.objects.filter(id=recorder.account_id).first() + if not account: + print("Account not found, deleted ?", recorder.account_id) + return account.secret = recorder.new_secret - account.save(update_fields=['secret']) + account.save(update_fields=['secret', 'version']) def on_host_error(self, host, error, result): recorder = self.name_recorder_mapper.get(host) diff --git a/apps/accounts/automations/push_account/manager.py b/apps/accounts/automations/push_account/manager.py index f2f21c51a..7ee45c070 100644 --- a/apps/accounts/automations/push_account/manager.py +++ b/apps/accounts/automations/push_account/manager.py @@ -36,7 +36,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager): def get_accounts(self, privilege_account, accounts: QuerySet): if not privilege_account: - logger.debug(f'not privilege account') + print(f'not privilege account') return [] snapshot_account_usernames = self.execution.snapshot['accounts'] if '*' in snapshot_account_usernames: @@ -103,7 +103,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager): if not account: return account.secret = new_secret - account.save(update_fields=['secret']) + account.save(update_fields=['secret', 'version']) def on_host_error(self, host, error, result): pass diff --git a/apps/accounts/migrations/0008_alter_account_options.py b/apps/accounts/migrations/0008_alter_account_options.py deleted file mode 100644 index 949840740..000000000 --- a/apps/accounts/migrations/0008_alter_account_options.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.2.14 on 2023-02-21 05:13 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('accounts', '0007_alter_account_options'), - ] - - operations = [ - migrations.AlterModelOptions( - name='account', - options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'}, - ), - ] diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py index 7367c53de..7e654b285 100644 --- a/apps/accounts/models/account.py +++ b/apps/accounts/models/account.py @@ -68,6 +68,9 @@ class Account(AbsConnectivity, BaseAccount): ('push_account', _('Can push account')), ] + def __str__(self): + return '{}'.format(self.username) + @lazyproperty def platform(self): return self.asset.platform @@ -78,9 +81,6 @@ class Account(AbsConnectivity, BaseAccount): return self.username return self.name - def __str__(self): - return '{}'.format(self.username) - @lazyproperty def has_secret(self): return bool(self.secret) @@ -100,12 +100,11 @@ class Account(AbsConnectivity, BaseAccount): return self.asset.accounts.exclude(id=self.id).exclude(su_from=self) def secret_changed(self): - history = self.history.first() - if not history: - return True - if history.secret != self.secret or history.secret_type != self.secret_type: - return True - return False + pre_secret = self.history.exclude(version=self.version) \ + .values_list('secret', flat=True) \ + .first() + print("Pre secret is: ", pre_secret) + return pre_secret != self.secret class AccountTemplate(BaseAccount): diff --git a/apps/accounts/serializers/account/account.py b/apps/accounts/serializers/account/account.py index 1f9c143bd..8cf92671e 100644 --- a/apps/accounts/serializers/account/account.py +++ b/apps/accounts/serializers/account/account.py @@ -43,7 +43,7 @@ class AccountSerializerCreateValidateMixin: def push_account(instance, push_now): if not push_now: return - push_accounts_to_assets_task.delay([instance.id], [instance.asset_id]) + push_accounts_to_assets_task.delay([instance.id]) def create(self, validated_data): push_now = validated_data.pop('push_now', None) @@ -102,7 +102,7 @@ class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): class Meta(BaseAccountSerializer.Meta): model = Account fields = BaseAccountSerializer.Meta.fields \ - + ['su_from', 'version', 'asset'] \ + + ['su_from', 'asset'] \ + ['template', 'push_now', 'source'] extra_kwargs = { **BaseAccountSerializer.Meta.extra_kwargs, diff --git a/apps/accounts/signal_handlers.py b/apps/accounts/signal_handlers.py index df2b0e5b7..4bdefda8e 100644 --- a/apps/accounts/signal_handlers.py +++ b/apps/accounts/signal_handlers.py @@ -1,17 +1,17 @@ -from django.db.models.signals import pre_save -from django.dispatch import receiver - from common.utils import get_logger -from .models import Account logger = get_logger(__name__) - -@receiver(pre_save, sender=Account) -def on_account_pre_create(sender, instance, update_fields=(), **kwargs): - # 这是创建时 - if instance.version == 0 or instance.secret_changed(): - instance.version += 1 - - # 即使在 root 组织也不怕 - instance.org_id = instance.asset.org_id +# +# @receiver(pre_save, sender=Account) +# def on_account_pre_save(sender, instance, **kwargs): +# if instance.secret != instance.pre_secret: +# instance.pre_secret = instance.secret +# +# +# @receiver(post_save, sender=Account) +# @on_transaction_commit +# def on_account_post_create(sender, instance, created=False, **kwargs): +# if created or instance.secret != instance.pre_secret: +# Account.objects.filter(id=instance.id) \ +# .update(version=F('version') + 1) diff --git a/apps/assets/api/asset/asset.py b/apps/assets/api/asset/asset.py index 5b6b9084b..ba2b36031 100644 --- a/apps/assets/api/asset/asset.py +++ b/apps/assets/api/asset/asset.py @@ -205,9 +205,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView): asset_ids = [asset.id] account_ids = accounts.values_list("id", flat=True) if action == "push_account": - task = push_accounts_to_assets_task.delay(account_ids, asset_ids) + task = push_accounts_to_assets_task.delay(account_ids) elif action == "test_account": - task = verify_accounts_connectivity_task.delay(account_ids, asset_ids) + task = verify_accounts_connectivity_task.delay(account_ids) else: task = None return task diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index bb5963981..03a74eee5 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -64,7 +64,7 @@ class BasePlaybookManager: if not os.path.exists(path): os.makedirs(path, exist_ok=True, mode=0o755) if settings.DEBUG_DEV: - logger.debug('Ansible runtime dir: {}'.format(path)) + print(f'Ansible runtime dir:{path}') return path @staticmethod @@ -153,10 +153,9 @@ class BasePlaybookManager: return sub_playbook_path def get_runners(self): - # TODO 临时打印一下 找一下打印不出日志的原因 - print('ansible runner: 任务开始执行') assets_group_by_platform = self.get_assets_group_by_platform() - print('ansible runner: 获取资产分组', assets_group_by_platform) + if settings.DEBUG_DEV: + print("assets_group_by_platform: {}".format(assets_group_by_platform)) runners = [] for platform, assets in assets_group_by_platform.items(): assets_bulked = [assets[i:i + self.bulk_size] for i in range(0, len(assets), self.bulk_size)] @@ -210,6 +209,7 @@ class BasePlaybookManager: with open(path, 'r') as f: d = json.load(f) + def delete_keys(d, keys_to_delete): """ 递归函数:删除嵌套字典中的指定键 @@ -223,6 +223,7 @@ class BasePlaybookManager: else: delete_keys(d[key], keys_to_delete) return d + d = delete_keys(d, ['secret', 'ansible_password']) with open(path, 'w') as f: json.dump(d, f) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index f7c555504..b192cd993 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -530,7 +530,7 @@ class Config(dict): 'PERIOD_TASK_ENABLED': True, # 导航栏 帮助 - 'HELP_DOCUMENT_URL': 'http://docs.jumpserver.org', + 'HELP_DOCUMENT_URL': 'https://docs.jumpserver.org/zh/v3/', 'HELP_SUPPORT_URL': 'http://www.jumpserver.org/support/', 'FORGOT_PASSWORD_URL': '',