feat: 历史账号定期删除 可设置保留数量

apps/accounts/tasks/remove_account.py

@@ -1,9 +1,19 @@
-from celery import shared_task
+import uuid
+from collections import defaultdict
+
+from celery import shared_task, current_task
+from django.conf import settings
+from django.db.models import Count
 from django.utils.translation import gettext_noop, gettext_lazy as _
 
 from accounts.const import AutomationTypes
+from accounts.models import Account
 from accounts.tasks.common import quickstart_automation_by_snapshot
+from audits.const import ActivityChoices
+from common.const.crontab import CRONTAB_AT_AM_TWO
 from common.utils import get_logger
+from ops.celery.decorator import register_as_period_task
+from orgs.utils import tmp_to_root_org
 
 logger = get_logger(__file__)
 
@@ -29,3 +39,39 @@ def remove_accounts_task(gather_account_ids):
 
     tp = AutomationTypes.remove_account
     quickstart_automation_by_snapshot(task_name, tp, task_snapshot)
+
+
+@shared_task(verbose_name=_('Clean historical accounts'))
+@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)
+@tmp_to_root_org()
+def clean_historical_accounts():
+    from audits.signal_handlers import create_activities
+    print("Clean historical accounts start.")
+    if settings.HISTORY_ACCOUNT_CLEAN_LIMIT >= 999:
+        return
+    limit = settings.HISTORY_ACCOUNT_CLEAN_LIMIT
+
+    history_ids_to_be_deleted = []
+    history_model = Account.history.model
+    history_id_mapper = defaultdict(list)
+
+    ids = history_model.objects.values('id').annotate(count=Count('id')) \
+        .filter(count__gte=limit).values_list('id', flat=True)
+
+    if not ids:
+        return
+
+    for i in history_model.objects.filter(id__in=ids):
+        _id = str(i.id)
+        history_id_mapper[_id].append(i.history_id)
+
+    for history_ids in history_id_mapper.values():
+        history_ids_to_be_deleted.extend(history_ids[limit:])
+    history_qs = history_model.objects.filter(history_id__in=history_ids_to_be_deleted)
+
+    resource_ids = list(history_qs.values_list('history_id', flat=True))
+    history_qs.delete()
+
+    task_id = current_task.request.id if current_task else str(uuid.uuid4())
+    detail = gettext_noop('Remove historical accounts that are out of range.')
+    create_activities(resource_ids, detail, task_id, action=ActivityChoices.task, org_id='')

apps/jumpserver/conf.py

@@ -261,6 +261,8 @@ class Config(dict):
         'VAULT_HCP_TOKEN': '',
         'VAULT_HCP_MOUNT_POINT': 'jumpserver',
 
+        'HISTORY_ACCOUNT_CLEAN_LIMIT': 999,
+
         # Cache login password
         'CACHE_LOGIN_PASSWORD_ENABLED': False,
         'CACHE_LOGIN_PASSWORD_TTL': 60 * 60 * 24,

apps/jumpserver/settings/auth.py

@@ -190,6 +190,8 @@ VAULT_HCP_HOST = CONFIG.VAULT_HCP_HOST
 VAULT_HCP_TOKEN = CONFIG.VAULT_HCP_TOKEN
 VAULT_HCP_MOUNT_POINT = CONFIG.VAULT_HCP_MOUNT_POINT
 
+HISTORY_ACCOUNT_CLEAN_LIMIT = CONFIG.HISTORY_ACCOUNT_CLEAN_LIMIT
+
 # Other setting
 # 这个是 User Login Private Token
 TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION

apps/settings/serializers/feature.py

@@ -55,6 +55,17 @@ class VaultSettingSerializer(serializers.Serializer):
         max_length=256, allow_blank=True, required=False, label=_('Mount Point')
     )
 
+    HISTORY_ACCOUNT_CLEAN_LIMIT = serializers.IntegerField(
+        default=999, max_value=999, min_value=1,
+        required=False, label=_('History Account Count'),
+        help_text=_(
+            'If the specific value is less than 999, '
+            'the system will automatically perform a task every night: '
+            'check and delete historical accounts that exceed the predetermined number. '
+            'If the value reaches or exceeds 999, no historical account deletion will be performed.'
+        )
+    )
+
 
 class ChatAISettingSerializer(serializers.Serializer):
     PREFIX_TITLE = _('Chat AI')