diff --git a/apps/accounts/tasks/remove_account.py b/apps/accounts/tasks/remove_account.py index 269a7f349..44bb9a840 100644 --- a/apps/accounts/tasks/remove_account.py +++ b/apps/accounts/tasks/remove_account.py @@ -1,9 +1,19 @@ -from celery import shared_task +import uuid +from collections import defaultdict + +from celery import shared_task, current_task +from django.conf import settings +from django.db.models import Count from django.utils.translation import gettext_noop, gettext_lazy as _ from accounts.const import AutomationTypes +from accounts.models import Account from accounts.tasks.common import quickstart_automation_by_snapshot +from audits.const import ActivityChoices +from common.const.crontab import CRONTAB_AT_AM_TWO from common.utils import get_logger +from ops.celery.decorator import register_as_period_task +from orgs.utils import tmp_to_root_org logger = get_logger(__file__) @@ -29,3 +39,39 @@ def remove_accounts_task(gather_account_ids): tp = AutomationTypes.remove_account quickstart_automation_by_snapshot(task_name, tp, task_snapshot) + + +@shared_task(verbose_name=_('Clean historical accounts')) +@register_as_period_task(crontab=CRONTAB_AT_AM_TWO) +@tmp_to_root_org() +def clean_historical_accounts(): + from audits.signal_handlers import create_activities + print("Clean historical accounts start.") + if settings.HISTORY_ACCOUNT_CLEAN_LIMIT >= 999: + return + limit = settings.HISTORY_ACCOUNT_CLEAN_LIMIT + + history_ids_to_be_deleted = [] + history_model = Account.history.model + history_id_mapper = defaultdict(list) + + ids = history_model.objects.values('id').annotate(count=Count('id')) \ + .filter(count__gte=limit).values_list('id', flat=True) + + if not ids: + return + + for i in history_model.objects.filter(id__in=ids): + _id = str(i.id) + history_id_mapper[_id].append(i.history_id) + + for history_ids in history_id_mapper.values(): + history_ids_to_be_deleted.extend(history_ids[limit:]) + history_qs = history_model.objects.filter(history_id__in=history_ids_to_be_deleted) + + resource_ids = list(history_qs.values_list('history_id', flat=True)) + history_qs.delete() + + task_id = current_task.request.id if current_task else str(uuid.uuid4()) + detail = gettext_noop('Remove historical accounts that are out of range.') + create_activities(resource_ids, detail, task_id, action=ActivityChoices.task, org_id='') diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 60e3dfd0c..f5f5d5d0c 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -261,6 +261,8 @@ class Config(dict): 'VAULT_HCP_TOKEN': '', 'VAULT_HCP_MOUNT_POINT': 'jumpserver', + 'HISTORY_ACCOUNT_CLEAN_LIMIT': 999, + # Cache login password 'CACHE_LOGIN_PASSWORD_ENABLED': False, 'CACHE_LOGIN_PASSWORD_TTL': 60 * 60 * 24, diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index 94c45b135..ff26efd19 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -190,6 +190,8 @@ VAULT_HCP_HOST = CONFIG.VAULT_HCP_HOST VAULT_HCP_TOKEN = CONFIG.VAULT_HCP_TOKEN VAULT_HCP_MOUNT_POINT = CONFIG.VAULT_HCP_MOUNT_POINT +HISTORY_ACCOUNT_CLEAN_LIMIT = CONFIG.HISTORY_ACCOUNT_CLEAN_LIMIT + # Other setting # 这个是 User Login Private Token TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION diff --git a/apps/settings/serializers/feature.py b/apps/settings/serializers/feature.py index 083e2749a..07a3dbcd6 100644 --- a/apps/settings/serializers/feature.py +++ b/apps/settings/serializers/feature.py @@ -55,6 +55,17 @@ class VaultSettingSerializer(serializers.Serializer): max_length=256, allow_blank=True, required=False, label=_('Mount Point') ) + HISTORY_ACCOUNT_CLEAN_LIMIT = serializers.IntegerField( + default=999, max_value=999, min_value=1, + required=False, label=_('History Account Count'), + help_text=_( + 'If the specific value is less than 999, ' + 'the system will automatically perform a task every night: ' + 'check and delete historical accounts that exceed the predetermined number. ' + 'If the value reaches or exceeds 999, no historical account deletion will be performed.' + ) + ) + class ChatAISettingSerializer(serializers.Serializer): PREFIX_TITLE = _('Chat AI')