mirror of https://github.com/jumpserver/jumpserver
feat: 历史账号定期删除 可设置保留数量
parent
2fcbfe9f21
commit
4dd72b109f
|
@ -1,9 +1,19 @@
|
||||||
from celery import shared_task
|
import uuid
|
||||||
|
from collections import defaultdict
|
||||||
|
|
||||||
|
from celery import shared_task, current_task
|
||||||
|
from django.conf import settings
|
||||||
|
from django.db.models import Count
|
||||||
from django.utils.translation import gettext_noop, gettext_lazy as _
|
from django.utils.translation import gettext_noop, gettext_lazy as _
|
||||||
|
|
||||||
from accounts.const import AutomationTypes
|
from accounts.const import AutomationTypes
|
||||||
|
from accounts.models import Account
|
||||||
from accounts.tasks.common import quickstart_automation_by_snapshot
|
from accounts.tasks.common import quickstart_automation_by_snapshot
|
||||||
|
from audits.const import ActivityChoices
|
||||||
|
from common.const.crontab import CRONTAB_AT_AM_TWO
|
||||||
from common.utils import get_logger
|
from common.utils import get_logger
|
||||||
|
from ops.celery.decorator import register_as_period_task
|
||||||
|
from orgs.utils import tmp_to_root_org
|
||||||
|
|
||||||
logger = get_logger(__file__)
|
logger = get_logger(__file__)
|
||||||
|
|
||||||
|
@ -29,3 +39,39 @@ def remove_accounts_task(gather_account_ids):
|
||||||
|
|
||||||
tp = AutomationTypes.remove_account
|
tp = AutomationTypes.remove_account
|
||||||
quickstart_automation_by_snapshot(task_name, tp, task_snapshot)
|
quickstart_automation_by_snapshot(task_name, tp, task_snapshot)
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task(verbose_name=_('Clean historical accounts'))
|
||||||
|
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)
|
||||||
|
@tmp_to_root_org()
|
||||||
|
def clean_historical_accounts():
|
||||||
|
from audits.signal_handlers import create_activities
|
||||||
|
print("Clean historical accounts start.")
|
||||||
|
if settings.HISTORY_ACCOUNT_CLEAN_LIMIT >= 999:
|
||||||
|
return
|
||||||
|
limit = settings.HISTORY_ACCOUNT_CLEAN_LIMIT
|
||||||
|
|
||||||
|
history_ids_to_be_deleted = []
|
||||||
|
history_model = Account.history.model
|
||||||
|
history_id_mapper = defaultdict(list)
|
||||||
|
|
||||||
|
ids = history_model.objects.values('id').annotate(count=Count('id')) \
|
||||||
|
.filter(count__gte=limit).values_list('id', flat=True)
|
||||||
|
|
||||||
|
if not ids:
|
||||||
|
return
|
||||||
|
|
||||||
|
for i in history_model.objects.filter(id__in=ids):
|
||||||
|
_id = str(i.id)
|
||||||
|
history_id_mapper[_id].append(i.history_id)
|
||||||
|
|
||||||
|
for history_ids in history_id_mapper.values():
|
||||||
|
history_ids_to_be_deleted.extend(history_ids[limit:])
|
||||||
|
history_qs = history_model.objects.filter(history_id__in=history_ids_to_be_deleted)
|
||||||
|
|
||||||
|
resource_ids = list(history_qs.values_list('history_id', flat=True))
|
||||||
|
history_qs.delete()
|
||||||
|
|
||||||
|
task_id = current_task.request.id if current_task else str(uuid.uuid4())
|
||||||
|
detail = gettext_noop('Remove historical accounts that are out of range.')
|
||||||
|
create_activities(resource_ids, detail, task_id, action=ActivityChoices.task, org_id='')
|
||||||
|
|
|
@ -261,6 +261,8 @@ class Config(dict):
|
||||||
'VAULT_HCP_TOKEN': '',
|
'VAULT_HCP_TOKEN': '',
|
||||||
'VAULT_HCP_MOUNT_POINT': 'jumpserver',
|
'VAULT_HCP_MOUNT_POINT': 'jumpserver',
|
||||||
|
|
||||||
|
'HISTORY_ACCOUNT_CLEAN_LIMIT': 999,
|
||||||
|
|
||||||
# Cache login password
|
# Cache login password
|
||||||
'CACHE_LOGIN_PASSWORD_ENABLED': False,
|
'CACHE_LOGIN_PASSWORD_ENABLED': False,
|
||||||
'CACHE_LOGIN_PASSWORD_TTL': 60 * 60 * 24,
|
'CACHE_LOGIN_PASSWORD_TTL': 60 * 60 * 24,
|
||||||
|
|
|
@ -190,6 +190,8 @@ VAULT_HCP_HOST = CONFIG.VAULT_HCP_HOST
|
||||||
VAULT_HCP_TOKEN = CONFIG.VAULT_HCP_TOKEN
|
VAULT_HCP_TOKEN = CONFIG.VAULT_HCP_TOKEN
|
||||||
VAULT_HCP_MOUNT_POINT = CONFIG.VAULT_HCP_MOUNT_POINT
|
VAULT_HCP_MOUNT_POINT = CONFIG.VAULT_HCP_MOUNT_POINT
|
||||||
|
|
||||||
|
HISTORY_ACCOUNT_CLEAN_LIMIT = CONFIG.HISTORY_ACCOUNT_CLEAN_LIMIT
|
||||||
|
|
||||||
# Other setting
|
# Other setting
|
||||||
# 这个是 User Login Private Token
|
# 这个是 User Login Private Token
|
||||||
TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION
|
TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION
|
||||||
|
|
|
@ -55,6 +55,17 @@ class VaultSettingSerializer(serializers.Serializer):
|
||||||
max_length=256, allow_blank=True, required=False, label=_('Mount Point')
|
max_length=256, allow_blank=True, required=False, label=_('Mount Point')
|
||||||
)
|
)
|
||||||
|
|
||||||
|
HISTORY_ACCOUNT_CLEAN_LIMIT = serializers.IntegerField(
|
||||||
|
default=999, max_value=999, min_value=1,
|
||||||
|
required=False, label=_('History Account Count'),
|
||||||
|
help_text=_(
|
||||||
|
'If the specific value is less than 999, '
|
||||||
|
'the system will automatically perform a task every night: '
|
||||||
|
'check and delete historical accounts that exceed the predetermined number. '
|
||||||
|
'If the value reaches or exceeds 999, no historical account deletion will be performed.'
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class ChatAISettingSerializer(serializers.Serializer):
|
class ChatAISettingSerializer(serializers.Serializer):
|
||||||
PREFIX_TITLE = _('Chat AI')
|
PREFIX_TITLE = _('Chat AI')
|
||||||
|
|
Loading…
Reference in New Issue