From 58d055f114fdc0baaba74f566bcc7cf7a46cc192 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 26 Apr 2023 18:50:30 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E6=94=B9=E5=AF=86=20=E6=8E=A8=E9=80=81?= =?UTF-8?q?=20=E5=8F=AF=E4=BB=A5=E5=AF=B9=E8=87=AA=E5=B7=B1=E6=93=8D?= =?UTF-8?q?=E4=BD=9C=20=E5=90=8C=E6=97=B6=E8=AE=BE=E7=BD=AEsu=5Fenabled=20?= =?UTF-8?q?=E5=8F=AF=E6=8F=90=E6=9D=83=20(#10349)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng <1304903146@qq.com> --- .../automations/change_secret/manager.py | 4 ++-- apps/assets/automations/base/manager.py | 1 + apps/ops/ansible/inventory.py | 16 ++++++++++++++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/apps/accounts/automations/change_secret/manager.py b/apps/accounts/automations/change_secret/manager.py index 05e2b1349..9d1c2f441 100644 --- a/apps/accounts/automations/change_secret/manager.py +++ b/apps/accounts/automations/change_secret/manager.py @@ -72,14 +72,14 @@ class ChangeSecretManager(AccountBasePlaybookManager): return [] asset = privilege_account.asset - accounts = asset.accounts.exclude(username=privilege_account.username) + accounts = asset.accounts.all() accounts = accounts.filter(id__in=self.account_ids) if self.secret_type: accounts = accounts.filter(secret_type=self.secret_type) if settings.CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED: accounts = accounts.filter(privileged=False).exclude( - username__in=['root', 'administrator'] + username__in=['root', 'administrator', privilege_account.username] ) return accounts diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index ae9740347..8d47a6ca4 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -166,6 +166,7 @@ class BasePlaybookManager: account_prefer=self.ansible_account_prefer, account_policy=self.ansible_account_policy, host_callback=self.host_callback, + task_type=self.__class__.method_type(), ) inventory.write_to_file(inventory_path) diff --git a/apps/ops/ansible/inventory.py b/apps/ops/ansible/inventory.py index fc124b210..6ecc49698 100644 --- a/apps/ops/ansible/inventory.py +++ b/apps/ops/ansible/inventory.py @@ -5,12 +5,17 @@ from collections import defaultdict from django.utils.translation import gettext as _ +from accounts.const import AutomationTypes + __all__ = ['JMSInventory'] class JMSInventory: - def __init__(self, assets, account_policy='privileged_first', - account_prefer='root,Administrator', host_callback=None, exclude_localhost=False): + def __init__( + self, assets, account_policy='privileged_first', + account_prefer='root,Administrator', host_callback=None, + exclude_localhost=False, task_type=None + ): """ :param assets: :param account_prefer: account username name if not set use account_policy @@ -22,6 +27,7 @@ class JMSInventory: self.host_callback = host_callback self.exclude_hosts = {} self.exclude_localhost = exclude_localhost + self.task_type = task_type @staticmethod def clean_assets(assets): @@ -92,6 +98,12 @@ class JMSInventory: host['ansible_become_password'] = su_from.secret else: host['ansible_become_password'] = account.secret + elif platform.su_enabled and not su_from and \ + self.task_type in (AutomationTypes.change_secret, AutomationTypes.push_account): + host.update(self.make_account_ansible_vars(account)) + host['ansible_become'] = True + host['ansible_become_user'] = 'root' + host['ansible_become_password'] = account.secret else: host.update(self.make_account_ansible_vars(account))