github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #9680 from jumpserver/pr@dev@perf_account_chagne_secret 

perf: 修改 acount
pull/9671/head
老广 2023-02-22 11:29:18 +08:00 committed by GitHub
parent f103fa22c9 0996b1fbf5
commit 5d61d843f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 22 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/accounts/automations/change_secret/manager.py
View File

@ -86,6 +86,10 @@ class ChangeSecretManager(AccountBasePlaybookManager):
accounts = accounts.filter(username__in=self.snapshot_account_usernames)
accounts = accounts.filter(secret_type=self.secret_type)
if not accounts:
print('没有发现待改密账号: %s 用户名: %s 类型: %s' % (asset.name, account.username, self.secret_type))
return []
method_attr = getattr(automation, self.method_type() + '_method')
method_hosts = self.method_hosts_mapper[method_attr]
method_hosts = [h for h in method_hosts if h != host['name']]
@ -137,8 +141,10 @@ class ChangeSecretManager(AccountBasePlaybookManager):
recorder.status = 'success'
recorder.date_finished = timezone.now()
recorder.save()
print('recorder.new_secret', recorder.new_secret)
account = recorder.account
if not account:
print("Account not found, deleted ?", recorder)
return
account.secret = recorder.new_secret
account.save(update_fields=['secret'])

2
apps/accounts/automations/push_account/manager.py
View File

@ -36,7 +36,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager):
def get_accounts(self, privilege_account, accounts: QuerySet):
if not privilege_account:
logger.debug(f'not privilege account')
print(f'not privilege account')
return []
snapshot_account_usernames = self.execution.snapshot['accounts']
if '*' in snapshot_account_usernames:

17
apps/accounts/migrations/0008_alter_account_options.py
View File

@ -1,17 +0,0 @@
# Generated by Django 3.2.14 on 2023-02-21 05:13
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('accounts', '0007_alter_account_options'),
]
operations = [
migrations.AlterModelOptions(
name='account',
options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'},
),
]

14
apps/accounts/models/account.py
View File

@ -68,6 +68,9 @@ class Account(AbsConnectivity, BaseAccount):
('push_account', _('Can push account')),
]
def __str__(self):
return '{}'.format(self.username)
@lazyproperty
def platform(self):
return self.asset.platform
@ -78,9 +81,6 @@ class Account(AbsConnectivity, BaseAccount):
return self.username
return self.name
def __str__(self):
return '{}'.format(self.username)
@lazyproperty
def has_secret(self):
return bool(self.secret)
@ -99,14 +99,6 @@ class Account(AbsConnectivity, BaseAccount):
""" 排除自己和以自己为 su-from 的账号 """
return self.asset.accounts.exclude(id=self.id).exclude(su_from=self)
def secret_changed(self):
history = self.history.first()
if not history:
return True
if history.secret != self.secret or history.secret_type != self.secret_type:
return True
return False
class AccountTemplate(BaseAccount):
class Meta:

4
apps/accounts/serializers/account/account.py
View File

@ -43,7 +43,7 @@ class AccountSerializerCreateValidateMixin:
def push_account(instance, push_now):
if not push_now:
return
push_accounts_to_assets_task.delay([instance.id], [instance.asset_id])
push_accounts_to_assets_task.delay([instance.id])
def create(self, validated_data):
push_now = validated_data.pop('push_now', None)
@ -102,7 +102,7 @@ class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
class Meta(BaseAccountSerializer.Meta):
model = Account
fields = BaseAccountSerializer.Meta.fields \
+ ['su_from', 'version', 'asset'] \
+ ['su_from', 'asset'] \
+ ['template', 'push_now', 'source']
extra_kwargs = {
**BaseAccountSerializer.Meta.extra_kwargs,

14
apps/accounts/signal_handlers.py
View File

@ -1,17 +1,3 @@
from django.db.models.signals import pre_save
from django.dispatch import receiver
from common.utils import get_logger
from .models import Account
logger = get_logger(__name__)
@receiver(pre_save, sender=Account)
def on_account_pre_create(sender, instance, update_fields=(), **kwargs):
# 这是创建时
if instance.version == 0 or instance.secret_changed():
instance.version += 1
# 即使在 root 组织也不怕
instance.org_id = instance.asset.org_id

4
apps/assets/api/asset/asset.py
View File

@ -207,9 +207,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
asset_ids = [asset.id]
account_ids = accounts.values_list("id", flat=True)
if action == "push_account":
task = push_accounts_to_assets_task.delay(account_ids, asset_ids)
task = push_accounts_to_assets_task.delay(account_ids)
elif action == "test_account":
task = verify_accounts_connectivity_task.delay(account_ids, asset_ids)
task = verify_accounts_connectivity_task.delay(account_ids)
else:
task = None
return task

9
apps/assets/automations/base/manager.py
View File

@ -64,7 +64,7 @@ class BasePlaybookManager:
if not os.path.exists(path):
os.makedirs(path, exist_ok=True, mode=0o755)
if settings.DEBUG_DEV:
logger.debug('Ansible runtime dir: {}'.format(path))
print(f'Ansible runtime dir: {path}')
return path
@staticmethod
@ -153,10 +153,9 @@ class BasePlaybookManager:
return sub_playbook_path
def get_runners(self):
# TODO 临时打印一下 找一下打印不出日志的原因
print('ansible runner: 任务开始执行')
assets_group_by_platform = self.get_assets_group_by_platform()
print('ansible runner: 获取资产分组', assets_group_by_platform)
if settings.DEBUG_DEV:
print("assets_group_by_platform: {}".format(assets_group_by_platform))
runners = []
for platform, assets in assets_group_by_platform.items():
assets_bulked = [assets[i:i + self.bulk_size] for i in range(0, len(assets), self.bulk_size)]
@ -216,6 +215,7 @@ class BasePlaybookManager:
with open(path, 'r') as f:
d = json.load(f)
def delete_keys(d, keys_to_delete):
"""
递归函数删除嵌套字典中的指定键
@ -229,6 +229,7 @@ class BasePlaybookManager:
else:
delete_keys(d[key], keys_to_delete)
return d
d = delete_keys(d, ['secret', 'ansible_password'])
with open(path, 'w') as f:
json.dump(d, f)

2
apps/assets/migrations/0109_alter_asset_options.py
View File

@ -12,6 +12,6 @@ class Migration(migrations.Migration):
operations = [
migrations.AlterModelOptions(
name='asset',
options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetaccount', 'Can push account to asset'), ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), ('change_assettonode', 'Can change asset nodes')], 'verbose_name': 'Asset'},
options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'},
),
]

17
apps/assets/migrations/0110_alter_asset_options.py
View File

@ -1,17 +0,0 @@
# Generated by Django 3.2.14 on 2023-02-21 05:11
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('assets', '0109_alter_asset_options'),
]
operations = [
migrations.AlterModelOptions(
name='asset',
options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'},
),
]

2
apps/jumpserver/conf.py
View File

@ -530,7 +530,7 @@ class Config(dict):
'PERIOD_TASK_ENABLED': True,
# 导航栏 帮助
'HELP_DOCUMENT_URL': 'http://docs.jumpserver.org',
'HELP_DOCUMENT_URL': 'https://docs.jumpserver.org/zh/v3/',
'HELP_SUPPORT_URL': 'http://www.jumpserver.org/support/',
'FORGOT_PASSWORD_URL': '',