From f743dea1fdc8e64014f0af3828002130beebe86c Mon Sep 17 00:00:00 2001 From: feng <1304903146@qq.com> Date: Mon, 24 Oct 2022 20:24:56 +0800 Subject: [PATCH 1/3] perf: mysql postgresql --- .../change_secret/database/mysql/main.yml | 9 --------- .../database/postgresql/main.yml | 19 ++++++------------- .../automations/change_secret/manager.py | 6 +++--- apps/ops/ansible/inventory.py | 2 +- requirements/requirements.txt | 2 +- 5 files changed, 11 insertions(+), 27 deletions(-) diff --git a/apps/assets/automations/change_secret/database/mysql/main.yml b/apps/assets/automations/change_secret/database/mysql/main.yml index a3c56768f..39560a383 100644 --- a/apps/assets/automations/change_secret/database/mysql/main.yml +++ b/apps/assets/automations/change_secret/database/mysql/main.yml @@ -2,15 +2,6 @@ gather_facts: no vars: ansible_python_interpreter: /usr/local/bin/python - jms_account: - username: root - secret: redhat - jms_asset: - address: 127.0.0.1 - port: 3306 - account: - username: web1 - secret: jumpserver tasks: - name: Test MySQL connection diff --git a/apps/assets/automations/change_secret/database/postgresql/main.yml b/apps/assets/automations/change_secret/database/postgresql/main.yml index ed4e60abf..816d4c0e2 100644 --- a/apps/assets/automations/change_secret/database/postgresql/main.yml +++ b/apps/assets/automations/change_secret/database/postgresql/main.yml @@ -1,18 +1,8 @@ - hosts: postgre gather_facts: no vars: - ansible_python_interpreter: /usr/local/bin/python - jms_account: - username: postgre - secret: postgre - jms_asset: - address: 127.0.0.1 - port: 5432 - database: testdb - account: - username: test - secret: jumpserver - +# ansible_python_interpreter: /usr/local/bin/python + ansible_python_interpreter: /Users/xiaofeng/Desktop/jumpserver/venv/bin/python tasks: - name: Test PostgreSQL connection community.postgresql.postgresql_ping: @@ -25,7 +15,8 @@ - name: Display PostgreSQL version debug: - var: db_info.version.full + var: db_info.server_version.full + when: db_info is succeeded - name: Change PostgreSQL password community.postgresql.postgresql_user: @@ -37,6 +28,7 @@ name: "{{ account.username }}" password: "{{ account.secret }}" when: db_info is succeeded + register: change_info - name: Verify password community.postgresql.postgresql_ping: @@ -45,3 +37,4 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" db: "{{ jms_asset.database }}" + when: db_info is succeeded and change_info is changed diff --git a/apps/assets/automations/change_secret/manager.py b/apps/assets/automations/change_secret/manager.py index 954a309b5..4ac49676b 100644 --- a/apps/assets/automations/change_secret/manager.py +++ b/apps/assets/automations/change_secret/manager.py @@ -69,10 +69,10 @@ class ChangeSecretManager(BasePlaybookManager): def get_ssh_key(self): if self.secret_strategy == SecretStrategy.custom: - ssh_key = self.execution.snapshot['ssh_key'] - if not ssh_key: + secret = self.execution.snapshot['secret'] + if not secret: raise ValueError("Automation SSH key must be set") - return ssh_key + return secret elif self.secret_strategy == SecretStrategy.random_one: if not self._ssh_key_generated: self._ssh_key_generated = self.generate_ssh_key() diff --git a/apps/ops/ansible/inventory.py b/apps/ops/ansible/inventory.py index 09427f3e5..c544cfcd6 100644 --- a/apps/ops/ansible/inventory.py +++ b/apps/ops/ansible/inventory.py @@ -199,8 +199,8 @@ class JMSInventory: def write_to_file(self, path): path_dir = os.path.dirname(path) - data = self.generate(path_dir) if not os.path.exists(path_dir): os.makedirs(path_dir, 0o700, True) + data = self.generate(path_dir) with open(path, 'w') as f: f.write(json.dumps(data, indent=4)) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index ea6c56b59..8af2fcb0f 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -143,4 +143,4 @@ ForgeryPy3==0.3.1 django-debug-toolbar==3.5 Pympler==1.0.1 IPy==1.1 - +psycopg2==2.9.4 From d95ced51090c7629ed45f57c5e74f94169a889eb Mon Sep 17 00:00:00 2001 From: feng <1304903146@qq.com> Date: Tue, 25 Oct 2022 14:26:56 +0800 Subject: [PATCH 2/3] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dchange=20account?= =?UTF-8?q?=20perm=20=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/automations/gather_facts/host/posix/main.yml | 2 +- apps/rbac/const.py | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/apps/assets/automations/gather_facts/host/posix/main.yml b/apps/assets/automations/gather_facts/host/posix/main.yml index 6e900fccb..f42635458 100644 --- a/apps/assets/automations/gather_facts/host/posix/main.yml +++ b/apps/assets/automations/gather_facts/host/posix/main.yml @@ -2,7 +2,7 @@ gather_facts: yes tasks: - name: Get info - set_fact: + ansible.builtin.set_fact: info: arch: "{{ ansible_architecture }}" distribution: "{{ ansible_distribution }}" diff --git a/apps/rbac/const.py b/apps/rbac/const.py index 037358be0..71c8ea26d 100644 --- a/apps/rbac/const.py +++ b/apps/rbac/const.py @@ -39,7 +39,6 @@ exclude_permissions = ( ('assets', 'assetuser', '*', '*'), ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'), - ('assets', 'account', 'change', 'account'), # TODO 暂时去掉历史账号的权限 ('assets', 'account', '*', 'assethistoryaccount'), ('assets', 'account', '*', 'assethistoryaccountsecret'), From a445e47f3dcbbd9ceed0411c3567799ce33fdb4c Mon Sep 17 00:00:00 2001 From: feng <1304903146@qq.com> Date: Tue, 25 Oct 2022 15:07:51 +0800 Subject: [PATCH 3/3] perf: account add platform_id --- apps/assets/serializers/account/account.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/assets/serializers/account/account.py b/apps/assets/serializers/account/account.py index 5ef2bfde3..c47a697c2 100644 --- a/apps/assets/serializers/account/account.py +++ b/apps/assets/serializers/account/account.py @@ -54,7 +54,7 @@ class AccountSerializerCreateMixin(serializers.ModelSerializer): class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): asset = ObjectRelatedField( required=False, queryset=Asset.objects, - label=_('Asset'), attrs=('id', 'name', 'address') + label=_('Asset'), attrs=('id', 'name', 'address', 'platform_id') ) class Meta(BaseAccountSerializer.Meta):