merge: local

2022-10-25 18:45:13 +08:00 · 2022-10-25 18:45:13 +08:00 · 6ed946541d
parent 1372d6322d a445e47f3d
commit 6ed946541d
8 changed files with 16 additions and 29 deletions
--- a/apps/assets/automations/change_secret/database/mysql/main.yml
+++ b/apps/assets/automations/change_secret/database/mysql/main.yml
@ -2,15 +2,6 @@
  gather_facts: no
  vars:
    ansible_python_interpreter: /usr/local/bin/python
-    jms_account:
-      username: root
-      secret: redhat
-    jms_asset:
-      address: 127.0.0.1
-      port: 3306
-    account:
-      username: web1
-      secret: jumpserver

  tasks:
    - name: Test MySQL connection
--- a/apps/assets/automations/change_secret/database/postgresql/main.yml
+++ b/apps/assets/automations/change_secret/database/postgresql/main.yml
@ -1,18 +1,8 @@
 - hosts: postgre
  gather_facts: no
  vars:
-    ansible_python_interpreter: /usr/local/bin/python
-    jms_account:
-      username: postgre
-      secret: postgre
-    jms_asset:
-      address: 127.0.0.1
-      port: 5432
-      database: testdb
-    account:
-      username: test
-      secret: jumpserver
-
+#    ansible_python_interpreter: /usr/local/bin/python
+    ansible_python_interpreter: /Users/xiaofeng/Desktop/jumpserver/venv/bin/python
  tasks:
    - name: Test PostgreSQL connection
      community.postgresql.postgresql_ping:
@ -25,7 +15,8 @@

    - name: Display PostgreSQL version
      debug:
-        var: db_info.version.full
+        var: db_info.server_version.full
+      when: db_info is succeeded

    - name: Change PostgreSQL password
      community.postgresql.postgresql_user:
@ -37,6 +28,7 @@
        name: "{{ account.username }}"
        password: "{{ account.secret }}"
      when: db_info is succeeded
+      register: change_info

    - name: Verify password
      community.postgresql.postgresql_ping:
@ -45,3 +37,4 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        db: "{{ jms_asset.database }}"
+      when: db_info is succeeded and change_info is changed
--- a/apps/assets/automations/change_secret/manager.py
+++ b/apps/assets/automations/change_secret/manager.py
@ -69,10 +69,10 @@ class ChangeSecretManager(BasePlaybookManager):

    def get_ssh_key(self):
        if self.secret_strategy == SecretStrategy.custom:
-            ssh_key = self.execution.snapshot['ssh_key']
-            if not ssh_key:
+            secret = self.execution.snapshot['secret']
+            if not secret:
                raise ValueError("Automation SSH key must be set")
-            return ssh_key
+            return secret
        elif self.secret_strategy == SecretStrategy.random_one:
            if not self._ssh_key_generated:
                self._ssh_key_generated = self.generate_ssh_key()
--- a/apps/assets/automations/gather_facts/host/posix/main.yml
+++ b/apps/assets/automations/gather_facts/host/posix/main.yml
@ -2,7 +2,7 @@
  gather_facts: yes
  tasks:
    - name: Get info
-      set_fact:
+      ansible.builtin.set_fact:
        info:
          arch: "{{ ansible_architecture }}"
          distribution: "{{ ansible_distribution }}"
--- a/apps/assets/serializers/account/account.py
+++ b/apps/assets/serializers/account/account.py
@ -55,7 +55,7 @@ class AccountSerializerCreateMixin(serializers.ModelSerializer):
 class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
    asset = ObjectRelatedField(
        required=False, queryset=Asset.objects,
-        label=_('Asset'), attrs=('id', 'name', 'address')
+        label=_('Asset'), attrs=('id', 'name', 'address', 'platform_id')
    )

    class Meta(BaseAccountSerializer.Meta):
--- a/apps/ops/ansible/inventory.py
+++ b/apps/ops/ansible/inventory.py
@ -199,8 +199,8 @@ class JMSInventory:

    def write_to_file(self, path):
        path_dir = os.path.dirname(path)
-        data = self.generate(path_dir)
        if not os.path.exists(path_dir):
            os.makedirs(path_dir, 0o700, True)
+        data = self.generate(path_dir)
        with open(path, 'w') as f:
            f.write(json.dumps(data, indent=4))
--- a/apps/rbac/const.py
+++ b/apps/rbac/const.py
@ -39,6 +39,9 @@ exclude_permissions = (
    ('assets', 'assetuser', '*', '*'),
    ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
    ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
+    # TODO 暂时去掉历史账号的权限
+    ('assets', 'account', '*', 'assethistoryaccount'),
+    ('assets', 'account', '*', 'assethistoryaccountsecret'),

    ('perms', 'userassetgrantedtreenoderelation', '*', '*'),
    ('perms', 'usergrantedmappingnode', '*', '*'),
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@ -143,4 +143,4 @@ ForgeryPy3==0.3.1
 django-debug-toolbar==3.5
 Pympler==1.0.1
 IPy==1.1
-
+psycopg2==2.9.4