Merge pull request #14998 from jumpserver/pr@dev@chage_secret

perf: change secret drop bulk record

apps/accounts/api/automations/change_secret_dashboard.py

@@ -79,13 +79,9 @@ class ChangeSecretDashboardApi(APIView):
     def change_secrets_queryset(self):
         return ChangeSecretAutomation.objects.all()
 
-    @lazyproperty
-    def change_secret_executions_queryset(self):
-        return AutomationExecution.objects.filter(automation__type=self.tp)
-
     @lazyproperty
     def change_secret_records_queryset(self):
-        return ChangeSecretRecord.get_valid_records().filter(execution__automation__type=self.tp)
+        return ChangeSecretRecord.get_valid_records()
 
     def get_change_secret_asset_queryset(self):
         qs = self.change_secrets_queryset
@@ -159,8 +155,7 @@ class ChangeSecretDashboardApi(APIView):
                         if name == self.task_name and tp == self.tp:
                             execution_ids.append(_id)
 
-            snapshots = self.change_secret_executions_queryset.filter(
-                id__in=execution_ids).values_list('id', 'snapshot')
+            snapshots = AutomationExecution.objects.filter(id__in=execution_ids).values_list('id', 'snapshot')
 
             asset_ids = {asset for i in snapshots for asset in i.get('assets', [])}
             account_ids = {account for i in snapshots for account in i.get('accounts', [])}

apps/accounts/automations/base/manager.py

@@ -1,4 +1,3 @@
-import time
 from copy import deepcopy
 
 from django.conf import settings
@@ -128,30 +127,11 @@ class BaseChangeSecretPushManager(AccountBasePlaybookManager):
 
         return inventory_hosts
 
-    def wait_and_save_recorder(self, recorder, max_retries=10, retry_interval=2):
-        recorder_model = type(recorder)
-
-        for attempt in range(max_retries):
-            exist = recorder_model.objects.filter(
-                account_id=recorder.account_id, execution=self.execution
-            ).exists()
-
-            if exist:
-                print(f"Data inserted, updating recorder status after {attempt + 1}th query")
-                recorder.save(update_fields=['error', 'status', 'date_finished'])
-                return True
-
-            print(f"Data not ready, waiting {retry_interval} second(s) and retrying ({attempt + 1}/{max_retries})")
-            time.sleep(retry_interval)
-
-        print("\033[31m The data is still not inserted, giving up saving the recorder status.\033[0m")
-        return False
-
-    def save_record(self, recorder):
-        self.wait_and_save_recorder(recorder)
+    @staticmethod
+    def save_record(recorder):
+        recorder.save(update_fields=['error', 'status', 'date_finished'])
 
     def on_host_success(self, host, result):
-
         recorder = self.name_recorder_mapper.get(host)
         if not recorder:
             return

apps/accounts/automations/change_secret/manager.py

@@ -11,7 +11,6 @@ from accounts.const import (
 from accounts.models import ChangeSecretRecord
 from accounts.notifications import ChangeSecretExecutionTaskMsg, ChangeSecretReportMsg
 from accounts.serializers import ChangeSecretRecordBackUpSerializer
-from common.decorators import bulk_create_decorator
 from common.utils import get_logger
 from common.utils.file import encrypt_and_compress_zip_file
 from common.utils.timezone import local_now_filename
@@ -58,7 +57,6 @@ class ChangeSecretManager(BaseChangeSecretPushManager):
         self.name_recorder_mapper[name] = recorder
         return recorder
 
-    @bulk_create_decorator(ChangeSecretRecord)
     def create_record(self, asset, account, new_secret):
         recorder = ChangeSecretRecord(
             asset=asset, account=account, execution=self.execution,

apps/accounts/automations/push_account/manager.py

@@ -1,7 +1,6 @@
 from django.utils.translation import gettext_lazy as _
 
 from accounts.const import AutomationTypes
-from common.decorators import bulk_create_decorator
 from common.utils import get_logger
 from common.utils.timezone import local_now_filename
 from ..base.manager import BaseChangeSecretPushManager
@@ -46,7 +45,6 @@ class PushAccountManager(BaseChangeSecretPushManager):
         self.name_recorder_mapper[name] = recorder
         return recorder
 
-    @bulk_create_decorator(PushSecretRecord)
     def create_record(self, asset, account):
         recorder = PushSecretRecord(
             asset=asset, account=account, execution=self.execution,

apps/accounts/filters.py

@@ -128,7 +128,7 @@ class AccountFilterSet(BaseFilterSet):
         model = Account
         fields = [
             "id", "asset", "source_id", "secret_type", "category",
-            "type", "privileged", "secret_reset", "connectivity"
+            "type", "privileged", "secret_reset", "connectivity", 'is_active'
         ]
 
 

apps/authentication/serializers/connection_token.py

@@ -28,7 +28,7 @@ class ConnectionTokenSerializer(CommonModelSerializer):
             'connect_method', 'connect_options', 'protocol', 'actions',
             'is_active', 'is_reusable', 'from_ticket', 'from_ticket_info',
             'date_expired', 'date_created', 'date_updated', 'created_by',
-            'updated_by', 'org_id', 'org_name','face_monitor_token',
+            'updated_by', 'org_id', 'org_name', 'face_monitor_token',
         ]
         read_only_fields = [
             # 普通 Token 不支持指定 user

apps/i18n/lina/en.json

@@ -1515,5 +1515,6 @@
     "Disabled": "Disabled",
     "IgnoreFail": "Ignore fail",
     "RiskDetectionDetail": "Risk detection detail",
-    "ApplicationDetail": "Application detail"
+    "ApplicationDetail": "Application detail",
+    "IpGroupHelpText": "* indicates match all. for example: 192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, 2001:db8:2de::e13, 2001:db8:1a:1110::/64"
 }

apps/i18n/lina/zh.json

@@ -1514,5 +1514,6 @@
     "Disabled": "已禁用",
     "IgnoreFail": "忽略失败",
     "RiskDetectionDetail": "风险检测详情",
-    "ApplicationDetail": "应用详情"
+    "ApplicationDetail": "应用详情",
+    "IpGroupHelpText": "* 表示匹配所有。例如: 192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, 2001:db8:2de::e13, 2001:db8:1a:1110::/64"
 }