github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: Postgresql add ssl mode

pull/14145/head
feng 2024-09-13 17:44:26 +08:00 committed by Bryan
parent 1cb00b1db4
commit 85129da942
46 changed files with 2950 additions and 2146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
apps/accounts/automations/change_secret/database/postgresql/main.yml
View File

@ -3,7 +3,6 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
@ -16,10 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available
@ -37,10 +36,10 @@
db: "{{ jms_asset.spec_info.db_name }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
role_attr_flags: LOGIN
ignore_errors: true
when: result is succeeded
@ -52,7 +51,7 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"

5
apps/accounts/automations/gather_accounts/database/postgresql/main.yml
View File

@ -3,7 +3,6 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
@ -16,10 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
filter: "roles"
register: db_info

13
apps/accounts/automations/push_account/database/postgresql/main.yml
View File

@ -3,7 +3,6 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
@ -16,10 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available
@ -37,10 +36,10 @@
db: "{{ jms_asset.spec_info.db_name }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
role_attr_flags: LOGIN
ignore_errors: true
when: result is succeeded
@ -53,10 +52,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
when:
- result is succeeded
- change_info is succeeded

5
apps/accounts/automations/remove_account/database/postgresql/main.yml
View File

@ -3,7 +3,6 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
@ -17,8 +16,8 @@
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
name: "{{ account.username }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
state: absent

5
apps/accounts/automations/verify_account/database/postgresql/main.yml
View File

@ -3,7 +3,6 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
@ -16,9 +15,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available

16
apps/accounts/tasks/automation.py
View File

@ -32,11 +32,9 @@ def task_activity_callback(self, pid, trigger, tp, *args, **kwargs):
verbose_name=_('Account execute automation'),
activity_callback=task_activity_callback,
description=_(
"""
Unified execution entry for account automation tasks: when the system performs tasks
"""Unified execution entry for account automation tasks: when the system performs tasks
such as account push, password change, account verification, account collection,
and gateway account verification, all tasks are executed through this unified entry
"""
and gateway account verification, all tasks are executed through this unified entry"""
)
)
def execute_account_automation_task(pid, trigger, tp):
@ -66,9 +64,7 @@ def record_task_activity_callback(self, record_ids, *args, **kwargs):
verbose_name=_('Execute automation record'),
activity_callback=record_task_activity_callback,
description=_(
"""
When manually executing password change records, this task is used
"""
"""When manually executing password change records, this task is used"""
)
)
def execute_automation_record_task(record_ids, tp):
@ -99,16 +95,14 @@ def execute_automation_record_task(record_ids, tp):
@shared_task(
verbose_name=_('Clean change secret and push record period'),
description=_(
"""
The system will periodically clean up unnecessary password change and push records,
"""The system will periodically clean up unnecessary password change and push records,
including their associated change tasks, execution logs, assets, and accounts. When any
of these associated items are deleted, the corresponding password change and push records
become invalid. Therefore, to maintain a clean and efficient database, the system will
clean up expired records at 2 a.m daily, based on the interval specified by
PERM_EXPIRED_CHECK_PERIODIC in the config.txt configuration file. This periodic cleanup
mechanism helps free up storage space and enhances the security and overall performance
of data management
"""
of data management"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_THREE)

4
apps/accounts/tasks/backup_account.py
View File

@ -26,9 +26,7 @@ def task_activity_callback(self, pid, trigger, *args, **kwargs):
verbose_name=_('Execute account backup plan'),
activity_callback=task_activity_callback,
description=_(
"""
When performing scheduled or manual account backups, this task is used
"""
"When performing scheduled or manual account backups, this task is used"
)
)
def execute_account_backup_task(pid, trigger, **kwargs):

4
apps/accounts/tasks/push_account.py
View File

@ -16,9 +16,7 @@ __all__ = [
verbose_name=_('Push accounts to assets'),
activity_callback=lambda self, account_ids, *args, **kwargs: (account_ids, None),
description=_(
"""
When creating or modifying an account requires account push, this task is executed
"""
"When creating or modifying an account requires account push, this task is executed"
)
)
def push_accounts_to_assets_task(account_ids, params=None):

12
apps/accounts/tasks/remove_account.py
View File

@ -25,10 +25,8 @@ __all__ = ['remove_accounts_task']
verbose_name=_('Remove account'),
activity_callback=lambda self, gather_account_ids, *args, **kwargs: (gather_account_ids, None),
description=_(
"""
When clicking "Sync deletion" in 'Console - Gather Account - Gathered accounts' this
task will be executed
"""
"""When clicking "Sync deletion" in 'Console - Gather Account - Gathered accounts' this
task will be executed"""
)
)
def remove_accounts_task(gather_account_ids):
@ -51,12 +49,10 @@ def remove_accounts_task(gather_account_ids):
@shared_task(
verbose_name=_('Clean historical accounts'),
description=_(
"""
Each time an asset account is updated, a historical account is generated, so it is
"""Each time an asset account is updated, a historical account is generated, so it is
necessary to clean up the asset account history. The system will clean up excess account
records at 2 a.m. daily based on the configuration in the "System settings - Features -
Account storage - Record limit
"""
Account storage - Record limit"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)

6
apps/accounts/tasks/template.py
View File

@ -11,10 +11,8 @@ from orgs.utils import tmp_to_root_org, tmp_to_org
verbose_name=_('Template sync info to related accounts'),
activity_callback=lambda self, template_id, *args, **kwargs: (template_id, None),
description=_(
"""
When clicking 'Sync new secret to accounts' in 'Console - Account - Templates -
Accounts' this task will be executed
"""
"""When clicking 'Sync new secret to accounts' in 'Console - Account - Templates -
Accounts' this task will be executed"""
)
)
def template_sync_related_accounts(template_id, user_id=None):

5
apps/accounts/tasks/vault.py
View File

@ -31,10 +31,7 @@ def sync_instance(instance):
@shared_task(
verbose_name=_('Sync secret to vault'),
description=_(
"""
When clicking 'Sync' in 'System Settings - Features - Account Storage' this task will
be executed
"""
"When clicking 'Sync' in 'System Settings - Features - Account Storage' this task will be executed"
)
)
def sync_secret_to_vault():

4
apps/accounts/tasks/verify_account.py
View File

@ -50,9 +50,7 @@ def verify_accounts_connectivity_util(accounts, task_name):
verbose_name=_('Verify asset account availability'),
activity_callback=lambda self, account_ids, *args, **kwargs: (account_ids, None),
description=_(
"""
When clicking 'Test' in 'Console - Asset details - Accounts' this task will be executed
"""
"When clicking 'Test' in 'Console - Asset details - Accounts' this task will be executed"
)
)
def verify_accounts_connectivity_task(account_ids):

5
apps/assets/automations/gather_facts/database/postgresql/main.yml
View File

@ -3,7 +3,6 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
@ -16,10 +15,10 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: db_info
- name: Define info by set_fact

5
apps/assets/automations/ping/database/postgresql/main.yml
View File

@ -3,7 +3,6 @@
vars:
ansible_python_interpreter: /opt/py3/bin/python
check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
ssl_key: "{{ jms_asset.secret_info.client_key | default('') }}"
@ -16,9 +15,9 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_db: "{{ jms_asset.spec_info.db_name }}"
ca_cert: "{{ ca_cert if check_ca and ca_cert | length > 0 else omit }}"
ca_cert: "{{ ca_cert if check_ssl and ca_cert | length > 0 else omit }}"
ssl_cert: "{{ ssl_cert if check_ssl and ssl_cert | length > 0 else omit }}"
ssl_key: "{{ ssl_key if check_ssl and ssl_key | length > 0 else omit }}"
ssl_mode: "{{ 'verify-full' if check_ca else 'require' if check_ssl else 'prefer' }}"
ssl_mode: "{{ jms_asset.spec_info.pg_ssl_mode }}"
register: result
failed_when: not result.is_available

1
apps/assets/const/__init__.py
View File

@ -1,6 +1,7 @@
from .automation import *
from .base import *
from .category import *
from .database import *
from .host import *
from .platform import *
from .protocol import *

9
apps/assets/const/database.py
View File

@ -1,3 +1,5 @@
from django.db.models import TextChoices
from .base import BaseType
@ -120,3 +122,10 @@ class DatabaseTypes(BaseType):
cls.MYSQL, cls.MARIADB, cls.POSTGRESQL,
cls.MONGODB, cls.REDIS,
]
class PostgresqlSSLMode(TextChoices):
PREFER = 'prefer', 'Prefer'
REQUIRE = 'require', 'Require'
VERIFY_CA = 'verify-ca', 'Verify CA'
VERIFY_FULL = 'verify-full', 'Verify Full'

23
apps/assets/migrations/0006_database_pg_ssl_mode.py Normal file
View File

@ -0,0 +1,23 @@
# Generated by Django 4.1.13 on 2024-09-13 08:22
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('assets', '0005_myasset'),
]
operations = [
migrations.AddField(
model_name='database',
name='pg_ssl_mode',
field=models.CharField(choices=[
('prefer', 'Prefer'),
('require', 'Require'),
('verify-ca', 'Verify CA'),
('verify-full', 'Verify Full')
], default='prefer',
max_length=16, verbose_name='Postgresql SSL mode'),
),
]

5
apps/assets/models/asset/database.py
View File

@ -1,6 +1,7 @@
from django.db import models
from django.utils.translation import gettext_lazy as _
from assets.const import PostgresqlSSLMode
from common.db.fields import EncryptTextField
from .common import Asset
@ -12,6 +13,10 @@ class Database(Asset):
client_cert = EncryptTextField(verbose_name=_("Client cert"), blank=True)
client_key = EncryptTextField(verbose_name=_("Client key"), blank=True)
allow_invalid_cert = models.BooleanField(default=False, verbose_name=_('Allow invalid cert'))
pg_ssl_mode = models.CharField(
max_length=16, choices=PostgresqlSSLMode.choices,
default=PostgresqlSSLMode.PREFER, verbose_name=_('Postgresql SSL mode')
)
def __str__(self):
return '{}({}://{}/{})'.format(self.name, self.type, self.address, self.db_name)

7
apps/assets/serializers/asset/database.py
View File

@ -16,9 +16,14 @@ class DatabaseSerializer(AssetSerializer):
model = Database
extra_fields = [
'db_name', 'use_ssl', 'ca_cert', 'client_cert',
'client_key', 'allow_invalid_cert'
'client_key', 'allow_invalid_cert', 'pg_ssl_mode'
]
fields = AssetSerializer.Meta.fields + extra_fields
extra_kwargs = {
'ca_cert': {'help_text': _('CA cert help text')},
'pg_ssl_mode': {'help_text': _('Postgresql ssl model help text')},
}
extra_kwargs.update(AssetSerializer.Meta.extra_kwargs)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

6
apps/assets/tasks/gather_facts.py
View File

@ -22,10 +22,8 @@ __all__ = [
verbose_name=_('Gather assets facts'),
activity_callback=lambda self, asset_ids, org_id, *args, **kwargs: (asset_ids, org_id),
description=_(
"""
When clicking 'Refresh hardware info' in 'Console - Asset Details - Basic' this task
will be executed
"""
"""When clicking 'Refresh hardware info' in 'Console - Asset Details - Basic' this task
will be executed"""
)
)
def gather_assets_facts_task(asset_ids, org_id, task_name=None):

23
apps/assets/tasks/nodes_amount.py
View File

@ -1,14 +1,13 @@
from celery import shared_task
from django.utils.translation import gettext_lazy as _
from assets.utils import check_node_assets_amount
from common.const.crontab import CRONTAB_AT_AM_TWO
from common.utils import get_logger
from common.utils.lock import AcquireFailed
from ops.celery.decorator import register_as_period_task
from orgs.models import Organization
from orgs.utils import tmp_to_org
from ops.celery.decorator import register_as_period_task
from assets.utils import check_node_assets_amount
from common.utils.lock import AcquireFailed
from common.utils import get_logger
from common.const.crontab import CRONTAB_AT_AM_TWO
logger = get_logger(__file__)
@ -16,11 +15,9 @@ logger = get_logger(__file__)
@shared_task(
verbose_name=_('Check the amount of assets under the node'),
description=_(
"""
Manually verifying asset quantities updates the asset count for nodes under the
"""Manually verifying asset quantities updates the asset count for nodes under the
current organization. This task will be called in the following two cases: when updating
nodes and when the number of nodes exceeds 100
"""
nodes and when the number of nodes exceeds 100"""
)
)
def check_node_assets_amount_task(org_id=None):
@ -42,10 +39,8 @@ def check_node_assets_amount_task(org_id=None):
@shared_task(
verbose_name=_('Periodic check the amount of assets under the node'),
description=_(
"""
Schedule the check_node_assets_amount_task to periodically update the asset count of
all nodes under all organizations
"""
"""Schedule the check_node_assets_amount_task to periodically update the asset count of
all nodes under all organizations"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)

5
apps/assets/tasks/ping.py
View File

@ -21,10 +21,7 @@ __all__ = [
queue='ansible',
activity_callback=lambda self, asset_ids, org_id, *args, **kwargs: (asset_ids, org_id),
description=_(
"""
When clicking 'Test Asset Connectivity' in 'Asset Details - Basic Settings' this task
will be executed
"""
"When clicking 'Test Asset Connectivity' in 'Asset Details - Basic Settings' this task will be executed"
)
)
def test_assets_connectivity_task(asset_ids, org_id, task_name=None):

5
apps/assets/tasks/ping_gateway.py
View File

@ -20,10 +20,7 @@ __all__ = [
queue='ansible',
activity_callback=lambda self, asset_ids, org_id, *args, **kwargs: (asset_ids, org_id),
description=_(
"""
When clicking 'Test Connection' in 'Domain Details - Gateway' this task will be
executed
"""
"When clicking 'Test Connection' in 'Domain Details - Gateway' this task will be executed"
)
)
def test_gateways_connectivity_task(asset_ids, org_id, local_port, task_name=None):

12
apps/audits/tasks.py
View File

@ -131,12 +131,10 @@ def clean_expired_session_period():
@shared_task(
verbose_name=_('Clean audits session task log'),
description=_(
"""
Since the system generates login logs, operation logs, file upload logs, activity
"""Since the system generates login logs, operation logs, file upload logs, activity
logs, Celery execution logs, session recordings, command records, and password change
logs, it will perform cleanup of records that exceed the time limit according to the
'Tasks - Regular clean-up' in the system settings at 2 a.m daily
"""
'Tasks - Regular clean-up' in the system settings at 2 a.m daily"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)
@ -155,10 +153,8 @@ def clean_audits_log_period():
@shared_task(
verbose_name=_('Upload FTP file to external storage'),
description=_(
"""
If SERVER_REPLAY_STORAGE is configured, files uploaded through file management will be
synchronized to external storage
"""
"""If SERVER_REPLAY_STORAGE is configured, files uploaded through file management will be
synchronized to external storage"""
)
)
def upload_ftp_file_to_external_storage(ftp_log_id, file_name):

8
apps/authentication/tasks.py
View File

@ -2,19 +2,17 @@
#
from celery import shared_task
from ops.celery.decorator import register_as_period_task
from django.contrib.sessions.models import Session
from django.utils import timezone
from django.utils.translation import gettext_lazy as _
from ops.celery.decorator import register_as_period_task
@shared_task(
verbose_name=_('Clean expired session'),
description=_(
"""
Since user logins create sessions, the system will clean up expired sessions every 24
hours
"""
"Since user logins create sessions, the system will clean up expired sessions every 24 hours"
)
)
@register_as_period_task(interval=3600 * 24)

17
apps/common/tasks.py
View File

@ -1,10 +1,10 @@
import os
import jms_storage
from celery import shared_task
from django.conf import settings
from django.core.mail import send_mail, EmailMultiAlternatives, get_connection
from django.utils.translation import gettext_lazy as _
import jms_storage
from .utils import get_logger
@ -32,9 +32,7 @@ def task_activity_callback(self, subject, message, recipient_list, *args, **kwar
verbose_name=_("Send email"),
activity_callback=task_activity_callback,
description=_(
"""
This task will be executed when sending email notifications
"""
"This task will be executed when sending email notifications"
)
)
def send_mail_async(*args, **kwargs):
@ -67,10 +65,8 @@ def send_mail_async(*args, **kwargs):
verbose_name=_("Send email attachment"),
activity_callback=task_activity_callback,
description=_(
"""
When an account password is changed or an account backup generates attachments,
this task needs to be executed for sending emails and handling attachments
"""
"""When an account password is changed or an account backup generates attachments,
this task needs to be executed for sending emails and handling attachments"""
)
)
def send_mail_attachment_async(subject, message, recipient_list, attachment_list=None):
@ -97,10 +93,7 @@ def send_mail_attachment_async(subject, message, recipient_list, attachment_list
@shared_task(
verbose_name=_('Upload account backup to external storage'),
description=_(
"""
When performing an account backup, this task needs to be executed to external storage
(SFTP)
"""
"When performing an account backup, this task needs to be executed to external storage (SFTP)"
)
)
def upload_backup_to_obj_storage(recipient, upload_file):

6
apps/common/utils/verify_code.py
View File

@ -16,10 +16,8 @@ logger = get_logger(__file__)
@shared_task(
verbose_name=_('Send SMS code'),
description=_(
"""
When resetting a password, forgetting a password, or verifying MFA, this task needs to
be executed to send SMS messages
"""
"""When resetting a password, forgetting a password, or verifying MFA, this task needs to
be executed to send SMS messages"""
)
)
def send_sms_async(target, code):

3
apps/i18n/chen/ja.json
View File

@ -9,6 +9,7 @@
"CommandReviewMessage": "入力されたコマンドはレビュー後に実行されます。レビューリクエストを送信しますか?",
"CommandReviewRejectBy": "コマンドレビューが%sに拒否されました",
"CommandReviewTimeoutError": "コマンドレビューがタイムアウトしました",
"CommandWarningDialogMessage": "あなたが実行したコマンドにはリスクがあり、警告通知が管理者に送信されます。続行しますか?",
"Confirm": "確認",
"ConnectError": "接続に失敗しました",
"ConnectSuccess": "接続に成功しました",
@ -22,6 +23,7 @@
"ErrorMessage": "エラーメッセージ",
"ExecuteError": "実行に失敗しました",
"ExecuteSuccess": "実行に成功しました",
"ExecutionCanceled": "実行がキャンセルされました",
"ExportALL": "すべてのデータをエクスポート",
"ExportAll": "すべてエクスポート",
"ExportCurrent": "現在のページをエクスポート",
@ -67,5 +69,6 @@
"Version": "バージョン",
"ViewData": "データを見る",
"WaitCommandReviewMessage": "レビューリクエストが送信されました。レビュー結果をお待ちください",
"Warning": "警告",
"initializingDatasourceFailedMessage": "接続に失敗しました。データベース接続設定が正しいか確認してください"
}

3
apps/i18n/chen/zh_hant.json
View File

@ -9,6 +9,7 @@
"CommandReviewMessage": "您輸入的命令需要覆核後才可以執行,是否發起覆核請求?",
"CommandReviewRejectBy": "命令覆核被 %s 拒絕",
"CommandReviewTimeoutError": "命令覆核超時",
"CommandWarningDialogMessage": "您進行的動作存在風險,警告通知將會寄給管理員。你確定要繼續嗎?",
"Confirm": "確認",
"ConnectError": "連接失敗",
"ConnectSuccess": "連接成功",
@ -22,6 +23,7 @@
"ErrorMessage": "錯誤消息",
"ExecuteError": "執行失敗",
"ExecuteSuccess": "執行成功",
"ExecutionCanceled": "動作已取消",
"ExportALL": "匯出所有資料",
"ExportAll": "匯出全部",
"ExportCurrent": "匯出當前頁面",
@ -67,5 +69,6 @@
"Version": "版本",
"ViewData": "查看資料",
"WaitCommandReviewMessage": "覆核請求已發起,請等待覆核結果",
"Warning": "警告。",
"initializingDatasourceFailedMessage": "連接失敗,請檢查資料庫連接配置是否正確"
}

886
apps/i18n/core/en/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

1702
apps/i18n/core/ja/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

727
apps/i18n/core/zh/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

1362
apps/i18n/core/zh_Hant/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

7
apps/i18n/koko/en.json
View File

@ -62,5 +62,10 @@
"VerifyCode": "Verify Code",
"WaitFileTransfer": "Wait file transfer to finish",
"WebSocketClosed": "WebSocket closed",
"Writable": "Writable"
"Writable": "Writable",
"Reconnect": "Reconnect",
"Close Current Tab": "Close Current Tab",
"Close All Tabs": "Close All Tabs",
"Clone Connect": "Clone Connect",
"Custom Setting": "Custom Setting"
}

5
apps/i18n/koko/ja.json
View File

@ -1,6 +1,9 @@
{
"ActionPerm": "アクション権限",
"Cancel": "キャンセル",
"Clone Connect": "ウィンドウをコピー",
"Close All Tabs": "すべてを閉じる",
"Close Current Tab": "現在を閉じる",
"Confirm": "確認",
"ConfirmBtn": "確定",
"Connect": "接続",
@ -8,6 +11,7 @@
"CopyShareURLSuccess": "レプリケーション共有住所成功",
"CreateLink": "シェアリンクの作成",
"CreateSuccess": "作成に成功しました",
"Custom Setting": "カスタム設定",
"DownArrow": "下向き矢印",
"Download": "ダウンロード",
"DownloadSuccess": "ダウンロードに成功しました",
@ -33,6 +37,7 @@
"Paste": "貼り付け",
"PauseSession": "セッションを一時停止",
"ReadOnly": "読み取り専用",
"Reconnect": "再接続",
"Refresh": "リフレッシュ",
"Remove": "削除",
"RemoveShareUser": "あなたはすでに共有セッションから削除されました」という意味です",

6
apps/i18n/koko/zh.json
View File

@ -62,5 +62,9 @@
"VerifyCode": "验证码",
"WaitFileTransfer": "等待文件传输结束",
"WebSocketClosed": "WebSocket 已关闭",
"Writable": "读写"
"Reconnect": "重新连接",
"Close Current Tab": "关闭当前",
"Close All Tabs": "关闭所有",
"Clone Connect": "复制窗口",
"Custom Setting": "自定义设置"
}

5
apps/i18n/koko/zh_hant.json
View File

@ -1,6 +1,9 @@
{
"ActionPerm": "操作權限",
"Cancel": "取消",
"Clone Connect": "複製視窗",
"Close All Tabs": "關閉全部",
"Close Current Tab": "關閉當前",
"Confirm": "確認",
"ConfirmBtn": "確定",
"Connect": "連接",
@ -8,6 +11,7 @@
"CopyShareURLSuccess": "複製分享地址成功",
"CreateLink": "創建分享連結",
"CreateSuccess": "創建成功",
"Custom Setting": "自訂設定",
"DownArrow": "向下箭頭",
"Download": "下載",
"DownloadSuccess": "下載成功",
@ -33,6 +37,7 @@
"Paste": "貼上",
"PauseSession": "暫停此會話",
"ReadOnly": "只讀",
"Reconnect": "重新連線",
"Refresh": "刷新",
"Remove": "移除",
"RemoveShareUser": "你已經被移除共享會話",

1
apps/i18n/lina/ja.json
View File

@ -1255,6 +1255,7 @@
"TaskID": "タスク ID",
"TaskList": "タスク一覧",
"TaskMonitor": "タスクモニタリング",
"TaskPath": "タスクパス",
"TechnologyConsult": "技術相談",
"TempPasswordTip": "一時的なパスワードの有効期間は300秒で、使用後すぐに無効になります",
"TempToken": "一時的なパスワード",

1
apps/i18n/lina/zh_hant.json
View File

@ -1600,6 +1600,7 @@
"TaskID": "任務 ID",
"TaskList": "工作列表",
"TaskMonitor": "任務監控",
"TaskPath": "任務路徑",
"TechnologyConsult": "技術諮詢",
"TempPassword": "臨時密碼有效期為 300 秒,使用後立刻失效",
"TempPasswordTip": "臨時密碼有效時間為 300 秒,使用後立即失效",

7
apps/notifications/notifications.py
View File

@ -1,7 +1,6 @@
import textwrap
import traceback
from itertools import chain
from typing import Iterable
from celery import shared_task
from django.utils.translation import gettext_lazy as _
@ -46,10 +45,8 @@ class MessageType(type):
@shared_task(
verbose_name=_('Publish the station message'),
description=_(
"""
This task needs to be executed for sending internal messages for system alerts,
work orders, and other notifications
"""
"""This task needs to be executed for sending internal messages for system alerts,
work orders, and other notifications"""
)
)
def publish_task(receive_user_ids, backends_msg_mapper):

39
apps/ops/tasks.py
View File

@ -1,6 +1,5 @@
# coding: utf-8
import datetime
import time
from celery import shared_task
from celery.exceptions import SoftTimeLimitExceeded
@ -13,7 +12,7 @@ from common.utils import get_logger, get_object_or_none, get_log_keep_day
from ops.celery import app
from orgs.utils import tmp_to_org, tmp_to_root_org
from .celery.decorator import (
register_as_period_task, after_app_ready_start, after_app_shutdown_clean_periodic
register_as_period_task, after_app_ready_start
)
from .celery.utils import (
create_or_update_celery_periodic_tasks, get_celery_periodic_task,
@ -52,9 +51,7 @@ def _run_ops_job_execution(execution):
verbose_name=_("Run ansible task"),
activity_callback=job_task_activity_callback,
description=_(
"""
Execute scheduled adhoc and playbooks, periodically invoking the task for execution
"""
"Execute scheduled adhoc and playbooks, periodically invoking the task for execution"
)
)
def run_ops_job(job_id):
@ -85,9 +82,7 @@ def job_execution_task_activity_callback(self, execution_id, *args, **kwargs):
verbose_name=_("Run ansible task execution"),
activity_callback=job_execution_task_activity_callback,
description=_(
"""
Execute the task when manually adhoc or playbooks
"""
"Execute the task when manually adhoc or playbooks"
)
)
def run_ops_job_execution(execution_id, **kwargs):
@ -103,9 +98,7 @@ def run_ops_job_execution(execution_id, **kwargs):
@shared_task(
verbose_name=_('Clear celery periodic tasks'),
description=_(
"""
At system startup, clean up celery tasks that no longer exist
"""
"At system startup, clean up celery tasks that no longer exist"
)
)
@after_app_ready_start
@ -131,11 +124,9 @@ def clean_celery_periodic_tasks():
@shared_task(
verbose_name=_('Create or update periodic tasks'),
description=_(
"""
With version iterations, new tasks may be added, or task names and execution times may
"""With version iterations, new tasks may be added, or task names and execution times may
be modified. Therefore, upon system startup, tasks will be registered or the parameters
of scheduled tasks will be updated
"""
of scheduled tasks will be updated"""
)
)
@after_app_ready_start
@ -148,10 +139,8 @@ def create_or_update_registered_periodic_tasks():
@shared_task(
verbose_name=_("Periodic check service performance"),
description=_(
"""
Check every hour whether each component is offline and whether the CPU, memory,
and disk usage exceed the thresholds, and send an alert message to the administrator
"""
"""Check every hour whether each component is offline and whether the CPU, memory,
and disk usage exceed the thresholds, and send an alert message to the administrator"""
)
)
@register_as_period_task(interval=3600)
@ -162,12 +151,10 @@ def check_server_performance_period():
@shared_task(
verbose_name=_("Clean up unexpected jobs"),
description=_(
"""
Due to exceptions caused by executing adhoc and playbooks in the Job Center,
"""Due to exceptions caused by executing adhoc and playbooks in the Job Center,
which result in the task status not being updated, the system will clean up abnormal jobs
that have not been completed for more than 3 hours every hour and mark these tasks as
failed
"""
failed"""
)
)
@register_as_period_task(interval=3600)
@ -179,12 +166,10 @@ def clean_up_unexpected_jobs():
@shared_task(
verbose_name=_('Clean job_execution db record'),
description=_(
"""
Due to the execution of adhoc and playbooks in the Job Center, execution records will
"""Due to the execution of adhoc and playbooks in the Job Center, execution records will
be generated. The system will clean up records that exceed the retention period every day
at 2 a.m., based on the configuration of 'System Settings - Tasks - Regular clean-up -
Job execution retention days'
"""
Job execution retention days'"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)

12
apps/perms/tasks.py
View File

@ -27,12 +27,10 @@ logger = get_logger(__file__)
@shared_task(
verbose_name=_('Check asset permission expired'),
description=_(
"""
The cache of organizational collections, which have completed user authorization tree
"""The cache of organizational collections, which have completed user authorization tree
construction, will expire. Therefore, expired collections need to be cleared from the
cache, and this task will be executed periodically based on the time interval specified
by PERM_EXPIRED_CHECK_PERIODIC in the system configuration file config.txt
"""
by PERM_EXPIRED_CHECK_PERIODIC in the system configuration file config.txt"""
)
)
@register_as_period_task(interval=settings.PERM_EXPIRED_CHECK_PERIODIC)
@ -50,12 +48,10 @@ def check_asset_permission_expired():
@shared_task(
verbose_name=_('Send asset permission expired notification'),
description=_(
"""
Check every day at 10 a.m. and send a notification message to users associated with
"""Check every day at 10 a.m. and send a notification message to users associated with
assets whose authorization is about to expire, as well as to the organization's
administrators, 3 days in advance, to remind them that the asset authorization will
expire in a few days
"""
expire in a few days"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TEN)

23
apps/settings/tasks/ldap.py
View File

@ -1,5 +1,6 @@
# coding: utf-8
import time
from celery import shared_task
from django.conf import settings
from django.utils.translation import gettext_lazy as _
@ -8,7 +9,7 @@ from common.utils import get_logger
from common.utils.timezone import local_now_display
from ops.celery.decorator import after_app_ready_start
from ops.celery.utils import (
create_or_update_celery_periodic_tasks, disable_celery_periodic_task
create_or_update_celery_periodic_tasks
)
from orgs.models import Organization
from settings.notifications import LDAPImportMessage
@ -71,9 +72,7 @@ def perform_import(category, util_server):
@shared_task(
verbose_name=_('Periodic import ldap user'),
description=_(
"""
When LDAP auto-sync is configured, this task will be invoked to synchronize users
"""
"When LDAP auto-sync is configured, this task will be invoked to synchronize users"
)
)
def import_ldap_user():
@ -83,9 +82,7 @@ def import_ldap_user():
@shared_task(
verbose_name=_('Periodic import ldap ha user'),
description=_(
"""
When LDAP auto-sync is configured, this task will be invoked to synchronize users
"""
"When LDAP auto-sync is configured, this task will be invoked to synchronize users"
)
)
def import_ldap_ha_user():
@ -119,10 +116,8 @@ def register_periodic_task(task_name, task_func, interval_key, enabled_key, cron
@shared_task(
verbose_name=_('Registration periodic import ldap user task'),
description=_(
"""
When LDAP auto-sync parameters change, such as Crontab parameters, the LDAP sync task
will be re-registered or updated, and this task will be invoked
"""
"""When LDAP auto-sync parameters change, such as Crontab parameters, the LDAP sync task
will be re-registered or updated, and this task will be invoked"""
)
)
@after_app_ready_start
@ -137,10 +132,8 @@ def import_ldap_user_periodic(**kwargs):
@shared_task(
verbose_name=_('Registration periodic import ldap ha user task'),
description=_(
"""
When LDAP HA auto-sync parameters change, such as Crontab parameters, the LDAP HA sync task
will be re-registered or updated, and this task will be invoked
"""
"""When LDAP HA auto-sync parameters change, such as Crontab parameters, the LDAP HA sync task
will be re-registered or updated, and this task will be invoked"""
)
)
@after_app_ready_start

42
apps/terminal/tasks.py
View File

@ -42,10 +42,8 @@ def delete_terminal_status_period():
@shared_task(
verbose_name=_('Clean orphan session'),
description=_(
"""
Check every 10 minutes for asset connection sessions that have been inactive for 3
minutes and mark these sessions as completed
"""
"""Check every 10 minutes for asset connection sessions that have been inactive for 3
minutes and mark these sessions as completed"""
)
)
@register_as_period_task(interval=600)
@ -69,10 +67,8 @@ def clean_orphan_session():
@shared_task(
verbose_name=_('Upload session replay to external storage'),
description=_(
"""
If SERVER_REPLAY_STORAGE is configured in the config.txt, session commands and
recordings will be uploaded to external storage
"""
"""If SERVER_REPLAY_STORAGE is configured in the config.txt, session commands and
recordings will be uploaded to external storage"""
)
)
def upload_session_replay_to_external_storage(session_id):
@ -106,10 +102,8 @@ def upload_session_replay_to_external_storage(session_id):
verbose_name=_('Run applet host deployment'),
activity_callback=lambda self, did, *args, **kwargs: ([did],),
description=_(
"""
When deploying from the remote application publisher details page, and the 'Deploy'
button is clicked, this task will be executed
"""
"""When deploying from the remote application publisher details page, and the 'Deploy'
button is clicked, this task will be executed"""
)
)
def run_applet_host_deployment(did, install_applets):
@ -122,10 +116,8 @@ def run_applet_host_deployment(did, install_applets):
verbose_name=_('Install applet'),
activity_callback=lambda self, ids, applet_id, *args, **kwargs: (ids,),
description=_(
"""
When the 'Deploy' button is clicked in the 'Remote Application' section of the remote
application publisher details page, this task will be executed
"""
"""When the 'Deploy' button is clicked in the 'Remote Application' section of the remote
application publisher details page, this task will be executed"""
)
)
def run_applet_host_deployment_install_applet(ids, applet_id):
@ -139,10 +131,8 @@ def run_applet_host_deployment_install_applet(ids, applet_id):
verbose_name=_('Uninstall applet'),
activity_callback=lambda self, ids, applet_id, *args, **kwargs: (ids,),
description=_(
"""
When the 'Uninstall' button is clicked in the 'Remote Application' section of the
remote application publisher details page, this task will be executed
"""
"""When the 'Uninstall' button is clicked in the 'Remote Application' section of the
remote application publisher details page, this task will be executed"""
)
)
def run_applet_host_deployment_uninstall_applet(ids, applet_id):
@ -156,10 +146,8 @@ def run_applet_host_deployment_uninstall_applet(ids, applet_id):
verbose_name=_('Generate applet host accounts'),
activity_callback=lambda self, host_id, *args, **kwargs: ([host_id],),
description=_(
"""
When a remote publishing server is created and an account needs to be created
automatically, this task will be executed
"""
"""When a remote publishing server is created and an account needs to be created
automatically, this task will be executed"""
)
)
def applet_host_generate_accounts(host_id):
@ -174,11 +162,9 @@ def applet_host_generate_accounts(host_id):
@shared_task(
verbose_name=_('Check command replay storage connectivity'),
description=_(
"""
Check every day at midnight whether the external storage for commands and recordings
"""Check every day at midnight whether the external storage for commands and recordings
is accessible. If it is not accessible, send a notification to the recipients specified
in 'System Settings - Notifications - Subscription - Storage - Connectivity'
"""
in 'System Settings - Notifications - Subscription - Storage - Connectivity'"""
)
)
@register_as_period_task(crontab='0 0 * * *')

6
apps/users/signal_handlers.py
View File

@ -195,10 +195,8 @@ def on_ldap_create_user(sender, user, ldap_user, **kwargs):
@shared_task(
verbose_name=_('Clean up expired user sessions'),
description=_(
"""
After logging in via the web, a user session record is created. At 2 a.m. every day,
the system cleans up inactive user devices
"""
"""After logging in via the web, a user session record is created. At 2 a.m. every day,
the system cleans up inactive user devices"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_AM_TWO)

30
apps/users/tasks.py
View File

@ -25,10 +25,8 @@ logger = get_logger(__file__)
@shared_task(
verbose_name=_('Check password expired'),
description=_(
"""
Check every day at 10 AM whether the passwords of users in the system are expired,
and send a notification 5 days in advance
"""
"""Check every day at 10 AM whether the passwords of users in the system are expired,
and send a notification 5 days in advance"""
)
)
def check_password_expired():
@ -47,11 +45,9 @@ def check_password_expired():
@shared_task(
verbose_name=_('Periodic check password expired'),
description=_(
"""
With version iterations, new tasks may be added, or task names and execution times may
"""With version iterations, new tasks may be added, or task names and execution times may
be modified. Therefore, upon system startup, it is necessary to register or update the
parameters of the task that checks if passwords have expired
"""
parameters of the task that checks if passwords have expired"""
)
)
@after_app_ready_start
@ -70,10 +66,8 @@ def check_password_expired_periodic():
@shared_task(
verbose_name=_('Check user expired'),
description=_(
"""
Check every day at 10 AM whether the users in the system are expired, and send a
notification 5 days in advance
"""
"""Check every day at 10 AM whether the users in the system are expired, and send a
notification 5 days in advance"""
)
)
def check_user_expired():
@ -95,11 +89,9 @@ def check_user_expired():
@shared_task(
verbose_name=_('Periodic check user expired'),
description=_(
"""
With version iterations, new tasks may be added, or task names and execution times may
"""With version iterations, new tasks may be added, or task names and execution times may
be modified. Therefore, upon system startup, it is necessary to register or update the
parameters of the task that checks if users have expired
"""
parameters of the task that checks if users have expired"""
)
)
@after_app_ready_start
@ -118,11 +110,9 @@ def check_user_expired_periodic():
@shared_task(
verbose_name=_('Check unused users'),
description=_(
"""
At 2 a.m. every day, according to the configuration in "System Settings - Security -
"""At 2 a.m. every day, according to the configuration in "System Settings - Security -
Auth security - Auto disable threshold" users who have not logged in or whose API keys
have not been used for a long time will be disabled
"""
have not been used for a long time will be disabled"""
)
)
@register_as_period_task(crontab=CRONTAB_AT_PM_TWO)