diff --git a/apps/assets/automations/change_secret/database/mysql/main.yml b/apps/assets/automations/change_secret/database/mysql/main.yml index a3c56768f..39560a383 100644 --- a/apps/assets/automations/change_secret/database/mysql/main.yml +++ b/apps/assets/automations/change_secret/database/mysql/main.yml @@ -2,15 +2,6 @@ gather_facts: no vars: ansible_python_interpreter: /usr/local/bin/python - jms_account: - username: root - secret: redhat - jms_asset: - address: 127.0.0.1 - port: 3306 - account: - username: web1 - secret: jumpserver tasks: - name: Test MySQL connection diff --git a/apps/assets/automations/change_secret/database/postgresql/main.yml b/apps/assets/automations/change_secret/database/postgresql/main.yml index ed4e60abf..816d4c0e2 100644 --- a/apps/assets/automations/change_secret/database/postgresql/main.yml +++ b/apps/assets/automations/change_secret/database/postgresql/main.yml @@ -1,18 +1,8 @@ - hosts: postgre gather_facts: no vars: - ansible_python_interpreter: /usr/local/bin/python - jms_account: - username: postgre - secret: postgre - jms_asset: - address: 127.0.0.1 - port: 5432 - database: testdb - account: - username: test - secret: jumpserver - +# ansible_python_interpreter: /usr/local/bin/python + ansible_python_interpreter: /Users/xiaofeng/Desktop/jumpserver/venv/bin/python tasks: - name: Test PostgreSQL connection community.postgresql.postgresql_ping: @@ -25,7 +15,8 @@ - name: Display PostgreSQL version debug: - var: db_info.version.full + var: db_info.server_version.full + when: db_info is succeeded - name: Change PostgreSQL password community.postgresql.postgresql_user: @@ -37,6 +28,7 @@ name: "{{ account.username }}" password: "{{ account.secret }}" when: db_info is succeeded + register: change_info - name: Verify password community.postgresql.postgresql_ping: @@ -45,3 +37,4 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" db: "{{ jms_asset.database }}" + when: db_info is succeeded and change_info is changed diff --git a/apps/assets/automations/change_secret/manager.py b/apps/assets/automations/change_secret/manager.py index 954a309b5..4ac49676b 100644 --- a/apps/assets/automations/change_secret/manager.py +++ b/apps/assets/automations/change_secret/manager.py @@ -69,10 +69,10 @@ class ChangeSecretManager(BasePlaybookManager): def get_ssh_key(self): if self.secret_strategy == SecretStrategy.custom: - ssh_key = self.execution.snapshot['ssh_key'] - if not ssh_key: + secret = self.execution.snapshot['secret'] + if not secret: raise ValueError("Automation SSH key must be set") - return ssh_key + return secret elif self.secret_strategy == SecretStrategy.random_one: if not self._ssh_key_generated: self._ssh_key_generated = self.generate_ssh_key() diff --git a/apps/ops/ansible/inventory.py b/apps/ops/ansible/inventory.py index 09427f3e5..c544cfcd6 100644 --- a/apps/ops/ansible/inventory.py +++ b/apps/ops/ansible/inventory.py @@ -199,8 +199,8 @@ class JMSInventory: def write_to_file(self, path): path_dir = os.path.dirname(path) - data = self.generate(path_dir) if not os.path.exists(path_dir): os.makedirs(path_dir, 0o700, True) + data = self.generate(path_dir) with open(path, 'w') as f: f.write(json.dumps(data, indent=4)) diff --git a/requirements/requirements.txt b/requirements/requirements.txt index ea6c56b59..8af2fcb0f 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -143,4 +143,4 @@ ForgeryPy3==0.3.1 django-debug-toolbar==3.5 Pympler==1.0.1 IPy==1.1 - +psycopg2==2.9.4