diff --git a/apps/assets/api/account_history.py b/apps/assets/api/account_history.py index e64d8189c..6ca4fd349 100644 --- a/apps/assets/api/account_history.py +++ b/apps/assets/api/account_history.py @@ -26,17 +26,6 @@ class AccountHistoryViewSet(AccountViewSet): } http_method_names = ['get', 'options'] -<<<<<<< HEAD -======= - def get_queryset(self): - queryset = self.model.objects.all() \ - .annotate(ip=F('asset__ip')) \ - .annotate(hostname=F('asset__hostname')) \ - .annotate(platform=F('asset__platform__name')) \ - .annotate(protocols=F('asset__protocols')) - return queryset - ->>>>>>> origin class AccountHistorySecretsViewSet(RecordViewLogMixin, AccountHistoryViewSet): serializer_classes = { diff --git a/apps/assets/migrations/0097_auto_20220426_1558.py b/apps/assets/migrations/0097_auto_20220426_1558.py index df925852f..ff82e0cf7 100644 --- a/apps/assets/migrations/0097_auto_20220426_1558.py +++ b/apps/assets/migrations/0097_auto_20220426_1558.py @@ -68,49 +68,6 @@ def migrate_database_to_asset(apps, *args): failed_apps.append(app) pass -# -# def migrate_remote_app_to_asset(apps, *args): -# app_model = apps.get_model('applications', 'Application') -# remote_app_model = apps.get_model('assets', 'Web') -# host_model = apps.get_model('assets', 'Host') -# platform_model = apps.get_model('assets', 'Platform') -# applications = app_model.objects.filter(category='remote_app') -# platforms = platform_model.objects.filter(category='remote_app') -# platforms_map = {p.type: p for p in platforms} -# -# connect_host_map = {} -# -# for app in applications: -# attrs = app.attrs -# connect_host = attrs.pop('asset') -# if connect_host: -# connect_host = host_model.objects.filter(asset_ptr_id=connect_host).first() -# connect_host_map[app.id] = connect_host -# -# for app in applications: -# tp = app.type -# attrs = app.attrs -# app_path = attrs.pop('path', '') -# if tp == 'custom': -# tp = 'general_remote_app' -# -# print("Create remote app: {}".format(app.name)) -# remote_app = remote_app_model( -# id=app.id, hostname=app.name, ip='', -# protocols='', -# platform=platforms_map[tp], -# org_id=app.org_id, -# app_path=app_path, -# connect_host=connect_host_map.get(app.id), -# attrs=attrs, -# ) -# try: -# remote_app.save() -# except Exception as e: -# print("Error: ", e) -# # remote_app.hostname = 'RemoteApp-' + remote_app.hostname -# - def migrate_cloud_to_asset(apps, *args): app_model = apps.get_model('applications', 'Application') @@ -119,6 +76,7 @@ def migrate_cloud_to_asset(apps, *args): applications = app_model.objects.filter(category='cloud') platform = platform_model.objects.filter(type='k8s').first() + print() for app in applications: attrs = app.attrs diff --git a/apps/assets/migrations/0098_auto_20220430_2126.py b/apps/assets/migrations/0098_auto_20220430_2126.py index 6d9100593..b96085256 100644 --- a/apps/assets/migrations/0098_auto_20220430_2126.py +++ b/apps/assets/migrations/0098_auto_20220430_2126.py @@ -1,9 +1,48 @@ # Generated by Django 3.1.14 on 2022-04-30 14:41 +from collections import namedtuple from django.db import migrations, models import django.db.models.deletion +def migrate_platform_set_ops(apps, *args): + platform_model = apps.get_model('assets', 'Platform') + + Attr = namedtuple('ops', [ + 'su_enabled', 'su_method', 'domain_enabled', + 'change_password_enabled', 'change_password_method', + 'verify_account_enabled', 'verify_account_method', + 'create_account_enabled', 'create_account_method', + ]) + default_ok = { + 'su_enabled': True, + 'su_method': 'sudo', + 'domain_enabled': True, + 'change_password_enabled': True, + 'change_password_method': 'change_password_ansible', + 'verify_account_enabled': True, + 'verify_account_method': 'verify_account_ansible', + 'create_account_enabled': True, + 'create_account_method': 'create_account_ansible', + } + + platform_ops_map = { + 'Linux': default_ok, + 'Windows': default_ok, + 'AIX': Attr( + True, 'sudo', True, + True, 'change_password_ansible', + True, 'verify_account_ansible', + True, 'create_account_ansible' + ) + } + platforms = platform_model.objects.all() + + for p in platforms: + p.set_ops = True + p.save() + + class Migration(migrations.Migration): dependencies = [ diff --git a/apps/assets/resources/platform/__init__.py b/apps/assets/resources/platform/__init__.py index 83da5fbf8..a844df27a 100644 --- a/apps/assets/resources/platform/__init__.py +++ b/apps/assets/resources/platform/__init__.py @@ -12,7 +12,7 @@ def get_platform_methods(): for name in dirs: path = os.path.join(root, name) rel_path = path.replace(BASE_DIR, '.') - if len(rel_path.split('/')) != 4: + if len(rel_path.split('/')) != 3: continue manifest_path = os.path.join(path, 'manifest.yml') if not os.path.exists(manifest_path): @@ -22,10 +22,9 @@ def get_platform_methods(): manifest = yaml.safe_load(f) except yaml.YAMLError as e: continue - current, category, tp, name = rel_path.split('/') - manifest.update({ - 'category': category, - 'type': tp, - }) methods.append(manifest) return methods + + +if __name__ == '__main__': + print(get_platform_methods()) diff --git a/apps/assets/resources/platform/host/linux/change_password_ansible/main.yml b/apps/assets/resources/platform/host/change_password_aix/main.yml similarity index 100% rename from apps/assets/resources/platform/host/linux/change_password_ansible/main.yml rename to apps/assets/resources/platform/host/change_password_aix/main.yml diff --git a/apps/assets/resources/platform/host/linux/change_password_ansible/manifest.yml b/apps/assets/resources/platform/host/change_password_aix/manifest.yml similarity index 100% rename from apps/assets/resources/platform/host/linux/change_password_ansible/manifest.yml rename to apps/assets/resources/platform/host/change_password_aix/manifest.yml diff --git a/apps/assets/resources/platform/host/linux/change_password_ansible/roles/change_password/tasks/main.yml b/apps/assets/resources/platform/host/change_password_aix/roles/change_password/tasks/main.yml similarity index 89% rename from apps/assets/resources/platform/host/linux/change_password_ansible/roles/change_password/tasks/main.yml rename to apps/assets/resources/platform/host/change_password_aix/roles/change_password/tasks/main.yml index 78cc1776e..903cd9115 100644 --- a/apps/assets/resources/platform/host/linux/change_password_ansible/roles/change_password/tasks/main.yml +++ b/apps/assets/resources/platform/host/change_password_aix/roles/change_password/tasks/main.yml @@ -8,7 +8,7 @@ - name: Change password user: name: "{{ account.username }}" - password: "{{ account.password | password_hash('sha512') }}" + password: "{{ account.password | password_hash('des') }}" update_password: always when: account.password diff --git a/apps/assets/resources/platform/host/change_password_linux/main.yml b/apps/assets/resources/platform/host/change_password_linux/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/resources/platform/host/change_password_linux/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/resources/platform/host/change_password_linux/manifest.yml b/apps/assets/resources/platform/host/change_password_linux/manifest.yml new file mode 100644 index 000000000..a7df6a8f3 --- /dev/null +++ b/apps/assets/resources/platform/host/change_password_linux/manifest.yml @@ -0,0 +1,11 @@ +id: change_password_ansible +name: Change password using ansible +version: 1 +description: 使用特权账号更改账号的密码 +author: ibuler +method: change_password +vars: + account: + username: test + password: teset123 + public_key: test diff --git a/apps/assets/resources/platform/host/change_password_linux/roles/change_password/tasks/main.yml b/apps/assets/resources/platform/host/change_password_linux/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..e0ba9c73f --- /dev/null +++ b/apps/assets/resources/platform/host/change_password_linux/roles/change_password/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Check connection + ping: + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('sha512') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/resources/platform/host/change_password_windows/main.yml b/apps/assets/resources/platform/host/change_password_windows/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/resources/platform/host/change_password_windows/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/resources/platform/host/change_password_windows/manifest.yml b/apps/assets/resources/platform/host/change_password_windows/manifest.yml new file mode 100644 index 000000000..a7df6a8f3 --- /dev/null +++ b/apps/assets/resources/platform/host/change_password_windows/manifest.yml @@ -0,0 +1,11 @@ +id: change_password_ansible +name: Change password using ansible +version: 1 +description: 使用特权账号更改账号的密码 +author: ibuler +method: change_password +vars: + account: + username: test + password: teset123 + public_key: test diff --git a/apps/assets/resources/platform/host/change_password_windows/roles/change_password/tasks/main.yml b/apps/assets/resources/platform/host/change_password_windows/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..903cd9115 --- /dev/null +++ b/apps/assets/resources/platform/host/change_password_windows/roles/change_password/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ping + ping: + +#- name: print variables +# debug: +# msg: "Username: {{ account.username }}, Password: {{ account.password }}" + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('des') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/resources/platform/host/linux/create_account_ansible/main.yml b/apps/assets/resources/platform/host/linux/create_account_ansible/main.yml deleted file mode 100644 index c5ec26def..000000000 --- a/apps/assets/resources/platform/host/linux/create_account_ansible/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- hosts: centos - gather_facts: no - vars: - account: - username: web - password: test123 - - tasks: - - name: Verify password - ping: - vars: - ansible_ssh_user: "{{ account.username }}" - ansible_ssh_pass: "{{ account.password }}" - - diff --git a/apps/assets/resources/platform/host/linux/create_account_ansible/manifest.yml b/apps/assets/resources/platform/host/linux/create_account_ansible/manifest.yml deleted file mode 100644 index 391bc24ec..000000000 --- a/apps/assets/resources/platform/host/linux/create_account_ansible/manifest.yml +++ /dev/null @@ -1,6 +0,0 @@ -id: create_account_ansible -name: Create account by ansible -version: 1 -description: 使用特权账号更改账号的密码 -author: ibuler -method: create_account diff --git a/apps/assets/resources/platform/host/linux/verifiy_account_ansible/main.yml b/apps/assets/resources/platform/host/verifiy_account_ansible/main.yml similarity index 99% rename from apps/assets/resources/platform/host/linux/verifiy_account_ansible/main.yml rename to apps/assets/resources/platform/host/verifiy_account_ansible/main.yml index d681b54cc..4ccdb3074 100644 --- a/apps/assets/resources/platform/host/linux/verifiy_account_ansible/main.yml +++ b/apps/assets/resources/platform/host/verifiy_account_ansible/main.yml @@ -11,5 +11,3 @@ vars: ansible_user: "{{ account.username }}" ansible_pass: "{{ account.password }}" - - diff --git a/apps/assets/resources/platform/host/linux/verifiy_account_ansible/manifest.yml b/apps/assets/resources/platform/host/verifiy_account_ansible/manifest.yml similarity index 100% rename from apps/assets/resources/platform/host/linux/verifiy_account_ansible/manifest.yml rename to apps/assets/resources/platform/host/verifiy_account_ansible/manifest.yml diff --git a/apps/audits/api.py b/apps/audits/api.py index bef3f3a05..42ae0993c 100644 --- a/apps/audits/api.py +++ b/apps/audits/api.py @@ -129,15 +129,10 @@ class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet): class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet): serializer_class = CommandExecutionHostsRelationSerializer m2m_field = CommandExecution.hosts.field -<<<<<<< HEAD filterset_fields = [ 'id', 'asset', 'commandexecution' ] search_fields = ('asset__name', ) -======= - filterset_class = filters.CommandExecutionFilter - search_fields = ('asset__hostname', ) ->>>>>>> origin http_method_names = ['options', 'get'] rbac_perms = { 'GET': 'ops.view_commandexecution', diff --git a/apps/authentication/api/connection_token.py b/apps/authentication/api/connection_token.py index 22d9e9b04..990e9d814 100644 --- a/apps/authentication/api/connection_token.py +++ b/apps/authentication/api/connection_token.py @@ -210,12 +210,7 @@ class ConnectionTokenMixin: class ConnectionTokenViewSet(ConnectionTokenMixin, RootOrgViewMixin, JMSModelViewSet): filterset_fields = ( -<<<<<<< HEAD 'type', 'user_display', 'asset_display' -======= - 'type', 'user_display', 'system_user_display', - 'application_display', 'asset_display' ->>>>>>> origin ) search_fields = filterset_fields serializer_classes = { diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py index 5a3db5b4e..4a5b91e5b 100644 --- a/apps/authentication/serializers/connection_token.py +++ b/apps/authentication/serializers/connection_token.py @@ -153,12 +153,7 @@ class ConnectionTokenCmdFilterRuleSerializer(serializers.ModelSerializer): class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin): user = ConnectionTokenUserSerializer(read_only=True) -<<<<<<< HEAD asset = ConnectionTokenAssetSerializer(read_only=True) -======= - asset = ConnectionTokenAssetSerializer(read_only=True, source='asset_or_remote_app_asset') - application = ConnectionTokenApplicationSerializer(read_only=True) ->>>>>>> origin remote_app = ConnectionTokenRemoteAppSerializer(read_only=True) account = serializers.CharField(read_only=True) gateway = ConnectionTokenGatewaySerializer(read_only=True) diff --git a/apps/common/utils/common.py b/apps/common/utils/common.py index 93283e99b..ed45417b7 100644 --- a/apps/common/utils/common.py +++ b/apps/common/utils/common.py @@ -383,8 +383,6 @@ def test_ip_connectivity(host, port, timeout=0.5): else: connectivity = False return connectivity -<<<<<<< HEAD -======= def static_or_direct(logo_path): @@ -392,4 +390,3 @@ def static_or_direct(logo_path): return static(logo_path) else: return logo_path ->>>>>>> origin diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index d675a6b92..1ad9097dd 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c6f584a0c74107ceddce6b403ff8755b59aabb093a0e6cc0c5f9b47eb6ae49f4 -size 255 +oid sha256:a89e824cdc4abeea54ffba79270406eefe3a260b764acb79cd42e6a11d4c03a2 +size 108405 diff --git a/apps/perms/notifications.py b/apps/perms/notifications.py index c6917dcbd..9e074cd03 100644 --- a/apps/perms/notifications.py +++ b/apps/perms/notifications.py @@ -1,7 +1,3 @@ -<<<<<<< HEAD - -======= ->>>>>>> origin from django.utils.translation import ugettext as _ from django.template.loader import render_to_string @@ -83,81 +79,3 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage): perms = AssetPermission.objects.all()[:10] org = Organization.objects.first() return cls(user, perms, org) -<<<<<<< HEAD -======= - - -class PermedAppsWillExpireUserMsg(UserMessage): - def __init__(self, user, apps, day_count=0): - super().__init__(user) - self.apps = apps - self.day_count = _('today') if day_count == 0 else day_count - - def get_html_msg(self) -> dict: - subject = _("Your permed applications is about to expire") - context = { - 'name': self.user.name, - 'count': str(self.day_count), - 'item_type': _('permed applications'), - 'items': [str(app) for app in self.apps] - } - message = render_to_string('perms/_msg_permed_items_expire.html', context) - return { - 'subject': subject, - 'message': message - } - - @classmethod - def gen_test_msg(cls): - from users.models import User - from applications.models import Application - - user = User.objects.first() - apps = Application.objects.all()[:10] - return cls(user, apps) - - -class AppPermsWillExpireForOrgAdminMsg(UserMessage): - def __init__(self, user, perms, org, day_count=0): - super().__init__(user) - self.perms = perms - self.org = org - self.day_count = _('today') if day_count == 0 else day_count - - def get_items_with_url(self): - items_with_url = [] - for perm in self.perms: - url = js_reverse( - 'perms:application-permission-detail', - kwargs={'pk': perm.id}, external=True, - api_to_ui=True, is_console=True - ) + f'?oid={perm.org_id}' - items_with_url.append([perm.name, url]) - return items_with_url - - def get_html_msg(self) -> dict: - items = self.get_items_with_url() - subject = _('Application permissions is about to expire') - context = { - 'name': self.user.name, - 'count': str(self.day_count), - 'item_type': _('application permissions of organization {}').format(self.org), - 'items_with_url': items - } - message = render_to_string('perms/_msg_item_permissions_expire.html', context) - return { - 'subject': subject, - 'message': message - } - - @classmethod - def gen_test_msg(cls): - from users.models import User - from perms.models import ApplicationPermission - from orgs.models import Organization - - user = User.objects.first() - perms = ApplicationPermission.objects.all()[:10] - org = Organization.objects.first() - return cls(user, perms, org) ->>>>>>> origin diff --git a/apps/perms/tasks.py b/apps/perms/tasks.py index 58cbc66d6..30c9600d3 100644 --- a/apps/perms/tasks.py +++ b/apps/perms/tasks.py @@ -100,51 +100,3 @@ def check_asset_permission_will_expired(): org_admins = org.admins.all() for org_admin in org_admins: AssetPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async() -<<<<<<< HEAD -======= - - -@register_as_period_task(crontab='0 10 * * *') -@shared_task() -@atomic() -@tmp_to_root_org() -def check_app_permission_will_expired(): - start = local_now() - end = start + timedelta(days=3) - - app_perms = ApplicationPermission.objects.filter( - date_expired__gte=start, - date_expired__lte=end - ).distinct() - - user_app_remain_day_mapper = defaultdict(dict) - org_perm_remain_day_mapper = defaultdict(dict) - - for app_perm in app_perms: - date_expired = dt_parser(app_perm.date_expired) - remain_days = (date_expired - start).days - - org = app_perm.org - if org in org_perm_remain_day_mapper[remain_days]: - org_perm_remain_day_mapper[remain_days][org].add(app_perm) - else: - org_perm_remain_day_mapper[remain_days][org] = {app_perm, } - - users = app_perm.get_all_users() - apps = app_perm.applications.all() - for u in users: - if u in user_app_remain_day_mapper[remain_days]: - user_app_remain_day_mapper[remain_days][u].update(apps) - else: - user_app_remain_day_mapper[remain_days][u] = set(apps) - - for day_count, user_app_mapper in user_app_remain_day_mapper.items(): - for user, apps in user_app_mapper.items(): - PermedAppsWillExpireUserMsg(user, apps, day_count).publish_async() - - for day_count, org_perm_mapper in org_perm_remain_day_mapper.items(): - for org, perms in org_perm_mapper.items(): - org_admins = org.admins.all() - for org_admin in org_admins: - AppPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async() ->>>>>>> origin