github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 合并冲突

pull/8873/head
ibuler 2022-08-30 10:07:03 +08:00
parent c950508873
commit 951d4e4e0d
24 changed files with 140 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/assets/api/account_history.py
View File

@ -26,17 +26,6 @@ class AccountHistoryViewSet(AccountViewSet):
} }
http_method_names = ['get', 'options'] http_method_names = ['get', 'options']
<<<<<<< HEAD
=======
def get_queryset(self):
queryset = self.model.objects.all() \
.annotate(ip=F('asset__ip')) \
.annotate(hostname=F('asset__hostname')) \
.annotate(platform=F('asset__platform__name')) \
.annotate(protocols=F('asset__protocols'))
return queryset
>>>>>>> origin
class AccountHistorySecretsViewSet(RecordViewLogMixin, AccountHistoryViewSet): class AccountHistorySecretsViewSet(RecordViewLogMixin, AccountHistoryViewSet):
serializer_classes = { serializer_classes = {

44
apps/assets/migrations/0097_auto_20220426_1558.py
View File

@ -68,49 +68,6 @@ def migrate_database_to_asset(apps, *args):
failed_apps.append(app) failed_apps.append(app)
pass pass
#
# def migrate_remote_app_to_asset(apps, *args):
# app_model = apps.get_model('applications', 'Application')
# remote_app_model = apps.get_model('assets', 'Web')
# host_model = apps.get_model('assets', 'Host')
# platform_model = apps.get_model('assets', 'Platform')
# applications = app_model.objects.filter(category='remote_app')
# platforms = platform_model.objects.filter(category='remote_app')
# platforms_map = {p.type: p for p in platforms}
#
# connect_host_map = {}
#
# for app in applications:
# attrs = app.attrs
# connect_host = attrs.pop('asset')
# if connect_host:
# connect_host = host_model.objects.filter(asset_ptr_id=connect_host).first()
# connect_host_map[app.id] = connect_host
#
# for app in applications:
# tp = app.type
# attrs = app.attrs
# app_path = attrs.pop('path', '')
# if tp == 'custom':
# tp = 'general_remote_app'
#
# print("Create remote app: {}".format(app.name))
# remote_app = remote_app_model(
# id=app.id, hostname=app.name, ip='',
# protocols='',
# platform=platforms_map[tp],
# org_id=app.org_id,
# app_path=app_path,
# connect_host=connect_host_map.get(app.id),
# attrs=attrs,
# )
# try:
# remote_app.save()
# except Exception as e:
# print("Error: ", e)
# # remote_app.hostname = 'RemoteApp-' + remote_app.hostname
#
def migrate_cloud_to_asset(apps, *args): def migrate_cloud_to_asset(apps, *args):
app_model = apps.get_model('applications', 'Application') app_model = apps.get_model('applications', 'Application')
@ -119,6 +76,7 @@ def migrate_cloud_to_asset(apps, *args):
applications = app_model.objects.filter(category='cloud') applications = app_model.objects.filter(category='cloud')
platform = platform_model.objects.filter(type='k8s').first() platform = platform_model.objects.filter(type='k8s').first()
print()
for app in applications: for app in applications:
attrs = app.attrs attrs = app.attrs

39
apps/assets/migrations/0098_auto_20220430_2126.py
View File

@ -1,9 +1,48 @@
# Generated by Django 3.1.14 on 2022-04-30 14:41 # Generated by Django 3.1.14 on 2022-04-30 14:41
from collections import namedtuple
from django.db import migrations, models from django.db import migrations, models
import django.db.models.deletion import django.db.models.deletion
def migrate_platform_set_ops(apps, *args):
platform_model = apps.get_model('assets', 'Platform')
Attr = namedtuple('ops', [
'su_enabled', 'su_method', 'domain_enabled',
'change_password_enabled', 'change_password_method',
'verify_account_enabled', 'verify_account_method',
'create_account_enabled', 'create_account_method',
])
default_ok = {
'su_enabled': True,
'su_method': 'sudo',
'domain_enabled': True,
'change_password_enabled': True,
'change_password_method': 'change_password_ansible',
'verify_account_enabled': True,
'verify_account_method': 'verify_account_ansible',
'create_account_enabled': True,
'create_account_method': 'create_account_ansible',
}
platform_ops_map = {
'Linux': default_ok,
'Windows': default_ok,
'AIX': Attr(
True, 'sudo', True,
True, 'change_password_ansible',
True, 'verify_account_ansible',
True, 'create_account_ansible'
)
}
platforms = platform_model.objects.all()
for p in platforms:
p.set_ops = True
p.save()
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [

11
apps/assets/resources/platform/__init__.py
View File

@ -12,7 +12,7 @@ def get_platform_methods():
for name in dirs: for name in dirs:
path = os.path.join(root, name) path = os.path.join(root, name)
rel_path = path.replace(BASE_DIR, '.') rel_path = path.replace(BASE_DIR, '.')
if len(rel_path.split('/')) != 4: if len(rel_path.split('/')) != 3:
continue continue
manifest_path = os.path.join(path, 'manifest.yml') manifest_path = os.path.join(path, 'manifest.yml')
if not os.path.exists(manifest_path): if not os.path.exists(manifest_path):
@ -22,10 +22,9 @@ def get_platform_methods():
manifest = yaml.safe_load(f) manifest = yaml.safe_load(f)
except yaml.YAMLError as e: except yaml.YAMLError as e:
continue continue
current, category, tp, name = rel_path.split('/')
manifest.update({
'category': category,
'type': tp,
})
methods.append(manifest) methods.append(manifest)
return methods return methods
if __name__ == '__main__':
print(get_platform_methods())

0
apps/assets/resources/platform/host/linux/change_password_ansible/main.yml → apps/assets/resources/platform/host/change_password_aix/main.yml
View File

0
apps/assets/resources/platform/host/linux/change_password_ansible/manifest.yml → apps/assets/resources/platform/host/change_password_aix/manifest.yml
View File

2
apps/assets/resources/platform/host/linux/change_password_ansible/roles/change_password/tasks/main.yml → apps/assets/resources/platform/host/change_password_aix/roles/change_password/tasks/main.yml
View File

@ -8,7 +8,7 @@
- name: Change password - name: Change password
user: user:
name: "{{ account.username }}" name: "{{ account.username }}"
password: "{{ account.password | password_hash('sha512') }}" password: "{{ account.password | password_hash('des') }}"
update_password: always update_password: always
when: account.password when: account.password

10
apps/assets/resources/platform/host/change_password_linux/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

11
apps/assets/resources/platform/host/change_password_linux/manifest.yml Normal file
View File

@ -0,0 +1,11 @@
id: change_password_ansible
name: Change password using ansible
version: 1
description: 使用特权账号更改账号的密码
author: ibuler
method: change_password
vars:
account:
username: test
password: teset123
public_key: test

23
apps/assets/resources/platform/host/change_password_linux/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
- name: Check connection
ping:
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('sha512') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

10
apps/assets/resources/platform/host/change_password_windows/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

11
apps/assets/resources/platform/host/change_password_windows/manifest.yml Normal file
View File

@ -0,0 +1,11 @@
id: change_password_ansible
name: Change password using ansible
version: 1
description: 使用特权账号更改账号的密码
author: ibuler
method: change_password
vars:
account:
username: test
password: teset123
public_key: test

27
apps/assets/resources/platform/host/change_password_windows/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

15
apps/assets/resources/platform/host/linux/create_account_ansible/main.yml
View File

@ -1,15 +0,0 @@
- hosts: centos
gather_facts: no
vars:
account:
username: web
password: test123
tasks:
- name: Verify password
ping:
vars:
ansible_ssh_user: "{{ account.username }}"
ansible_ssh_pass: "{{ account.password }}"

6
apps/assets/resources/platform/host/linux/create_account_ansible/manifest.yml
View File

@ -1,6 +0,0 @@
id: create_account_ansible
name: Create account by ansible
version: 1
description: 使用特权账号更改账号的密码
author: ibuler
method: create_account

2
apps/assets/resources/platform/host/linux/verifiy_account_ansible/main.yml → apps/assets/resources/platform/host/verifiy_account_ansible/main.yml
View File

@ -11,5 +11,3 @@
vars: vars:
ansible_user: "{{ account.username }}" ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}" ansible_pass: "{{ account.password }}"

0
apps/assets/resources/platform/host/linux/verifiy_account_ansible/manifest.yml → apps/assets/resources/platform/host/verifiy_account_ansible/manifest.yml
View File

5
apps/audits/api.py
View File

@ -129,15 +129,10 @@ class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):
class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet): class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet):
serializer_class = CommandExecutionHostsRelationSerializer serializer_class = CommandExecutionHostsRelationSerializer
m2m_field = CommandExecution.hosts.field m2m_field = CommandExecution.hosts.field
<<<<<<< HEAD
filterset_fields = [ filterset_fields = [
'id', 'asset', 'commandexecution' 'id', 'asset', 'commandexecution'
] ]
search_fields = ('asset__name', ) search_fields = ('asset__name', )
=======
filterset_class = filters.CommandExecutionFilter
search_fields = ('asset__hostname', )
>>>>>>> origin
http_method_names = ['options', 'get'] http_method_names = ['options', 'get']
rbac_perms = { rbac_perms = {
'GET': 'ops.view_commandexecution', 'GET': 'ops.view_commandexecution',

5
apps/authentication/api/connection_token.py
View File

@ -210,12 +210,7 @@ class ConnectionTokenMixin:
class ConnectionTokenViewSet(ConnectionTokenMixin, RootOrgViewMixin, JMSModelViewSet): class ConnectionTokenViewSet(ConnectionTokenMixin, RootOrgViewMixin, JMSModelViewSet):
filterset_fields = ( filterset_fields = (
<<<<<<< HEAD
'type', 'user_display', 'asset_display' 'type', 'user_display', 'asset_display'
=======
'type', 'user_display', 'system_user_display',
'application_display', 'asset_display'
>>>>>>> origin
) )
search_fields = filterset_fields search_fields = filterset_fields
serializer_classes = { serializer_classes = {

5
apps/authentication/serializers/connection_token.py
View File

@ -153,12 +153,7 @@ class ConnectionTokenCmdFilterRuleSerializer(serializers.ModelSerializer):
class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin): class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin):
user = ConnectionTokenUserSerializer(read_only=True) user = ConnectionTokenUserSerializer(read_only=True)
<<<<<<< HEAD
asset = ConnectionTokenAssetSerializer(read_only=True) asset = ConnectionTokenAssetSerializer(read_only=True)
=======
asset = ConnectionTokenAssetSerializer(read_only=True, source='asset_or_remote_app_asset')
application = ConnectionTokenApplicationSerializer(read_only=True)
>>>>>>> origin
remote_app = ConnectionTokenRemoteAppSerializer(read_only=True) remote_app = ConnectionTokenRemoteAppSerializer(read_only=True)
account = serializers.CharField(read_only=True) account = serializers.CharField(read_only=True)
gateway = ConnectionTokenGatewaySerializer(read_only=True) gateway = ConnectionTokenGatewaySerializer(read_only=True)

3
apps/common/utils/common.py
View File

@ -383,8 +383,6 @@ def test_ip_connectivity(host, port, timeout=0.5):
else: else:
connectivity = False connectivity = False
return connectivity return connectivity
<<<<<<< HEAD
=======
def static_or_direct(logo_path): def static_or_direct(logo_path):
@ -392,4 +390,3 @@ def static_or_direct(logo_path):
return static(logo_path) return static(logo_path)
else: else:
return logo_path return logo_path
>>>>>>> origin

4
apps/locale/zh/LC_MESSAGES/django.mo
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:c6f584a0c74107ceddce6b403ff8755b59aabb093a0e6cc0c5f9b47eb6ae49f4 oid sha256:a89e824cdc4abeea54ffba79270406eefe3a260b764acb79cd42e6a11d4c03a2
size 255 size 108405

82
apps/perms/notifications.py
View File

@ -1,7 +1,3 @@
<<<<<<< HEAD
=======
>>>>>>> origin
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.template.loader import render_to_string from django.template.loader import render_to_string
@ -83,81 +79,3 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage):
perms = AssetPermission.objects.all()[:10] perms = AssetPermission.objects.all()[:10]
org = Organization.objects.first() org = Organization.objects.first()
return cls(user, perms, org) return cls(user, perms, org)
<<<<<<< HEAD
=======
class PermedAppsWillExpireUserMsg(UserMessage):
def __init__(self, user, apps, day_count=0):
super().__init__(user)
self.apps = apps
self.day_count = _('today') if day_count == 0 else day_count
def get_html_msg(self) -> dict:
subject = _("Your permed applications is about to expire")
context = {
'name': self.user.name,
'count': str(self.day_count),
'item_type': _('permed applications'),
'items': [str(app) for app in self.apps]
}
message = render_to_string('perms/_msg_permed_items_expire.html', context)
return {
'subject': subject,
'message': message
}
@classmethod
def gen_test_msg(cls):
from users.models import User
from applications.models import Application
user = User.objects.first()
apps = Application.objects.all()[:10]
return cls(user, apps)
class AppPermsWillExpireForOrgAdminMsg(UserMessage):
def __init__(self, user, perms, org, day_count=0):
super().__init__(user)
self.perms = perms
self.org = org
self.day_count = _('today') if day_count == 0 else day_count
def get_items_with_url(self):
items_with_url = []
for perm in self.perms:
url = js_reverse(
'perms:application-permission-detail',
kwargs={'pk': perm.id}, external=True,
api_to_ui=True, is_console=True
) + f'?oid={perm.org_id}'
items_with_url.append([perm.name, url])
return items_with_url
def get_html_msg(self) -> dict:
items = self.get_items_with_url()
subject = _('Application permissions is about to expire')
context = {
'name': self.user.name,
'count': str(self.day_count),
'item_type': _('application permissions of organization {}').format(self.org),
'items_with_url': items
}
message = render_to_string('perms/_msg_item_permissions_expire.html', context)
return {
'subject': subject,
'message': message
}
@classmethod
def gen_test_msg(cls):
from users.models import User
from perms.models import ApplicationPermission
from orgs.models import Organization
user = User.objects.first()
perms = ApplicationPermission.objects.all()[:10]
org = Organization.objects.first()
return cls(user, perms, org)
>>>>>>> origin

48
apps/perms/tasks.py
View File

@ -100,51 +100,3 @@ def check_asset_permission_will_expired():
org_admins = org.admins.all() org_admins = org.admins.all()
for org_admin in org_admins: for org_admin in org_admins:
AssetPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async() AssetPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async()
<<<<<<< HEAD
=======
@register_as_period_task(crontab='0 10 * * *')
@shared_task()
@atomic()
@tmp_to_root_org()
def check_app_permission_will_expired():
start = local_now()
end = start + timedelta(days=3)
app_perms = ApplicationPermission.objects.filter(
date_expired__gte=start,
date_expired__lte=end
).distinct()
user_app_remain_day_mapper = defaultdict(dict)
org_perm_remain_day_mapper = defaultdict(dict)
for app_perm in app_perms:
date_expired = dt_parser(app_perm.date_expired)
remain_days = (date_expired - start).days
org = app_perm.org
if org in org_perm_remain_day_mapper[remain_days]:
org_perm_remain_day_mapper[remain_days][org].add(app_perm)
else:
org_perm_remain_day_mapper[remain_days][org] = {app_perm, }
users = app_perm.get_all_users()
apps = app_perm.applications.all()
for u in users:
if u in user_app_remain_day_mapper[remain_days]:
user_app_remain_day_mapper[remain_days][u].update(apps)
else:
user_app_remain_day_mapper[remain_days][u] = set(apps)
for day_count, user_app_mapper in user_app_remain_day_mapper.items():
for user, apps in user_app_mapper.items():
PermedAppsWillExpireUserMsg(user, apps, day_count).publish_async()
for day_count, org_perm_mapper in org_perm_remain_day_mapper.items():
for org, perms in org_perm_mapper.items():
org_admins = org.admins.all()
for org_admin in org_admins:
AppPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async()
>>>>>>> origin