perf: 合并冲突

apps/assets/api/account_history.py

@@ -26,17 +26,6 @@ class AccountHistoryViewSet(AccountViewSet):
     }
     http_method_names = ['get', 'options']
 
-<<<<<<< HEAD
-=======
-    def get_queryset(self):
-        queryset = self.model.objects.all() \
-            .annotate(ip=F('asset__ip')) \
-            .annotate(hostname=F('asset__hostname')) \
-            .annotate(platform=F('asset__platform__name')) \
-            .annotate(protocols=F('asset__protocols'))
-        return queryset
-
->>>>>>> origin
 
 class AccountHistorySecretsViewSet(RecordViewLogMixin, AccountHistoryViewSet):
     serializer_classes = {

apps/assets/migrations/0097_auto_20220426_1558.py

@@ -68,49 +68,6 @@ def migrate_database_to_asset(apps, *args):
             failed_apps.append(app)
             pass
 
-#
-# def migrate_remote_app_to_asset(apps, *args):
-#     app_model = apps.get_model('applications', 'Application')
-#     remote_app_model = apps.get_model('assets', 'Web')
-#     host_model = apps.get_model('assets', 'Host')
-#     platform_model = apps.get_model('assets', 'Platform')
-#     applications = app_model.objects.filter(category='remote_app')
-#     platforms = platform_model.objects.filter(category='remote_app')
-#     platforms_map = {p.type: p for p in platforms}
-#
-#     connect_host_map = {}
-#
-#     for app in applications:
-#         attrs = app.attrs
-#         connect_host = attrs.pop('asset')
-#         if connect_host:
-#             connect_host = host_model.objects.filter(asset_ptr_id=connect_host).first()
-#             connect_host_map[app.id] = connect_host
-#
-#     for app in applications:
-#         tp = app.type
-#         attrs = app.attrs
-#         app_path = attrs.pop('path', '')
-#         if tp == 'custom':
-#             tp = 'general_remote_app'
-#
-#         print("Create remote app: {}".format(app.name))
-#         remote_app = remote_app_model(
-#             id=app.id, hostname=app.name, ip='',
-#             protocols='',
-#             platform=platforms_map[tp],
-#             org_id=app.org_id,
-#             app_path=app_path,
-#             connect_host=connect_host_map.get(app.id),
-#             attrs=attrs,
-#         )
-#         try:
-#             remote_app.save()
-#         except Exception as e:
-#             print("Error: ", e)
-#             # remote_app.hostname = 'RemoteApp-' + remote_app.hostname
-#
-
 
 def migrate_cloud_to_asset(apps, *args):
     app_model = apps.get_model('applications', 'Application')
@@ -119,6 +76,7 @@ def migrate_cloud_to_asset(apps, *args):
 
     applications = app_model.objects.filter(category='cloud')
     platform = platform_model.objects.filter(type='k8s').first()
+    print()
 
     for app in applications:
         attrs = app.attrs

apps/assets/migrations/0098_auto_20220430_2126.py

@@ -1,9 +1,48 @@
 # Generated by Django 3.1.14 on 2022-04-30 14:41
 
+from collections import namedtuple
 from django.db import migrations, models
 import django.db.models.deletion
 
 
+def migrate_platform_set_ops(apps, *args):
+    platform_model = apps.get_model('assets', 'Platform')
+
+    Attr = namedtuple('ops', [
+        'su_enabled', 'su_method', 'domain_enabled',
+        'change_password_enabled', 'change_password_method',
+        'verify_account_enabled', 'verify_account_method',
+        'create_account_enabled', 'create_account_method',
+    ])
+    default_ok = {
+        'su_enabled': True,
+        'su_method': 'sudo',
+        'domain_enabled': True,
+        'change_password_enabled': True,
+        'change_password_method': 'change_password_ansible',
+        'verify_account_enabled': True,
+        'verify_account_method': 'verify_account_ansible',
+        'create_account_enabled': True,
+        'create_account_method': 'create_account_ansible',
+    }
+
+    platform_ops_map = {
+        'Linux': default_ok,
+        'Windows': default_ok,
+        'AIX': Attr(
+            True, 'sudo', True,
+            True, 'change_password_ansible',
+            True, 'verify_account_ansible',
+            True, 'create_account_ansible'
+        )
+    }
+    platforms = platform_model.objects.all()
+
+    for p in platforms:
+        p.set_ops = True
+        p.save()
+
+
 class Migration(migrations.Migration):
 
     dependencies = [

apps/assets/resources/platform/__init__.py

@@ -12,7 +12,7 @@ def get_platform_methods():
         for name in dirs:
             path = os.path.join(root, name)
             rel_path = path.replace(BASE_DIR, '.')
-            if len(rel_path.split('/')) != 4:
+            if len(rel_path.split('/')) != 3:
                 continue
             manifest_path = os.path.join(path, 'manifest.yml')
             if not os.path.exists(manifest_path):
@@ -22,10 +22,9 @@ def get_platform_methods():
                 manifest = yaml.safe_load(f)
             except yaml.YAMLError as e:
                 continue
-            current, category, tp, name = rel_path.split('/')
-            manifest.update({
-                'category': category,
-                'type': tp,
-            })
             methods.append(manifest)
     return methods
+
+
+if __name__ == '__main__':
+    print(get_platform_methods())

apps/assets/resources/platform/host/change_password_aix/roles/change_password/tasks/main.yml

@@ -8,7 +8,7 @@
 - name: Change password
   user:
     name: "{{ account.username }}"
-    password: "{{ account.password | password_hash('sha512') }}"
+    password: "{{ account.password | password_hash('des') }}"
     update_password: always
   when: account.password
 

apps/assets/resources/platform/host/change_password_linux/main.yml

@@ -0,0 +1,10 @@
+{% for account in accounts %}
+- hosts: {{ account.asset.name }}
+  vars:
+    account:
+      username: {{ account.username }}
+      password: {{ account.password }}
+      public_key: {{ account.public_key }}
+  roles:
+    - change_password
+{% endfor %}

apps/assets/resources/platform/host/change_password_linux/manifest.yml

@@ -0,0 +1,11 @@
+id: change_password_ansible
+name: Change password using ansible
+version: 1
+description: 使用特权账号更改账号的密码
+author: ibuler
+method: change_password
+vars:
+  account:
+    username: test
+    password: teset123
+    public_key: test

apps/assets/resources/platform/host/change_password_linux/roles/change_password/tasks/main.yml

@@ -0,0 +1,23 @@
+- name: Check connection
+  ping:
+
+- name: Change password
+  user:
+    name: "{{ account.username }}"
+    password: "{{ account.password | password_hash('sha512') }}"
+    update_password: always
+  when: account.password
+
+- name: Change public key
+  authorized_key:
+    user: "{{ account.username }}"
+    key: "{{ account.public_key }}"
+    state: present
+  when: account.public_key
+
+- name: Verify password
+  ping:
+  vars:
+    ansible_user: "{{ account.username }}"
+    ansible_pass: "{{ account.password }}"
+    ansible_ssh_connection: paramiko

apps/assets/resources/platform/host/change_password_windows/main.yml

@@ -0,0 +1,10 @@
+{% for account in accounts %}
+- hosts: {{ account.asset.name }}
+  vars:
+    account:
+      username: {{ account.username }}
+      password: {{ account.password }}
+      public_key: {{ account.public_key }}
+  roles:
+    - change_password
+{% endfor %}

apps/assets/resources/platform/host/change_password_windows/manifest.yml

@@ -0,0 +1,11 @@
+id: change_password_ansible
+name: Change password using ansible
+version: 1
+description: 使用特权账号更改账号的密码
+author: ibuler
+method: change_password
+vars:
+  account:
+    username: test
+    password: teset123
+    public_key: test

apps/assets/resources/platform/host/change_password_windows/roles/change_password/tasks/main.yml

@@ -0,0 +1,27 @@
+- name: ping
+  ping:
+
+#- name: print variables
+#  debug:
+#    msg: "Username: {{ account.username }}, Password: {{ account.password }}"
+
+- name: Change password
+  user:
+    name: "{{ account.username }}"
+    password: "{{ account.password | password_hash('des') }}"
+    update_password: always
+  when: account.password
+
+- name: Change public key
+  authorized_key:
+    user: "{{ account.username }}"
+    key: "{{ account.public_key }}"
+    state: present
+  when: account.public_key
+
+- name: Verify password
+  ping:
+  vars:
+    ansible_user: "{{ account.username }}"
+    ansible_pass: "{{ account.password }}"
+    ansible_ssh_connection: paramiko

apps/assets/resources/platform/host/linux/create_account_ansible/main.yml

@@ -1,15 +0,0 @@
-- hosts: centos
-  gather_facts: no
-  vars:
-    account:
-      username: web
-      password: test123
-
-  tasks:
-    - name: Verify password
-      ping:
-      vars:
-        ansible_ssh_user: "{{ account.username }}"
-        ansible_ssh_pass: "{{ account.password }}"
-
-

apps/assets/resources/platform/host/linux/create_account_ansible/manifest.yml

@@ -1,6 +0,0 @@
-id: create_account_ansible
-name: Create account by ansible
-version: 1
-description: 使用特权账号更改账号的密码
-author: ibuler
-method: create_account

apps/assets/resources/platform/host/verifiy_account_ansible/main.yml

@@ -11,5 +11,3 @@
       vars:
         ansible_user: "{{ account.username }}"
         ansible_pass: "{{ account.password }}"
-
-

apps/audits/api.py

@@ -129,15 +129,10 @@ class CommandExecutionViewSet(ListModelMixin, OrgGenericViewSet):
 class CommandExecutionHostRelationViewSet(OrgRelationMixin, OrgBulkModelViewSet):
     serializer_class = CommandExecutionHostsRelationSerializer
     m2m_field = CommandExecution.hosts.field
-<<<<<<< HEAD
     filterset_fields = [
         'id', 'asset', 'commandexecution'
     ]
     search_fields = ('asset__name', )
-=======
-    filterset_class = filters.CommandExecutionFilter
-    search_fields = ('asset__hostname', )
->>>>>>> origin
     http_method_names = ['options', 'get']
     rbac_perms = {
         'GET': 'ops.view_commandexecution',

apps/authentication/api/connection_token.py

@@ -210,12 +210,7 @@ class ConnectionTokenMixin:
 
 class ConnectionTokenViewSet(ConnectionTokenMixin, RootOrgViewMixin, JMSModelViewSet):
     filterset_fields = (
-<<<<<<< HEAD
         'type', 'user_display', 'asset_display'
-=======
-        'type', 'user_display', 'system_user_display',
-        'application_display', 'asset_display'
->>>>>>> origin
     )
     search_fields = filterset_fields
     serializer_classes = {

apps/authentication/serializers/connection_token.py

@@ -153,12 +153,7 @@ class ConnectionTokenCmdFilterRuleSerializer(serializers.ModelSerializer):
 
 class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin):
     user = ConnectionTokenUserSerializer(read_only=True)
-<<<<<<< HEAD
     asset = ConnectionTokenAssetSerializer(read_only=True)
-=======
-    asset = ConnectionTokenAssetSerializer(read_only=True, source='asset_or_remote_app_asset')
-    application = ConnectionTokenApplicationSerializer(read_only=True)
->>>>>>> origin
     remote_app = ConnectionTokenRemoteAppSerializer(read_only=True)
     account = serializers.CharField(read_only=True)
     gateway = ConnectionTokenGatewaySerializer(read_only=True)

apps/common/utils/common.py

@@ -383,8 +383,6 @@ def test_ip_connectivity(host, port, timeout=0.5):
     else:
         connectivity = False
     return connectivity
-<<<<<<< HEAD
-=======
 
 
 def static_or_direct(logo_path):
@@ -392,4 +390,3 @@ def static_or_direct(logo_path):
         return static(logo_path)
     else:
         return logo_path
->>>>>>> origin

apps/locale/zh/LC_MESSAGES/django.mo

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c6f584a0c74107ceddce6b403ff8755b59aabb093a0e6cc0c5f9b47eb6ae49f4
-size 255
+oid sha256:a89e824cdc4abeea54ffba79270406eefe3a260b764acb79cd42e6a11d4c03a2
+size 108405

apps/perms/notifications.py

@@ -1,7 +1,3 @@
-<<<<<<< HEAD
-
-=======
->>>>>>> origin
 from django.utils.translation import ugettext as _
 from django.template.loader import render_to_string
 
@@ -83,81 +79,3 @@ class AssetPermsWillExpireForOrgAdminMsg(UserMessage):
         perms = AssetPermission.objects.all()[:10]
         org = Organization.objects.first()
         return cls(user, perms, org)
-<<<<<<< HEAD
-=======
-
-
-class PermedAppsWillExpireUserMsg(UserMessage):
-    def __init__(self, user, apps, day_count=0):
-        super().__init__(user)
-        self.apps = apps
-        self.day_count = _('today') if day_count == 0 else day_count
-
-    def get_html_msg(self) -> dict:
-        subject = _("Your permed applications is about to expire")
-        context = {
-            'name': self.user.name,
-            'count': str(self.day_count),
-            'item_type': _('permed applications'),
-            'items': [str(app) for app in self.apps]
-        }
-        message = render_to_string('perms/_msg_permed_items_expire.html', context)
-        return {
-            'subject': subject,
-            'message': message
-        }
-
-    @classmethod
-    def gen_test_msg(cls):
-        from users.models import User
-        from applications.models import Application
-
-        user = User.objects.first()
-        apps = Application.objects.all()[:10]
-        return cls(user, apps)
-
-
-class AppPermsWillExpireForOrgAdminMsg(UserMessage):
-    def __init__(self, user, perms, org, day_count=0):
-        super().__init__(user)
-        self.perms = perms
-        self.org = org
-        self.day_count = _('today') if day_count == 0 else day_count
-
-    def get_items_with_url(self):
-        items_with_url = []
-        for perm in self.perms:
-            url = js_reverse(
-                'perms:application-permission-detail',
-                kwargs={'pk': perm.id}, external=True,
-                api_to_ui=True, is_console=True
-            ) + f'?oid={perm.org_id}'
-            items_with_url.append([perm.name, url])
-        return items_with_url
-
-    def get_html_msg(self) -> dict:
-        items = self.get_items_with_url()
-        subject = _('Application permissions is about to expire')
-        context = {
-            'name': self.user.name,
-            'count': str(self.day_count),
-            'item_type': _('application permissions of organization {}').format(self.org),
-            'items_with_url': items
-        }
-        message = render_to_string('perms/_msg_item_permissions_expire.html', context)
-        return {
-            'subject': subject,
-            'message': message
-        }
-
-    @classmethod
-    def gen_test_msg(cls):
-        from users.models import User
-        from perms.models import ApplicationPermission
-        from orgs.models import Organization
-
-        user = User.objects.first()
-        perms = ApplicationPermission.objects.all()[:10]
-        org = Organization.objects.first()
-        return cls(user, perms, org)
->>>>>>> origin

apps/perms/tasks.py

@@ -100,51 +100,3 @@ def check_asset_permission_will_expired():
             org_admins = org.admins.all()
             for org_admin in org_admins:
                 AssetPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async()
-<<<<<<< HEAD
-=======
-
-
-@register_as_period_task(crontab='0 10 * * *')
-@shared_task()
-@atomic()
-@tmp_to_root_org()
-def check_app_permission_will_expired():
-    start = local_now()
-    end = start + timedelta(days=3)
-
-    app_perms = ApplicationPermission.objects.filter(
-        date_expired__gte=start,
-        date_expired__lte=end
-    ).distinct()
-
-    user_app_remain_day_mapper = defaultdict(dict)
-    org_perm_remain_day_mapper = defaultdict(dict)
-
-    for app_perm in app_perms:
-        date_expired = dt_parser(app_perm.date_expired)
-        remain_days = (date_expired - start).days
-
-        org = app_perm.org
-        if org in org_perm_remain_day_mapper[remain_days]:
-            org_perm_remain_day_mapper[remain_days][org].add(app_perm)
-        else:
-            org_perm_remain_day_mapper[remain_days][org] = {app_perm, }
-
-        users = app_perm.get_all_users()
-        apps = app_perm.applications.all()
-        for u in users:
-            if u in user_app_remain_day_mapper[remain_days]:
-                user_app_remain_day_mapper[remain_days][u].update(apps)
-            else:
-                user_app_remain_day_mapper[remain_days][u] = set(apps)
-
-    for day_count, user_app_mapper in user_app_remain_day_mapper.items():
-        for user, apps in user_app_mapper.items():
-            PermedAppsWillExpireUserMsg(user, apps, day_count).publish_async()
-
-    for day_count, org_perm_mapper in org_perm_remain_day_mapper.items():
-        for org, perms in org_perm_mapper.items():
-            org_admins = org.admins.all()
-            for org_admin in org_admins:
-                AppPermsWillExpireForOrgAdminMsg(org_admin, perms, org, day_count).publish_async()
->>>>>>> origin