github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: mysql 证书 (#11465) 

Co-authored-by: feng <1304903146@qq.com>
pull/11468/head
fit2bot 2023-08-30 15:15:49 +08:00 committed by GitHub
parent 894249a3d1
commit 992e34d652
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/accounts/automations/change_secret/database/mysql/main.yml
View File

@ -11,6 +11,10 @@
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version
register: db_info
@ -24,6 +28,10 @@
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
host: "%"
@ -37,4 +45,8 @@
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version

4
apps/accounts/automations/gather_accounts/database/mysql/main.yml
View File

@ -10,6 +10,10 @@
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: users
register: db_info

12
apps/accounts/automations/push_account/database/mysql/main.yml
View File

@ -11,6 +11,10 @@
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version
register: db_info
@ -24,6 +28,10 @@
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
host: "%"
@ -37,4 +45,8 @@
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version

2
apps/accounts/automations/verify_account/database/mongodb/main.yml
View File

@ -15,4 +15,4 @@
ssl_ca_certs: "{{ jms_asset.secret_info.ca_cert }}"
ssl_certfile: "{{ jms_asset.secret_info.client_key }}"
connection_options:
- tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
- tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert }}"

4
apps/accounts/automations/verify_account/database/mysql/main.yml
View File

@ -10,4 +10,8 @@
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version

4
apps/assets/automations/ping/database/mysql/main.yml
View File

@ -10,4 +10,8 @@
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version

5
apps/ops/ansible/inventory.py
View File

@ -163,12 +163,13 @@ class JMSInventory:
protocol = self.get_primary_protocol(ansible_config, protocols)
tp, category = asset.type, asset.category
name = asset.name.replace(' ', '_').replace('[', '_').replace(']', '_')
host = {
'name': name,
'jms_asset': {
'id': str(asset.id), 'name': asset.name, 'address': asset.address,
'type': asset.type, 'category': asset.category,
'type': tp, 'category': category,
'protocol': protocol.name, 'port': protocol.port,
'spec_info': asset.spec_info, 'secret_info': asset.secret_info,
'protocols': [{'name': p.name, 'port': p.port} for p in protocols],
@ -180,7 +181,7 @@ class JMSInventory:
} if account else None
}
if host['jms_account'] and asset.platform.type == 'oracle':
if host['jms_account'] and tp == 'oracle':
host['jms_account']['mode'] = 'sysdba' if account.privileged else None
ansible_config = self.fill_ansible_config(ansible_config, protocol)