github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: mysql 证书 (#11465) 

Co-authored-by: feng <1304903146@qq.com>
pull/11468/head
fit2bot 2023-08-30 15:15:49 +08:00 committed by GitHub
parent 894249a3d1
commit 992e34d652
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/accounts/automations/change_secret/database/mysql/main.yml
View File

@ -11,6 +11,10 @@
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version filter: version
register: db_info register: db_info
@ -24,6 +28,10 @@
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
name: "{{ account.username }}" name: "{{ account.username }}"
password: "{{ account.secret }}" password: "{{ account.secret }}"
host: "%" host: "%"
@ -37,4 +45,8 @@
login_password: "{{ account.secret }}" login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version filter: version

4
apps/accounts/automations/gather_accounts/database/mysql/main.yml
View File

@ -10,6 +10,10 @@
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: users filter: users
register: db_info register: db_info

12
apps/accounts/automations/push_account/database/mysql/main.yml
View File

@ -11,6 +11,10 @@
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version filter: version
register: db_info register: db_info
@ -24,6 +28,10 @@
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
name: "{{ account.username }}" name: "{{ account.username }}"
password: "{{ account.secret }}" password: "{{ account.secret }}"
host: "%" host: "%"
@ -37,4 +45,8 @@
login_password: "{{ account.secret }}" login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version filter: version

2
apps/accounts/automations/verify_account/database/mongodb/main.yml
View File

@ -15,4 +15,4 @@
ssl_ca_certs: "{{ jms_asset.secret_info.ca_cert }}" ssl_ca_certs: "{{ jms_asset.secret_info.ca_cert }}"
ssl_certfile: "{{ jms_asset.secret_info.client_key }}" ssl_certfile: "{{ jms_asset.secret_info.client_key }}"
connection_options: connection_options:
- tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}" - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert }}"

4
apps/accounts/automations/verify_account/database/mysql/main.yml
View File

@ -10,4 +10,8 @@
login_password: "{{ account.secret }}" login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version filter: version

4
apps/assets/automations/ping/database/mysql/main.yml
View File

@ -10,4 +10,8 @@
login_password: "{{ jms_account.secret }}" login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}" login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}" login_port: "{{ jms_asset.port }}"
check_hostname: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
ca_cert: "{{ jms_asset.secret_info.ca_cert }}"
client_cert: "{{ jms_asset.secret_info.client_cert }}"
client_key: "{{ jms_asset.secret_info.client_key }}"
filter: version filter: version

5
apps/ops/ansible/inventory.py
View File

@ -163,12 +163,13 @@ class JMSInventory:
protocol = self.get_primary_protocol(ansible_config, protocols) protocol = self.get_primary_protocol(ansible_config, protocols)
tp, category = asset.type, asset.category
name = asset.name.replace(' ', '_').replace('[', '_').replace(']', '_') name = asset.name.replace(' ', '_').replace('[', '_').replace(']', '_')
host = { host = {
'name': name, 'name': name,
'jms_asset': { 'jms_asset': {
'id': str(asset.id), 'name': asset.name, 'address': asset.address, 'id': str(asset.id), 'name': asset.name, 'address': asset.address,
'type': asset.type, 'category': asset.category, 'type': tp, 'category': category,
'protocol': protocol.name, 'port': protocol.port, 'protocol': protocol.name, 'port': protocol.port,
'spec_info': asset.spec_info, 'secret_info': asset.secret_info, 'spec_info': asset.spec_info, 'secret_info': asset.secret_info,
'protocols': [{'name': p.name, 'port': p.port} for p in protocols], 'protocols': [{'name': p.name, 'port': p.port} for p in protocols],
@ -180,7 +181,7 @@ class JMSInventory:
} if account else None } if account else None
} }
if host['jms_account'] and asset.platform.type == 'oracle': if host['jms_account'] and tp == 'oracle':
host['jms_account']['mode'] = 'sysdba' if account.privileged else None host['jms_account']['mode'] = 'sysdba' if account.privileged else None
ansible_config = self.fill_ansible_config(ansible_config, protocol) ansible_config = self.fill_ansible_config(ansible_config, protocol)