github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 优化 audit log

pull/9528/head
ibuler 2023-02-13 19:42:42 +08:00
parent e88cb71d3c
commit bd9b1f1a5b
7 changed files with 62 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/assets/const/database.py
View File

@ -63,7 +63,7 @@ class DatabaseTypes(BaseType):
cls.SQLSERVER: [{'name': 'SQLServer'}],
cls.CLICKHOUSE: [{'name': 'ClickHouse'}],
cls.MONGODB: [{'name': 'MongoDB'}],
cls.REDIS: [{'name': 'Redis'}],
cls.REDIS: [{'name': 'Redis'}, {'name': 'Redis6+'}],
}
@classmethod

3
apps/assets/const/protocol.py
View File

@ -96,6 +96,9 @@ class Protocol(ChoicesMixin, models.TextChoices):
'port': 6379,
'required': True,
'secret_types': ['password'],
'setting': {
'auth_username': True,
}
},
}

4
apps/assets/serializers/platform.py
View File

@ -38,6 +38,10 @@ class ProtocolSettingSerializer(serializers.Serializer):
)
script = serializers.JSONField(default=list, label=_("Script"))
# Redis
auth_username = serializers.BooleanField(default=False, label=_("Auth with username"),
help_text=_("Auth with username"))
class PlatformAutomationSerializer(serializers.ModelSerializer):
class Meta:

26
apps/audits/signal_handlers/activity_log.py
View File

@ -4,18 +4,18 @@ from celery import signals
from django.db.models.signals import post_save
from django.utils.translation import ugettext_lazy as _
from audits.models import ActivityLog
from assets.models import Asset, Node
from accounts.const import AutomationTypes
from accounts.models import AccountBackupAutomation
from assets.models import Asset, Node
from audits.models import ActivityLog
from common.utils import get_object_or_none
from jumpserver.utils import current_request
from ops.celery import app
from orgs.utils import tmp_to_root_org
from terminal.models import Session
from users.models import User
from jumpserver.utils import current_request
from ..const import ActivityChoices
from ..models import UserLoginLog
class ActivityLogHandler(object):
@ -118,8 +118,8 @@ class ActivityLogHandler(object):
@staticmethod
def login_log_for_activity(obj):
login_status = _('Success') if obj.status else _('Failed')
detail = _('User {} login into this service.[{}]').format(
obj.username, login_status
detail = _('User {} login this system {}').format(
obj.name, login_status
)
user_id = User.objects.filter(username=obj.username).values('id').first()
return user_id['id'], detail, ActivityChoices.login_log
@ -164,12 +164,11 @@ def on_celery_task_pre_run_for_activity_log(task_id='', **kwargs):
activities.append(
ActivityLog(id=activity_id, detail_id=task_id)
)
ActivityLog.objects.bulk_update(activities, ('detail_id', ))
ActivityLog.objects.bulk_update(activities, ('detail_id',))
@post_save.connect
def on_object_created(
sender, instance=None, created=False, update_fields=None, **kwargs
def on_session_or_login_log_created(
sender, instance=None, created=False, **kwargs
):
handler_mapping = {
'Session': activity_handler.session_for_activity,
@ -179,12 +178,13 @@ def on_object_created(
if not created or model_name not in handler_mapping:
return
resource_id, detail, a_type = handler_mapping[model_name](instance)
resource_id, detail, act_type = handler_mapping[model_name](instance)
ActivityLog.objects.create(
resource_id=resource_id, type=a_type,
resource_id=resource_id, type=act_type,
detail=detail, detail_id=instance.id
)
for sender in [Session, UserLoginLog]:
post_save.connect(on_session_or_login_log_created, sender=sender)

2
apps/locale/ja/LC_MESSAGES/django.po
View File

@ -1765,7 +1765,7 @@ msgid "User {} has executed change auth plan for this account.({})"
msgstr "ユーザー {} はこのアカウントのために改密計画を実行しました。({})"
#: audits/handler.py:168
msgid "User {} login into this service.[{}]"
msgid "User [{}] login this system.[{}]"
msgstr "ユーザー {} がサービスにログインしました。[{}]"
#: audits/models.py:32 audits/models.py:59 audits/models.py:101

2
apps/locale/zh/LC_MESSAGES/django.po
View File

@ -1752,7 +1752,7 @@ msgid "User {} has executed change auth plan for this account.({})"
msgstr "用户 {} 为这个账号执行了改密计划.({})"
#: audits/handler.py:168
msgid "User {} login into this service.[{}]"
msgid "User [{}] login this system.[{}]"
msgstr "用户 {} 登录了服务.[{}]"
#: audits/models.py:32 audits/models.py:59 audits/models.py:101

62
apps/orgs/signal_handlers/common.py
View File

@ -4,12 +4,13 @@ from collections import defaultdict
from functools import partial
from django.conf import settings
from django.db.models.signals import post_save, pre_delete, m2m_changed
from django.db.models.signals import post_save, pre_delete, m2m_changed, post_delete
from django.db.utils import ProgrammingError, OperationalError
from django.dispatch import receiver
from django.utils.functional import LazyObject
from common.const.signals import PRE_REMOVE, POST_REMOVE
from common.decorators import delay_run
from common.decorators import on_transaction_commit
from common.signals import django_ready
from common.utils import get_logger
@ -51,9 +52,21 @@ def subscribe_orgs_mapping_expire(sender, **kwargs):
)
@delay_run(ttl=5)
def expire_user_orgs(*args):
User.expire_users_rbac_perms_cache()
@receiver(post_save, sender=Organization)
def on_org_create(sender, instance, created=False, **kwargs):
if created:
return
expire_user_orgs()
# 创建对应的root
@receiver(post_save, sender=Organization)
def on_org_create_or_update(sender, instance, created=False, **kwargs):
def on_org_create_or_update(sender, instance, **kwargs):
# 必须放到最开始, 因为下面调用Node.save方法时会获取当前组织的org_id(即instance.org_id), 如果不过期会找不到
expire_orgs_mapping_for_memory(instance.id)
@ -77,7 +90,26 @@ def on_org_delete(sender, instance, **kwargs):
root_node.delete()
def _remove_users(model, users, org, user_field_name='users'):
@receiver(post_delete, sender=Organization)
def on_org_delete(sender, instance, **kwargs):
expire_user_orgs()
@receiver(post_save, sender=User)
@on_transaction_commit
def on_user_created_set_default_org(sender, instance, created, **kwargs):
if not instance.id:
# 用户已被手动删除instance.orgs 时会使用 id 进行查找报错所以判断不存在id时不做处理
return
if not created:
return
if instance.orgs.count() > 0:
return
with tmp_to_org(Organization.default()):
Organization.default().add_member(instance)
def _remove_user_resource(model, users, org, user_field_name='users'):
with tmp_to_org(org):
if not isinstance(users, (tuple, list, set)):
users = (users,)
@ -103,8 +135,8 @@ def _remove_users(model, users, org, user_field_name='users'):
objects = model.objects.filter(id__in=object_id_user_ids_map.keys())
send_m2m_change_signal = partial(
m2m_changed.send,
sender=m2m_model, reverse=reverse, model=User, using=model.objects.db
m2m_changed.send, sender=m2m_model, reverse=reverse,
model=User, using=model.objects.db
)
for obj in objects:
@ -126,7 +158,7 @@ def _remove_users(model, users, org, user_field_name='users'):
def _clear_users_from_org(org, users):
"""
清理用户在该组织下的相关数据
清理用户在该组织下的相关数据, 包括用户组, 资产授权, 用户授权
"""
if not users:
return
@ -134,23 +166,7 @@ def _clear_users_from_org(org, users):
models = (AssetPermission, UserGroup)
for m in models:
_remove_users(m, users, org)
# _remove_users(CommandFilterRule, users, org, user_field_name='reviewers')
@receiver(post_save, sender=User)
@on_transaction_commit
def on_user_created_set_default_org(sender, instance, created, **kwargs):
if not instance.id:
# 用户已被手动删除instance.orgs 时会使用 id 进行查找报错所以判断不存在id时不做处理
return
if not created:
return
if instance.orgs.count() > 0:
return
with tmp_to_org(Organization.default()):
Organization.default().add_member(instance)
_remove_user_resource(m, users, org)
@receiver(post_user_leave_org)