perf: 修改逻辑，将证书文件转换放到manager中

2023-01-29 16:25:16 +08:00 · 2023-01-29 16:25:16 +08:00 · be670872e5
parent 6cda829f67
commit be670872e5
5 changed files with 45 additions and 36 deletions
--- a/apps/accounts/automations/change_secret/database/mongodb/main.yml
+++ b/apps/accounts/automations/change_secret/database/mongodb/main.yml
@ -31,10 +31,10 @@
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.specific.db_name }}"
        ssl: "{{ jms_asset.specific.use_ssl }}"
-          ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
-          ssl_certfile: "{{ jms_asset.specific.client_key }}"
-          connection_options:
-            - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"
+        ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.specific.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"
        db: "{{ jms_asset.specific.db_name }}"
        name: "{{ account.username }}"
        password: "{{ account.secret }}"
--- a/apps/accounts/automations/change_secret/manager.py
+++ b/apps/accounts/automations/change_secret/manager.py
@ -70,8 +70,14 @@ class ChangeSecretManager(AccountBasePlaybookManager):
        else:
            return self.secret_generator.get_secret()

-    def host_callback(self, host, asset=None, account=None, automation=None, path_dir=None, **kwargs):
-        host = super().host_callback(host, asset=asset, account=account, automation=automation, **kwargs)
+    def host_callback(
+            self, host, asset=None, account=None,
+            automation=None, path_dir=None, **kwargs
+    ):
+        host = super().host_callback(
+            host, asset=asset, account=account, automation=automation,
+            path_dir=path_dir, **kwargs
+        )
        if host.get('error'):
            return host

--- a/apps/accounts/automations/gather_accounts/database/mongodb/main.yml
+++ b/apps/accounts/automations/gather_accounts/database/mongodb/main.yml
@ -12,10 +12,10 @@
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.specific.db_name }}"
        ssl: "{{ jms_asset.specific.use_ssl }}"
-          ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
-          ssl_certfile: "{{ jms_asset.specific.client_key }}"
-          connection_options:
-            - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"
+        ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.specific.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"
        filter: users
      register: db_info

--- a/apps/assets/automations/base/manager.py
+++ b/apps/assets/automations/base/manager.py
@ -63,6 +63,33 @@ class BasePlaybookManager:
            os.makedirs(path, exist_ok=True, mode=0o755)
        return path

+    @staticmethod
+    def write_cert_to_file(filename, content):
+        with open(filename, 'w') as f:
+            f.write(content)
+        return filename
+
+    def convert_cert_to_file(self, host, path_dir):
+        if not path_dir:
+            return host
+
+        specific = host.get('jms_asset', {}).get('specific', {})
+        cert_fields = ('ca_cert', 'client_key', 'client_cert')
+        filtered = list(filter(lambda x: specific.get(x), cert_fields))
+        if not filtered:
+            return host
+
+        cert_dir = os.path.join(path_dir, 'certs')
+        if not os.path.exists(cert_dir):
+            os.makedirs(cert_dir, 0o700, True)
+
+        for f in filtered:
+            result = self.write_cert_to_file(
+                os.path.join(cert_dir, f), specific.get(f)
+            )
+            host['jms_asset']['specific'][f] = result
+        return host
+
    def host_callback(self, host, automation=None, **kwargs):
        enabled_attr = '{}_enabled'.format(self.__class__.method_type())
        method_attr = '{}_method'.format(self.__class__.method_type())
@ -75,6 +102,8 @@ class BasePlaybookManager:
        if not method_enabled:
            host['error'] = _('{} disabled'.format(self.__class__.method_type()))
            return host
+
+        host = self.convert_cert_to_file(host, kwargs.get('path_dir'))
        return host

    @staticmethod
--- a/apps/ops/ansible/inventory.py
+++ b/apps/ops/ansible/inventory.py
@ -98,30 +98,6 @@ class JMSInventory:
        if gateway:
            host.update(self.make_proxy_command(gateway))

-    @staticmethod
-    def write_cert_to_file(filename, content):
-        with open(filename, 'w') as f:
-            f.write(content)
-        return filename
-
-    def convert_cert_to_file(self, host, path_dir):
-        specific = host.get('jms_asset', {}).get('specific', {})
-        cert_fields = ('ca_cert', 'client_key', 'client_cert')
-        filtered = list(filter(lambda x: specific.get(x), cert_fields))
-        if not filtered:
-            return host
-
-        cert_dir = os.path.join(path_dir, 'certs')
-        if not os.path.exists(cert_dir):
-            os.makedirs(cert_dir, 0o700, True)
-
-        for f in filtered:
-            result = self.write_cert_to_file(
-                os.path.join(cert_dir, f), specific.get(f)
-            )
-            host['jms_asset']['specific'][f] = result
-        return host
-
    def asset_to_host(self, asset, account, automation, protocols, platform):
        host = {
            'name': '{}'.format(asset.name),
@ -202,8 +178,6 @@ class JMSInventory:

                if not automation.ansible_enabled:
                    host['error'] = _('Ansible disabled')
-                else:
-                    host = self.convert_cert_to_file(host, path_dir)

                if self.host_callback is not None:
                    host = self.host_callback(