From 382201188c8490da96b847725129f3554248a538 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 31 Jan 2023 10:22:25 +0800 Subject: [PATCH 1/3] =?UTF-8?q?perf:=20admin=20user=20=E4=B8=8D=E8=83=BD?= =?UTF-8?q?=E5=88=A0=E9=99=A4=EF=BC=8Cxpack=20=20=E5=BC=95=E7=94=A8?= =?UTF-8?q?=E7=9D=80=EF=BC=8C=E4=B8=8D=E7=A1=AE=E5=AE=9A=E9=A1=BA=E5=BA=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../migrations/0104_auto_20220817_1544.py | 3 -- apps/assets/models/_user.py | 53 ++++++++++++++----- 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/apps/assets/migrations/0104_auto_20220817_1544.py b/apps/assets/migrations/0104_auto_20220817_1544.py index 864eba8f1..972c34e09 100644 --- a/apps/assets/migrations/0104_auto_20220817_1544.py +++ b/apps/assets/migrations/0104_auto_20220817_1544.py @@ -52,9 +52,6 @@ class Migration(migrations.Migration): migrations.DeleteModel( name='Cluster', ), - migrations.DeleteModel( - name='AdminUser', - ), migrations.DeleteModel( name='HistoricalAuthBook', ), diff --git a/apps/assets/models/_user.py b/apps/assets/models/_user.py index d7809a2b3..019147456 100644 --- a/apps/assets/models/_user.py +++ b/apps/assets/models/_user.py @@ -17,7 +17,23 @@ __all__ = ['SystemUser'] logger = logging.getLogger(__name__) -class SystemUser(OrgModelMixin): +class OldBaseUser(models.Model): + id = models.UUIDField(default=uuid.uuid4, primary_key=True) + name = models.CharField(max_length=128, verbose_name=_('Name')) + username = models.CharField(max_length=128, blank=True, verbose_name=_('Username'), db_index=True) + password = fields.EncryptCharField(max_length=256, blank=True, null=True, verbose_name=_('Password')) + private_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH private key')) + public_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH public key')) + comment = models.TextField(blank=True, verbose_name=_('Comment')) + date_created = models.DateTimeField(auto_now_add=True, verbose_name=_("Date created")) + date_updated = models.DateTimeField(auto_now=True, verbose_name=_("Date updated")) + created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by')) + + class Meta: + abstract = True + + +class SystemUser(OrgModelMixin, OldBaseUser): LOGIN_AUTO = 'auto' LOGIN_MANUAL = 'manual' LOGIN_MODE_CHOICES = ( @@ -29,19 +45,7 @@ class SystemUser(OrgModelMixin): common = 'common', _('Common user') admin = 'admin', _('Admin user') - id = models.UUIDField(default=uuid.uuid4, primary_key=True) - name = models.CharField(max_length=128, verbose_name=_('Name')) - username = models.CharField(max_length=128, blank=True, verbose_name=_('Username'), db_index=True) - password = fields.EncryptCharField(max_length=256, blank=True, null=True, verbose_name=_('Password')) - private_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH private key')) - public_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH public key')) token = models.TextField(default='', verbose_name=_('Token')) - - comment = models.TextField(blank=True, verbose_name=_('Comment')) - date_created = models.DateTimeField(auto_now_add=True, verbose_name=_("Date created")) - date_updated = models.DateTimeField(auto_now=True, verbose_name=_("Date updated")) - created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by')) - username_same_with_user = models.BooleanField(default=False, verbose_name=_("Username same with user")) type = models.CharField(max_length=16, choices=Type.choices, default=Type.common, verbose_name=_('Type')) priority = models.IntegerField(default=81, verbose_name=_("Priority"), help_text=_("1-100, the lower the value will be match first"), validators=[MinValueValidator(1), MaxValueValidator(100)]) @@ -66,3 +70,26 @@ class SystemUser(OrgModelMixin): permissions = [ ('match_systemuser', _('Can match system user')), ] + + +# Deprecated: 准备废弃 +class AdminUser(OrgModelMixin, OldBaseUser): + """ + A privileged user that ansible can use it to push system user and so on + """ + BECOME_METHOD_CHOICES = ( + ('sudo', 'sudo'), + ('su', 'su'), + ) + become = models.BooleanField(default=True) + become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4) + become_user = models.CharField(default='root', max_length=64) + _become_pass = models.CharField(default='', blank=True, max_length=128) + + def __str__(self): + return self.name + + class Meta: + ordering = ['name'] + unique_together = [('name', 'org_id')] + verbose_name = _("Admin user") \ No newline at end of file From 0c1048ed89f1f7d46bbc48a3f9d39e6867ff2e5b Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 31 Jan 2023 10:42:55 +0800 Subject: [PATCH 2/3] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20migrations?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../migrations/0093_auto_20220403_1627.py | 18 ++++++++++++------ apps/assets/migrations/0107_automation.py | 18 ++---------------- 2 files changed, 14 insertions(+), 22 deletions(-) diff --git a/apps/assets/migrations/0093_auto_20220403_1627.py b/apps/assets/migrations/0093_auto_20220403_1627.py index ee536497e..71d88f773 100644 --- a/apps/assets/migrations/0093_auto_20220403_1627.py +++ b/apps/assets/migrations/0093_auto_20220403_1627.py @@ -71,12 +71,18 @@ class Migration(migrations.Migration): ), migrations.AlterModelOptions( name='asset', - options={'ordering': ['name'], - 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), - ('test_assetconnectivity', 'Can test asset connectivity'), - ('push_assetsystemuser', 'Can push system user to asset'), - ('match_asset', 'Can match asset'), ('add_assettonode', 'Add asset to node'), - ('move_assettonode', 'Move asset to node')], 'verbose_name': 'Asset'}, + options={ + 'ordering': ['name'], + 'permissions': [ + ('refresh_assethardwareinfo', 'Can refresh asset hardware info'), + ('test_assetconnectivity', 'Can test asset connectivity'), + ('push_assetaccount', 'Can push account to asset'), + ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), + ('add_assettonode', 'Add asset to node'), + ('move_assettonode', 'Move asset to node') + ], + 'verbose_name': 'Asset' + }, ), migrations.RenameField( model_name='asset', diff --git a/apps/assets/migrations/0107_automation.py b/apps/assets/migrations/0107_automation.py index 38bb777e4..56c2cf4eb 100644 --- a/apps/assets/migrations/0107_automation.py +++ b/apps/assets/migrations/0107_automation.py @@ -35,7 +35,7 @@ class Migration(migrations.Migration): ], options={ 'verbose_name': 'Automation task', - 'unique_together': {('org_id', 'name')}, + 'unique_together': {('org_id', 'name', 'type')}, }, ), migrations.CreateModel( @@ -93,18 +93,4 @@ class Migration(migrations.Migration): name='automation', field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='executions', to='assets.baseautomation', verbose_name='Automation task'), ), - migrations.AlterUniqueTogether( - name='baseautomation', - unique_together={('org_id', 'name', 'type')}, - ), - migrations.AlterModelOptions( - name='asset', - options={'ordering': ['name'], - 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), - ('test_assetconnectivity', 'Can test asset connectivity'), - ('push_assetaccount', 'Can push account to asset'), - ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), - ('add_assettonode', 'Add asset to node'), - ('move_assettonode', 'Move asset to node')], 'verbose_name': 'Asset'}, - ), -] + ] From 9d59fb736b9dafced335053eb1bf17b3d54f6f04 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 31 Jan 2023 13:03:45 +0800 Subject: [PATCH 3/3] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20database=20?= =?UTF-8?q?=E7=9A=84=20cert=20model=20field?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/migrations/0093_auto_20220403_1627.py | 7 ++++--- apps/assets/models/asset/common.py | 2 ++ apps/assets/models/asset/database.py | 15 ++++----------- 3 files changed, 10 insertions(+), 14 deletions(-) diff --git a/apps/assets/migrations/0093_auto_20220403_1627.py b/apps/assets/migrations/0093_auto_20220403_1627.py index 71d88f773..45b8e92ed 100644 --- a/apps/assets/migrations/0093_auto_20220403_1627.py +++ b/apps/assets/migrations/0093_auto_20220403_1627.py @@ -2,6 +2,7 @@ import django.db from django.db import migrations, models +import common.db.fields def migrate_to_host(apps, schema_editor): @@ -120,9 +121,9 @@ class Migration(migrations.Migration): primary_key=True, serialize=False, to='assets.asset')), ('db_name', models.CharField(blank=True, max_length=1024, verbose_name='Database')), ('allow_invalid_cert', models.BooleanField(default=False, verbose_name='Allow invalid cert')), - ('ca_cert', models.TextField(blank=True, verbose_name='CA cert')), - ('client_cert', models.TextField(blank=True, verbose_name='Client cert')), - ('client_key', models.TextField(blank=True, verbose_name='Client key'),), + ('ca_cert', common.db.fields.EncryptTextField(blank=True, verbose_name='CA cert')), + ('client_cert', common.db.fields.EncryptTextField(blank=True, verbose_name='Client cert')), + ('client_key', common.db.fields.EncryptTextField(blank=True, verbose_name='Client key'),), ('use_ssl', models.BooleanField(default=False, verbose_name='Use SSL'),), ], options={ diff --git a/apps/assets/models/asset/common.py b/apps/assets/models/asset/common.py index c7d8238e0..3914f000c 100644 --- a/apps/assets/models/asset/common.py +++ b/apps/assets/models/asset/common.py @@ -11,6 +11,7 @@ from django.utils.translation import ugettext_lazy as _ from assets import const from common.utils import lazyproperty +from common.db.fields import EncryptMixin from orgs.mixins.models import OrgManager, JMSOrgBaseModel from ..base import AbsConnectivity from ..platform import Platform @@ -139,6 +140,7 @@ class Asset(NodesRelationMixin, AbsConnectivity, JMSOrgBaseModel): if not instance: return [] specific_fields = self.get_specific_fields(instance) + specific_fields = [i for i in specific_fields if not isinstance(i, EncryptMixin)] info = [ { 'label': i.verbose_name, diff --git a/apps/assets/models/asset/database.py b/apps/assets/models/asset/database.py index 2c033de9e..12da55b30 100644 --- a/apps/assets/models/asset/database.py +++ b/apps/assets/models/asset/database.py @@ -1,28 +1,21 @@ from django.db import models from django.utils.translation import gettext_lazy as _ +from common.db.fields import EncryptTextField from .common import Asset class Database(Asset): db_name = models.CharField(max_length=1024, verbose_name=_("Database"), blank=True) use_ssl = models.BooleanField(default=False, verbose_name=_("Use SSL")) - ca_cert = models.TextField(verbose_name=_("CA cert"), blank=True) - client_cert = models.TextField(verbose_name=_("Client cert"), blank=True) - client_key = models.TextField(verbose_name=_("Client key"), blank=True) + ca_cert = EncryptTextField(verbose_name=_("CA cert"), blank=True) + client_cert = EncryptTextField(verbose_name=_("Client cert"), blank=True) + client_key = EncryptTextField(verbose_name=_("Client key"), blank=True) allow_invalid_cert = models.BooleanField(default=False, verbose_name=_('Allow invalid cert')) def __str__(self): return '{}({}://{}/{})'.format(self.name, self.type, self.address, self.db_name) - @property - def specific(self): - return { - 'db_name': self.db_name, - 'use_ssl': self.use_ssl, - 'allow_invalid_cert': self.allow_invalid_cert, - } - @property def ip(self): return self.address