mirror of https://github.com/jumpserver/jumpserver
perf: You can modify sudo permissions multiple times
feng
feng626
parent
6a7896b712
commit
c3b863c2be
|
|
@ -35,6 +35,17 @@
|
||||||
- user_info.failed
|
- user_info.failed
|
||||||
- params.groups
|
- params.groups
|
||||||
|
|
||||||
|
- name: "Set {{ account.username }} sudo setting"
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: "^{{ account.username }} ALL="
|
||||||
|
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
||||||
|
validate: visudo -cf %s
|
||||||
|
when:
|
||||||
|
- user_info.failed or params.modify_sudo
|
||||||
|
- params.sudo
|
||||||
|
|
||||||
- name: "Change {{ account.username }} password"
|
- name: "Change {{ account.username }} password"
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ account.username }}"
|
name: "{{ account.username }}"
|
||||||
|
|
@ -59,17 +70,6 @@
|
||||||
exclusive: "{{ ssh_params.exclusive }}"
|
exclusive: "{{ ssh_params.exclusive }}"
|
||||||
when: account.secret_type == "ssh_key"
|
when: account.secret_type == "ssh_key"
|
||||||
|
|
||||||
- name: "Set {{ account.username }} sudo setting"
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
state: present
|
|
||||||
regexp: "^{{ account.username }} ALL="
|
|
||||||
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
|
||||||
validate: visudo -cf %s
|
|
||||||
when:
|
|
||||||
- user_info.failed
|
|
||||||
- params.sudo
|
|
||||||
|
|
||||||
- name: Refresh connection
|
- name: Refresh connection
|
||||||
ansible.builtin.meta: reset_connection
|
ansible.builtin.meta: reset_connection
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,12 @@ type:
|
||||||
- AIX
|
- AIX
|
||||||
method: change_secret
|
method: change_secret
|
||||||
params:
|
params:
|
||||||
|
- name: modify_sudo
|
||||||
|
type: bool
|
||||||
|
label: 'Modify Sudo'
|
||||||
|
default: False
|
||||||
|
help_text: "{{ 'Modify params sudo help text' | trans }}"
|
||||||
|
|
||||||
- name: sudo
|
- name: sudo
|
||||||
type: str
|
type: str
|
||||||
label: 'Sudo'
|
label: 'Sudo'
|
||||||
|
|
@ -34,6 +40,11 @@ i18n:
|
||||||
ja: 'Ansible user モジュールを使用してアカウントのパスワード変更 (DES)'
|
ja: 'Ansible user モジュールを使用してアカウントのパスワード変更 (DES)'
|
||||||
en: 'Using Ansible module user to change account secret (DES)'
|
en: 'Using Ansible module user to change account secret (DES)'
|
||||||
|
|
||||||
|
Modify params sudo help text:
|
||||||
|
zh: '如果用户存在,可以修改sudo权限'
|
||||||
|
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
|
||||||
|
en: 'If the user exists, sudo permissions can be modified'
|
||||||
|
|
||||||
Params sudo help text:
|
Params sudo help text:
|
||||||
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
||||||
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,17 @@
|
||||||
- user_info.failed
|
- user_info.failed
|
||||||
- params.groups
|
- params.groups
|
||||||
|
|
||||||
|
- name: "Set {{ account.username }} sudo setting"
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: "^{{ account.username }} ALL="
|
||||||
|
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
||||||
|
validate: visudo -cf %s
|
||||||
|
when:
|
||||||
|
- user_info.failed or params.modify_sudo
|
||||||
|
- params.sudo
|
||||||
|
|
||||||
- name: "Change {{ account.username }} password"
|
- name: "Change {{ account.username }} password"
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ account.username }}"
|
name: "{{ account.username }}"
|
||||||
|
|
@ -59,17 +70,6 @@
|
||||||
exclusive: "{{ ssh_params.exclusive }}"
|
exclusive: "{{ ssh_params.exclusive }}"
|
||||||
when: account.secret_type == "ssh_key"
|
when: account.secret_type == "ssh_key"
|
||||||
|
|
||||||
- name: "Set {{ account.username }} sudo setting"
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
state: present
|
|
||||||
regexp: "^{{ account.username }} ALL="
|
|
||||||
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
|
||||||
validate: visudo -cf %s
|
|
||||||
when:
|
|
||||||
- user_info.failed
|
|
||||||
- params.sudo
|
|
||||||
|
|
||||||
- name: Refresh connection
|
- name: Refresh connection
|
||||||
ansible.builtin.meta: reset_connection
|
ansible.builtin.meta: reset_connection
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,12 @@ type:
|
||||||
- linux
|
- linux
|
||||||
method: change_secret
|
method: change_secret
|
||||||
params:
|
params:
|
||||||
|
- name: modify_sudo
|
||||||
|
type: bool
|
||||||
|
label: 'Modify Sudo'
|
||||||
|
default: False
|
||||||
|
help_text: "{{ 'Modify params sudo help text' | trans }}"
|
||||||
|
|
||||||
- name: sudo
|
- name: sudo
|
||||||
type: str
|
type: str
|
||||||
label: 'Sudo'
|
label: 'Sudo'
|
||||||
|
|
@ -36,6 +42,11 @@ i18n:
|
||||||
ja: 'Ansible user モジュールを使用して アカウントのパスワード変更 (SHA512)'
|
ja: 'Ansible user モジュールを使用して アカウントのパスワード変更 (SHA512)'
|
||||||
en: 'Using Ansible module user to change account secret (SHA512)'
|
en: 'Using Ansible module user to change account secret (SHA512)'
|
||||||
|
|
||||||
|
Modify params sudo help text:
|
||||||
|
zh: '如果用户存在,可以修改sudo权限'
|
||||||
|
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
|
||||||
|
en: 'If the user exists, sudo permissions can be modified'
|
||||||
|
|
||||||
Params sudo help text:
|
Params sudo help text:
|
||||||
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
||||||
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,17 @@
|
||||||
- user_info.failed
|
- user_info.failed
|
||||||
- params.groups
|
- params.groups
|
||||||
|
|
||||||
|
- name: "Set {{ account.username }} sudo setting"
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: "^{{ account.username }} ALL="
|
||||||
|
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
||||||
|
validate: visudo -cf %s
|
||||||
|
when:
|
||||||
|
- user_info.failed or params.modify_sudo
|
||||||
|
- params.sudo
|
||||||
|
|
||||||
- name: "Change {{ account.username }} password"
|
- name: "Change {{ account.username }} password"
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ account.username }}"
|
name: "{{ account.username }}"
|
||||||
|
|
@ -59,17 +70,6 @@
|
||||||
exclusive: "{{ ssh_params.exclusive }}"
|
exclusive: "{{ ssh_params.exclusive }}"
|
||||||
when: account.secret_type == "ssh_key"
|
when: account.secret_type == "ssh_key"
|
||||||
|
|
||||||
- name: "Set {{ account.username }} sudo setting"
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
state: present
|
|
||||||
regexp: "^{{ account.username }} ALL="
|
|
||||||
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
|
||||||
validate: visudo -cf %s
|
|
||||||
when:
|
|
||||||
- user_info.failed
|
|
||||||
- params.sudo
|
|
||||||
|
|
||||||
- name: Refresh connection
|
- name: Refresh connection
|
||||||
ansible.builtin.meta: reset_connection
|
ansible.builtin.meta: reset_connection
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,12 @@ type:
|
||||||
- AIX
|
- AIX
|
||||||
method: push_account
|
method: push_account
|
||||||
params:
|
params:
|
||||||
|
- name: modify_sudo
|
||||||
|
type: bool
|
||||||
|
label: 'Modify Sudo'
|
||||||
|
default: False
|
||||||
|
help_text: "{{ 'Modify params sudo help text' | trans }}"
|
||||||
|
|
||||||
- name: sudo
|
- name: sudo
|
||||||
type: str
|
type: str
|
||||||
label: 'Sudo'
|
label: 'Sudo'
|
||||||
|
|
@ -34,6 +40,11 @@ i18n:
|
||||||
ja: 'Ansible user モジュールを使用して Aix アカウントをプッシュする (DES)'
|
ja: 'Ansible user モジュールを使用して Aix アカウントをプッシュする (DES)'
|
||||||
en: 'Using Ansible module user to push account (DES)'
|
en: 'Using Ansible module user to push account (DES)'
|
||||||
|
|
||||||
|
Modify params sudo help text:
|
||||||
|
zh: '如果用户存在,可以修改sudo权限'
|
||||||
|
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
|
||||||
|
en: 'If the user exists, sudo permissions can be modified'
|
||||||
|
|
||||||
Params sudo help text:
|
Params sudo help text:
|
||||||
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
||||||
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,17 @@
|
||||||
- user_info.failed
|
- user_info.failed
|
||||||
- params.groups
|
- params.groups
|
||||||
|
|
||||||
|
- name: "Set {{ account.username }} sudo setting"
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
dest: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: "^{{ account.username }} ALL="
|
||||||
|
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
||||||
|
validate: visudo -cf %s
|
||||||
|
when:
|
||||||
|
- user_info.failed or params.modify_sudo
|
||||||
|
- params.sudo
|
||||||
|
|
||||||
- name: "Change {{ account.username }} password"
|
- name: "Change {{ account.username }} password"
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ account.username }}"
|
name: "{{ account.username }}"
|
||||||
|
|
@ -59,17 +70,6 @@
|
||||||
exclusive: "{{ ssh_params.exclusive }}"
|
exclusive: "{{ ssh_params.exclusive }}"
|
||||||
when: account.secret_type == "ssh_key"
|
when: account.secret_type == "ssh_key"
|
||||||
|
|
||||||
- name: "Set {{ account.username }} sudo setting"
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
dest: /etc/sudoers
|
|
||||||
state: present
|
|
||||||
regexp: "^{{ account.username }} ALL="
|
|
||||||
line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
|
|
||||||
validate: visudo -cf %s
|
|
||||||
when:
|
|
||||||
- user_info.failed
|
|
||||||
- params.sudo
|
|
||||||
|
|
||||||
- name: Refresh connection
|
- name: Refresh connection
|
||||||
ansible.builtin.meta: reset_connection
|
ansible.builtin.meta: reset_connection
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,12 @@ type:
|
||||||
- linux
|
- linux
|
||||||
method: push_account
|
method: push_account
|
||||||
params:
|
params:
|
||||||
|
- name: modify_sudo
|
||||||
|
type: bool
|
||||||
|
label: 'Modify Sudo'
|
||||||
|
default: False
|
||||||
|
help_text: "{{ 'Modify params sudo help text' | trans }}"
|
||||||
|
|
||||||
- name: sudo
|
- name: sudo
|
||||||
type: str
|
type: str
|
||||||
label: 'Sudo'
|
label: 'Sudo'
|
||||||
|
|
@ -36,6 +42,11 @@ i18n:
|
||||||
ja: 'Ansible user モジュールを使用してアカウントをプッシュする (sha512)'
|
ja: 'Ansible user モジュールを使用してアカウントをプッシュする (sha512)'
|
||||||
en: 'Using Ansible module user to push account (sha512)'
|
en: 'Using Ansible module user to push account (sha512)'
|
||||||
|
|
||||||
|
Modify params sudo help text:
|
||||||
|
zh: '如果用户存在,可以修改sudo权限'
|
||||||
|
ja: 'ユーザーが存在する場合、sudo権限を変更できます'
|
||||||
|
en: 'If the user exists, sudo permissions can be modified'
|
||||||
|
|
||||||
Params sudo help text:
|
Params sudo help text:
|
||||||
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig'
|
||||||
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig'
|
||||||
|
|
|
||||||
|
|
@ -113,11 +113,7 @@ class BasePlaybookManager:
|
||||||
if not data:
|
if not data:
|
||||||
data = automation_params.get(method_id, {})
|
data = automation_params.get(method_id, {})
|
||||||
params = serializer(data).data
|
params = serializer(data).data
|
||||||
return {
|
return params
|
||||||
field_name: automation_params.get(field_name, '')
|
|
||||||
if not params[field_name] else params[field_name]
|
|
||||||
for field_name in params
|
|
||||||
}
|
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def platform_automation_methods(self):
|
def platform_automation_methods(self):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue