From fe717f02444b0c3af160b12b4747bd93a4468a7c Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" <32935519+BaiJiangJie@users.noreply.github.com> Date: Mon, 24 May 2021 16:04:40 +0800 Subject: [PATCH 1/8] feat: Update README (#6182) * feat: Update README * feat: Update README * Update README.md * feat: update README --- README.md | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b8e86a2c7..42a1f7fad 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,8 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 - - + + @@ -53,6 +53,12 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 + + + + + + @@ -64,6 +70,10 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 + + + + @@ -105,7 +115,7 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 - + @@ -157,17 +167,27 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 + + + + + + + - + - + + + + @@ -300,3 +320,4 @@ Licensed under The GNU General Public License version 2 (GPLv2) (the "License") https://www.gnu.org/licenses/gpl-2.0.html Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + From 1812074231204f2ebdc135cad7c2fbe7e724e00b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Wed, 23 Jun 2021 11:31:51 +0800 Subject: [PATCH 2/8] Update README.md --- README.md | 276 ++++++------------------------------------------------ 1 file changed, 31 insertions(+), 245 deletions(-) diff --git a/README.md b/README.md index 58ba7899c..56e0cee78 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ -# JumpServer 多云环境下更好用的堡垒机 +

JumpServer

+

多云环境下更好用的堡垒机

-[![License](https://shields.io/github/license/jumpserver/jumpserver)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.html) -[![Release Downloads](https://shields.io/github/downloads/jumpserver/jumpserver/total)](https://github.com/jumpserver/jumpserver/releases) -[![Docker Pulls](https://img.shields.io/docker/pulls/jumpserver/jms_all.svg)](https://hub.docker.com/u/jumpserver) +

+ License: GPL v2 + release + Codacy + Stars +

+-------------------------- - [ENGLISH](https://github.com/jumpserver/jumpserver/blob/master/README_EN.md) -|《新一代堡垒机建设指南》开放下载| -|------------------| -|本白皮书由JumpServer开源项目组编著而成。编写团队从企业实践和技术演进的双重视角出发,结合自身在身份与访问安全领域长期研发及落地经验组织撰写,同时积极听取行业内专家的意见和建议,在此基础上完成了本白皮书的编写任务。下载链接:https://jinshuju.net/f/E0qAl8| - --------------------------- JumpServer 是全球首款开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合 4A 规范的运维安全审计系统。 @@ -22,7 +22,7 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 改变世界,从一点点开始。 -## 特色优势 +### 特色优势 - 开源: 零门槛,线上快速获取和安装; - 分布式: 轻松支持大规模并发访问; @@ -33,247 +33,20 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 - 多应用支持: 数据库,Windows远程应用,Kubernetes。 -## 功能列表 - -
身份认证
Authentication		登录认证身份认证
Authentication		登录认证 资源统一登录与认证
CAS 认证 (实现单点登录)
钉钉认证 (扫码登录)
企业微信认证 (扫码登录)
MFA认证 MFA 二次认证(Google Authenticator)登录复核 用户登录行为受管理员的监管与控制:small_orange_diamond:
登录限制用户登录来源 IP 受管理员控制(支持黑/白名单)
账号管理
Account		 集中账号统一对资产主机的用户密码进行查看、更新、测试操作:small_orange_diamond:
授权控制
Authorization		授权控制
Authorization		 多维授权 对用户、用户组、资产、资产节点、应用以及系统用户进行授权
工单管理 支持对用户登录请求行为进行控制:small_orange_diamond:
访问控制登录资产复核(通过 SSH/Telnet 协议登录资产):small_orange_diamond:
命令执行复核:small_orange_diamond:
组织管理 实现多租户管理与权限隔离:small_orange_diamond:
安全审计
Audit		安全审计
Audit		 操作审计 用户操作行为审计
会话审计会话审计在线会话内容监控
在线会话内容审计
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
身份认证
Authentication		登录认证资源统一登录与认证
LDAP/AD 认证
RADIUS 认证
OpenID 认证(实现单点登录)
CAS 认证 (实现单点登录)
钉钉认证 (扫码登录)
企业微信认证 (扫码登录)
MFA认证MFA 二次认证(Google Authenticator)
RADIUS 二次认证
登录复核用户登录行为受管理员的监管与控制:small_orange_diamond:
登录限制用户登录来源 IP 受管理员控制(支持黑/白名单)
账号管理
Account		集中账号管理用户管理
系统用户管理
统一密码资产密码托管
自动生成密码
自动推送密码
密码过期设置
批量改密定期批量改密:small_orange_diamond:
多种密码策略:small_orange_diamond:
多云纳管 对私有云、公有云资产自动统一纳管:small_orange_diamond:
收集用户 自定义任务定期收集主机用户:small_orange_diamond:
密码匣子 统一对资产主机的用户密码进行查看、更新、测试操作:small_orange_diamond:
授权控制
Authorization		多维授权对用户、用户组、资产、资产节点、应用以及系统用户进行授权
资产授权资产以树状结构进行展示
资产和节点均可灵活授权
节点内资产自动继承授权
子节点自动继承父节点授权
应用授权实现更细粒度的应用级授权
MySQL 数据库应用、RemoteApp 远程应用:small_orange_diamond:
动作授权实现对授权资产的文件上传、下载以及连接动作的控制
时间授权实现对授权资源使用时间段的限制
特权指令实现对特权指令的使用(支持黑白名单)
命令过滤实现对授权系统用户所执行的命令进行控制
文件传输SFTP 文件上传/下载
文件管理实现 Web SFTP 文件管理
工单管理支持对用户登录请求行为进行控制:small_orange_diamond:
访问控制登录资产复核(通过 SSH/Telnet 协议登录资产):small_orange_diamond:
命令执行复核:small_orange_diamond:
组织管理实现多租户管理与权限隔离:small_orange_diamond:
安全审计
Audit		操作审计用户操作行为审计
会话审计在线会话内容监控
在线会话内容审计
历史会话内容审计
录像审计支持对 Linux、Windows 等资产操作的录像进行回放审计
支持对 RemoteApp:small_orange_diamond:、MySQL 等应用操作的录像进行回放审计
指令审计支持对资产和应用等操作的命令进行审计
文件传输可对文件的上传、下载记录进行审计
数据库审计
Database		连接方式命令方式
Web UI方式 :small_orange_diamond:
支持的数据库MySQL
Oracle :small_orange_diamond:
MariaDB :small_orange_diamond:
PostgreSQL :small_orange_diamond:
功能亮点语法高亮
SQL格式化
支持快捷键
支持选中执行
SQL历史查询
支持页面创建 DB, TABLE
会话审计命令记录
录像回放
- -**说明**: 带 :small_orange_diamond: 后缀的是 X-PACK 插件有的功能 - -## 快速开始 +### 快速开始 - [极速安装](https://docs.jumpserver.org/zh/master/install/setup_by_fast/) - [完整文档](https://docs.jumpserver.org) - [演示视频](https://www.bilibili.com/video/BV1ZV41127GB) - [手动安装](https://github.com/jumpserver/installer) -## 组件项目 +### 组件项目 - [Lina](https://github.com/jumpserver/lina) JumpServer Web UI 项目 - [Luna](https://github.com/jumpserver/luna) JumpServer Web Terminal 项目 - [KoKo](https://github.com/jumpserver/koko) JumpServer 字符协议 Connector 项目,替代原来 Python 版本的 [Coco](https://github.com/jumpserver/coco) - [Lion](https://github.com/jumpserver/lion-release) JumpServer 图形协议 Connector 项目,依赖 [Apache Guacamole](https://guacamole.apache.org/) -## 贡献 +### 贡献 如果有你好的想法创意,或者帮助我们修复了 Bug, 欢迎提交 Pull Request 感谢以下贡献者,让 JumpServer 更加完善 @@ -282,16 +55,29 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 + + + -## 致谢 + + + + + + + + + + +### 致谢 - [Apache Guacamole](https://guacamole.apache.org/) Web页面连接 RDP, SSH, VNC协议设备,JumpServer 图形化组件 Lion 依赖 - [OmniDB](https://omnidb.org/) Web页面连接使用数据库,JumpServer Web数据库依赖 -## JumpServer 企业版 +### JumpServer 企业版 - [申请企业版试用](https://jinshuju.net/f/kyOYpi) -## 案例研究 +### 案例研究 - [JumpServer 堡垒机护航顺丰科技超大规模资产安全运维](https://blog.fit2cloud.com/?p=1147); - [JumpServer 堡垒机让“大智慧”的混合 IT 运维更智慧](https://blog.fit2cloud.com/?p=882); @@ -302,7 +88,7 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 - [东方明珠:JumpServer高效管控异构化、分布式云端资产](https://blog.fit2cloud.com/?p=687); - [江苏农信:JumpServer堡垒机助力行业云安全运维](https://blog.fit2cloud.com/?p=666)。 -## 安全说明 +### 安全说明 JumpServer是一款安全产品,请参考 [基本安全建议](https://docs.jumpserver.org/zh/master/install/install_security/) 部署安装. @@ -312,7 +98,7 @@ JumpServer是一款安全产品,请参考 [基本安全建议](https://docs.ju - support@fit2cloud.com - 400-052-0755 -## License & Copyright +### License & Copyright Copyright (c) 2014-2020 飞致云 FIT2CLOUD, All rights reserved. From 999666f0eb51253bb8d98445d8c30b6cb3c5bc05 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 23 Jun 2021 17:16:01 +0800 Subject: [PATCH 3/8] =?UTF-8?q?docs:=20=E4=BF=AE=E6=94=B9=E8=8B=B1?= =?UTF-8?q?=E6=96=87=E7=89=88=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README_EN.md | 283 ++++++--------------------------------------------- 1 file changed, 29 insertions(+), 254 deletions(-) diff --git a/README_EN.md b/README_EN.md index 072aaadea..f1706a3b9 100644 --- a/README_EN.md +++ b/README_EN.md @@ -1,22 +1,18 @@ -# Jumpserver - The Bastion Host for Multi-Cloud Environment +

JumpServer

+

Open Source Bastion Host

-[![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/) -[![Django](https://img.shields.io/badge/django-2.2-brightgreen.svg?style=plastic)](https://www.djangoproject.com/) -[![Docker Pulls](https://img.shields.io/docker/pulls/jumpserver/jms_all.svg)](https://hub.docker.com/u/jumpserver) +

+ License: GPL v2 + release + Codacy + Stars +

-- [中文版](https://github.com/jumpserver/jumpserver/blob/master/README.md) +JumpServer is the world's first open-source Bastion Host and is licensed under the GNU GPL v2.0. It is a 4A-compliant professional operation and maintenance security audit system. -|![notification](https://raw.githubusercontent.com/goharbor/website/master/docs/img/readme/bell-outline-badged.svg)Security Notice| -|------------------| -|On 15th January 2021, JumpServer found a critical bug for remote execution vulnerability. Please fix it asap! [For more detail](https://github.com/jumpserver/jumpserver/issues/5533) Thanks for **reactivity of Alibaba Hackerone bug bounty program** report use the bug| +JumpServer uses Python / Django for development, follows Web 2.0 specifications, and is equipped with an industry-leading Web Terminal solution that provides a beautiful user interface and great user experience --------------------------- - -Jumpserver is the world's first open-source Bastion Host and is licensed under the GNU GPL v2.0. It is a 4A-compliant professional operation and maintenance security audit system. - -Jumpserver uses Python / Django for development, follows Web 2.0 specifications, and is equipped with an industry-leading Web Terminal solution that provides a beautiful user interface and great user experience - -Jumpserver adopts a distributed architecture to support multi-branch deployment across multiple cross-regional areas. The central node provides APIs, and login nodes are deployed in each branch. It can be scaled horizontally without concurrency restrictions. +JumpServer adopts a distributed architecture to support multi-branch deployment across multiple cross-regional areas. The central node provides APIs, and login nodes are deployed in each branch. It can be scaled horizontally without concurrency restrictions. Change the world by taking every little step @@ -31,246 +27,14 @@ Change the world by taking every little step - Multi-Tenant system: multiple subsidiary companies or departments access the same system simultaneously. - Many applications supported: link to databases, windows remote applications, and Kubernetes cluster, etc. -## Features List - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AuthenticationLoginUnified way to access and authenticate resources
LDAP/AD Authentication
RADIUS Authentication
OpenID Authentication(Single Sign-On)
CAS Authentication (Single Sign-On)
MFA (Multi-Factor Authentication)Use Google Authenticator for MFA
RADIUS (Remote Authentication Dial In User Service)
Login SupervisionAny user’s login behavior is supervised and controlled by the administrator:small_orange_diamond:
AccountingCentralized Accounts ManagementAdmin Users management
System Users management
Unified Password ManagementAsset password custody (a matrix storing all asset password with dense security)
Auto-generated passwords
Automatic password handling (auto login assets)
Password expiration settings
Password change SchedularSupport regular batch Linux/Windows assets password changing:small_orange_diamond:
Implement multiple password strategies:small_orange_diamond:
Multi-Cloud ManagementAutomatically manage private cloud and public cloud assets in a unified platform :small_orange_diamond:
Users Acquisition Create regular custom tasks to collect system users in selected assets to identify and track the privileges ownership:small_orange_diamond:
Password Vault Unified operations to check, update, and test system user password to prevent stealing or unauthorised sharing of passwords:small_orange_diamond:
AuthorizationMulti-DimensionalGranting users or user groups to access assets, asset nodes, or applications through system users. Providing precise access control to different roles of users
AssetsAssets are arranged and displayed in a tree structure
Assets and Nodes have immense flexibility for authorizing
Assets in nodes inherit authorization automatically
child nodes automatically inherit authorization from parent nodes
ApplicationProvides granular access control for privileged users on application level to protect from unauthorized access and unintentional errors
Database applications (MySQL, Oracle, PostgreSQL, MariaDB, etc.) and Remote App:small_orange_diamond:
ActionsDeeper restriction on the control of file upload, download and connection actions of authorized assets. Control the permission of clipboard copy/paste (from outer terminal to current asset)
Time BoundSharply limited the available (accessible) time for account access to the authorized resources to reduce the risk and attack surface drastically
Privileged AssignmentAssign the denied/allowed command lists to different system users as privilege elevation, with the latter taking the form of allowing particular commands to be run with a higher level of privileges. (Minimize insider threat)
Command FilteringCreating list of restriction commands that you would like to assign to different authorized system users for filtering purpose
File Transfer and ManagementSupport SFTP file upload/download
File ManagementProvide a Web UI for SFTP file management
Workflow ManagementManage user login confirmation requests and assets or applications authorization requests for Just-In-Time Privileges functionality:small_orange_diamond:
Group Management Establishing a multi-tenant ecosystem that able authority isolation to keep malicious actors away from sensitive administrative backends:small_orange_diamond:
AuditingOperationsAuditing user operation behaviors for any access or usage of given privileged accounts
SessionSupport real-time session audit
Full history of all previous session audits
VideoComplete session audit and playback recordings on assets operation (Linux, Windows)
Full recordings of RemoteApp, MySQL, and Kubernetes:small_orange_diamond:
Supports uploading recordings to public clouds
CommandCommand auditing on assets and applications operation. Send warning alerts when executing illegal commands
File TransferFull recordings of file upload and download
DatabaseHow to connectCommand line
Built-in Web UI:small_orange_diamond:
Supported DatabaseMySQL
Oracle :small_orange_diamond:
MariaDB :small_orange_diamond:
PostgreSQL :small_orange_diamond:
Feature HighlightsSyntax highlights
Prettier SQL formmating
Support Shortcuts
Support selected SQL statements
SQL commands history query
Support page creation: DB, TABLE
Session AuditingFull records of command
Playback videos
- -**Note**: Rows with :small_orange_diamond: at the end of the sentence means that it is X-PACK features exclusive ([Apply for X-PACK Trial](https://jinshuju.net/f/kyOYpi)) - -### Start - -Quick start [Docker Install](http://docs.jumpserver.org/zh/docs/dockerinstall.html) - -Step by Step deployment. [Docs](http://docs.jumpserver.org/zh/docs/step_by_step.html) - -Full documentation [Docs](http://docs.jumpserver.org) - -### Demo、Video 和 Snapshot - -We provide online demo, demo video and screenshots to get you started quickly. - -[Demo](https://demo.jumpserver.org/auth/login/?next=/) -[Video](https://fit2cloud2-offline-installer.oss-cn-beijing.aliyuncs.com/tools/Jumpserver%20%E4%BB%8B%E7%BB%8Dv1.4.mp4) -[Snapshot](http://docs.jumpserver.org/zh/docs/snapshot.html) - -### SDK - -We provide the SDK for your other systems to quickly interact with the Jumpserver API. - -- [Python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver other components use this SDK to complete the interaction. -- [Java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) Thanks to 恺珺 for providing his Java SDK vesrion. - -## JumpServer Component Projects +### JumpServer Component Projects - [Lina](https://github.com/jumpserver/lina) JumpServer Web UI - [Luna](https://github.com/jumpserver/luna) JumpServer Web Terminal - [KoKo](https://github.com/jumpserver/koko) JumpServer Character protocaol Connector, replace original Python Version [Coco](https://github.com/jumpserver/coco) -- [Guacamole](https://github.com/jumpserver/docker-guacamole) JumpServer Graphics protocol Connector,rely on [Apache Guacamole](https://guacamole.apache.org/) +- [Lion](https://github.com/jumpserver/lion-release) JumpServer Graphics protocol Connector,rely on [Apache Guacamole](https://guacamole.apache.org/) -## Contribution +### Contribution If you have any good ideas or helping us to fix bugs, please submit a Pull Request and accept our thanks :) Thanks to the following contributors for making JumpServer better everyday! @@ -279,16 +43,27 @@ Thanks to the following contributors for making JumpServer better everyday! + + + -## Thanks to + + + + + + + + +### Thanks to - [Apache Guacamole](https://guacamole.apache.org/) Web page connection RDP, SSH, VNC protocol equipment. JumpServer graphical connection dependent. - [OmniDB](https://omnidb.org/) Web page connection to databases. JumpServer Web database dependent. -## JumpServer Enterprise Version +### JumpServer Enterprise Version - [Apply for it](https://jinshuju.net/f/kyOYpi) -## Case Study +### Case Study - [JumpServer 堡垒机护航顺丰科技超大规模资产安全运维](https://blog.fit2cloud.com/?p=1147); - [JumpServer 堡垒机让“大智慧”的混合 IT 运维更智慧](https://blog.fit2cloud.com/?p=882); @@ -299,7 +74,7 @@ Thanks to the following contributors for making JumpServer better everyday! - [东方明珠:JumpServer高效管控异构化、分布式云端资产](https://blog.fit2cloud.com/?p=687); - [江苏农信:JumpServer堡垒机助力行业云安全运维](https://blog.fit2cloud.com/?p=666)。 -## For safety instructions +### For safety instructions JumpServer is a security product. Please refer to [Basic Security Recommendations](https://docs.jumpserver.org/zh/master/install/install_security/) for deployment and installation. From 745979074a6d80fc30c56ebf63eabfe0d971dc83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Tue, 29 Jun 2021 15:10:30 +0800 Subject: [PATCH 4/8] Update README.md --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 56e0cee78..5805573bf 100644 --- a/README.md +++ b/README.md @@ -15,11 +15,11 @@ JumpServer 是全球首款开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合 4A 规范的运维安全审计系统。 -JumpServer 使用 Python / Django 为主进行开发,遵循 Web 2.0 规范,配备了业界领先的 Web Terminal 方案,交互界面美观、用户体验好。 +JumpServer 使用 Python 开发,遵循 Web 2.0 规范,配备了业界领先的 Web Terminal 方案,交互界面美观、用户体验好。 JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向扩展,无资产数量及并发限制。 -改变世界,从一点点开始。 +改变世界,从一点点开始 ... ### 特色优势 @@ -46,6 +46,14 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 - [KoKo](https://github.com/jumpserver/koko) JumpServer 字符协议 Connector 项目,替代原来 Python 版本的 [Coco](https://github.com/jumpserver/coco) - [Lion](https://github.com/jumpserver/lion-release) JumpServer 图形协议 Connector 项目,依赖 [Apache Guacamole](https://guacamole.apache.org/) +### 社区 + +如果您在使用过程中有任何疑问或对建议,欢迎提交 [GitHub Issue](https://github.com/jumpserver/jumpserver/issues/new/choose) 或加入到我们的社区当中进行进一步交流沟通。 + +#### 微信交流群 + +微信群二维码 + ### 贡献 如果有你好的想法创意,或者帮助我们修复了 Bug, 欢迎提交 Pull Request From 381b150c2b2a96a4d2f394b9ec067c04a58af916 Mon Sep 17 00:00:00 2001 From: xinwen Date: Wed, 14 Jul 2021 21:31:26 +0800 Subject: [PATCH 5/8] =?UTF-8?q?fix:=20=E6=8E=A2=E6=B5=8B=20authbook=20?= =?UTF-8?q?=E5=9C=A8=20root=20=E7=BB=84=E7=BB=87=E4=B8=8B=E4=BF=9D?= =?UTF-8?q?=E5=AD=98=E7=9A=84=E6=83=85=E5=86=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/assets/signals_handler/asset.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/apps/assets/signals_handler/asset.py b/apps/assets/signals_handler/asset.py index de81563f4..be47a2505 100644 --- a/apps/assets/signals_handler/asset.py +++ b/apps/assets/signals_handler/asset.py @@ -5,6 +5,7 @@ from django.db.models.signals import ( ) from django.dispatch import receiver +from orgs.utils import ensure_in_real_or_default_org from common.const.signals import POST_ADD, POST_REMOVE, PRE_REMOVE from common.utils import get_logger from common.decorator import on_transaction_commit @@ -18,6 +19,12 @@ from assets.tasks import ( logger = get_logger(__file__) +@receiver(m2m_changed, sender=SystemUser.assets.through) +@ensure_in_real_or_default_org +def on_asset_system_user_change(sender, **kwargs): + pass + + def update_asset_hardware_info_on_created(asset): logger.debug("Update asset `{}` hardware info".format(asset)) update_assets_hardware_info_util.delay([asset]) From 47989c41a3ef7711f4937a1edaf44df6438e2041 Mon Sep 17 00:00:00 2001 From: "Jiangjie.Bai" <32935519+BaiJiangJie@users.noreply.github.com> Date: Thu, 9 Sep 2021 14:50:57 +0800 Subject: [PATCH 6/8] perf: Update README --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index bc6dfdd2f..c6a637cf4 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,6 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 ### 在线体验 - 环境地址: -- 用户名:test -- 密码:test01 | :warning: 注意 | | :--------------------------- | From 5d6880f6e9d2357ac780752cdf0f83e5c44d96b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E5=B9=BF?= Date: Thu, 16 Sep 2021 17:45:10 +0800 Subject: [PATCH 7/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c6a637cf4..05467881f 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 #### 微信交流群 -微信群二维码 +微信群二维码 ### 贡献 如果有你好的想法创意,或者帮助我们修复了 Bug, 欢迎提交 Pull Request From cb98b4f80a661ed3b33d3f8160ddcad781b25fa9 Mon Sep 17 00:00:00 2001 From: chenqiao Date: Thu, 18 Nov 2021 16:44:33 +0800 Subject: [PATCH 8/8] =?UTF-8?q?feat:=E6=96=B0=E5=A2=9E=E5=AF=B9sqlserver?= =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=BA=93=E6=89=98=E7=AE=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/applications/const.py | 3 ++- .../migrations/0013_auto_20211105_1605.py | 18 ++++++++++++++++++ .../attrs/application_type/__init__.py | 1 + .../attrs/application_type/sqlserver.py | 12 ++++++++++++ apps/applications/serializers/attrs/attrs.py | 1 + .../migrations/0079_auto_20211105_1605.py | 18 ++++++++++++++++++ apps/assets/models/user.py | 3 ++- .../migrations/0021_auto_20211105_1605.py | 18 ++++++++++++++++++ .../migrations/0041_auto_20211105_1605.py | 18 ++++++++++++++++++ apps/terminal/models/session.py | 3 ++- 10 files changed, 92 insertions(+), 3 deletions(-) create mode 100644 apps/applications/migrations/0013_auto_20211105_1605.py create mode 100644 apps/applications/serializers/attrs/application_type/sqlserver.py create mode 100644 apps/assets/migrations/0079_auto_20211105_1605.py create mode 100644 apps/perms/migrations/0021_auto_20211105_1605.py create mode 100644 apps/terminal/migrations/0041_auto_20211105_1605.py diff --git a/apps/applications/const.py b/apps/applications/const.py index ee150da31..dde571fbc 100644 --- a/apps/applications/const.py +++ b/apps/applications/const.py @@ -20,6 +20,7 @@ class AppType(TextChoices): oracle = 'oracle', 'Oracle' pgsql = 'postgresql', 'PostgreSQL' mariadb = 'mariadb', 'MariaDB' + sqlserver = 'sqlserver', 'SQLServer' # remote-app category chrome = 'chrome', 'Chrome' @@ -33,7 +34,7 @@ class AppType(TextChoices): @classmethod def category_types_mapper(cls): return { - AppCategory.db: [cls.mysql, cls.oracle, cls.pgsql, cls.mariadb], + AppCategory.db: [cls.mysql, cls.oracle, cls.pgsql, cls.mariadb, cls.sqlserver], AppCategory.remote_app: [cls.chrome, cls.mysql_workbench, cls.vmware_client, cls.custom], AppCategory.cloud: [cls.k8s] } diff --git a/apps/applications/migrations/0013_auto_20211105_1605.py b/apps/applications/migrations/0013_auto_20211105_1605.py new file mode 100644 index 000000000..5da963fdc --- /dev/null +++ b/apps/applications/migrations/0013_auto_20211105_1605.py @@ -0,0 +1,18 @@ +# Generated by Django 3.1.12 on 2021-11-05 08:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('applications', '0012_auto_20211014_2209'), + ] + + operations = [ + migrations.AlterField( + model_name='application', + name='type', + field=models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('sqlserver', 'SQLServer'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type'), + ), + ] diff --git a/apps/applications/serializers/attrs/application_type/__init__.py b/apps/applications/serializers/attrs/application_type/__init__.py index aaa597136..8881dedc0 100644 --- a/apps/applications/serializers/attrs/application_type/__init__.py +++ b/apps/applications/serializers/attrs/application_type/__init__.py @@ -3,6 +3,7 @@ from .mysql import * from .mariadb import * from .oracle import * from .pgsql import * +from .sqlserver import * from .chrome import * from .mysql_workbench import * diff --git a/apps/applications/serializers/attrs/application_type/sqlserver.py b/apps/applications/serializers/attrs/application_type/sqlserver.py new file mode 100644 index 000000000..af8246bd0 --- /dev/null +++ b/apps/applications/serializers/attrs/application_type/sqlserver.py @@ -0,0 +1,12 @@ +from rest_framework import serializers +from django.utils.translation import ugettext_lazy as _ + +from ..application_category import DBSerializer + + +__all__ = ['SQLServerSerializer'] + + +class SQLServerSerializer(DBSerializer): + port = serializers.IntegerField(default=1433, label=_('Port'), allow_null=True) + diff --git a/apps/applications/serializers/attrs/attrs.py b/apps/applications/serializers/attrs/attrs.py index 09b7f48b1..4bd3f81eb 100644 --- a/apps/applications/serializers/attrs/attrs.py +++ b/apps/applications/serializers/attrs/attrs.py @@ -28,6 +28,7 @@ type_serializer_classes_mapping = { const.AppType.mariadb.value: application_type.MariaDBSerializer, const.AppType.oracle.value: application_type.OracleSerializer, const.AppType.pgsql.value: application_type.PostgreSerializer, + const.AppType.sqlserver.value: application_type.SQLServerSerializer, # remote-app const.AppType.chrome.value: application_type.ChromeSerializer, const.AppType.mysql_workbench.value: application_type.MySQLWorkbenchSerializer, diff --git a/apps/assets/migrations/0079_auto_20211105_1605.py b/apps/assets/migrations/0079_auto_20211105_1605.py new file mode 100644 index 000000000..915a659df --- /dev/null +++ b/apps/assets/migrations/0079_auto_20211105_1605.py @@ -0,0 +1,18 @@ +# Generated by Django 3.1.12 on 2021-11-05 08:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('assets', '0078_auto_20211014_2209'), + ] + + operations = [ + migrations.AlterField( + model_name='systemuser', + name='protocol', + field=models.CharField(choices=[('ssh', 'SSH'), ('rdp', 'RDP'), ('telnet', 'Telnet'), ('vnc', 'VNC'), ('mysql', 'MySQL'), ('oracle', 'Oracle'), ('mariadb', 'MariaDB'), ('postgresql', 'PostgreSQL'), ('sqlserver', 'SQLServer'), ('k8s', 'K8S')], default='ssh', max_length=16, verbose_name='Protocol'), + ), + ] diff --git a/apps/assets/models/user.py b/apps/assets/models/user.py index 5f1a8df76..337ccdf2f 100644 --- a/apps/assets/models/user.py +++ b/apps/assets/models/user.py @@ -32,6 +32,7 @@ class ProtocolMixin: oracle = 'oracle', 'Oracle' mariadb = 'mariadb', 'MariaDB' postgresql = 'postgresql', 'PostgreSQL' + sqlserver = 'sqlserver', 'SQLServer' k8s = 'k8s', 'K8S' SUPPORT_PUSH_PROTOCOLS = [Protocol.ssh, Protocol.rdp] @@ -43,7 +44,7 @@ class ProtocolMixin: Protocol.rdp ] APPLICATION_CATEGORY_DB_PROTOCOLS = [ - Protocol.mysql, Protocol.oracle, Protocol.mariadb, Protocol.postgresql + Protocol.mysql, Protocol.oracle, Protocol.mariadb, Protocol.postgresql, Protocol.sqlserver ] APPLICATION_CATEGORY_CLOUD_PROTOCOLS = [ Protocol.k8s diff --git a/apps/perms/migrations/0021_auto_20211105_1605.py b/apps/perms/migrations/0021_auto_20211105_1605.py new file mode 100644 index 000000000..f1d3c0043 --- /dev/null +++ b/apps/perms/migrations/0021_auto_20211105_1605.py @@ -0,0 +1,18 @@ +# Generated by Django 3.1.12 on 2021-11-05 08:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('perms', '0020_auto_20210910_1103'), + ] + + operations = [ + migrations.AlterField( + model_name='applicationpermission', + name='type', + field=models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('sqlserver', 'SQLServer'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type'), + ), + ] diff --git a/apps/terminal/migrations/0041_auto_20211105_1605.py b/apps/terminal/migrations/0041_auto_20211105_1605.py new file mode 100644 index 000000000..ef271abc6 --- /dev/null +++ b/apps/terminal/migrations/0041_auto_20211105_1605.py @@ -0,0 +1,18 @@ +# Generated by Django 3.1.12 on 2021-11-05 08:05 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('terminal', '0040_sessionjoinrecord_sessionsharing'), + ] + + operations = [ + migrations.AlterField( + model_name='session', + name='protocol', + field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('vnc', 'vnc'), ('telnet', 'telnet'), ('mysql', 'mysql'), ('oracle', 'oracle'), ('mariadb', 'mariadb'), ('sqlserver', 'sqlserver'), ('postgresql', 'postgresql'), ('k8s', 'kubernetes')], db_index=True, default='ssh', max_length=16), + ), + ] diff --git a/apps/terminal/models/session.py b/apps/terminal/models/session.py index 3084a3395..f591de916 100644 --- a/apps/terminal/models/session.py +++ b/apps/terminal/models/session.py @@ -31,6 +31,7 @@ class Session(OrgModelMixin): MYSQL = 'mysql', 'mysql' ORACLE = 'oracle', 'oracle' MARIADB = 'mariadb', 'mariadb' + SQLSERVER = 'sqlserver', 'sqlserver' POSTGRESQL = 'postgresql', 'postgresql' K8S = 'k8s', 'kubernetes' @@ -122,7 +123,7 @@ class Session(OrgModelMixin): @property def db_protocols(self): _PROTOCOL = self.PROTOCOL - return [_PROTOCOL.MYSQL, _PROTOCOL.MARIADB, _PROTOCOL.ORACLE, _PROTOCOL.POSTGRESQL] + return [_PROTOCOL.MYSQL, _PROTOCOL.MARIADB, _PROTOCOL.ORACLE, _PROTOCOL.POSTGRESQL, _PROTOCOL.SQLSERVER] @property def can_terminate(self):