mirror of https://github.com/jumpserver/jumpserver
fit2bot
GitHub
parent
3443b06a28
commit
c5edb9981e
|
|
@ -11,7 +11,8 @@ from common.const.choices import Trigger
|
|||
|
||||
__all__ = [
|
||||
'AutomationAssetsListApi', 'AutomationRemoveAssetApi',
|
||||
'AutomationAddAssetApi', 'AutomationNodeAddRemoveApi', 'AutomationExecutionViewSet'
|
||||
'AutomationAddAssetApi', 'AutomationNodeAddRemoveApi',
|
||||
'ChangSecretExecutionViewSet', 'GatherAccountsExecutionViewSet',
|
||||
]
|
||||
|
||||
|
||||
|
|
@ -114,3 +115,19 @@ class AutomationExecutionViewSet(
|
|||
pid=automation.pk, trigger=Trigger.manual, tp=tp
|
||||
)
|
||||
return Response({'task': task.id}, status=status.HTTP_201_CREATED)
|
||||
|
||||
|
||||
class ChangSecretExecutionViewSet(AutomationExecutionViewSet):
|
||||
rbac_perms = (
|
||||
("list", "assets.view_changesecretexecution"),
|
||||
("retrieve", "assets.view_changesecretexecution"),
|
||||
("create", "assets.add_changesecretexecution"),
|
||||
)
|
||||
|
||||
|
||||
class GatherAccountsExecutionViewSet(AutomationExecutionViewSet):
|
||||
rbac_perms = (
|
||||
("list", "assets.view_gatheraccountsexecution"),
|
||||
("retrieve", "assets.view_gatheraccountsexecution"),
|
||||
("create", "assets.add_gatheraccountsexecution"),
|
||||
)
|
||||
|
|
|
|||
|
|
@ -90,18 +90,6 @@ class Migration(migrations.Migration):
|
|||
name='default',
|
||||
field=models.BooleanField(default=False, verbose_name='Default'),
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name='DiscoveryAccountAutomation',
|
||||
fields=[
|
||||
('baseautomation_ptr',
|
||||
models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True,
|
||||
primary_key=True, serialize=False, to='assets.baseautomation')),
|
||||
],
|
||||
options={
|
||||
'verbose_name': 'Discovery account automation',
|
||||
},
|
||||
bases=('assets.baseautomation',),
|
||||
),
|
||||
migrations.CreateModel(
|
||||
name='GatherFactsAutomation',
|
||||
fields=[
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
# Generated by Django 3.2.16 on 2022-12-22 11:50
|
||||
|
||||
from django.db import migrations
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('assets', '0115_auto_20221220_1956'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterModelOptions(
|
||||
name='automationexecution',
|
||||
options={'permissions': [('view_changesecretexecution', 'Can view change secret execution'), ('add_changesecretexection', 'Can add change secret execution'), ('view_gatheraccountsexecution', 'Can view gather accounts execution'), ('add_gatheraccountsexecution', 'Can add gather accounts execution')], 'verbose_name': 'Automation task execution'},
|
||||
),
|
||||
]
|
||||
|
|
@ -5,4 +5,3 @@ from .gather_facts import *
|
|||
from .change_secret import *
|
||||
from .verify_account import *
|
||||
from .gather_accounts import *
|
||||
from .discovery_account import *
|
||||
|
|
|
|||
|
|
@ -101,6 +101,12 @@ class AutomationExecution(OrgModelMixin):
|
|||
|
||||
class Meta:
|
||||
verbose_name = _('Automation task execution')
|
||||
permissions = [
|
||||
('view_changesecretexecution', _('Can view change secret execution')),
|
||||
('add_changesecretexection', _('Can add change secret execution')),
|
||||
('view_gatheraccountsexecution', _('Can view gather accounts execution')),
|
||||
('add_gatheraccountsexecution', _('Can add gather accounts execution')),
|
||||
]
|
||||
|
||||
@property
|
||||
def manager_type(self):
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from .base import BaseAutomation
|
||||
|
||||
|
||||
class DiscoveryAccountAutomation(BaseAutomation):
|
||||
class Meta:
|
||||
verbose_name = _("Discovery account automation")
|
||||
|
||||
def to_attr_json(self):
|
||||
attr_json = super().to_attr_json()
|
||||
attr_json.update({
|
||||
'type': 'discover_account'
|
||||
})
|
||||
return attr_json
|
||||
|
|
@ -29,7 +29,8 @@ router.register(r'account-backup-plans', api.AccountBackupPlanViewSet, 'account-
|
|||
router.register(r'account-backup-plan-executions', api.AccountBackupPlanExecutionViewSet, 'account-backup-execution')
|
||||
|
||||
router.register(r'change-secret-automations', api.ChangeSecretAutomationViewSet, 'change-secret-automation')
|
||||
router.register(r'automation-executions', api.AutomationExecutionViewSet, 'automation-execution')
|
||||
router.register(r'change-secret-executions', api.ChangSecretExecutionViewSet, 'change-secret-execution')
|
||||
router.register(r'gather-account-executions', api.GatherAccountsExecutionViewSet, 'gather-account-execution')
|
||||
router.register(r'change-secret-records', api.ChangeSecretRecordViewSet, 'change-secret-record')
|
||||
router.register(r'gather-account-automations', api.GatherAccountsAutomationViewSet, 'gather-account-automation')
|
||||
|
||||
|
|
|
|||
|
|
@ -27,10 +27,6 @@ exclude_permissions = (
|
|||
('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'),
|
||||
('authentication', 'temptoken', 'delete', 'temptoken'),
|
||||
('users', 'userpasswordhistory', '*', '*'),
|
||||
('applications', 'applicationuser', '*', '*'),
|
||||
('applications', 'historicalaccount', '*', '*'),
|
||||
('applications', 'account', 'add,change,delete', 'account'),
|
||||
('applications', 'account', 'change', 'appplicationaccountsecret'),
|
||||
('assets', 'adminuser', '*', '*'),
|
||||
('assets', 'assetgroup', '*', '*'),
|
||||
('assets', 'cluster', '*', '*'),
|
||||
|
|
@ -39,6 +35,23 @@ exclude_permissions = (
|
|||
('assets', 'assetuser', '*', '*'),
|
||||
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
|
||||
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
|
||||
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
|
||||
('assets', 'web', '*', '*'),
|
||||
('assets', 'host', '*', '*'),
|
||||
('assets', 'cloud', '*', '*'),
|
||||
('assets', 'device', '*', '*'),
|
||||
('assets', 'database', '*', '*'),
|
||||
('assets', 'protocol', '*', '*'),
|
||||
('assets', 'systemuser', '*', '*'),
|
||||
('assets', 'baseautomation', '*', '*'),
|
||||
('assets', 'pingautomation', '*', '*'),
|
||||
('assets', 'platformprotocol', '*', '*'),
|
||||
('assets', 'platformautomation', '*', '*'),
|
||||
('assets', 'gatherfactsautomation', '*', '*'),
|
||||
('assets', 'pushaccountautomation', '*', '*'),
|
||||
('assets', 'verifyaccountautomation', '*', '*'),
|
||||
('assets', 'changesecretrecord', 'add,delete,change', 'changesecretrecord'),
|
||||
('assets', 'automationexecution', '*', 'automationexecution'),
|
||||
# TODO 暂时去掉历史账号的权限
|
||||
('assets', 'account', '*', 'assethistoryaccount'),
|
||||
('assets', 'account', '*', 'assethistoryaccountsecret'),
|
||||
|
|
@ -58,6 +71,10 @@ exclude_permissions = (
|
|||
('ops', 'adhoc', 'delete,change', '*'),
|
||||
('ops', 'adhocexecution', 'add,delete,change', '*'),
|
||||
('ops', 'task', 'add,change', 'task'),
|
||||
('ops', 'jobexecution', 'change,delete', 'jobexecution'),
|
||||
('ops', 'historicaljob', '*', '*'),
|
||||
('ops', 'celerytask', 'add,change,delete', 'celerytask'),
|
||||
('ops', 'celerytaskexecution', 'add,change,delete', 'celerytaskexecution'),
|
||||
('ops', 'commandexecution', 'delete,change', 'commandexecution'),
|
||||
('orgs', 'organizationmember', '*', '*'),
|
||||
('settings', 'setting', 'add,change,delete', 'setting'),
|
||||
|
|
@ -82,9 +99,9 @@ exclude_permissions = (
|
|||
('xpack', 'license', '*', '*'),
|
||||
('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'),
|
||||
('xpack', 'syncinstancetaskexecution', 'delete,change', 'syncinstancetaskexecution'),
|
||||
('xpack', 'changeauthplanexecution', 'delete,change', 'changeauthplanexecution'),
|
||||
('xpack', 'changeauthplantask', 'add,delete', 'changeauthplantask'),
|
||||
('xpack', 'gatherusertaskexecution', 'change,delete', 'gatherusertaskexecution'),
|
||||
('xpack', 'changeauthplanexecution', '*', '*'),
|
||||
('xpack', 'changeauthplantask', '*', '*'),
|
||||
('xpack', 'gatherusertaskexecution', '*', '*'),
|
||||
('common', 'permission', 'add,delete,view,change', 'permission'),
|
||||
('terminal', 'command', 'delete,change', 'command'),
|
||||
('terminal', 'status', 'delete,change', 'status'),
|
||||
|
|
@ -94,6 +111,8 @@ exclude_permissions = (
|
|||
('terminal', 'sessionsharing', 'view,add,change,delete', 'sessionsharing'),
|
||||
('terminal', 'session', 'delete,share', 'session'),
|
||||
('terminal', 'session', 'delete,change', 'command'),
|
||||
('terminal', 'appletpublication', '*', '*'),
|
||||
('terminal', 'applethostdeployment', '*', '*'),
|
||||
('applications', '*', '*', '*'),
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -33,11 +33,8 @@ view_nodes_data = [
|
|||
app_nodes_data = [
|
||||
{'id': 'users', 'view': 'view_console'},
|
||||
{'id': 'assets', 'view': 'view_console'},
|
||||
{'id': 'applications', 'view': 'view_console'},
|
||||
{'id': 'accounts', 'name': _('Accounts'), 'view': 'view_console'},
|
||||
{'id': 'perms', 'view': 'view_console'},
|
||||
{'id': 'acls', 'view': 'view_console'},
|
||||
{'id': 'ops', 'view': 'view_console'},
|
||||
{'id': 'terminal', 'name': _('Session audits'), 'view': 'view_audit'},
|
||||
{'id': 'audits', 'view': 'view_audit'},
|
||||
{'id': 'rbac', 'view': 'view_console'},
|
||||
|
|
@ -51,33 +48,42 @@ extra_nodes_data = [
|
|||
{"id": "cloud_import", "name": _("Cloud import"), "pId": "assets"},
|
||||
{"id": "backup_account_node", "name": _("Backup account"), "pId": "accounts"},
|
||||
{"id": "gather_account_node", "name": _("Gather account"), "pId": "accounts"},
|
||||
{"id": "app_change_plan_node", "name": _("App change auth"), "pId": "accounts"},
|
||||
{"id": "asset_change_plan_node", "name": _("Asset change auth"), "pId": "accounts"},
|
||||
{"id": "terminal_node", "name": _("Terminal setting"), "pId": "view_setting"},
|
||||
{'id': "task_center", "name": _("Task Center"), "pId": "view_console"},
|
||||
{'id': "my_assets", "name": _("My assets"), "pId": "view_workbench"},
|
||||
{'id': "my_apps", "name": _("My apps"), "pId": "view_workbench"},
|
||||
{'id': "operation_center", "name": _('Operation Center'), "pId": "view_workbench"},
|
||||
{'id': "remote_application", "name": _("Remote application"), "pId": "view_setting"},
|
||||
]
|
||||
|
||||
# 将 model 放到其它节点下,而不是本来的 app 中
|
||||
special_pid_mapper = {
|
||||
'common.permission': 'view_other',
|
||||
"assets.account": "accounts",
|
||||
"applications.account": "accounts",
|
||||
'assets.account': 'accounts',
|
||||
'assets.accounttemplate': 'accounts',
|
||||
'acls.commandfilteracl': 'perms',
|
||||
'acls.commandgroup': 'perms',
|
||||
'acls.loginacl': 'perms',
|
||||
'acls.loginassetacl': 'perms',
|
||||
'xpack.account': 'cloud_import',
|
||||
'xpack.syncinstancedetail': 'cloud_import',
|
||||
'xpack.syncinstancetask': 'cloud_import',
|
||||
'xpack.syncinstancetaskexecution': 'cloud_import',
|
||||
'terminal.applet': 'remote_application',
|
||||
'terminal.applethost': 'remote_application',
|
||||
'assets.accountbackupplan': "backup_account_node",
|
||||
'assets.accountbackupplanexecution': "backup_account_node",
|
||||
'xpack.applicationchangeauthplan': 'app_change_plan_node',
|
||||
'xpack.applicationchangeauthplanexecution': 'app_change_plan_node',
|
||||
'xpack.applicationchangeauthplantask': 'app_change_plan_node',
|
||||
'xpack.changeauthplan': 'asset_change_plan_node',
|
||||
'xpack.changeauthplanexecution': 'asset_change_plan_node',
|
||||
'xpack.changeauthplantask': 'asset_change_plan_node',
|
||||
"assets.gathereduser": "gather_account_node",
|
||||
'xpack.gatherusertask': 'gather_account_node',
|
||||
'xpack.gatherusertaskexecution': 'gather_account_node',
|
||||
"assets.gatheraccountsautomation": "gather_account_node",
|
||||
"assets.view_gatheraccountsexecution": "gather_account_node",
|
||||
"assets.add_gatheraccountsexecution": "gather_account_node",
|
||||
"assets.changesecretautomation": "asset_change_plan_node",
|
||||
"assets.view_changesecretexecution": "asset_change_plan_node",
|
||||
"assets.add_changesecretexection": "asset_change_plan_node",
|
||||
"assets.view_changesecretrecord": "asset_change_plan_node",
|
||||
'orgs.organization': 'view_setting',
|
||||
'settings.setting': 'view_setting',
|
||||
'terminal.terminal': 'terminal_node',
|
||||
|
|
@ -89,15 +95,15 @@ special_pid_mapper = {
|
|||
'terminal.endpointrule': 'terminal_node',
|
||||
'audits.ftplog': 'terminal',
|
||||
'perms.view_myassets': 'my_assets',
|
||||
'perms.view_myapps': 'my_apps',
|
||||
'ops.add_commandexecution': 'view_workbench',
|
||||
'ops.view_commandexecution': 'audits',
|
||||
"perms.view_mykubernetsapp": "my_apps",
|
||||
"perms.connect_mykubernetsapp": "my_apps",
|
||||
"perms.view_myremoteapp": "my_apps",
|
||||
"perms.connect_myremoteapp": "my_apps",
|
||||
"perms.view_mydatabaseapp": "my_apps",
|
||||
"perms.connect_mydatabaseapp": "my_apps",
|
||||
'ops.jobauditlog': 'audits',
|
||||
'ops.view_celerytask': 'task_center',
|
||||
'ops.view_celerytaskexecution': 'task_center',
|
||||
'ops.job': 'operation_center',
|
||||
'ops.adhoc': 'operation_center',
|
||||
'ops.playbook': 'operation_center',
|
||||
'ops.jobexecution': 'operation_center',
|
||||
"xpack.interface": "view_setting",
|
||||
"settings.change_terminal": "terminal_node",
|
||||
"settings.view_setting": "view_setting",
|
||||
|
|
|
|||
Loading…
Reference in New Issue