mirror of https://github.com/jumpserver/jumpserver
				
				
				
			
							parent
							
								
									3443b06a28
								
							
						
					
					
						commit
						c5edb9981e
					
				|  | @ -11,7 +11,8 @@ from common.const.choices import Trigger | ||||||
| 
 | 
 | ||||||
| __all__ = [ | __all__ = [ | ||||||
|     'AutomationAssetsListApi', 'AutomationRemoveAssetApi', |     'AutomationAssetsListApi', 'AutomationRemoveAssetApi', | ||||||
|     'AutomationAddAssetApi', 'AutomationNodeAddRemoveApi', 'AutomationExecutionViewSet' |     'AutomationAddAssetApi', 'AutomationNodeAddRemoveApi', | ||||||
|  |     'ChangSecretExecutionViewSet', 'GatherAccountsExecutionViewSet', | ||||||
| ] | ] | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | @ -114,3 +115,19 @@ class AutomationExecutionViewSet( | ||||||
|             pid=automation.pk, trigger=Trigger.manual, tp=tp |             pid=automation.pk, trigger=Trigger.manual, tp=tp | ||||||
|         ) |         ) | ||||||
|         return Response({'task': task.id}, status=status.HTTP_201_CREATED) |         return Response({'task': task.id}, status=status.HTTP_201_CREATED) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class ChangSecretExecutionViewSet(AutomationExecutionViewSet): | ||||||
|  |     rbac_perms = ( | ||||||
|  |         ("list", "assets.view_changesecretexecution"), | ||||||
|  |         ("retrieve", "assets.view_changesecretexecution"), | ||||||
|  |         ("create", "assets.add_changesecretexecution"), | ||||||
|  |     ) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class GatherAccountsExecutionViewSet(AutomationExecutionViewSet): | ||||||
|  |     rbac_perms = ( | ||||||
|  |         ("list", "assets.view_gatheraccountsexecution"), | ||||||
|  |         ("retrieve", "assets.view_gatheraccountsexecution"), | ||||||
|  |         ("create", "assets.add_gatheraccountsexecution"), | ||||||
|  |     ) | ||||||
|  |  | ||||||
|  | @ -90,18 +90,6 @@ class Migration(migrations.Migration): | ||||||
|             name='default', |             name='default', | ||||||
|             field=models.BooleanField(default=False, verbose_name='Default'), |             field=models.BooleanField(default=False, verbose_name='Default'), | ||||||
|         ), |         ), | ||||||
|         migrations.CreateModel( |  | ||||||
|             name='DiscoveryAccountAutomation', |  | ||||||
|             fields=[ |  | ||||||
|                 ('baseautomation_ptr', |  | ||||||
|                  models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, |  | ||||||
|                                       primary_key=True, serialize=False, to='assets.baseautomation')), |  | ||||||
|             ], |  | ||||||
|             options={ |  | ||||||
|                 'verbose_name': 'Discovery account automation', |  | ||||||
|             }, |  | ||||||
|             bases=('assets.baseautomation',), |  | ||||||
|         ), |  | ||||||
|         migrations.CreateModel( |         migrations.CreateModel( | ||||||
|             name='GatherFactsAutomation', |             name='GatherFactsAutomation', | ||||||
|             fields=[ |             fields=[ | ||||||
|  |  | ||||||
|  | @ -0,0 +1,17 @@ | ||||||
|  | # Generated by Django 3.2.16 on 2022-12-22 11:50 | ||||||
|  | 
 | ||||||
|  | from django.db import migrations | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | class Migration(migrations.Migration): | ||||||
|  | 
 | ||||||
|  |     dependencies = [ | ||||||
|  |         ('assets', '0115_auto_20221220_1956'), | ||||||
|  |     ] | ||||||
|  | 
 | ||||||
|  |     operations = [ | ||||||
|  |         migrations.AlterModelOptions( | ||||||
|  |             name='automationexecution', | ||||||
|  |             options={'permissions': [('view_changesecretexecution', 'Can view change secret execution'), ('add_changesecretexection', 'Can add change secret execution'), ('view_gatheraccountsexecution', 'Can view gather accounts execution'), ('add_gatheraccountsexecution', 'Can add gather accounts execution')], 'verbose_name': 'Automation task execution'}, | ||||||
|  |         ), | ||||||
|  |     ] | ||||||
|  | @ -5,4 +5,3 @@ from .gather_facts import * | ||||||
| from .change_secret import * | from .change_secret import * | ||||||
| from .verify_account import * | from .verify_account import * | ||||||
| from .gather_accounts import * | from .gather_accounts import * | ||||||
| from .discovery_account import * |  | ||||||
|  |  | ||||||
|  | @ -101,6 +101,12 @@ class AutomationExecution(OrgModelMixin): | ||||||
| 
 | 
 | ||||||
|     class Meta: |     class Meta: | ||||||
|         verbose_name = _('Automation task execution') |         verbose_name = _('Automation task execution') | ||||||
|  |         permissions = [ | ||||||
|  |             ('view_changesecretexecution', _('Can view change secret execution')), | ||||||
|  |             ('add_changesecretexection', _('Can add change secret execution')), | ||||||
|  |             ('view_gatheraccountsexecution', _('Can view gather accounts execution')), | ||||||
|  |             ('add_gatheraccountsexecution', _('Can add gather accounts execution')), | ||||||
|  |         ] | ||||||
| 
 | 
 | ||||||
|     @property |     @property | ||||||
|     def manager_type(self): |     def manager_type(self): | ||||||
|  |  | ||||||
|  | @ -1,15 +0,0 @@ | ||||||
| from django.utils.translation import ugettext_lazy as _ |  | ||||||
| 
 |  | ||||||
| from .base import BaseAutomation |  | ||||||
| 
 |  | ||||||
| 
 |  | ||||||
| class DiscoveryAccountAutomation(BaseAutomation): |  | ||||||
|     class Meta: |  | ||||||
|         verbose_name = _("Discovery account automation") |  | ||||||
| 
 |  | ||||||
|     def to_attr_json(self): |  | ||||||
|         attr_json = super().to_attr_json() |  | ||||||
|         attr_json.update({ |  | ||||||
|             'type': 'discover_account' |  | ||||||
|         }) |  | ||||||
|         return attr_json |  | ||||||
|  | @ -29,7 +29,8 @@ router.register(r'account-backup-plans', api.AccountBackupPlanViewSet, 'account- | ||||||
| router.register(r'account-backup-plan-executions', api.AccountBackupPlanExecutionViewSet, 'account-backup-execution') | router.register(r'account-backup-plan-executions', api.AccountBackupPlanExecutionViewSet, 'account-backup-execution') | ||||||
| 
 | 
 | ||||||
| router.register(r'change-secret-automations', api.ChangeSecretAutomationViewSet, 'change-secret-automation') | router.register(r'change-secret-automations', api.ChangeSecretAutomationViewSet, 'change-secret-automation') | ||||||
| router.register(r'automation-executions', api.AutomationExecutionViewSet, 'automation-execution') | router.register(r'change-secret-executions', api.ChangSecretExecutionViewSet, 'change-secret-execution') | ||||||
|  | router.register(r'gather-account-executions', api.GatherAccountsExecutionViewSet, 'gather-account-execution') | ||||||
| router.register(r'change-secret-records', api.ChangeSecretRecordViewSet, 'change-secret-record') | router.register(r'change-secret-records', api.ChangeSecretRecordViewSet, 'change-secret-record') | ||||||
| router.register(r'gather-account-automations', api.GatherAccountsAutomationViewSet, 'gather-account-automation') | router.register(r'gather-account-automations', api.GatherAccountsAutomationViewSet, 'gather-account-automation') | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -27,10 +27,6 @@ exclude_permissions = ( | ||||||
|     ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'), |     ('authentication', 'superconnectiontoken', 'change,delete', 'superconnectiontoken'), | ||||||
|     ('authentication', 'temptoken', 'delete', 'temptoken'), |     ('authentication', 'temptoken', 'delete', 'temptoken'), | ||||||
|     ('users', 'userpasswordhistory', '*', '*'), |     ('users', 'userpasswordhistory', '*', '*'), | ||||||
|     ('applications', 'applicationuser', '*', '*'), |  | ||||||
|     ('applications', 'historicalaccount', '*', '*'), |  | ||||||
|     ('applications', 'account', 'add,change,delete', 'account'), |  | ||||||
|     ('applications', 'account', 'change', 'appplicationaccountsecret'), |  | ||||||
|     ('assets', 'adminuser', '*', '*'), |     ('assets', 'adminuser', '*', '*'), | ||||||
|     ('assets', 'assetgroup', '*', '*'), |     ('assets', 'assetgroup', '*', '*'), | ||||||
|     ('assets', 'cluster', '*', '*'), |     ('assets', 'cluster', '*', '*'), | ||||||
|  | @ -39,6 +35,23 @@ exclude_permissions = ( | ||||||
|     ('assets', 'assetuser', '*', '*'), |     ('assets', 'assetuser', '*', '*'), | ||||||
|     ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), |     ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), | ||||||
|     ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'), |     ('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'), | ||||||
|  |     ('assets', 'gathereduser', 'add,delete,change', 'gathereduser'), | ||||||
|  |     ('assets', 'web', '*', '*'), | ||||||
|  |     ('assets', 'host', '*', '*'), | ||||||
|  |     ('assets', 'cloud', '*', '*'), | ||||||
|  |     ('assets', 'device', '*', '*'), | ||||||
|  |     ('assets', 'database', '*', '*'), | ||||||
|  |     ('assets', 'protocol', '*', '*'), | ||||||
|  |     ('assets', 'systemuser', '*', '*'), | ||||||
|  |     ('assets', 'baseautomation', '*', '*'), | ||||||
|  |     ('assets', 'pingautomation', '*', '*'), | ||||||
|  |     ('assets', 'platformprotocol', '*', '*'), | ||||||
|  |     ('assets', 'platformautomation', '*', '*'), | ||||||
|  |     ('assets', 'gatherfactsautomation', '*', '*'), | ||||||
|  |     ('assets', 'pushaccountautomation', '*', '*'), | ||||||
|  |     ('assets', 'verifyaccountautomation', '*', '*'), | ||||||
|  |     ('assets', 'changesecretrecord', 'add,delete,change', 'changesecretrecord'), | ||||||
|  |     ('assets', 'automationexecution', '*', 'automationexecution'), | ||||||
|     # TODO 暂时去掉历史账号的权限 |     # TODO 暂时去掉历史账号的权限 | ||||||
|     ('assets', 'account', '*', 'assethistoryaccount'), |     ('assets', 'account', '*', 'assethistoryaccount'), | ||||||
|     ('assets', 'account', '*', 'assethistoryaccountsecret'), |     ('assets', 'account', '*', 'assethistoryaccountsecret'), | ||||||
|  | @ -58,6 +71,10 @@ exclude_permissions = ( | ||||||
|     ('ops', 'adhoc', 'delete,change', '*'), |     ('ops', 'adhoc', 'delete,change', '*'), | ||||||
|     ('ops', 'adhocexecution', 'add,delete,change', '*'), |     ('ops', 'adhocexecution', 'add,delete,change', '*'), | ||||||
|     ('ops', 'task', 'add,change', 'task'), |     ('ops', 'task', 'add,change', 'task'), | ||||||
|  |     ('ops', 'jobexecution', 'change,delete', 'jobexecution'), | ||||||
|  |     ('ops', 'historicaljob', '*', '*'), | ||||||
|  |     ('ops', 'celerytask', 'add,change,delete', 'celerytask'), | ||||||
|  |     ('ops', 'celerytaskexecution', 'add,change,delete', 'celerytaskexecution'), | ||||||
|     ('ops', 'commandexecution', 'delete,change', 'commandexecution'), |     ('ops', 'commandexecution', 'delete,change', 'commandexecution'), | ||||||
|     ('orgs', 'organizationmember', '*', '*'), |     ('orgs', 'organizationmember', '*', '*'), | ||||||
|     ('settings', 'setting', 'add,change,delete', 'setting'), |     ('settings', 'setting', 'add,change,delete', 'setting'), | ||||||
|  | @ -82,9 +99,9 @@ exclude_permissions = ( | ||||||
|     ('xpack', 'license', '*', '*'), |     ('xpack', 'license', '*', '*'), | ||||||
|     ('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'), |     ('xpack', 'syncinstancedetail', 'add,delete,change', 'syncinstancedetail'), | ||||||
|     ('xpack', 'syncinstancetaskexecution', 'delete,change', 'syncinstancetaskexecution'), |     ('xpack', 'syncinstancetaskexecution', 'delete,change', 'syncinstancetaskexecution'), | ||||||
|     ('xpack', 'changeauthplanexecution', 'delete,change', 'changeauthplanexecution'), |     ('xpack', 'changeauthplanexecution', '*', '*'), | ||||||
|     ('xpack', 'changeauthplantask', 'add,delete', 'changeauthplantask'), |     ('xpack', 'changeauthplantask', '*', '*'), | ||||||
|     ('xpack', 'gatherusertaskexecution', 'change,delete', 'gatherusertaskexecution'), |     ('xpack', 'gatherusertaskexecution', '*', '*'), | ||||||
|     ('common', 'permission', 'add,delete,view,change', 'permission'), |     ('common', 'permission', 'add,delete,view,change', 'permission'), | ||||||
|     ('terminal', 'command', 'delete,change', 'command'), |     ('terminal', 'command', 'delete,change', 'command'), | ||||||
|     ('terminal', 'status', 'delete,change', 'status'), |     ('terminal', 'status', 'delete,change', 'status'), | ||||||
|  | @ -94,6 +111,8 @@ exclude_permissions = ( | ||||||
|     ('terminal', 'sessionsharing', 'view,add,change,delete', 'sessionsharing'), |     ('terminal', 'sessionsharing', 'view,add,change,delete', 'sessionsharing'), | ||||||
|     ('terminal', 'session', 'delete,share', 'session'), |     ('terminal', 'session', 'delete,share', 'session'), | ||||||
|     ('terminal', 'session', 'delete,change', 'command'), |     ('terminal', 'session', 'delete,change', 'command'), | ||||||
|  |     ('terminal', 'appletpublication', '*', '*'), | ||||||
|  |     ('terminal', 'applethostdeployment', '*', '*'), | ||||||
|     ('applications', '*', '*', '*'), |     ('applications', '*', '*', '*'), | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -33,11 +33,8 @@ view_nodes_data = [ | ||||||
| app_nodes_data = [ | app_nodes_data = [ | ||||||
|     {'id': 'users', 'view': 'view_console'}, |     {'id': 'users', 'view': 'view_console'}, | ||||||
|     {'id': 'assets', 'view': 'view_console'}, |     {'id': 'assets', 'view': 'view_console'}, | ||||||
|     {'id': 'applications', 'view': 'view_console'}, |  | ||||||
|     {'id': 'accounts', 'name': _('Accounts'), 'view': 'view_console'}, |     {'id': 'accounts', 'name': _('Accounts'), 'view': 'view_console'}, | ||||||
|     {'id': 'perms', 'view': 'view_console'}, |     {'id': 'perms', 'view': 'view_console'}, | ||||||
|     {'id': 'acls', 'view': 'view_console'}, |  | ||||||
|     {'id': 'ops', 'view': 'view_console'}, |  | ||||||
|     {'id': 'terminal', 'name': _('Session audits'), 'view': 'view_audit'}, |     {'id': 'terminal', 'name': _('Session audits'), 'view': 'view_audit'}, | ||||||
|     {'id': 'audits', 'view': 'view_audit'}, |     {'id': 'audits', 'view': 'view_audit'}, | ||||||
|     {'id': 'rbac', 'view': 'view_console'}, |     {'id': 'rbac', 'view': 'view_console'}, | ||||||
|  | @ -51,33 +48,42 @@ extra_nodes_data = [ | ||||||
|     {"id": "cloud_import", "name": _("Cloud import"), "pId": "assets"}, |     {"id": "cloud_import", "name": _("Cloud import"), "pId": "assets"}, | ||||||
|     {"id": "backup_account_node", "name": _("Backup account"), "pId": "accounts"}, |     {"id": "backup_account_node", "name": _("Backup account"), "pId": "accounts"}, | ||||||
|     {"id": "gather_account_node", "name": _("Gather account"), "pId": "accounts"}, |     {"id": "gather_account_node", "name": _("Gather account"), "pId": "accounts"}, | ||||||
|     {"id": "app_change_plan_node", "name": _("App change auth"), "pId": "accounts"}, |  | ||||||
|     {"id": "asset_change_plan_node", "name": _("Asset change auth"), "pId": "accounts"}, |     {"id": "asset_change_plan_node", "name": _("Asset change auth"), "pId": "accounts"}, | ||||||
|     {"id": "terminal_node", "name": _("Terminal setting"), "pId": "view_setting"}, |     {"id": "terminal_node", "name": _("Terminal setting"), "pId": "view_setting"}, | ||||||
|  |     {'id': "task_center", "name": _("Task Center"), "pId": "view_console"}, | ||||||
|     {'id': "my_assets", "name": _("My assets"), "pId": "view_workbench"}, |     {'id': "my_assets", "name": _("My assets"), "pId": "view_workbench"}, | ||||||
|     {'id': "my_apps", "name": _("My apps"), "pId": "view_workbench"}, |     {'id': "operation_center", "name": _('Operation Center'), "pId": "view_workbench"}, | ||||||
|  |     {'id': "remote_application", "name": _("Remote application"), "pId": "view_setting"}, | ||||||
| ] | ] | ||||||
| 
 | 
 | ||||||
| # 将 model 放到其它节点下,而不是本来的 app 中 | # 将 model 放到其它节点下,而不是本来的 app 中 | ||||||
| special_pid_mapper = { | special_pid_mapper = { | ||||||
|     'common.permission': 'view_other', |     'common.permission': 'view_other', | ||||||
|     "assets.account": "accounts", |     'assets.account': 'accounts', | ||||||
|     "applications.account": "accounts", |     'assets.accounttemplate': 'accounts', | ||||||
|  |     'acls.commandfilteracl': 'perms', | ||||||
|  |     'acls.commandgroup': 'perms', | ||||||
|  |     'acls.loginacl': 'perms', | ||||||
|  |     'acls.loginassetacl': 'perms', | ||||||
|     'xpack.account': 'cloud_import', |     'xpack.account': 'cloud_import', | ||||||
|     'xpack.syncinstancedetail': 'cloud_import', |     'xpack.syncinstancedetail': 'cloud_import', | ||||||
|     'xpack.syncinstancetask': 'cloud_import', |     'xpack.syncinstancetask': 'cloud_import', | ||||||
|     'xpack.syncinstancetaskexecution': 'cloud_import', |     'xpack.syncinstancetaskexecution': 'cloud_import', | ||||||
|  |     'terminal.applet': 'remote_application', | ||||||
|  |     'terminal.applethost': 'remote_application', | ||||||
|     'assets.accountbackupplan': "backup_account_node", |     'assets.accountbackupplan': "backup_account_node", | ||||||
|     'assets.accountbackupplanexecution': "backup_account_node", |     'assets.accountbackupplanexecution': "backup_account_node", | ||||||
|     'xpack.applicationchangeauthplan': 'app_change_plan_node', |  | ||||||
|     'xpack.applicationchangeauthplanexecution': 'app_change_plan_node', |  | ||||||
|     'xpack.applicationchangeauthplantask': 'app_change_plan_node', |  | ||||||
|     'xpack.changeauthplan': 'asset_change_plan_node', |     'xpack.changeauthplan': 'asset_change_plan_node', | ||||||
|     'xpack.changeauthplanexecution': 'asset_change_plan_node', |     'xpack.changeauthplanexecution': 'asset_change_plan_node', | ||||||
|     'xpack.changeauthplantask': 'asset_change_plan_node', |     'xpack.changeauthplantask': 'asset_change_plan_node', | ||||||
|     "assets.gathereduser": "gather_account_node", |     "assets.gathereduser": "gather_account_node", | ||||||
|     'xpack.gatherusertask': 'gather_account_node', |     "assets.gatheraccountsautomation": "gather_account_node", | ||||||
|     'xpack.gatherusertaskexecution': 'gather_account_node', |     "assets.view_gatheraccountsexecution": "gather_account_node", | ||||||
|  |     "assets.add_gatheraccountsexecution": "gather_account_node", | ||||||
|  |     "assets.changesecretautomation": "asset_change_plan_node", | ||||||
|  |     "assets.view_changesecretexecution": "asset_change_plan_node", | ||||||
|  |     "assets.add_changesecretexection": "asset_change_plan_node", | ||||||
|  |     "assets.view_changesecretrecord": "asset_change_plan_node", | ||||||
|     'orgs.organization': 'view_setting', |     'orgs.organization': 'view_setting', | ||||||
|     'settings.setting': 'view_setting', |     'settings.setting': 'view_setting', | ||||||
|     'terminal.terminal': 'terminal_node', |     'terminal.terminal': 'terminal_node', | ||||||
|  | @ -89,15 +95,15 @@ special_pid_mapper = { | ||||||
|     'terminal.endpointrule': 'terminal_node', |     'terminal.endpointrule': 'terminal_node', | ||||||
|     'audits.ftplog': 'terminal', |     'audits.ftplog': 'terminal', | ||||||
|     'perms.view_myassets': 'my_assets', |     'perms.view_myassets': 'my_assets', | ||||||
|     'perms.view_myapps': 'my_apps', |  | ||||||
|     'ops.add_commandexecution': 'view_workbench', |     'ops.add_commandexecution': 'view_workbench', | ||||||
|     'ops.view_commandexecution': 'audits', |     'ops.view_commandexecution': 'audits', | ||||||
|     "perms.view_mykubernetsapp": "my_apps", |     'ops.jobauditlog': 'audits', | ||||||
|     "perms.connect_mykubernetsapp": "my_apps", |     'ops.view_celerytask': 'task_center', | ||||||
|     "perms.view_myremoteapp": "my_apps", |     'ops.view_celerytaskexecution': 'task_center', | ||||||
|     "perms.connect_myremoteapp": "my_apps", |     'ops.job': 'operation_center', | ||||||
|     "perms.view_mydatabaseapp": "my_apps", |     'ops.adhoc': 'operation_center', | ||||||
|     "perms.connect_mydatabaseapp": "my_apps", |     'ops.playbook': 'operation_center', | ||||||
|  |     'ops.jobexecution': 'operation_center', | ||||||
|     "xpack.interface": "view_setting", |     "xpack.interface": "view_setting", | ||||||
|     "settings.change_terminal": "terminal_node", |     "settings.change_terminal": "terminal_node", | ||||||
|     "settings.view_setting": "view_setting", |     "settings.view_setting": "view_setting", | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	 fit2bot
						fit2bot