github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: If the cloud vault initialization fails, the task will not be executed.

pull/14490/head
halo 2024-11-19 22:08:03 +08:00 committed by Eric_Lee
parent 374a102bc4
commit cfadbc164c
5 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/accounts/backends/azure/main.py
View File

@ -3,12 +3,16 @@ from .entries import build_entry
from .service import AZUREVaultClient from .service import AZUREVaultClient
from ..base import BaseVault from ..base import BaseVault
__all__ = ['Vault'] from ...const import VaultTypeChoices
logger = get_logger(__name__) logger = get_logger(__name__)
__all__ = ['Vault']
class Vault(BaseVault): class Vault(BaseVault):
type = VaultTypeChoices.azure
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.client = AZUREVaultClient( self.client = AZUREVaultClient(

5
apps/accounts/backends/base.py
View File

@ -10,6 +10,11 @@ class BaseVault(ABC):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
self.enabled = kwargs.get('VAULT_ENABLED') self.enabled = kwargs.get('VAULT_ENABLED')
@property
@abstractmethod
def type(self):
raise NotImplementedError
def get(self, instance): def get(self, instance):
""" 返回 secret 值 """ """ 返回 secret 值 """
return self._get(instance) return self._get(instance)

6
apps/accounts/backends/hcp/main.py
View File

@ -3,12 +3,16 @@ from .entries import build_entry
from .service import VaultKVClient from .service import VaultKVClient
from ..base import BaseVault from ..base import BaseVault
__all__ = ['Vault'] from ...const import VaultTypeChoices
logger = get_logger(__name__) logger = get_logger(__name__)
__all__ = ['Vault']
class Vault(BaseVault): class Vault(BaseVault):
type = VaultTypeChoices.hcp
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
self.client = VaultKVClient( self.client = VaultKVClient(

2
apps/accounts/backends/local/main.py
View File

@ -1,5 +1,6 @@
from common.utils import get_logger from common.utils import get_logger
from ..base import BaseVault from ..base import BaseVault
from ...const import VaultTypeChoices
logger = get_logger(__name__) logger = get_logger(__name__)
@ -7,6 +8,7 @@ __all__ = ['Vault']
class Vault(BaseVault): class Vault(BaseVault):
type = VaultTypeChoices.local
def is_active(self): def is_active(self):
return True, '' return True, ''

4
apps/accounts/tasks/vault.py
View File

@ -5,6 +5,7 @@ from celery import shared_task
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from accounts.backends import vault_client from accounts.backends import vault_client
from accounts.const import VaultTypeChoices
from accounts.models import Account, AccountTemplate from accounts.models import Account, AccountTemplate
from common.utils import get_logger from common.utils import get_logger
from orgs.utils import tmp_to_root_org from orgs.utils import tmp_to_root_org
@ -39,6 +40,9 @@ def sync_secret_to_vault():
# 这里不能判断 settings.VAULT_ENABLED, 必须判断当前 vault_client 的类型 # 这里不能判断 settings.VAULT_ENABLED, 必须判断当前 vault_client 的类型
print('\033[35m>>> 当前 Vault 功能未开启, 不需要同步') print('\033[35m>>> 当前 Vault 功能未开启, 不需要同步')
return return
if VaultTypeChoices.local == vault_client.type:
print('\033[31m>>> 当前第三方 Vault 客户端初始化失败,数据存储在本地数据库')
return
failed, skipped, succeeded = 0, 0, 0 failed, skipped, succeeded = 0, 0, 0
to_sync_models = [Account, AccountTemplate, Account.history.model] to_sync_models = [Account, AccountTemplate, Account.history.model]