perf: account secret 加密 (#9570)

Co-authored-by: feng <1304903146@qq.com>

apps/accounts/api/account/account.py

@@ -3,11 +3,11 @@ from rest_framework.decorators import action
 from rest_framework.generics import CreateAPIView, ListAPIView
 from rest_framework.response import Response
 
-from assets.models import Asset
 from accounts import serializers
-from accounts.models import Account
 from accounts.filters import AccountFilterSet
+from accounts.models import Account
 from accounts.tasks import verify_accounts_connectivity
+from assets.models import Asset
 from authentication.const import ConfirmType
 from common.permissions import UserConfirmation
 from common.views.mixins import RecordViewLogMixin

apps/accounts/serializers/account/base.py

@@ -24,27 +24,25 @@ class AuthValidateMixin(serializers.Serializer):
         write_only=True, label=_('Key password')
     )
 
-    @property
-    def initial_secret_type(self):
-        secret_type = self.initial_data.get('secret_type')
-        return secret_type
-
-    def validate_secret(self, secret):
+    @staticmethod
+    def handle_secret(secret, secret_type, passphrase=None):
         if not secret:
             return ''
-        secret_type = self.initial_secret_type
         if secret_type == SecretType.PASSWORD:
             validate_password_for_ansible(secret)
             return secret
         elif secret_type == SecretType.SSH_KEY:
-            passphrase = self.initial_data.get('passphrase')
             passphrase = passphrase if passphrase else None
             return validate_ssh_key(secret, passphrase)
         else:
             return secret
 
-    @staticmethod
-    def clean_auth_fields(validated_data):
+    def clean_auth_fields(self, validated_data):
+        secret_type = validated_data['secret_type']
+        passphrase = validated_data.get('passphrase')
+        secret = validated_data.pop('secret', None)
+        self.handle_secret(secret, secret_type, passphrase)
+        validated_data['secret'] = secret
         for field in ('secret',):
             value = validated_data.get(field)
             if value is None:

apps/assets/serializers/asset/common.py

@@ -8,9 +8,10 @@ from rest_framework import serializers
 
 from accounts.models import Account
 from accounts.serializers import AccountSerializerCreateValidateMixin
+from accounts.serializers import AuthValidateMixin
 from common.serializers import WritableNestedModelSerializer, SecretReadableMixin, CommonModelSerializer
 from common.serializers.fields import LabeledChoiceField
-from common.utils import lazyproperty
+from common.utils import lazyproperty, decrypt_password
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 from ...const import Category, AllTypes
 from ...models import Asset, Node, Platform, Label, Protocol
@@ -51,7 +52,9 @@ class AssetPlatformSerializer(serializers.ModelSerializer):
 
 
 class AssetAccountSerializer(
-    AccountSerializerCreateValidateMixin, CommonModelSerializer
+    AuthValidateMixin,
+    AccountSerializerCreateValidateMixin,
+    CommonModelSerializer
 ):
     add_org_fields = False
     push_now = serializers.BooleanField(
@@ -256,6 +259,8 @@ class AssetSerializer(BulkOrgResourceModelSerializer, WritableNestedModelSeriali
     def accounts_create(accounts_data, asset):
         for data in accounts_data:
             data['asset'] = asset
+            secret = data.get('secret')
+            data['secret'] = decrypt_password(secret) if secret else secret
             AssetAccountSerializer().create(data)
 
     @atomic
@@ -269,6 +274,8 @@ class AssetSerializer(BulkOrgResourceModelSerializer, WritableNestedModelSeriali
 
     @atomic
     def update(self, instance, validated_data):
+        if not validated_data.get('accounts'):
+            validated_data.pop('accounts', None)
         nodes_display = validated_data.pop('nodes_display', '')
         instance = super().update(instance, validated_data)
         self.perform_nodes_display_create(instance, nodes_display)