perf: 修改 spec

2023-01-31 19:22:20 +08:00 · 2023-01-31 19:22:20 +08:00 · e9454c42cc
parent 6bbb1f7e86 be670872e5
commit e9454c42cc
16 changed files with 672 additions and 467 deletions
--- a/apps/accounts/automations/change_secret/database/mongodb/main.yml
+++ b/apps/accounts/automations/change_secret/database/mongodb/main.yml
@ -11,6 +11,11 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
      register: db_info

    - name: Display MongoDB version
@ -25,6 +30,11 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
        db: "{{ jms_asset.spec_info.db_name }}"
        name: "{{ account.username }}"
        password: "{{ account.secret }}"
@ -38,6 +48,11 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
      when:
        - db_info is succeeded
        - change_info is succeeded
--- a/apps/accounts/automations/change_secret/manager.py
+++ b/apps/accounts/automations/change_secret/manager.py
@ -70,8 +70,14 @@ class ChangeSecretManager(AccountBasePlaybookManager):
        else:
            return self.secret_generator.get_secret()

-    def host_callback(self, host, asset=None, account=None, automation=None, path_dir=None, **kwargs):
-        host = super().host_callback(host, asset=asset, account=account, automation=automation, **kwargs)
+    def host_callback(
+            self, host, asset=None, account=None,
+            automation=None, path_dir=None, **kwargs
+    ):
+        host = super().host_callback(
+            host, asset=asset, account=account, automation=automation,
+            path_dir=path_dir, **kwargs
+        )
        if host.get('error'):
            return host

--- a/apps/accounts/automations/gather_accounts/database/mongodb/main.yml
+++ b/apps/accounts/automations/gather_accounts/database/mongodb/main.yml
@ -11,6 +11,11 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
        filter: users
      register: db_info

--- a/apps/accounts/automations/verify_account/database/mongodb/main.yml
+++ b/apps/accounts/automations/verify_account/database/mongodb/main.yml
@ -11,3 +11,8 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
--- a/apps/accounts/serializers/account/backup.py
+++ b/apps/accounts/serializers/account/backup.py
@ -36,7 +36,7 @@ class AccountBackupSerializer(PeriodTaskSerializerMixin, BulkOrgResourceModelSer


 class AccountBackupPlanExecutionSerializer(serializers.ModelSerializer):
-    trigger = LabeledChoiceField(choices=Trigger.choices, label=_("Trigger mode"))
+    trigger = LabeledChoiceField(choices=Trigger.choices, label=_("Trigger mode"), read_only=True)

    class Meta:
        model = AccountBackupExecution
--- a/apps/accounts/serializers/account/base.py
+++ b/apps/accounts/serializers/account/base.py
@ -16,7 +16,7 @@ class AuthValidateMixin(serializers.Serializer):
        choices=SecretType.choices, required=True, label=_('Secret type')
    )
    secret = EncryptedField(
-        label=_('Secret'), required=False, max_length=40960, allow_blank=True,
+        label=_('Secret/Password'), required=False, max_length=40960, allow_blank=True,
        allow_null=True, write_only=True,
    )
    passphrase = serializers.CharField(
--- a/apps/assets/automations/base/manager.py
+++ b/apps/assets/automations/base/manager.py
@ -63,6 +63,33 @@ class BasePlaybookManager:
            os.makedirs(path, exist_ok=True, mode=0o755)
        return path

+    @staticmethod
+    def write_cert_to_file(filename, content):
+        with open(filename, 'w') as f:
+            f.write(content)
+        return filename
+
+    def convert_cert_to_file(self, host, path_dir):
+        if not path_dir:
+            return host
+
+        specific = host.get('jms_asset', {}).get('specific', {})
+        cert_fields = ('ca_cert', 'client_key', 'client_cert')
+        filtered = list(filter(lambda x: specific.get(x), cert_fields))
+        if not filtered:
+            return host
+
+        cert_dir = os.path.join(path_dir, 'certs')
+        if not os.path.exists(cert_dir):
+            os.makedirs(cert_dir, 0o700, True)
+
+        for f in filtered:
+            result = self.write_cert_to_file(
+                os.path.join(cert_dir, f), specific.get(f)
+            )
+            host['jms_asset']['specific'][f] = result
+        return host
+
    def host_callback(self, host, automation=None, **kwargs):
        enabled_attr = '{}_enabled'.format(self.__class__.method_type())
        method_attr = '{}_method'.format(self.__class__.method_type())
@ -75,6 +102,8 @@ class BasePlaybookManager:
        if not method_enabled:
            host['error'] = _('{} disabled'.format(self.__class__.method_type()))
            return host
+
+        host = self.convert_cert_to_file(host, kwargs.get('path_dir'))
        return host

    @staticmethod
--- a/apps/assets/automations/gather_facts/database/mongodb/main.yml
+++ b/apps/assets/automations/gather_facts/database/mongodb/main.yml
@ -11,6 +11,11 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
      register: db_info

    - name: Define info by set_fact
--- a/apps/assets/automations/ping/database/mongodb/main.yml
+++ b/apps/assets/automations/ping/database/mongodb/main.yml
@ -11,3 +11,8 @@
        login_host: "{{ jms_asset.address }}"
        login_port: "{{ jms_asset.port }}"
        login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
--- a/apps/assets/migrations/0100_auto_20220711_1413.py
+++ b/apps/assets/migrations/0100_auto_20220711_1413.py
@ -1,17 +1,17 @@
 # Generated by Django 3.2.12 on 2022-07-11 06:13

 import time
-from django.db import migrations
+from django.db import migrations, models
 from assets.models import Platform


-def migrate_accounts(apps, schema_editor):
+def migrate_asset_accounts(apps, schema_editor):
    auth_book_model = apps.get_model('assets', 'AuthBook')
    account_model = apps.get_model('accounts', 'Account')

    count = 0
    bulk_size = 1000
-    print("\n\tStart migrate accounts")
+    print("\n\tStart migrate asset accounts")
    while True:
        start = time.time()
        auth_books = auth_book_model.objects \
@ -71,11 +71,76 @@ def migrate_accounts(apps, schema_editor):
                accounts.append(account)

        account_model.objects.bulk_create(accounts, ignore_conflicts=True)
-        print("\t  - Create accounts: {}-{} using: {:.2f}s".format(
+        print("\t  - Create asset accounts: {}-{} using: {:.2f}s".format(
            count - len(auth_books), count, time.time() - start
        ))


+def migrate_db_accounts(apps, schema_editor):
+    app_perm_model = apps.get_model('perms', 'ApplicationPermission')
+    account_model = apps.get_model('accounts', 'Account')
+    perms = app_perm_model.objects.filter(category__in=['db', 'cloud'])
+
+    same_attrs = [
+        'id', 'username', 'comment', 'date_created', 'date_updated',
+        'created_by', 'org_id',
+    ]
+    auth_attrs = ['password', 'private_key', 'token']
+    all_attrs = same_attrs + auth_attrs
+
+    print("\n\tStart migrate app accounts")
+
+    index = 0
+    total = perms.count()
+
+    for perm in perms:
+        index += 1
+        start = time.time()
+
+        system_users = perm.system_users.all()
+        accounts = []
+        for s in system_users:
+            values = {'version': 1}
+            values.update({attr: getattr(s, attr, '') for attr in all_attrs})
+            values['created_by'] = str(s.id)
+
+            auth_infos = []
+            username = values['username']
+            for attr in auth_attrs:
+                secret = values.pop(attr, None)
+                if not secret:
+                    continue
+
+                if attr == 'private_key':
+                    secret_type = 'ssh_key'
+                    name = f'{username}(ssh key)'
+                elif attr == 'token':
+                    secret_type = 'token'
+                    name = f'{username}(token)'
+                else:
+                    secret_type = attr
+                    name = username
+                auth_infos.append((name, secret_type, secret))
+
+            if not auth_infos:
+                auth_infos.append((username, 'password', ''))
+
+            for name, secret_type, secret in auth_infos:
+                account = account_model(**values, name=name, secret=secret, secret_type=secret_type)
+                accounts.append(account)
+
+        apps = perm.applications.all()
+        for app in apps:
+            for account in accounts:
+                setattr(account, 'asset_id', str(app.id))
+
+        account_model.objects.bulk_create(accounts, ignore_conflicts=True)
+
+        print("\t  - Progress ({}/{}), Create app accounts: {} using: {:.2f}s".format(
+            index, total, len(accounts), time.time() - start
+        ))
+
+
 class Migration(migrations.Migration):
    dependencies = [
        ('accounts', '0001_initial'),
@ -83,5 +148,6 @@ class Migration(migrations.Migration):
    ]

    operations = [
-        migrations.RunPython(migrate_accounts),
+        migrations.RunPython(migrate_asset_accounts),
+        migrations.RunPython(migrate_db_accounts),
    ]
--- a/apps/audits/handler.py
+++ b/apps/audits/handler.py
@ -183,7 +183,7 @@ class OperatorLogHandler(metaclass=Singleton):
        return data

    def create_or_update_operate_log(
-            self, action, resource_type, resource=None,
+            self, action, resource_type, resource=None, resource_display=None,
            force=False, log_id=None, before=None, after=None,
            object_name=None
    ):
@ -192,7 +192,9 @@ class OperatorLogHandler(metaclass=Singleton):
            return

        remote_addr = get_request_ip(current_request)
-        resource_display = self.get_resource_display(resource)
+        if resource_display is None:
+            resource_display = self.get_resource_display(resource)
+        resource_id = resource.id if resource is not None else ''
        before, after = self.data_processing(before, after)
        if not force and not any([before, after]):
            # 前后都没变化，没必要生成日志，除非手动强制保存
@ -200,9 +202,10 @@ class OperatorLogHandler(metaclass=Singleton):

        data = {
            'id': log_id, "user": str(user), 'action': action,
-            'resource_type': str(resource_type), 'resource': resource_display,
+            'resource_type': str(resource_type),
+            'resource_id': resource_id, 'resource': resource_display,
            'remote_addr': remote_addr, 'before': before, 'after': after,
-            'org_id': get_current_org_id(), 'resource_id': str(resource.id)
+            'org_id': get_current_org_id(),
        }
        data = self._activity_handle(data, object_name, resource=resource)
        with transaction.atomic():
--- a/apps/common/views/mixins.py
+++ b/apps/common/views/mixins.py
@ -66,11 +66,11 @@ class RecordViewLogMixin:

    def list(self, request, *args, **kwargs):
        response = super().list(request, *args, **kwargs)
-        resource = self.get_resource_display(request)
+        resource_display = self.get_resource_display(request)
        resource_type = self.model._meta.verbose_name
        create_or_update_operate_log(
            self.ACTION, resource_type, force=True,
-            resource=resource
+            resource_display=resource_display
        )
        return response

@ -78,7 +78,6 @@ class RecordViewLogMixin:
        response = super().retrieve(request, *args, **kwargs)
        resource_type = self.model._meta.verbose_name
        create_or_update_operate_log(
-            self.ACTION, resource_type, force=True,
-            resource=self.get_object()
+            self.ACTION, resource_type, force=True, resource=self.get_object()
        )
        return response
--- a/apps/locale/ja/LC_MESSAGES/django.mo
+++ b/apps/locale/ja/LC_MESSAGES/django.mo
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:eb850ffd130e7cad2ea8c186f94a059c6a882dd1526f7a4c4a16d2fea2a1815b
-size 119290
+oid sha256:b3c3f8e65468adb0105f2cbcbb8aa3ed50066c9db439a9921932c6e2adcacec3
+size 119640
--- a/apps/locale/ja/LC_MESSAGES/django.po
+++ b/apps/locale/ja/LC_MESSAGES/django.po
--- a/apps/locale/zh/LC_MESSAGES/django.mo
+++ b/apps/locale/zh/LC_MESSAGES/django.mo
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4af8f2ead4a9d5aaf943efea76305d8cad1ff0692758d21a93937601c6f150fd
-size 105736
+oid sha256:0c3f5102d732ffe768f0545cf9271bbba45ba4c159f0a348b518b58cbdb5f20c
+size 105947
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po