perf: 修改 spec

apps/accounts/automations/change_secret/database/mongodb/main.yml

@@ -11,6 +11,11 @@
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
         login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
       register: db_info
 
     - name: Display MongoDB version
@@ -25,6 +30,11 @@
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
         login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
         db: "{{ jms_asset.spec_info.db_name }}"
         name: "{{ account.username }}"
         password: "{{ account.secret }}"
@@ -38,6 +48,11 @@
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
         login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
       when:
         - db_info is succeeded
         - change_info is succeeded

apps/accounts/automations/change_secret/manager.py

@@ -70,8 +70,14 @@ class ChangeSecretManager(AccountBasePlaybookManager):
         else:
             return self.secret_generator.get_secret()
 
-    def host_callback(self, host, asset=None, account=None, automation=None, path_dir=None, **kwargs):
+    def host_callback(
-        host = super().host_callback(host, asset=asset, account=account, automation=automation, **kwargs)
+            self, host, asset=None, account=None,
+            automation=None, path_dir=None, **kwargs
+    ):
+        host = super().host_callback(
+            host, asset=asset, account=account, automation=automation,
+            path_dir=path_dir, **kwargs
+        )
         if host.get('error'):
             return host
 

apps/accounts/automations/gather_accounts/database/mongodb/main.yml

@@ -11,6 +11,11 @@
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
         login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
         filter: users
       register: db_info
 

apps/accounts/automations/verify_account/database/mongodb/main.yml

@@ -11,3 +11,8 @@
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
         login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"

apps/accounts/serializers/account/backup.py

@@ -36,7 +36,7 @@ class AccountBackupSerializer(PeriodTaskSerializerMixin, BulkOrgResourceModelSer
 
 
 class AccountBackupPlanExecutionSerializer(serializers.ModelSerializer):
-    trigger = LabeledChoiceField(choices=Trigger.choices, label=_("Trigger mode"))
+    trigger = LabeledChoiceField(choices=Trigger.choices, label=_("Trigger mode"), read_only=True)
 
     class Meta:
         model = AccountBackupExecution

apps/accounts/serializers/account/base.py

@@ -16,7 +16,7 @@ class AuthValidateMixin(serializers.Serializer):
         choices=SecretType.choices, required=True, label=_('Secret type')
     )
     secret = EncryptedField(
-        label=_('Secret'), required=False, max_length=40960, allow_blank=True,
+        label=_('Secret/Password'), required=False, max_length=40960, allow_blank=True,
         allow_null=True, write_only=True,
     )
     passphrase = serializers.CharField(

apps/assets/automations/base/manager.py

@@ -63,6 +63,33 @@ class BasePlaybookManager:
             os.makedirs(path, exist_ok=True, mode=0o755)
         return path
 
+    @staticmethod
+    def write_cert_to_file(filename, content):
+        with open(filename, 'w') as f:
+            f.write(content)
+        return filename
+
+    def convert_cert_to_file(self, host, path_dir):
+        if not path_dir:
+            return host
+
+        specific = host.get('jms_asset', {}).get('specific', {})
+        cert_fields = ('ca_cert', 'client_key', 'client_cert')
+        filtered = list(filter(lambda x: specific.get(x), cert_fields))
+        if not filtered:
+            return host
+
+        cert_dir = os.path.join(path_dir, 'certs')
+        if not os.path.exists(cert_dir):
+            os.makedirs(cert_dir, 0o700, True)
+
+        for f in filtered:
+            result = self.write_cert_to_file(
+                os.path.join(cert_dir, f), specific.get(f)
+            )
+            host['jms_asset']['specific'][f] = result
+        return host
+
     def host_callback(self, host, automation=None, **kwargs):
         enabled_attr = '{}_enabled'.format(self.__class__.method_type())
         method_attr = '{}_method'.format(self.__class__.method_type())
@@ -75,6 +102,8 @@ class BasePlaybookManager:
         if not method_enabled:
             host['error'] = _('{} disabled'.format(self.__class__.method_type()))
             return host
+
+        host = self.convert_cert_to_file(host, kwargs.get('path_dir'))
         return host
 
     @staticmethod

apps/assets/automations/gather_facts/database/mongodb/main.yml

@@ -11,6 +11,11 @@
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
         login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
       register: db_info
 
     - name: Define info by set_fact

apps/assets/automations/ping/database/mongodb/main.yml

@@ -11,3 +11,8 @@
         login_host: "{{ jms_asset.address }}"
         login_port: "{{ jms_asset.port }}"
         login_database: "{{ jms_asset.spec_info.db_name }}"
+        ssl: "{{ jms_asset.spec_info.use_ssl }}"
+        ssl_ca_certs: "{{ jms_asset.spec_info.ca_cert }}"
+        ssl_certfile: "{{ jms_asset.spec_info.client_key }}"
+        connection_options:
+          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"

apps/assets/migrations/0100_auto_20220711_1413.py

@@ -1,17 +1,17 @@
 # Generated by Django 3.2.12 on 2022-07-11 06:13
 
 import time
-from django.db import migrations
+from django.db import migrations, models
 from assets.models import Platform
 
 
-def migrate_accounts(apps, schema_editor):
+def migrate_asset_accounts(apps, schema_editor):
     auth_book_model = apps.get_model('assets', 'AuthBook')
     account_model = apps.get_model('accounts', 'Account')
 
     count = 0
     bulk_size = 1000
-    print("\n\tStart migrate accounts")
+    print("\n\tStart migrate asset accounts")
     while True:
         start = time.time()
         auth_books = auth_book_model.objects \
@@ -71,11 +71,76 @@ def migrate_accounts(apps, schema_editor):
                 accounts.append(account)
 
         account_model.objects.bulk_create(accounts, ignore_conflicts=True)
-        print("\t  - Create accounts: {}-{} using: {:.2f}s".format(
+        print("\t  - Create asset accounts: {}-{} using: {:.2f}s".format(
             count - len(auth_books), count, time.time() - start
         ))
 
 
+def migrate_db_accounts(apps, schema_editor):
+    app_perm_model = apps.get_model('perms', 'ApplicationPermission')
+    account_model = apps.get_model('accounts', 'Account')
+    perms = app_perm_model.objects.filter(category__in=['db', 'cloud'])
+
+    same_attrs = [
+        'id', 'username', 'comment', 'date_created', 'date_updated',
+        'created_by', 'org_id',
+    ]
+    auth_attrs = ['password', 'private_key', 'token']
+    all_attrs = same_attrs + auth_attrs
+
+    print("\n\tStart migrate app accounts")
+
+    index = 0
+    total = perms.count()
+
+    for perm in perms:
+        index += 1
+        start = time.time()
+
+        system_users = perm.system_users.all()
+        accounts = []
+        for s in system_users:
+            values = {'version': 1}
+            values.update({attr: getattr(s, attr, '') for attr in all_attrs})
+            values['created_by'] = str(s.id)
+
+            auth_infos = []
+            username = values['username']
+            for attr in auth_attrs:
+                secret = values.pop(attr, None)
+                if not secret:
+                    continue
+
+                if attr == 'private_key':
+                    secret_type = 'ssh_key'
+                    name = f'{username}(ssh key)'
+                elif attr == 'token':
+                    secret_type = 'token'
+                    name = f'{username}(token)'
+                else:
+                    secret_type = attr
+                    name = username
+                auth_infos.append((name, secret_type, secret))
+
+            if not auth_infos:
+                auth_infos.append((username, 'password', ''))
+
+            for name, secret_type, secret in auth_infos:
+                account = account_model(**values, name=name, secret=secret, secret_type=secret_type)
+                accounts.append(account)
+
+        apps = perm.applications.all()
+        for app in apps:
+            for account in accounts:
+                setattr(account, 'asset_id', str(app.id))
+
+        account_model.objects.bulk_create(accounts, ignore_conflicts=True)
+
+        print("\t  - Progress ({}/{}), Create app accounts: {} using: {:.2f}s".format(
+            index, total, len(accounts), time.time() - start
+        ))
+
+
 class Migration(migrations.Migration):
     dependencies = [
         ('accounts', '0001_initial'),
@@ -83,5 +148,6 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
-        migrations.RunPython(migrate_accounts),
+        migrations.RunPython(migrate_asset_accounts),
+        migrations.RunPython(migrate_db_accounts),
     ]

apps/audits/handler.py

@@ -183,7 +183,7 @@ class OperatorLogHandler(metaclass=Singleton):
         return data
 
     def create_or_update_operate_log(
-            self, action, resource_type, resource=None,
+            self, action, resource_type, resource=None, resource_display=None,
             force=False, log_id=None, before=None, after=None,
             object_name=None
     ):
@@ -192,7 +192,9 @@ class OperatorLogHandler(metaclass=Singleton):
             return
 
         remote_addr = get_request_ip(current_request)
+        if resource_display is None:
             resource_display = self.get_resource_display(resource)
+        resource_id = resource.id if resource is not None else ''
         before, after = self.data_processing(before, after)
         if not force and not any([before, after]):
             # 前后都没变化，没必要生成日志，除非手动强制保存
@@ -200,9 +202,10 @@ class OperatorLogHandler(metaclass=Singleton):
 
         data = {
             'id': log_id, "user": str(user), 'action': action,
-            'resource_type': str(resource_type), 'resource': resource_display,
+            'resource_type': str(resource_type),
+            'resource_id': resource_id, 'resource': resource_display,
             'remote_addr': remote_addr, 'before': before, 'after': after,
-            'org_id': get_current_org_id(), 'resource_id': str(resource.id)
+            'org_id': get_current_org_id(),
         }
         data = self._activity_handle(data, object_name, resource=resource)
         with transaction.atomic():

apps/common/views/mixins.py

@@ -66,11 +66,11 @@ class RecordViewLogMixin:
 
     def list(self, request, *args, **kwargs):
         response = super().list(request, *args, **kwargs)
-        resource = self.get_resource_display(request)
+        resource_display = self.get_resource_display(request)
         resource_type = self.model._meta.verbose_name
         create_or_update_operate_log(
             self.ACTION, resource_type, force=True,
-            resource=resource
+            resource_display=resource_display
         )
         return response
 
@@ -78,7 +78,6 @@ class RecordViewLogMixin:
         response = super().retrieve(request, *args, **kwargs)
         resource_type = self.model._meta.verbose_name
         create_or_update_operate_log(
-            self.ACTION, resource_type, force=True,
+            self.ACTION, resource_type, force=True, resource=self.get_object()
-            resource=self.get_object()
         )
         return response

apps/locale/ja/LC_MESSAGES/django.mo

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:eb850ffd130e7cad2ea8c186f94a059c6a882dd1526f7a4c4a16d2fea2a1815b
+oid sha256:b3c3f8e65468adb0105f2cbcbb8aa3ed50066c9db439a9921932c6e2adcacec3
-size 119290
+size 119640

apps/locale/zh/LC_MESSAGES/django.mo

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4af8f2ead4a9d5aaf943efea76305d8cad1ff0692758d21a93937601c6f150fd
+oid sha256:0c3f5102d732ffe768f0545cf9271bbba45ba4c159f0a348b518b58cbdb5f20c
-size 105736
+size 105947