From ec847d3ecb3ee611f70f5a4544edfefea35027cd Mon Sep 17 00:00:00 2001
From: feng626 <57284900+feng626@users.noreply.github.com>
Date: Mon, 8 May 2023 14:28:23 +0800
Subject: [PATCH] Fix v2.28.7 ssh key (#10399)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: Update v2.28.7

* fix: 修复旧 ssh 私钥，解析失败的问题

* perf: 解决历史版本中因保存密码，造成 ssh 私钥解析失败问题

* fix: 动态用户可执行批量任务

---------

Co-authored-by: fit2bot <fit2bot@fit2cloud.com>
Co-authored-by: Eric <xplzv@126.com>
---
 apps/assets/models/base.py | 10 ++++++----
 apps/ops/inventory.py      |  7 +++++--
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/apps/assets/models/base.py b/apps/assets/models/base.py
index 9ebb96f0e..c49eb5bc4 100644
--- a/apps/assets/models/base.py
+++ b/apps/assets/models/base.py
@@ -89,8 +89,7 @@ class AuthMixin:
     def private_key_file(self):
         if not self.private_key:
             return None
-        private_key_str = parse_ssh_private_key_str(self.private_key,
-                                                    password=self.password)
+        private_key_str = self.get_private_key()
         if not private_key_str:
             return None
         project_dir = settings.PROJECT_DIR
@@ -106,8 +105,11 @@ class AuthMixin:
     def get_private_key(self):
         if not self.private_key:
             return None
-        return parse_ssh_private_key_str(self.private_key,
-                                         password=self.password)
+        private_key_str = parse_ssh_private_key_str(self.private_key, password=self.password)
+        if not private_key_str and self.password:
+            # 由于历史原因，密码可能是真实的密码，而非私钥的 passphrase，所以这里再尝试一次
+            private_key_str = parse_ssh_private_key_str(self.private_key)
+        return private_key_str
 
     @property
     def public_key_obj(self):
diff --git a/apps/ops/inventory.py b/apps/ops/inventory.py
index 9ad69b9ac..38013df66 100644
--- a/apps/ops/inventory.py
+++ b/apps/ops/inventory.py
@@ -2,9 +2,9 @@
 #
 
 from django.conf import settings
-from .ansible.inventory import BaseInventory
 
 from common.utils import get_logger
+from .ansible.inventory import BaseInventory
 
 __all__ = [
     'JMSInventory', 'JMSCustomInventory',
@@ -110,7 +110,10 @@ class JMSInventory(JMSBaseInventory):
 
         if self.system_user:
             self.system_user.load_asset_special_auth(asset=asset, username=self.run_as)
-            return self.system_user._to_secret_json()
+            info = self.system_user._to_secret_json()
+            if self.run_as:
+                info['username'] = self.run_as
+            return info
         else:
             return {}