github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'pam' of github.com:jumpserver/jumpserver into pam

pull/14806/head
ibuler 2025-01-10 11:04:49 +08:00
parent a0563b8575 63aa14a973
commit f7d8e7952a
5 changed files with 79 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
apps/accounts/api/account/pam_dashboard.py
View File

@ -4,7 +4,11 @@ from django.db.models import Count, F, Q
from django.http.response import JsonResponse from django.http.response import JsonResponse
from rest_framework.views import APIView from rest_framework.views import APIView
from accounts.models import Account, RiskChoice from accounts.models import (
Account, RiskChoice, GatherAccountsAutomation,
PushAccountAutomation, BackupAccountAutomation,
AccountRisk, IntegrationApplication, ChangeSecretAutomation
)
from assets.const import AllTypes from assets.const import AllTypes
from common.utils.timezone import local_monday from common.utils.timezone import local_monday
@ -85,9 +89,39 @@ class PamDashboardApi(APIView):
data['total_long_time_change_password_accounts'] = Account.get_risks( data['total_long_time_change_password_accounts'] = Account.get_risks(
risk_type=RiskChoice.long_time_password).count() risk_type=RiskChoice.long_time_password).count()
if _all or query_params.get('total_count_type_to_accounts_amount'): if _all or query_params.get('total_count_type_to_accounts'):
data.update({ data.update({
'total_count_type_to_accounts_amount': self.get_type_to_accounts(), 'total_count_type_to_accounts': self.get_type_to_accounts(),
})
if _all or query_params.get('total_count_change_secret_automation'):
data.update({
'total_count_change_secret_automation': ChangeSecretAutomation.objects.count()
})
if _all or query_params.get('total_count_gathered_account_automation'):
data.update({
'total_count_gathered_account_automation': GatherAccountsAutomation.objects.count()
})
if _all or query_params.get('total_count_push_account_automation'):
data.update({
'total_count_push_account_automation': PushAccountAutomation.objects.count()
})
if _all or query_params.get('total_count_backup_account_automation'):
data.update({
'total_count_backup_account_automation': BackupAccountAutomation.objects.count()
})
if _all or query_params.get('total_count_risk_account'):
data.update({
'total_count_risk_account': AccountRisk.objects.count()
})
if _all or query_params.get('total_count_integration_application'):
data.update({
'total_count_integration_application': IntegrationApplication.objects.count()
}) })
return JsonResponse(data, status=200) return JsonResponse(data, status=200)

33
apps/accounts/api/automations/change_secret_dashboard.py
View File

@ -117,28 +117,26 @@ class ChangeSecretDashboardApi(APIView):
query_params = self.request.query_params query_params = self.request.query_params
data = {} data = {}
if query_params.get('total_count_change_secrets'): _all = query_params.get('all')
if _all or query_params.get('total_count_change_secrets'):
data['total_count_change_secrets'] = self.get_filtered_counts( data['total_count_change_secrets'] = self.get_filtered_counts(
self.change_secrets_queryset, 'date_updated' self.change_secrets_queryset, 'date_updated'
) )
if query_params.get('total_count_periodic_change_secrets'): if _all or query_params.get('total_count_periodic_change_secrets'):
data['total_count_periodic_change_secrets'] = self.get_filtered_counts( data['total_count_periodic_change_secrets'] = self.get_filtered_counts(
self.change_secrets_queryset.filter(is_periodic=True), 'date_updated' self.change_secrets_queryset.filter(is_periodic=True), 'date_updated'
) )
if query_params.get('total_count_change_secret_assets'): if _all or query_params.get('total_count_change_secret_assets'):
data['total_count_change_secret_assets'] = self.get_change_secret_asset_queryset().count() data['total_count_change_secret_assets'] = self.get_change_secret_asset_queryset().count()
if query_params.get('total_count_change_secret_status'): if _all or query_params.get('total_count_change_secret_status'):
records = self.get_queryset_date_filter(self.change_secret_records_queryset, 'date_finished') records = self.get_queryset_date_filter(self.change_secret_records_queryset, 'date_finished')
data.update(self.get_status_counts(records)) data.update(self.get_status_counts(records))
if query_params.get('total_count_change_secret_status'): if _all or query_params.get('daily_success_and_failure_metrics'):
records = self.get_queryset_date_filter(self.change_secret_records_queryset, 'date_finished')
data.update(self.get_status_counts(records))
if query_params.get('daily_success_and_failure_metrics'):
success, failed = self.get_daily_success_and_failure_metrics() success, failed = self.get_daily_success_and_failure_metrics()
data.update({ data.update({
'dates_metrics_date': [date.strftime('%m-%d') for date in self.date_range_list] or ['0'], 'dates_metrics_date': [date.strftime('%m-%d') for date in self.date_range_list] or ['0'],
@ -146,17 +144,18 @@ class ChangeSecretDashboardApi(APIView):
'dates_metrics_total_count_failed': failed, 'dates_metrics_total_count_failed': failed,
}) })
if query_params.get('total_count_ongoing_change_secret'): if _all or query_params.get('total_count_ongoing_change_secret'):
execution_ids = [] execution_ids = []
inspect = app.control.inspect() inspect = app.control.inspect()
active_tasks = inspect.active() active_tasks = inspect.active()
for tasks in active_tasks.values(): if active_tasks:
for task in tasks: for tasks in active_tasks.values():
_id = task.get('id') for task in tasks:
name = task.get('name') _id = task.get('id')
tp = task.kwargs.get('tp') name = task.get('name')
if name == self.task_name and tp == self.tp: tp = task.kwargs.get('tp')
execution_ids.append(_id) if name == self.task_name and tp == self.tp:
execution_ids.append(_id)
snapshots = self.change_secret_executions_queryset.filter( snapshots = self.change_secret_executions_queryset.filter(
id__in=execution_ids).values_list('id', 'snapshot') id__in=execution_ids).values_list('id', 'snapshot')

3
apps/accounts/automations/gather_account/manager.py
View File

@ -345,7 +345,8 @@ class GatherAccountsManager(AccountBasePlaybookManager):
for k in diff: for k in diff:
if k not in common_risk_items: if k not in common_risk_items:
continue continue
setattr(ori_account, k, d[k]) v = d.get(k)
setattr(ori_account, k, v)
return ori_account return ori_account
def do_run(self, *args, **kwargs): def do_run(self, *args, **kwargs):

23
apps/accounts/migrations/0025_alter_accountrisk_risk_and_more.py Normal file
View File

@ -0,0 +1,23 @@
# Generated by Django 4.1.13 on 2025-01-09 11:09
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('accounts', '0024_remove_changesecretrecord_date_started_and_more'),
]
operations = [
migrations.AlterField(
model_name='accountrisk',
name='risk',
field=models.CharField(choices=[('long_time_no_login', 'Long time no login'), ('new_found', 'New found'), ('groups_changed', 'Groups change'), ('sudoers_changed', 'Sudo changed'), ('authorized_keys_changed', 'Authorized keys changed'), ('account_deleted', 'Account delete'), ('password_expired', 'Password expired'), ('long_time_password', 'Long time no change'), ('weak_password', 'Weak password'), ('leaked_password', 'Leaked password'), ('repeated_password', 'Repeated password'), ('password_error', 'Password error'), ('no_admin_account', 'No admin account'), ('others', 'Others')], max_length=128, verbose_name='Risk'),
),
migrations.AlterField(
model_name='gatheredaccount',
name='address_last_login',
field=models.CharField(default='', max_length=39, null=True, verbose_name='Address login'),
),
]

2
apps/accounts/models/automations/gather_account.py
View File

@ -15,7 +15,7 @@ __all__ = ['GatherAccountsAutomation', 'GatheredAccount']
class GatheredAccount(JMSOrgBaseModel): class GatheredAccount(JMSOrgBaseModel):
asset = models.ForeignKey('assets.Asset', on_delete=models.CASCADE, verbose_name=_("Asset")) asset = models.ForeignKey('assets.Asset', on_delete=models.CASCADE, verbose_name=_("Asset"))
username = models.CharField(max_length=32, blank=True, db_index=True, verbose_name=_('Username')) username = models.CharField(max_length=32, blank=True, db_index=True, verbose_name=_('Username'))
address_last_login = models.CharField(max_length=39, default='', verbose_name=_("Address login")) address_last_login = models.CharField(null=True, max_length=39, default='', verbose_name=_("Address login"))
date_last_login = models.DateTimeField(null=True, verbose_name=_("Date login")) date_last_login = models.DateTimeField(null=True, verbose_name=_("Date login"))
remote_present = models.BooleanField(default=True, verbose_name=_("Remote present")) # 远端资产上是否还存在 remote_present = models.BooleanField(default=True, verbose_name=_("Remote present")) # 远端资产上是否还存在
present = models.BooleanField(default=False, verbose_name=_("Present")) # 系统资产上是否还存在 present = models.BooleanField(default=False, verbose_name=_("Present")) # 系统资产上是否还存在