mirror of https://github.com/jumpserver/jumpserver
perf: 优化批量命令告警问题
parent
02fc9a730b
commit
fa52e2bf5e
|
@ -396,29 +396,29 @@ class JobExecution(JMSOrgBaseModel):
|
|||
CommandExecutionAlert({
|
||||
"assets": self.current_job.assets.all(),
|
||||
"input": self.material,
|
||||
"risk_level": 5,
|
||||
"risk_level": RiskLevelChoices.reject,
|
||||
"user": self.creator,
|
||||
}).publish_async()
|
||||
raise Exception("command is rejected by ACL")
|
||||
elif acl.is_action(CommandFilterACL.ActionChoices.warning):
|
||||
user = self.creator
|
||||
command = {
|
||||
'input': self.material,
|
||||
'user': user.name,
|
||||
'_user_id': user.id,
|
||||
'user': self.creator.name,
|
||||
'asset': asset.name,
|
||||
'cmd_filter_acl': str(acl.id),
|
||||
'cmd_group': str(cg.id),
|
||||
'risk_level': RiskLevelChoices.warning,
|
||||
'org_id': self.org_id,
|
||||
'_user_id': self.creator.id,
|
||||
'_asset_id': asset.id,
|
||||
'_account': self.current_job.runas,
|
||||
'_cmd_filter_acl': acl,
|
||||
'_cmd_group': cg,
|
||||
'session': '',
|
||||
'_risk_level': RiskLevelChoices.warning.label,
|
||||
'org_id': self.org.id,
|
||||
'_org_name': self.org.name or self.org.id,
|
||||
'_org_name': self.org_name,
|
||||
}
|
||||
CommandWarningMessage(user, command).publish_async()
|
||||
for reviewer in acl.reviewers.all():
|
||||
CommandWarningMessage(reviewer, command).publish_async()
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def check_command_acl(self):
|
||||
|
|
|
@ -216,31 +216,29 @@ class InsecureCommandAlertAPI(generics.CreateAPIView):
|
|||
cmd_groups = CommandGroup.objects.filter(id__in=cmd_group_ids).only('id', 'name')
|
||||
cmd_group_mapper = {str(i.id): i for i in cmd_groups}
|
||||
|
||||
lang = request.stream.COOKIES.get('django_language', 'zh')
|
||||
with translation.override(lang):
|
||||
for command in commands:
|
||||
cmd_acl = acl_mapper.get(command['cmd_filter_acl'])
|
||||
command['_cmd_filter_acl'] = cmd_acl
|
||||
cmd_group = cmd_group_mapper.get(command['cmd_group'])
|
||||
command['_cmd_group'] = cmd_group
|
||||
session = session_mapper.get(command['session'])
|
||||
risk_level = command.get('risk_level')
|
||||
if session:
|
||||
command.update({
|
||||
'_user_id': session.user_id,
|
||||
'_asset_id': session.asset_id,
|
||||
'_account': session.account,
|
||||
'_account_id': session.account_id,
|
||||
'_org_name': session.org.name,
|
||||
'_risk_level': RiskLevelChoices.get_risk_level_str(risk_level),
|
||||
})
|
||||
for command in commands:
|
||||
cmd_acl = acl_mapper.get(command['cmd_filter_acl'])
|
||||
command['_cmd_filter_acl'] = cmd_acl
|
||||
cmd_group = cmd_group_mapper.get(command['cmd_group'])
|
||||
command['_cmd_group'] = cmd_group
|
||||
session = session_mapper.get(command['session'])
|
||||
risk_level = command.get('risk_level')
|
||||
|
||||
if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]:
|
||||
CommandAlertMessage(command).publish_async()
|
||||
elif risk_level in [RiskLevelChoices.warning]:
|
||||
for reviewer in cmd_acl.reviewers.all():
|
||||
CommandWarningMessage(reviewer, command).publish_async()
|
||||
else:
|
||||
logger.info(f'Risk level ignore: {risk_level}')
|
||||
if session:
|
||||
command.update({
|
||||
'_user_id': session.user_id,
|
||||
'_asset_id': session.asset_id,
|
||||
'_account': session.account,
|
||||
'_account_id': session.account_id,
|
||||
'_org_name': session.org.name,
|
||||
})
|
||||
|
||||
if risk_level in [RiskLevelChoices.reject, RiskLevelChoices.review_reject]:
|
||||
CommandAlertMessage(command).publish_async()
|
||||
elif risk_level in [RiskLevelChoices.warning]:
|
||||
for reviewer in cmd_acl.reviewers.all():
|
||||
CommandWarningMessage(reviewer, command).publish_async()
|
||||
else:
|
||||
logger.info(f'Risk level ignore: {RiskLevelChoices.get_label(risk_level)}({risk_level})')
|
||||
|
||||
return Response({'msg': 'ok'})
|
||||
|
|
|
@ -42,11 +42,6 @@ class AbstractSessionCommand(OrgModelMixin):
|
|||
else:
|
||||
return ''
|
||||
|
||||
@classmethod
|
||||
def get_risk_level_str(cls, risk_level):
|
||||
risk_mapper = dict(RiskLevelChoices.choices)
|
||||
return risk_mapper.get(risk_level)
|
||||
|
||||
def to_dict(self):
|
||||
d = {}
|
||||
for field in self._meta.fields:
|
||||
|
|
|
@ -14,9 +14,9 @@ class RiskLevelChoices(IntegerChoices):
|
|||
review_cancel = 8, _('Review & Cancel')
|
||||
|
||||
@classmethod
|
||||
def get_risk_level_str(cls, risk_level):
|
||||
risk_mapper = dict(cls.choices)
|
||||
return risk_mapper.get(risk_level)
|
||||
def get_label(cls, level):
|
||||
label = dict(cls.choices).get(level)
|
||||
return label
|
||||
|
||||
|
||||
class ReplayStorageType(TextChoices):
|
||||
|
|
|
@ -12,6 +12,7 @@ from notifications.models import SystemMsgSubscription
|
|||
from notifications.notifications import SystemMessage, UserMessage
|
||||
from terminal.models import Session, Command
|
||||
from users.models import User
|
||||
from terminal.const import RiskLevelChoices
|
||||
|
||||
logger = get_logger(__name__)
|
||||
|
||||
|
@ -86,8 +87,8 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage):
|
|||
account_id = command.get('_account_id', '')
|
||||
cmd_acl = command.get('_cmd_filter_acl')
|
||||
cmd_group = command.get('_cmd_group')
|
||||
session_id = command['session']
|
||||
risk_level = command['_risk_level']
|
||||
session_id = command.get('session', '')
|
||||
risk_level = command['risk_level']
|
||||
org_id = command['org_id']
|
||||
org_name = command.get('_org_name') or org_id
|
||||
|
||||
|
@ -137,7 +138,7 @@ class CommandWarningMessage(CommandAlertMixin, UserMessage):
|
|||
'cmd_group': cmd_group_name,
|
||||
'cmd_group_url': cmd_group_url,
|
||||
'session_url': session_url,
|
||||
'risk_level': risk_level,
|
||||
'risk_level': RiskLevelChoices.get_label(risk_level),
|
||||
'org': org_name,
|
||||
}
|
||||
|
||||
|
@ -174,7 +175,7 @@ class CommandAlertMessage(CommandAlertMixin, SystemMessage):
|
|||
session_detail_url = session_detail_url.replace(
|
||||
'/terminal/sessions/', '/audit/sessions/sessions/'
|
||||
)
|
||||
level = Command.get_risk_level_str(command['risk_level'])
|
||||
level = RiskLevelChoices.get_label(command['risk_level'])
|
||||
items = {
|
||||
_("Asset"): command['asset'],
|
||||
_("User"): command['user'],
|
||||
|
@ -223,7 +224,8 @@ class CommandExecutionAlert(CommandAlertMixin, SystemMessage):
|
|||
) + '?oid={}'.format(asset.org_id)
|
||||
assets_with_url.append([asset, url])
|
||||
|
||||
level = Command.get_risk_level_str(command['risk_level'])
|
||||
level = RiskLevelChoices.get_label(command['risk_level'])
|
||||
|
||||
items = {
|
||||
_("User"): command['user'],
|
||||
_("Level"): level,
|
||||
|
|
|
@ -1,100 +1,23 @@
|
|||
{% load i18n %}
|
||||
|
||||
<div>
|
||||
<!-- <table style="
|
||||
display: inline-block;
|
||||
margin: .6em 0;
|
||||
max-width: 100%;
|
||||
min-width: 60%;
|
||||
white-space: nowrap;">
|
||||
<thead>
|
||||
<tr style="
|
||||
text-align: left;
|
||||
text-transform: uppercase;
|
||||
background: rgb(249, 238, 181);
|
||||
border: 1px solid #d9d7ce;">
|
||||
<th style="
|
||||
padding: 0 .6em;">
|
||||
{% trans 'Item' %}
|
||||
</th>
|
||||
<th style="
|
||||
padding: 0 .6em;">
|
||||
{% trans 'Url' %}
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody style="
|
||||
background: #fbfbf9;
|
||||
border: 1px solid #d9d7ce;">
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'User' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<a href="{{ user_url }}" target="_blank">{{ user }}</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'Asset' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<a href="{{ asset_url }}" target="_blank">{{ asset }}</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'Account' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'Command' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<span>{{ command }}</span>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'Command acl' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<a href="{{ cmd_filter_acl_url }}" target="_blank">{{ cmd_filter_acl }}</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'Command acl group' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<a href="{{ cmd_group_url }}" target="_blank">{{ cmd_group }}</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'Session' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="padding: 0 .6em;">{% trans 'Organization' %}</td>
|
||||
<td style="white-space: normal; padding: 0 .6em;">
|
||||
<span>{{ org }}</span>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table> -->
|
||||
|
||||
|
||||
<b>{% trans 'User' %}:</b> <a href="{{ user_url }}" target="_blank">{{ user }}</a><br />
|
||||
<b>{% trans 'Asset' %}:</b> <a href="{{ asset_url }}" target="_blank">{{ asset }}</a><br />
|
||||
<b>{% trans 'Account' %}:</b>
|
||||
{% if account_url %}
|
||||
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
|
||||
{% else %}
|
||||
<span>{{ account }}</span>
|
||||
{% endif %}
|
||||
<b>{% trans 'Asset' %}: </b> <a href="{{ asset_url }}" target="_blank">{{ asset }}</a><br />
|
||||
<b>{% trans 'User' %}: </b> <a href="{{ user_url }}" target="_blank">{{ user }}</a><br />
|
||||
<b>{% trans 'Account' %}: </b>
|
||||
{% if account_url %}
|
||||
<a href="{{ account_url }}" target="_blank">{{ account }}</a>
|
||||
{% else %}
|
||||
<span>{{ account }}</span>
|
||||
{% endif %}
|
||||
<br />
|
||||
<b>{% trans 'Command' %}: </b><span>{{ command }}</span><br />
|
||||
<b>{% trans 'Risk level' %}: </b><span>{{ risk_level }}</span><br />
|
||||
<b>{% trans 'Command acl' %}:</b> <a href="{{ cmd_filter_acl_url }}" target="_blank">{{ user }}</a><br />
|
||||
<b>{% trans 'Command acl group' %}:</b> <a href="{{ cmd_group_url }}" target="_blank">{{ user }}</a><br />
|
||||
<b>{% trans 'Command acl' %}: </b> <a href="{{ cmd_filter_acl_url }}" target="_blank">{{ user }}</a><br />
|
||||
<b>{% trans 'Command acl group' %}: </b> <a href="{{ cmd_group_url }}" target="_blank">{{ user }}</a><br />
|
||||
{% if session_url %}
|
||||
<b>{% trans 'Session' %}:</b>
|
||||
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a><br />
|
||||
<b>{% trans 'Session' %}: </b>
|
||||
<a href="{{ session_url }}" target="_blank">{% trans 'View' %}</a><br />
|
||||
{% endif %}
|
||||
<b>{% trans 'Organization' %}:</b> <span>{{ org }}</span><br />
|
||||
<b>{% trans 'Organization' %}: </b> <span>{{ org }}</span><br />
|
||||
<b>{% trans 'Command' %}: </b><span>{{ command }}</span><br />
|
||||
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue