mirror of https://github.com/jumpserver/jumpserver
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
98 lines
4.2 KiB
98 lines
4.2 KiB
from django.db import models
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
from assets.const import Connectivity
|
|
from common.db.fields import TreeChoices
|
|
|
|
DEFAULT_PASSWORD_LENGTH = 30
|
|
DEFAULT_PASSWORD_RULES = {
|
|
'length': DEFAULT_PASSWORD_LENGTH,
|
|
'uppercase': True,
|
|
'lowercase': True,
|
|
'digit': True,
|
|
'symbol': True,
|
|
}
|
|
|
|
__all__ = [
|
|
'AutomationTypes', 'SecretStrategy', 'SSHKeyStrategy', 'Connectivity',
|
|
'DEFAULT_PASSWORD_LENGTH', 'DEFAULT_PASSWORD_RULES', 'TriggerChoice',
|
|
'PushAccountActionChoice',
|
|
]
|
|
|
|
|
|
class AutomationTypes(models.TextChoices):
|
|
push_account = 'push_account', _('Push account')
|
|
change_secret = 'change_secret', _('Change secret')
|
|
verify_account = 'verify_account', _('Verify account')
|
|
gather_accounts = 'gather_accounts', _('Gather accounts')
|
|
verify_gateway_account = 'verify_gateway_account', _('Verify gateway account')
|
|
|
|
@classmethod
|
|
def get_type_model(cls, tp):
|
|
from accounts.models import (
|
|
PushAccountAutomation, ChangeSecretAutomation,
|
|
VerifyAccountAutomation, GatherAccountsAutomation,
|
|
)
|
|
type_model_dict = {
|
|
cls.push_account: PushAccountAutomation,
|
|
cls.change_secret: ChangeSecretAutomation,
|
|
cls.verify_account: VerifyAccountAutomation,
|
|
cls.gather_accounts: GatherAccountsAutomation,
|
|
}
|
|
return type_model_dict.get(tp)
|
|
|
|
|
|
class SecretStrategy(models.TextChoices):
|
|
custom = 'specific', _('Specific secret')
|
|
random = 'random', _('Random generate')
|
|
|
|
|
|
class SSHKeyStrategy(models.TextChoices):
|
|
add = 'add', _('Append SSH KEY')
|
|
set = 'set', _('Empty and append SSH KEY')
|
|
set_jms = 'set_jms', _('Replace (Replace only keys pushed by JumpServer) ')
|
|
|
|
|
|
class TriggerChoice(models.TextChoices, TreeChoices):
|
|
# 当资产创建时,直接创建账号,如果是动态账号,需要从授权中查询该资产被授权过的用户,已用户用户名为账号,创建
|
|
on_asset_create = 'on_asset_create', _('On asset create')
|
|
# 授权变化包含,用户加入授权,用户组加入授权,资产加入授权,节点加入授权,账号变化
|
|
# 当添加用户到授权时,查询所有同名账号 automation, 把本授权上的用户 (用户组), 创建到本授权的资产(节点)上
|
|
on_perm_add_user = 'on_perm_add_user', _('On perm add user')
|
|
# 当添加用户组到授权时,查询所有同名账号 automation, 把本授权上的用户 (用户组), 创建到本授权的资产(节点)上
|
|
on_perm_add_user_group = 'on_perm_add_user_group', _('On perm add user group')
|
|
# 当添加资产到授权时,查询授权的所有账号 automation, 创建到本授权的资产上
|
|
on_perm_add_asset = 'on_perm_add_asset', _('On perm add asset')
|
|
# 当添加节点到授权时,查询授权的所有账号 automation, 创建到本授权的节点的资产上
|
|
on_perm_add_node = 'on_perm_add_node', _('On perm add node')
|
|
# 当授权的账号变化时,查询授权的所有账号 automation, 创建到本授权的资产(节点)上
|
|
on_perm_add_account = 'on_perm_add_account', _('On perm add account')
|
|
# 当资产添加到节点时,查询节点的授权规则,查询授权的所有账号 automation, 创建到本授权的资产(节点)上
|
|
on_asset_join_node = 'on_asset_join_node', _('On asset join node')
|
|
# 当用户加入到用户组时,查询用户组的授权规则,查询授权的所有账号 automation, 创建到本授权的资产(节点)上
|
|
on_user_join_group = 'on_user_join_group', _('On user join group')
|
|
|
|
@classmethod
|
|
def branches(cls):
|
|
# 和用户和用户组相关的都是动态账号
|
|
#
|
|
return [
|
|
cls.on_asset_create,
|
|
(_("On perm change"), [
|
|
cls.on_perm_add_user,
|
|
cls.on_perm_add_user_group,
|
|
cls.on_perm_add_asset,
|
|
cls.on_perm_add_node,
|
|
cls.on_perm_add_account,
|
|
]),
|
|
(_("Inherit from group or node"), [
|
|
cls.on_asset_join_node,
|
|
cls.on_user_join_group,
|
|
])
|
|
]
|
|
|
|
|
|
class PushAccountActionChoice(models.TextChoices):
|
|
create_and_push = 'create_and_push', _('Create and push')
|
|
only_create = 'only_create', _('Only create')
|