mirror of https://github.com/jumpserver/jumpserver
150 lines
5.7 KiB
Python
150 lines
5.7 KiB
Python
from copy import deepcopy
|
|
|
|
from accounts.const import AutomationTypes, SecretType, Connectivity
|
|
from assets.const import HostTypes
|
|
from common.utils import get_logger
|
|
from ..base.manager import AccountBasePlaybookManager
|
|
from ..change_secret.manager import ChangeSecretManager
|
|
|
|
logger = get_logger(__name__)
|
|
|
|
|
|
class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager):
|
|
ansible_account_prefer = ''
|
|
|
|
@classmethod
|
|
def method_type(cls):
|
|
return AutomationTypes.push_account
|
|
|
|
def host_callback(self, host, asset=None, account=None, automation=None, path_dir=None, **kwargs):
|
|
host = super(ChangeSecretManager, self).host_callback(
|
|
host, asset=asset, account=account, automation=automation,
|
|
path_dir=path_dir, **kwargs
|
|
)
|
|
if host.get('error'):
|
|
return host
|
|
|
|
accounts = self.get_accounts(account)
|
|
inventory_hosts = []
|
|
if asset.type == HostTypes.WINDOWS and self.secret_type == SecretType.SSH_KEY:
|
|
msg = f'Windows {asset} does not support ssh key push'
|
|
print(msg)
|
|
return inventory_hosts
|
|
|
|
host['ssh_params'] = {}
|
|
for account in accounts:
|
|
h = deepcopy(host)
|
|
secret_type = account.secret_type
|
|
h['name'] += '(' + account.username + ')'
|
|
if self.secret_type is None:
|
|
new_secret = account.secret
|
|
else:
|
|
new_secret = self.get_secret(secret_type)
|
|
|
|
self.name_recorder_mapper[h['name']] = {
|
|
'account': account, 'new_secret': new_secret,
|
|
}
|
|
|
|
private_key_path = None
|
|
if secret_type == SecretType.SSH_KEY:
|
|
private_key_path = self.generate_private_key_path(new_secret, path_dir)
|
|
new_secret = self.generate_public_key(new_secret)
|
|
|
|
h['ssh_params'].update(self.get_ssh_params(account, new_secret, secret_type))
|
|
h['account'] = {
|
|
'name': account.name,
|
|
'username': account.username,
|
|
'secret_type': secret_type,
|
|
'secret': new_secret,
|
|
'private_key_path': private_key_path
|
|
}
|
|
if asset.platform.type == 'oracle':
|
|
h['account']['mode'] = 'sysdba' if account.privileged else None
|
|
inventory_hosts.append(h)
|
|
return inventory_hosts
|
|
|
|
def on_host_success(self, host, result):
|
|
account_info = self.name_recorder_mapper.get(host)
|
|
if not account_info:
|
|
return
|
|
|
|
account = account_info['account']
|
|
new_secret = account_info['new_secret']
|
|
if not account:
|
|
return
|
|
account.secret = new_secret
|
|
account.save(update_fields=['secret'])
|
|
account.set_connectivity(Connectivity.OK)
|
|
|
|
def on_host_error(self, host, error, result):
|
|
pass
|
|
|
|
def on_runner_failed(self, runner, e):
|
|
logger.error("Pust account error: ", e)
|
|
|
|
def run(self, *args, **kwargs):
|
|
if self.secret_type and not self.check_secret():
|
|
return
|
|
super(ChangeSecretManager, self).run(*args, **kwargs)
|
|
|
|
# @classmethod
|
|
# def trigger_by_asset_create(cls, asset):
|
|
# automations = PushAccountAutomation.objects.filter(
|
|
# triggers__contains=TriggerChoice.on_asset_create
|
|
# )
|
|
# account_automation_map = {auto.username: auto for auto in automations}
|
|
#
|
|
# util = AssetPermissionUtil()
|
|
# permissions = util.get_permissions_for_assets([asset], with_node=True)
|
|
# account_permission_map = defaultdict(list)
|
|
# for permission in permissions:
|
|
# for account in permission.accounts:
|
|
# account_permission_map[account].append(permission)
|
|
#
|
|
# username_automation_map = {}
|
|
# for username, automation in account_automation_map.items():
|
|
# if username != '@USER':
|
|
# username_automation_map[username] = automation
|
|
# continue
|
|
#
|
|
# asset_permissions = account_permission_map.get(username)
|
|
# if not asset_permissions:
|
|
# continue
|
|
# asset_permissions = util.get_permissions([p.id for p in asset_permissions])
|
|
# usernames = asset_permissions.values_list('users__username', flat=True).distinct()
|
|
# for _username in usernames:
|
|
# username_automation_map[_username] = automation
|
|
#
|
|
# asset_usernames_exists = asset.accounts.values_list('username', flat=True)
|
|
# accounts_to_create = []
|
|
# accounts_to_push = []
|
|
# for username, automation in username_automation_map.items():
|
|
# if username in asset_usernames_exists:
|
|
# continue
|
|
#
|
|
# if automation.secret_strategy != SecretStrategy.custom:
|
|
# secret_generator = SecretGenerator(
|
|
# automation.secret_strategy, automation.secret_type,
|
|
# automation.password_rules
|
|
# )
|
|
# secret = secret_generator.get_secret()
|
|
# else:
|
|
# secret = automation.secret
|
|
#
|
|
# account = Account(
|
|
# username=username, secret=secret,
|
|
# asset=asset, secret_type=automation.secret_type,
|
|
# comment='Create by account creation {}'.format(automation.name),
|
|
# )
|
|
# accounts_to_create.append(account)
|
|
# if automation.action == 'create_and_push':
|
|
# accounts_to_push.append(account)
|
|
# else:
|
|
# accounts_to_create.append(account)
|
|
#
|
|
# logger.debug(f'Create account {account} for asset {asset}')
|
|
|
|
# @classmethod
|
|
# def trigger_by_permission_accounts_change(cls):
|
|
# pass
|