diff --git a/apps/accounts/automations/change_secret/host/aix/main.yml b/apps/accounts/automations/change_secret/host/aix/main.yml index afb7b0443..c61029d74 100644 --- a/apps/accounts/automations/change_secret/host/aix/main.yml +++ b/apps/accounts/automations/change_secret/host/aix/main.yml @@ -14,27 +14,15 @@ - name: "Add {{ account.username }} user" ansible.builtin.user: name: "{{ account.username }}" - shell: "{{ params.shell }}" - home: "{{ params.home | default('/home/' + account.username, true) }}" - groups: "{{ params.groups }}" + uid: "{{ params.uid | int if params.uid | length > 0 else omit }}" + shell: "{{ params.shell if params.shell | length > 0 else omit }}" + home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}" + groups: "{{ params.groups if params.groups | length > 0 else omit }}" + append: yes expires: -1 state: present when: user_info.failed - - name: "Add {{ account.username }} group" - ansible.builtin.group: - name: "{{ account.username }}" - state: present - when: user_info.failed - - - name: "Add {{ account.username }} user to group" - ansible.builtin.user: - name: "{{ account.username }}" - groups: "{{ params.groups }}" - when: - - user_info.failed - - params.groups - - name: "Set {{ account.username }} sudo setting" ansible.builtin.lineinfile: dest: /etc/sudoers @@ -54,14 +42,40 @@ ignore_errors: true when: account.secret_type == "password" - - name: remove jumpserver ssh key + - name: "Get home directory for {{ account.username }}" + ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6" + register: home_dir + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Check if home directory exists for {{ account.username }}" + ansible.builtin.stat: + path: "{{ home_dir.stdout.strip() }}" + register: home_dir_stat + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Ensure {{ account.username }} home directory exists" + ansible.builtin.file: + path: "{{ home_dir.stdout.strip() }}" + state: directory + owner: "{{ account.username }}" + group: "{{ account.username }}" + mode: '0750' + when: + - account.secret_type == "ssh_key" + - home_dir_stat.stat.exists == false + ignore_errors: yes + + - name: Remove jumpserver ssh key ansible.builtin.lineinfile: - dest: "{{ ssh_params.dest }}" + dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys" regexp: "{{ ssh_params.regexp }}" state: absent when: - account.secret_type == "ssh_key" - ssh_params.strategy == "set_jms" + ignore_errors: yes - name: "Change {{ account.username }} SSH key" ansible.builtin.authorized_key: diff --git a/apps/accounts/automations/change_secret/host/aix/manifest.yml b/apps/accounts/automations/change_secret/host/aix/manifest.yml index 145a4bf26..0d9e6e83a 100644 --- a/apps/accounts/automations/change_secret/host/aix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/aix/manifest.yml @@ -34,6 +34,12 @@ params: default: '' help_text: "{{ 'Params groups help text' | trans }}" + - name: uid + type: str + label: "{{ 'Params uid label' | trans }}" + default: '' + help_text: "{{ 'Params uid help text' | trans }}" + i18n: AIX account change secret: zh: '使用 Ansible 模块 user 执行账号改密 (DES)' @@ -60,6 +66,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Params uid help text: + zh: '请输入用户ID' + ja: 'ユーザーIDを入力してください' + en: 'Please enter the user ID' + Modify sudo label: zh: '修改 sudo 权限' ja: 'sudo 権限を変更' @@ -75,3 +86,7 @@ i18n: ja: 'グループ' en: 'Groups' + Params uid label: + zh: '用户ID' + ja: 'ユーザーID' + en: 'User ID' diff --git a/apps/accounts/automations/change_secret/host/posix/main.yml b/apps/accounts/automations/change_secret/host/posix/main.yml index e58e8422e..e36ecdd33 100644 --- a/apps/accounts/automations/change_secret/host/posix/main.yml +++ b/apps/accounts/automations/change_secret/host/posix/main.yml @@ -14,27 +14,15 @@ - name: "Add {{ account.username }} user" ansible.builtin.user: name: "{{ account.username }}" - shell: "{{ params.shell }}" - home: "{{ params.home | default('/home/' + account.username, true) }}" - groups: "{{ params.groups }}" + uid: "{{ params.uid | int if params.uid | length > 0 else omit }}" + shell: "{{ params.shell if params.shell | length > 0 else omit }}" + home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}" + groups: "{{ params.groups if params.groups | length > 0 else omit }}" + append: yes expires: -1 state: present when: user_info.failed - - name: "Add {{ account.username }} group" - ansible.builtin.group: - name: "{{ account.username }}" - state: present - when: user_info.failed - - - name: "Add {{ account.username }} user to group" - ansible.builtin.user: - name: "{{ account.username }}" - groups: "{{ params.groups }}" - when: - - user_info.failed - - params.groups - - name: "Set {{ account.username }} sudo setting" ansible.builtin.lineinfile: dest: /etc/sudoers @@ -54,14 +42,40 @@ ignore_errors: true when: account.secret_type == "password" - - name: remove jumpserver ssh key + - name: "Get home directory for {{ account.username }}" + ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6" + register: home_dir + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Check if home directory exists for {{ account.username }}" + ansible.builtin.stat: + path: "{{ home_dir.stdout.strip() }}" + register: home_dir_stat + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Ensure {{ account.username }} home directory exists" + ansible.builtin.file: + path: "{{ home_dir.stdout.strip() }}" + state: directory + owner: "{{ account.username }}" + group: "{{ account.username }}" + mode: '0750' + when: + - account.secret_type == "ssh_key" + - home_dir_stat.stat.exists == false + ignore_errors: yes + + - name: Remove jumpserver ssh key ansible.builtin.lineinfile: - dest: "{{ ssh_params.dest }}" + dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys" regexp: "{{ ssh_params.regexp }}" state: absent when: - account.secret_type == "ssh_key" - ssh_params.strategy == "set_jms" + ignore_errors: yes - name: "Change {{ account.username }} SSH key" ansible.builtin.authorized_key: diff --git a/apps/accounts/automations/change_secret/host/posix/manifest.yml b/apps/accounts/automations/change_secret/host/posix/manifest.yml index 9ab86cdb9..618f509b8 100644 --- a/apps/accounts/automations/change_secret/host/posix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/posix/manifest.yml @@ -36,6 +36,12 @@ params: default: '' help_text: "{{ 'Params groups help text' | trans }}" + - name: uid + type: str + label: "{{ 'Params uid label' | trans }}" + default: '' + help_text: "{{ 'Params uid help text' | trans }}" + i18n: Posix account change secret: zh: '使用 Ansible 模块 user 执行账号改密 (SHA512)' @@ -62,6 +68,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Params uid help text: + zh: '请输入用户ID' + ja: 'ユーザーIDを入力してください' + en: 'Please enter the user ID' + Modify sudo label: zh: '修改 sudo 权限' ja: 'sudo 権限を変更' @@ -77,3 +88,7 @@ i18n: ja: 'グループ' en: 'Groups' + Params uid label: + zh: '用户ID' + ja: 'ユーザーID' + en: 'User ID' diff --git a/apps/accounts/automations/change_secret/manager.py b/apps/accounts/automations/change_secret/manager.py index 024282d82..0b56cc5c7 100644 --- a/apps/accounts/automations/change_secret/manager.py +++ b/apps/accounts/automations/change_secret/manager.py @@ -50,9 +50,6 @@ class ChangeSecretManager(AccountBasePlaybookManager): kwargs['exclusive'] = 'yes' if kwargs['strategy'] == SSHKeyStrategy.set else 'no' if kwargs['strategy'] == SSHKeyStrategy.set_jms: - username = account.username - path = f'/{username}' if username == "root" else f'/home/{username}' - kwargs['dest'] = f'{path}/.ssh/authorized_keys' kwargs['regexp'] = '.*{}$'.format(secret.split()[2].strip()) return kwargs @@ -130,6 +127,7 @@ class ChangeSecretManager(AccountBasePlaybookManager): recorder = ChangeSecretRecord( asset=asset, account=account, execution=self.execution, old_secret=account.secret, new_secret=new_secret, + comment=f'{account.username}@{asset.address}' ) records.append(recorder) else: diff --git a/apps/accounts/automations/push_account/host/aix/main.yml b/apps/accounts/automations/push_account/host/aix/main.yml index fd33c5f8c..8e451fb83 100644 --- a/apps/accounts/automations/push_account/host/aix/main.yml +++ b/apps/accounts/automations/push_account/host/aix/main.yml @@ -14,27 +14,15 @@ - name: "Add {{ account.username }} user" ansible.builtin.user: name: "{{ account.username }}" - shell: "{{ params.shell }}" - home: "{{ params.home | default('/home/' + account.username, true) }}" - groups: "{{ params.groups }}" + uid: "{{ params.uid | int if params.uid | length > 0 else omit }}" + shell: "{{ params.shell if params.shell | length > 0 else omit }}" + home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}" + groups: "{{ params.groups if params.groups | length > 0 else omit }}" + append: yes expires: -1 state: present when: user_info.failed - - name: "Add {{ account.username }} group" - ansible.builtin.group: - name: "{{ account.username }}" - state: present - when: user_info.failed - - - name: "Add {{ account.username }} user to group" - ansible.builtin.user: - name: "{{ account.username }}" - groups: "{{ params.groups }}" - when: - - user_info.failed - - params.groups - - name: "Set {{ account.username }} sudo setting" ansible.builtin.lineinfile: dest: /etc/sudoers @@ -54,14 +42,40 @@ ignore_errors: true when: account.secret_type == "password" - - name: remove jumpserver ssh key + - name: "Get home directory for {{ account.username }}" + ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6" + register: home_dir + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Check if home directory exists for {{ account.username }}" + ansible.builtin.stat: + path: "{{ home_dir.stdout.strip() }}" + register: home_dir_stat + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Ensure {{ account.username }} home directory exists" + ansible.builtin.file: + path: "{{ home_dir.stdout.strip() }}" + state: directory + owner: "{{ account.username }}" + group: "{{ account.username }}" + mode: '0750' + when: + - account.secret_type == "ssh_key" + - home_dir_stat.stat.exists == false + ignore_errors: yes + + - name: Remove jumpserver ssh key ansible.builtin.lineinfile: - dest: "{{ ssh_params.dest }}" + dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys" regexp: "{{ ssh_params.regexp }}" state: absent when: - account.secret_type == "ssh_key" - ssh_params.strategy == "set_jms" + ignore_errors: yes - name: "Change {{ account.username }} SSH key" ansible.builtin.authorized_key: diff --git a/apps/accounts/automations/push_account/host/aix/manifest.yml b/apps/accounts/automations/push_account/host/aix/manifest.yml index f00a7435d..d4ba0924c 100644 --- a/apps/accounts/automations/push_account/host/aix/manifest.yml +++ b/apps/accounts/automations/push_account/host/aix/manifest.yml @@ -34,6 +34,12 @@ params: default: '' help_text: "{{ 'Params groups help text' | trans }}" + - name: uid + type: str + label: "{{ 'Params uid label' | trans }}" + default: '' + help_text: "{{ 'Params uid help text' | trans }}" + i18n: Aix account push: zh: '使用 Ansible 模块 user 执行 Aix 账号推送 (DES)' @@ -60,6 +66,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Params uid help text: + zh: '请输入用户ID' + ja: 'ユーザーIDを入力してください' + en: 'Please enter the user ID' + Modify sudo label: zh: '修改 sudo 权限' ja: 'sudo 権限を変更' @@ -75,3 +86,7 @@ i18n: ja: 'グループ' en: 'Groups' + Params uid label: + zh: '用户ID' + ja: 'ユーザーID' + en: 'User ID' diff --git a/apps/accounts/automations/push_account/host/posix/main.yml b/apps/accounts/automations/push_account/host/posix/main.yml index 83aa34206..537256a3d 100644 --- a/apps/accounts/automations/push_account/host/posix/main.yml +++ b/apps/accounts/automations/push_account/host/posix/main.yml @@ -14,27 +14,15 @@ - name: "Add {{ account.username }} user" ansible.builtin.user: name: "{{ account.username }}" - shell: "{{ params.shell }}" - home: "{{ params.home | default('/home/' + account.username, true) }}" - groups: "{{ params.groups }}" + uid: "{{ params.uid | int if params.uid | length > 0 else omit }}" + shell: "{{ params.shell if params.shell | length > 0 else omit }}" + home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}" + groups: "{{ params.groups if params.groups | length > 0 else omit }}" + append: yes expires: -1 state: present when: user_info.failed - - name: "Add {{ account.username }} group" - ansible.builtin.group: - name: "{{ account.username }}" - state: present - when: user_info.failed - - - name: "Add {{ account.username }} user to group" - ansible.builtin.user: - name: "{{ account.username }}" - groups: "{{ params.groups }}" - when: - - user_info.failed - - params.groups - - name: "Set {{ account.username }} sudo setting" ansible.builtin.lineinfile: dest: /etc/sudoers @@ -54,14 +42,40 @@ ignore_errors: true when: account.secret_type == "password" - - name: remove jumpserver ssh key + - name: "Get home directory for {{ account.username }}" + ansible.builtin.shell: "getent passwd {{ account.username }} | cut -d: -f6" + register: home_dir + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Check if home directory exists for {{ account.username }}" + ansible.builtin.stat: + path: "{{ home_dir.stdout.strip() }}" + register: home_dir_stat + when: account.secret_type == "ssh_key" + ignore_errors: yes + + - name: "Ensure {{ account.username }} home directory exists" + ansible.builtin.file: + path: "{{ home_dir.stdout.strip() }}" + state: directory + owner: "{{ account.username }}" + group: "{{ account.username }}" + mode: '0750' + when: + - account.secret_type == "ssh_key" + - home_dir_stat.stat.exists == false + ignore_errors: yes + + - name: Remove jumpserver ssh key ansible.builtin.lineinfile: - dest: "{{ ssh_params.dest }}" + dest: "{{ home_dir.stdout.strip() }}/.ssh/authorized_keys" regexp: "{{ ssh_params.regexp }}" state: absent when: - account.secret_type == "ssh_key" - ssh_params.strategy == "set_jms" + ignore_errors: yes - name: "Change {{ account.username }} SSH key" ansible.builtin.authorized_key: diff --git a/apps/accounts/automations/push_account/host/posix/manifest.yml b/apps/accounts/automations/push_account/host/posix/manifest.yml index 86342b48a..9db17bd28 100644 --- a/apps/accounts/automations/push_account/host/posix/manifest.yml +++ b/apps/accounts/automations/push_account/host/posix/manifest.yml @@ -36,6 +36,12 @@ params: default: '' help_text: "{{ 'Params groups help text' | trans }}" + - name: uid + type: str + label: "{{ 'Params uid label' | trans }}" + default: '' + help_text: "{{ 'Params uid help text' | trans }}" + i18n: Posix account push: zh: '使用 Ansible 模块 user 执行账号推送 (sha512)' @@ -62,6 +68,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Params uid help text: + zh: '请输入用户ID' + ja: 'ユーザーIDを入力してください' + en: 'Please enter the user ID' + Modify sudo label: zh: '修改 sudo 权限' ja: 'sudo 権限を変更' @@ -75,4 +86,9 @@ i18n: Params groups label: zh: '用户组' ja: 'グループ' - en: 'Groups' \ No newline at end of file + en: 'Groups' + + Params uid label: + zh: '用户ID' + ja: 'ユーザーID' + en: 'User ID' \ No newline at end of file diff --git a/apps/accounts/migrations/0004_alter_changesecretrecord_account_and_more.py b/apps/accounts/migrations/0004_alter_changesecretrecord_account_and_more.py new file mode 100644 index 000000000..c2df97445 --- /dev/null +++ b/apps/accounts/migrations/0004_alter_changesecretrecord_account_and_more.py @@ -0,0 +1,30 @@ +# Generated by Django 4.1.13 on 2024-08-26 09:05 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('assets', '0005_myasset'), + ('accounts', '0003_automation'), + ] + + operations = [ + migrations.AlterField( + model_name='changesecretrecord', + name='account', + field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='accounts.account'), + ), + migrations.AlterField( + model_name='changesecretrecord', + name='asset', + field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='assets.asset'), + ), + migrations.AlterField( + model_name='changesecretrecord', + name='execution', + field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='accounts.automationexecution'), + ), + ] diff --git a/apps/accounts/models/automations/change_secret.py b/apps/accounts/models/automations/change_secret.py index 48c0a45e1..6d1c22715 100644 --- a/apps/accounts/models/automations/change_secret.py +++ b/apps/accounts/models/automations/change_secret.py @@ -33,16 +33,15 @@ class ChangeSecretAutomation(ChangeSecretMixin, AccountBaseAutomation): class ChangeSecretRecord(JMSBaseModel): - execution = models.ForeignKey('accounts.AutomationExecution', on_delete=models.CASCADE) - asset = models.ForeignKey('assets.Asset', on_delete=models.CASCADE, null=True) - account = models.ForeignKey('accounts.Account', on_delete=models.CASCADE, null=True) + execution = models.ForeignKey('accounts.AutomationExecution', on_delete=models.SET_NULL, null=True) + asset = models.ForeignKey('assets.Asset', on_delete=models.SET_NULL, null=True) + account = models.ForeignKey('accounts.Account', on_delete=models.SET_NULL, null=True) old_secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('Old secret')) new_secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('New secret')) date_started = models.DateTimeField(blank=True, null=True, verbose_name=_('Date started')) date_finished = models.DateTimeField(blank=True, null=True, verbose_name=_('Date finished')) status = models.CharField( - max_length=16, verbose_name=_('Status'), - default=ChangeSecretRecordStatusChoice.pending.value + max_length=16, verbose_name=_('Status'), default=ChangeSecretRecordStatusChoice.pending.value ) error = models.TextField(blank=True, null=True, verbose_name=_('Error')) @@ -51,4 +50,4 @@ class ChangeSecretRecord(JMSBaseModel): verbose_name = _("Change secret record") def __str__(self): - return self.account.__str__() + return f'{self.account.username}@{self.asset}' diff --git a/apps/accounts/tasks/automation.py b/apps/accounts/tasks/automation.py index f691825ef..c4fe79285 100644 --- a/apps/accounts/tasks/automation.py +++ b/apps/accounts/tasks/automation.py @@ -1,9 +1,15 @@ +import datetime + from celery import shared_task +from django.db.models import Q +from django.utils import timezone from django.utils.translation import gettext_lazy as _, gettext_noop from accounts.const import AutomationTypes from accounts.tasks.common import quickstart_automation_by_snapshot -from common.utils import get_logger, get_object_or_none +from common.const.crontab import CRONTAB_AT_AM_THREE +from common.utils import get_logger, get_object_or_none, get_log_keep_day +from ops.celery.decorator import register_as_period_task from orgs.utils import tmp_to_org, tmp_to_root_org logger = get_logger(__file__) @@ -74,3 +80,24 @@ def execute_automation_record_task(record_ids, tp): } with tmp_to_org(record.execution.org_id): quickstart_automation_by_snapshot(task_name, tp, task_snapshot) + + +@shared_task( + verbose_name=_('Clean change secret and push record period'), + description=_('Clean change secret and push record period') +) +@register_as_period_task(crontab=CRONTAB_AT_AM_THREE) +def clean_change_secret_and_push_record_period(): + from accounts.models import ChangeSecretRecord + print('Start clean change secret and push record period') + with tmp_to_root_org(): + now = timezone.now() + days = get_log_keep_day('ACCOUNT_CHANGE_SECRET_RECORD_KEEP_DAYS') + expired_day = now - datetime.timedelta(days=days) + records = ChangeSecretRecord.objects.filter( + date_updated__lt=expired_day + ).filter( + Q(execution__isnull=True) | Q(asset__isnull=True) | Q(account__isnull=True) + ) + + records.delete() diff --git a/apps/assets/models/asset/common.py b/apps/assets/models/asset/common.py index 6f7df504d..7388f27a8 100644 --- a/apps/assets/models/asset/common.py +++ b/apps/assets/models/asset/common.py @@ -158,10 +158,16 @@ class Asset(NodesRelationMixin, LabeledMixin, AbsConnectivity, JSONFilterMixin, name = models.CharField(max_length=128, verbose_name=_('Name')) address = models.CharField(max_length=767, verbose_name=_('Address'), db_index=True) - platform = models.ForeignKey(Platform, on_delete=models.PROTECT, verbose_name=_("Platform"), related_name='assets') - domain = models.ForeignKey("assets.Domain", null=True, blank=True, related_name='assets', - verbose_name=_("Zone"), on_delete=models.SET_NULL) - nodes = models.ManyToManyField('assets.Node', default=default_node, related_name='assets', verbose_name=_("Nodes")) + platform = models.ForeignKey( + Platform, on_delete=models.PROTECT, verbose_name=_("Platform"), related_name='assets' + ) + domain = models.ForeignKey( + "assets.Domain", null=True, blank=True, related_name='assets', + verbose_name=_("Zone"), on_delete=models.SET_NULL + ) + nodes = models.ManyToManyField( + 'assets.Node', default=default_node, related_name='assets', verbose_name=_("Nodes") + ) is_active = models.BooleanField(default=True, verbose_name=_('Active')) gathered_info = models.JSONField(verbose_name=_('Gathered info'), default=dict, blank=True) # 资产的一些信息,如 硬件信息 custom_info = models.JSONField(verbose_name=_('Custom info'), default=dict) diff --git a/apps/common/const/crontab.py b/apps/common/const/crontab.py index e4de195eb..401f54eaa 100644 --- a/apps/common/const/crontab.py +++ b/apps/common/const/crontab.py @@ -1,5 +1,6 @@ CRONTAB_AT_AM_TWO = '0 2 * * *' +CRONTAB_AT_AM_THREE = '0 3 * * *' CRONTAB_AT_AM_TEN = '0 10 * * *' CRONTAB_AT_PM_TWO = '0 14 * * *' diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index 2642c1da0..c352f7739 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -607,6 +607,7 @@ class Config(dict): 'CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS': 180, 'JOB_EXECUTION_KEEP_DAYS': 180, 'PASSWORD_CHANGE_LOG_KEEP_DAYS': 999, + 'ACCOUNT_CHANGE_SECRET_RECORD_KEEP_DAYS': 180, 'TICKETS_ENABLED': True, 'TICKETS_DIRECT_APPROVE': False, diff --git a/apps/jumpserver/settings/custom.py b/apps/jumpserver/settings/custom.py index 821c209e1..9161e2252 100644 --- a/apps/jumpserver/settings/custom.py +++ b/apps/jumpserver/settings/custom.py @@ -128,6 +128,7 @@ ACTIVITY_LOG_KEEP_DAYS = CONFIG.ACTIVITY_LOG_KEEP_DAYS FTP_LOG_KEEP_DAYS = CONFIG.FTP_LOG_KEEP_DAYS CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS = CONFIG.CLOUD_SYNC_TASK_EXECUTION_KEEP_DAYS JOB_EXECUTION_KEEP_DAYS = CONFIG.JOB_EXECUTION_KEEP_DAYS +ACCOUNT_CHANGE_SECRET_RECORD_KEEP_DAYS = CONFIG.ACCOUNT_CHANGE_SECRET_RECORD_KEEP_DAYS ORG_CHANGE_TO_URL = CONFIG.ORG_CHANGE_TO_URL WINDOWS_SKIP_ALL_MANUAL_PASSWORD = CONFIG.WINDOWS_SKIP_ALL_MANUAL_PASSWORD diff --git a/apps/settings/serializers/cleaning.py b/apps/settings/serializers/cleaning.py index 888559dce..2cbba678f 100644 --- a/apps/settings/serializers/cleaning.py +++ b/apps/settings/serializers/cleaning.py @@ -47,3 +47,8 @@ class CleaningSerializer(serializers.Serializer): help_text=_( 'Session, record, command will be delete if more than duration, only in database, OSS will not be affected.') ) + + ACCOUNT_CHANGE_SECRET_RECORD_KEEP_DAYS = serializers.IntegerField( + min_value=MIN_VALUE, max_value=9999, + label=_("Change secret and push record retention days (day)"), + )