From 211a0abe9e3d3eb9ac8cfc49fe3f773affc00daa Mon Sep 17 00:00:00 2001 From: jiangweidong Date: Thu, 19 Jan 2023 09:57:58 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B5=8B=E8=AF=95=E5=8F=AF=E8=BF=9E?= =?UTF-8?q?=E6=8E=A5=E6=80=A7mongodb=E6=94=AF=E6=8C=81ssl?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../change_secret/database/mongodb/main.yml | 10 +++++++ .../verify_account/database/mongodb/main.yml | 5 ++++ .../gather_facts/database/mongodb/main.yml | 5 ++++ .../ping/database/mongodb/main.yml | 5 ++++ apps/ops/ansible/inventory.py | 26 +++++++++++++++++++ 5 files changed, 51 insertions(+) diff --git a/apps/accounts/automations/change_secret/database/mongodb/main.yml b/apps/accounts/automations/change_secret/database/mongodb/main.yml index 02a568e0b..7f0ae2c6e 100644 --- a/apps/accounts/automations/change_secret/database/mongodb/main.yml +++ b/apps/accounts/automations/change_secret/database/mongodb/main.yml @@ -11,6 +11,11 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_database: "{{ jms_asset.specific.db_name }}" + ssl: "{{ jms_asset.specific.use_ssl }}" + ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}" + ssl_certfile: "{{ jms_asset.specific.client_key }}" + connection_options: + - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}" register: db_info - name: Display MongoDB version @@ -38,6 +43,11 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_database: "{{ jms_asset.specific.db_name }}" + ssl: "{{ jms_asset.specific.use_ssl }}" + ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}" + ssl_certfile: "{{ jms_asset.specific.client_key }}" + connection_options: + - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}" when: - db_info is succeeded - change_info is succeeded diff --git a/apps/accounts/automations/verify_account/database/mongodb/main.yml b/apps/accounts/automations/verify_account/database/mongodb/main.yml index 1cf79b694..4467ead07 100644 --- a/apps/accounts/automations/verify_account/database/mongodb/main.yml +++ b/apps/accounts/automations/verify_account/database/mongodb/main.yml @@ -11,3 +11,8 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_database: "{{ jms_asset.specific.db_name }}" + ssl: "{{ jms_asset.specific.use_ssl }}" + ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}" + ssl_certfile: "{{ jms_asset.specific.client_key }}" + connection_options: + - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}" diff --git a/apps/assets/automations/gather_facts/database/mongodb/main.yml b/apps/assets/automations/gather_facts/database/mongodb/main.yml index 37ce8bbd3..c94c82cd1 100644 --- a/apps/assets/automations/gather_facts/database/mongodb/main.yml +++ b/apps/assets/automations/gather_facts/database/mongodb/main.yml @@ -11,6 +11,11 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_database: "{{ jms_asset.specific.db_name }}" + ssl: "{{ jms_asset.specific.use_ssl }}" + ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}" + ssl_certfile: "{{ jms_asset.specific.client_key }}" + connection_options: + - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}" register: db_info - name: Define info by set_fact diff --git a/apps/assets/automations/ping/database/mongodb/main.yml b/apps/assets/automations/ping/database/mongodb/main.yml index 867c51ace..c1e1ed496 100644 --- a/apps/assets/automations/ping/database/mongodb/main.yml +++ b/apps/assets/automations/ping/database/mongodb/main.yml @@ -11,3 +11,8 @@ login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_database: "{{ jms_asset.specific.db_name }}" + ssl: "{{ jms_asset.specific.use_ssl }}" + ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}" + ssl_certfile: "{{ jms_asset.specific.client_key }}" + connection_options: + - tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}" diff --git a/apps/ops/ansible/inventory.py b/apps/ops/ansible/inventory.py index e50a0801f..6b0e528a5 100644 --- a/apps/ops/ansible/inventory.py +++ b/apps/ops/ansible/inventory.py @@ -98,6 +98,30 @@ class JMSInventory: if gateway: host.update(self.make_proxy_command(gateway)) + @staticmethod + def write_cert_to_file(filename, content): + if not content: + return '' + with open(filename, 'w') as f: + f.write(content) + return filename + + def convert_cert_to_file(self, host, path_dir): + specific = host.get('jms_asset', {}).get('specific') + if not specific: + return host + + cert_dir = os.path.join(path_dir, 'certs') + if not os.path.exists(cert_dir): + os.makedirs(cert_dir, 0o700, True) + + for i in ('ca_cert', 'client_key', 'client_cert'): + result = self.write_cert_to_file( + os.path.join(cert_dir, i), specific.get(i) + ) + host['jms_asset']['specific'][i] = result + return host + def asset_to_host(self, asset, account, automation, protocols, platform): host = { 'name': '{}'.format(asset.name), @@ -178,6 +202,8 @@ class JMSInventory: if not automation.ansible_enabled: host['error'] = _('Ansible disabled') + else: + host = self.convert_cert_to_file(host, path_dir) if self.host_callback is not None: host = self.host_callback(