github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-06 01:40:52 +00:00
Code Issues Projects Releases Wiki Activity

merge: with pam (#14911)

Browse Source 
* perf: change i18n

* perf: pam

* perf: change translate

* perf: add check account

* perf: add date field

* perf: add account filter

* perf: remove some js

* perf: add account status action

* perf: update pam

* perf: 修改 discover account

* perf: update filter

* perf: update gathered account

* perf: 修改账号同步

* perf: squash migrations

* perf: update pam

* perf: change i18n

* perf: update account risk

* perf: 更新风险发现

* perf: remove css

* perf: Admin connection token

* perf: Add a switch to check connectivity after changing the password, and add a custom ssh command for push tasks

* perf: Modify account migration files

* perf: update pam

* perf: remove to check account dir

* perf: Admin connection token

* perf: update check account

* perf: 优化发送结果

* perf: update pam

* perf: update bulk update create

* perf: prepaire using thread timer for bulk_create_decorator

* perf: update bulk create decorator

* perf: 优化 playbook manager

* perf: 优化收集账号的报表

* perf: Update poetry

* perf: Update Dockerfile with new base image tag

* fix: Account migrate 0012 file

* perf: 修改备份

* perf: update pam

* fix: Expand resource_type filter to include raw type

* feat: PAM Service (#14552)

* feat: PAM Service

* perf: import package name

---------

Co-authored-by: jiangweidong <1053570670@qq.com>

* perf: Change secret dashboard (#14551)

Co-authored-by: feng <1304903146@qq.com>

* perf: update migrations

* perf: 修改支持 pam

* perf: Change secret record table dashboard

* perf: update status

* fix: Automation send report

* perf: Change secret report

* feat: windows accounts gather

* perf: update change status

* perf: Account backup

* perf: Account backup report

* perf: Account migrate

* perf: update service to application

* perf: update migrations

* perf: update logo

* feat: oracle accounts gather (#14571)

* feat: oracle accounts gather

* feat: sqlserver accounts gather

* feat: postgresql accounts gather

* feat: mysql accounts gather

---------

Co-authored-by: wangruidong <940853815@qq.com>

* feat: mongodb accounts gather

* perf: Change secret

* perf: Migrate

* perf: Merge conflicting migration files

* perf: Change secret

* perf: Automation filter org

* perf: Account push

* perf: Random secret string

* perf: Enhance SQL query and update risk handling in accounts

* perf: Ticket filter assignee_id

* perf: 修改 account remote

* perf: 修改一些 adhoc 任务

* perf: Change secret

* perf: Remove push account extra api

* perf: update status

* perf: The entire organization can view activity log

* fix: risk field check

* perf: add account details api

* perf: add demo mode

* perf: Delete gather_account

* perf: Perfect solution to account version problem

* perf: Update status action to handle multiple accounts

* perf: Add GatherAccountDetailField and update serializers

* perf: Display account history in combination with password change records

* perf: Lina translate

* fix: Update mysql_filter to handle nested user info

* perf: Admin connection token validate_permission account

* perf: copy move account

* perf: account filter risk

* perf: account risk filter

* perf: Copy move account failed message

* fix: gather account sync account to asset

* perf: Pam dashboard

* perf: Account dashboard total accounts

* perf: Pam dashboard

* perf: Change secret filter account secret_reset

* perf: 修改 risk filter

* perf: pam translate

* feat: Check for leaked duplicate passwords. (#14711)

* feat: Check for leaked duplicate passwords.

* perf: Use SQLite instead of txt as leak password database

---------

Co-authored-by: jiangweidong <1053570670@qq.com>
Co-authored-by: 老广 <ibuler@qq.com>

* perf: merge with remote

* perf: Add risk change_password_add handle

* perf: Pam dashboard

* perf: check account manager import

* perf: 重构扫描

* perf: 修改 db

* perf: Gather account manager

* perf: update change db lib

* perf: dashboard

* perf: Account gather

* perf: 修改 asset get queryset

* perf: automation report

* perf: Pam account

* perf: Pam dashboard api

* perf: risk add account

* perf: 修改 risk check

* perf: Risk account

* perf: update risk add reopen action

* perf: add pylintrc

* Revert "perf: automation report"

This reverts commit 22aee54207.

* perf: check account engine

* perf: Perf: Optimism Gather Report Style

* Perf: Remove unuser actions

* Perf: Perf push account

* perf: perf gather account

* perf: Automation report

* perf: Push account recorder

* perf: Push account record

* perf: Pam dashboard

* perf: perf

* perf: update intergration

* perf: integrations application detail add account tab page

* feat: Custom change password supports configuration of interactive items

* perf: Go and Python demo code

* perf: Custom secret change

* perf: add user filter

* perf: translate

* perf: Add demo code docs

* perf: update some i18n

* perf: update some i18n

* perf: Add Java, Node, Go, and cURL demo code

* perf: Translate

* perf: Change secret translate

* perf: Translate

* perf: update some i18n

* perf: translate

* perf: Ansible playbook

* perf: update some choice

* perf: update some choice

* perf: update account serializer remote unused code

* perf: conflict

* perf: update import

---------

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: feng <1304903146@qq.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: wangruidong <940853815@qq.com>
Co-authored-by: jiangweidong <1053570670@qq.com>
Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com>
Co-authored-by: zhaojisen <1301338853@qq.com>
This commit is contained in:
fit2bot
2025-02-21 16:39:57 +08:00
committed by GitHub
parent d516349a68
commit 3f4141ca0b
399 changed files with 14655 additions and 15063 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
apps/accounts/demos/python/README.en.md Normal file
View File

@@ -0,0 +1,42 @@
# Instructions
## 1. Introduction
This API provides the PAM asset account service, supports RESTful style calls, and returns data in JSON format.
## 2. Environment Requirements
- `Python 3.11+`
- `requests==2.31.0`
- `httpsig==1.3.0`
## 3. Usage
**Request Method**: `GET api/v1/accounts/integration-applications/account-secret/`
**Request Parameters**
| Parameter Name | Type | Required | Description |
|----------------|------|----------|-------------------|
| asset | str | Yes | Asset ID / Asset Name |
| account | str | Yes | Account ID / Account Name |
**Response Example**:
```json
{
"id": "72b0b0aa-ad82-4182-a631-ae4865e8ae0e",
"secret": "123456"
}
```
## Frequently Asked Questions (FAQ)
Q: How to obtain the API Key?
A: You can create an application in PAM - Application Management to generate KEY_ID and KEY_SECRET.
## Changelog
| Version | Changes | Date |
|---------|------------------------|------------|
| 1.0.0 | Initial version | 2025-02-11 |

42
apps/accounts/demos/python/README.ja.md Normal file
View File

@@ -0,0 +1,42 @@
# 使用方法
## 1. 概要
このAPIは、PAMの資産アカウントサービスの表示を提供し、RESTfulスタイルの呼び出しをサポートし、データはJSON形式で返されます。
## 2. 環境要件
- `Python 3.11+`
- `requests==2.31.0`
- `httpsig==1.3.0`
## 3. 使用方法
**リクエスト方法**: `GET api/v1/accounts/integration-applications/account-secret/`
**リクエストパラメータ**
| パラメータ名 | タイプ | 必須 | 説明 |
|-------------|-------|----|--------------|
| asset | str | はい | 資産ID / 資産名 |
| account | str | はい | アカウントID / アカウント名 |
**レスポンス例**:
```json
{
"id": "72b0b0aa-ad82-4182-a631-ae4865e8ae0e",
"secret": "123456"
}
```
## よくある質問FAQ
Q: APIキーはどのように取得しますか
A: PAM - アプリケーション管理でアプリケーションを作成し、KEY_IDとKEY_SECRETを生成できます。
## バージョン履歴Changelog
| バージョン | 変更内容 | 日付 |
| -------- | ----------------- |------------|
| 1.0.0 | 初期バージョン | 2025-02-11 |

42
apps/accounts/demos/python/README.zh-hans.md Normal file
View File

@@ -0,0 +1,42 @@
# 使用说明
## 1. 简介
本 API 提供了 PAM 查看资产账号服务,支持 RESTful 风格的调用,返回数据采用 JSON 格式。
## 2. 环境要求
- `Python 3.11+`
- `requests==2.31.0`
- `httpsig==1.3.0`
## 3. 使用方法
**请求方式**: `GET api/v1/accounts/integration-applications/account-secret/`
**请求参数**
| 参数名 | 类型 | 必填 | 说明 |
|------------|------|----|--------------|
| asset | str | 是 | 资产 ID / 资产名称 |
| account | str | 是 | 账号 ID / 账号名称 |
**响应示例**:
```json
{
"id": "72b0b0aa-ad82-4182-a631-ae4865e8ae0e",
"secret": "123456"
}
```
## 常见问题FAQ
Q: API Key 如何获取?
A: 你可以在 PAM - 应用管理 创建应用生成 KEY_ID 和 KEY_SECRET。
## 版本历史Changelog
| 版本号 | 变更内容 | 日期 |
| ----- | ----------------- |------------|
| 1.0.0 | 初始版本 | 2025-02-11 |

42
apps/accounts/demos/python/README.zh-hant.md Normal file
View File

@@ -0,0 +1,42 @@
# 使用說明
## 1. 簡介
本 API 提供了 PAM 查看資產賬號服務,支持 RESTful 風格的調用,返回數據採用 JSON 格式。
## 2. 環境要求
- `Python 3.11+`
- `requests==2.31.0`
- `httpsig==1.3.0`
## 3. 使用方法
**請求方式**: `GET api/v1/accounts/integration-applications/account-secret/`
**請求參數**
| 參數名 | 類型 | 必填 | 說明 |
|------------|------|----|--------------|
| asset | str | 是 | 資產 ID / 資產名稱 |
| account | str | 是 | 賬號 ID / 賬號名稱 |
**響應示例**:
```json
{
"id": "72b0b0aa-ad82-4182-a631-ae4865e8ae0e",
"secret": "123456"
}
```
## 常見問題FAQ
Q: API Key 如何獲取?
A: 你可以在 PAM - 應用管理 創建應用生成 KEY_ID 和 KEY_SECRET。
## 版本歷史Changelog
| 版本號 | 變更內容 | 日期 |
| ----- | ----------------- |------------|
| 1.0.0 | 初始版本 | 2025-02-11 |

44
apps/accounts/demos/python/demo.py Normal file
View File

@@ -0,0 +1,44 @@
# 示例调用
import requests
import os
from datetime import datetime
from httpsig.requests_auth import HTTPSignatureAuth
API_URL = os.getenv("API_URL", "http://127.0.0.1:8080")
KEY_ID = os.getenv("API_KEY_ID", "72b0b0aa-ad82-4182-a631-ae4865e8ae0e")
KEY_SECRET = os.getenv("API_KEY_SECRET", "6fuSO7P1m4cj8SSlgaYdblOjNAmnxDVD7tr8")
ORG_ID = os.getenv("ORG_ID", "00000000-0000-0000-0000-000000000002")
class APIClient:
def __init__(self):
self.session = requests.Session()
self.auth = HTTPSignatureAuth(
key_id=KEY_ID, secret=KEY_SECRET,
algorithm='hmac-sha256', headers=['(request-target)', 'accept', 'date', 'x-jms-org']
)
def get_account_secret(self, asset, account):
url = f"{API_URL}/api/v1/accounts/integration-applications/account-secret/"
headers = {
'Accept': 'application/json',
'X-JMS-ORG': ORG_ID,
'Date': datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'),
'X-Source': 'jms-pam'
}
params = {"asset": asset, "account": account}
try:
response = self.session.get(url, auth=self.auth, headers=headers, params=params, timeout=10)
response.raise_for_status()
return response.json()
except requests.RequestException as e:
print(f"API 请求失败: {e}")
return None
if __name__ == "__main__":
client = APIClient()
result = client.get_account_secret(asset="ubuntu_docker", account="root")
print(result)

1
apps/accounts/demos/python/jms_pam/__init__.py Normal file
View File

@@ -0,0 +1 @@
from .main import JumpServerPAM, SecretRequest

148
apps/accounts/demos/python/jms_pam/main.py Normal file
View File

@@ -0,0 +1,148 @@
import uuid
from datetime import datetime
from urllib.parse import urlencode
import requests
from httpsig.requests_auth import HTTPSignatureAuth
from requests.exceptions import RequestException
DEFAULT_ORG_ID = '00000000-0000-0000-0000-000000000002'
class RequestParamsError(ValueError):
def __init__(self, params):
self.params = params
def __str__(self):
msg = "At least one of the following fields must be provided: %s."
return 'RequestParamsError: (%s)' % msg % ', '.join(self.params)
class SecretRequest(object):
"""
Validate parameters and their interdependencies.
Parameters:
account_id (str): The account ID, must be a valid UUID.
asset_id (str): The asset ID, must be a valid UUID.
asset (str): The name of the asset, can be empty.
account (str): The name of the account, can be empty.
Validation Logic:
- When 'account_id' is provided, 'asset', 'asset_id', and 'account' must not be provided.
- When 'account' is provided, either 'asset' or 'asset_id' must be provided.
- It is not allowed to provide both 'account_id' and 'asset_id' together.
Raises:
ValueError: If the parameters do not meet the requirements, a detailed error message will be raised.
"""
def __init__(self, asset='', asset_id='', account='', account_id=''):
self.account_id = account_id
self.asset_id = asset_id
self.asset = asset
self.account = account
self.method = 'get'
self._init_check()
@staticmethod
def _valid_uuid(value):
if not value:
return
try:
uuid.UUID(str(value))
except (ValueError, TypeError):
raise ValueError('Invalid UUID: %s. Value must be a valid UUID.' % value)
def _init_check(self):
for id_value in [self.account_id, self.asset_id]:
self._valid_uuid(id_value)
if self.account_id:
return
if not self.asset_id and not self.asset:
raise RequestParamsError(['asset', 'asset_id'])
if not self.account:
raise RequestParamsError(['account', 'account_id'])
@staticmethod
def get_url():
return '/api/v1/accounts/service-integrations/account-secret/'
def get_query(self):
return {k: getattr(self, k) for k in vars(self) if getattr(self, k)}
class Secret(object):
def __init__(self, secret='', desc=''):
self.secret = secret
self.desc = desc
self.valid = not desc
@classmethod
def from_exception(cls, e):
return cls(desc=str(e))
@classmethod
def from_response(cls, response):
secret, error = '', ''
try:
data = response.json()
if response.status_code != 200:
for k, v in data.items():
error += '%s: %s; ' % (k, v)
secret = data.get('secret')
except Exception as e:
error = str(e)
return cls(secret=secret, desc=error)
class JumpServerPAM(object):
def __init__(self, endpoint, key_id, key_secret, org_id=DEFAULT_ORG_ID):
self.endpoint = endpoint
self.key_id = key_id
self.key_secret = key_secret
self.org_id = org_id
self._auth = None
@property
def headers(self):
gmt_form = '%a, %d %b %Y %H:%M:%S GMT'
return {
'Accept': 'application/json',
'X-JMS-ORG': self.org_id,
'Date': datetime.utcnow().strftime(gmt_form),
'X-Source': 'jms-pam'
}
def _build_url(self, url, query_params=None):
query_params = query_params or {}
endpoint = self.endpoint[:-1] if self.endpoint.endswith('/') else self.endpoint
return '%s%s?%s' % (endpoint, url, urlencode(query_params))
def _get_auth(self):
if self._auth is None:
signature_headers = ['(request-target)', 'accept', 'date']
self._auth = HTTPSignatureAuth(
key_id=self.key_id, secret=self.key_secret,
algorithm='hmac-sha256', headers=signature_headers
)
return self._auth
def send(self, secret_request):
try:
url = secret_request.get_url()
query_params = secret_request.get_query()
request_method = getattr(requests, secret_request.method)
response = request_method(
self._build_url(url, query_params),
auth=self._get_auth(), headers=self.headers
)
except RequestException as e:
return Secret.from_exception(e)
return Secret.from_response(response)
def get_accounts(self):
pass

22
apps/accounts/demos/python/setup.py Normal file
View File

@@ -0,0 +1,22 @@
from setuptools import setup, find_packages
setup(
name='jms-pam',
version='0.0.1',
packages=find_packages(),
install_requires=[
'requests',
'httpsig'
],
description='JumpServer PAM Client',
long_description=open('README.md').read(),
long_description_content_type='text/markdown',
url='https://github.com/jumpserver',
author='JumpServer Team',
author_email='code@jumpserver.org',
classifiers=[
'Programming Language :: Python :: 3',
],
python_requires='>=3.6',
)