merge: with pam (#14911)

* perf: change i18n

* perf: pam

* perf: change translate

* perf: add check account

* perf: add date field

* perf: add account filter

* perf: remove some js

* perf: add account status action

* perf: update pam

* perf: 修改 discover account

* perf: update filter

* perf: update gathered account

* perf: 修改账号同步

* perf: squash migrations

* perf: update pam

* perf: change i18n

* perf: update account risk

* perf: 更新风险发现

* perf: remove css

* perf: Admin connection token

* perf: Add a switch to check connectivity after changing the password, and add a custom ssh command for push tasks

* perf: Modify account migration files

* perf: update pam

* perf: remove to check account dir

* perf: Admin connection token

* perf: update check account

* perf: 优化发送结果

* perf: update pam

* perf: update bulk update create

* perf: prepaire using thread timer for bulk_create_decorator

* perf: update bulk create decorator

* perf: 优化 playbook manager

* perf: 优化收集账号的报表

* perf: Update poetry

* perf: Update Dockerfile with new base image tag

* fix: Account migrate 0012 file

* perf: 修改备份

* perf: update pam

* fix: Expand resource_type filter to include raw type

* feat: PAM Service (#14552)

* feat: PAM Service

* perf: import package name

---------

Co-authored-by: jiangweidong <1053570670@qq.com>

* perf: Change secret dashboard (#14551)

Co-authored-by: feng <1304903146@qq.com>

* perf: update migrations

* perf: 修改支持 pam

* perf: Change secret record table dashboard

* perf: update status

* fix: Automation send report

* perf: Change secret report

* feat: windows accounts gather

* perf: update change status

* perf: Account backup

* perf: Account backup report

* perf: Account migrate

* perf: update service to application

* perf: update migrations

* perf: update logo

* feat: oracle accounts gather (#14571)

* feat: oracle accounts gather

* feat: sqlserver accounts gather

* feat: postgresql accounts gather

* feat: mysql accounts gather

---------

Co-authored-by: wangruidong <940853815@qq.com>

* feat: mongodb accounts gather

* perf: Change secret

* perf: Migrate

* perf: Merge conflicting migration files

* perf: Change secret

* perf: Automation filter org

* perf: Account push

* perf: Random secret string

* perf: Enhance SQL query and update risk handling in accounts

* perf: Ticket filter assignee_id

* perf: 修改 account remote

* perf: 修改一些 adhoc 任务

* perf: Change secret

* perf: Remove push account extra api

* perf: update status

* perf: The entire organization can view activity log

* fix: risk field check

* perf: add account details api

* perf: add demo mode

* perf: Delete gather_account

* perf: Perfect solution to account version problem

* perf: Update status action to handle multiple accounts

* perf: Add GatherAccountDetailField and update serializers

* perf: Display account history in combination with password change records

* perf: Lina translate

* fix: Update mysql_filter to handle nested user info

* perf: Admin connection token validate_permission account

* perf: copy move account

* perf: account filter risk

* perf: account risk filter

* perf: Copy move account failed message

* fix: gather account sync account to asset

* perf: Pam dashboard

* perf: Account dashboard total accounts

* perf: Pam dashboard

* perf: Change secret filter account secret_reset

* perf: 修改 risk filter

* perf: pam translate

* feat: Check for leaked duplicate passwords. (#14711)

* feat: Check for leaked duplicate passwords.

* perf: Use SQLite instead of txt as leak password database

---------

Co-authored-by: jiangweidong <1053570670@qq.com>
Co-authored-by: 老广 <ibuler@qq.com>

* perf: merge with remote

* perf: Add risk change_password_add handle

* perf: Pam dashboard

* perf: check account manager import

* perf: 重构扫描

* perf: 修改 db

* perf: Gather account manager

* perf: update change db lib

* perf: dashboard

* perf: Account gather

* perf: 修改 asset get queryset

* perf: automation report

* perf: Pam account

* perf: Pam dashboard api

* perf: risk add account

* perf: 修改 risk check

* perf: Risk account

* perf: update risk add reopen action

* perf: add pylintrc

* Revert "perf: automation report"

This reverts commit 22aee54207.

* perf: check account engine

* perf: Perf: Optimism Gather Report Style

* Perf: Remove unuser actions

* Perf: Perf push account

* perf: perf gather account

* perf: Automation report

* perf: Push account recorder

* perf: Push account record

* perf: Pam dashboard

* perf: perf

* perf: update intergration

* perf: integrations application detail add account tab page

* feat: Custom change password supports configuration of interactive items

* perf: Go and Python demo code

* perf: Custom secret change

* perf: add user filter

* perf: translate

* perf: Add demo code docs

* perf: update some i18n

* perf: update some i18n

* perf: Add Java, Node, Go, and cURL demo code

* perf: Translate

* perf: Change secret translate

* perf: Translate

* perf: update some i18n

* perf: translate

* perf: Ansible playbook

* perf: update some choice

* perf: update some choice

* perf: update account serializer remote unused code

* perf: conflict

* perf: update import

---------

Co-authored-by: ibuler <ibuler@qq.com>
Co-authored-by: feng <1304903146@qq.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: wangruidong <940853815@qq.com>
Co-authored-by: jiangweidong <1053570670@qq.com>
Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com>
Co-authored-by: zhaojisen <1301338853@qq.com>

apps/accounts/risk_handlers.py

@@ -0,0 +1,174 @@
+from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
+from rest_framework.serializers import ValidationError
+
+from accounts.const import AutomationTypes, Source
+from accounts.models import (
+    GatheredAccount,
+    AccountRisk,
+    SecretType,
+    AutomationExecution,
+    RiskChoice
+)
+from common.const import ConfirmOrIgnore
+from common.utils import random_string
+
+TYPE_CHOICES = [
+    ("ignore", _("Ignore")),
+    ("reopen", _("Reopen")),
+    ("close", _("Close")),
+    ("disable_remote", _("Disable remote")),
+    ("delete_remote", _("Delete remote")),
+    ("delete_both", _("Delete remote")),
+    ("add_account", _("Add account")),
+    ("change_password_add", _("Change password and Add")),
+    ("change_password", _("Change password"))
+]
+
+
+class RiskHandler:
+    def __init__(self, asset, username, request=None, risk=""):
+        self.asset = asset
+        self.username = username
+        self.request = request
+        self.risk = risk
+
+    def handle(self, tp, risk=""):
+        self.risk = risk
+        attr = f"handle_{tp}"
+
+        if not hasattr(self, attr):
+            raise ValidationError(f"Invalid risk type: {tp}")
+
+        getattr(self, attr)()
+        risk = self.update_risk_if_need(tp)
+        return risk
+
+    def update_risk_if_need(self, tp):
+        r = self.get_risk()
+        if not r:
+            return
+        if tp == "ignore":
+            status = ConfirmOrIgnore.ignored
+        elif tp == "reopen":
+            status = ConfirmOrIgnore.pending
+        else:
+            status = ConfirmOrIgnore.confirmed
+        r.details.append({**self.process_detail, "action": tp, "status": status})
+        r.status = status
+        r.save()
+        return r
+
+    def get_risk(self):
+        r = AccountRisk.objects.filter(asset=self.asset, username=self.username)
+        if self.risk:
+            r = r.filter(risk=self.risk)
+        return r.first()
+
+    def handle_ignore(self):
+        (GatheredAccount.objects
+         .filter(asset=self.asset, username=self.username)
+         .update(status=ConfirmOrIgnore.ignored))
+
+    def handle_reopen(self):
+        pass
+
+    def handle_close(self):
+        pass
+
+    def handle_review(self):
+        pass
+
+    @property
+    def process_detail(self):
+        detail = {
+            "datetime": timezone.now().isoformat(),
+            "type": "process",
+            "processor": str(self.request.user),
+        }
+        if self.request and self.request.data and self.request.data.get('comment'):
+            detail['comment'] = self.request.data['comment']
+        return detail
+
+    def handle_add_account(self):
+        data = {
+            "username": self.username,
+            "name": self.username,
+            "secret_type": SecretType.PASSWORD,
+            "source": "collected",
+        }
+        self.asset.accounts.get_or_create(defaults=data, username=self.username)
+        GatheredAccount.objects.filter(asset=self.asset, username=self.username).update(
+            present=True, status=ConfirmOrIgnore.confirmed
+        )
+        self.risk = RiskChoice.new_found
+
+    def handle_disable_remote(self):
+        pass
+
+    def handle_delete_remote(self):
+        self._handle_delete(delete="remote")
+
+    def _handle_delete(self, delete="both"):
+        asset = self.asset
+        execution = AutomationExecution()
+        execution.snapshot = {
+            "assets": [str(asset.id)],
+            "accounts": [{"asset": str(asset.id), "username": self.username}],
+            "type": "remove_account",
+            "name": "Remove remote account: {}@{}".format(self.username, asset.name),
+            "delete": delete,
+            "risk": self.risk
+        }
+        execution.save()
+        execution.start()
+        return execution.summary
+
+    def handle_delete_both(self):
+        self._handle_delete(delete="both")
+
+    def handle_change_password(self):
+        asset = self.asset
+        execution = AutomationExecution()
+        execution.snapshot = {
+            "assets": [str(asset.id)],
+            "accounts": [self.username],
+            "type": AutomationTypes.change_secret,
+            "secret_type": "password",
+            "secret_strategy": "random",
+            "name": "Change account password: {}@{}".format(self.username, asset.name),
+        }
+        execution.save()
+        execution.start()
+        return execution.summary
+
+    def handle_change_password_add(self):
+        asset = self.asset
+        secret_type = SecretType.PASSWORD
+        secret = random_string(30)
+        account_data = {
+            "username": self.username,
+            "name": f'{self.username}-{secret_type}',
+            "secret_type": SecretType.PASSWORD,
+            "source": Source.DISCOVERY,
+            "asset": asset,
+            "secret": secret
+        }
+        account, _ = self.asset.accounts.get_or_create(defaults=account_data, username=self.username)
+        execution = AutomationExecution()
+        execution.snapshot = {
+            "assets": [str(asset.id)],
+            "accounts": [str(account.id)],
+            "type": AutomationTypes.push_account,
+            "secret_type": secret_type,
+            'nodes': [],
+            'org_id': self.asset.org_id,
+            "secret_strategy": "random",
+            "secret": secret,
+            'ssh_key_change_strategy': 'set_jms',
+            'check_conn_after_change': True,
+            "name": "Push account password: {}@{}".format(self.username, asset.name),
+        }
+        execution.save()
+        execution.start()
+        return execution.summary