diff --git a/apps/accounts/automations/change_secret/manager.py b/apps/accounts/automations/change_secret/manager.py index c076ab56b..a6c14fa23 100644 --- a/apps/accounts/automations/change_secret/manager.py +++ b/apps/accounts/automations/change_secret/manager.py @@ -86,6 +86,10 @@ class ChangeSecretManager(AccountBasePlaybookManager): accounts = accounts.filter(username__in=self.snapshot_account_usernames) accounts = accounts.filter(secret_type=self.secret_type) + if not accounts: + print('没有发现待改密账号: %s 用户名: %s 类型: %s' % (asset.name, account.username, self.secret_type)) + return [] + method_attr = getattr(automation, self.method_type() + '_method') method_hosts = self.method_hosts_mapper[method_attr] method_hosts = [h for h in method_hosts if h != host['name']] @@ -137,8 +141,10 @@ class ChangeSecretManager(AccountBasePlaybookManager): recorder.status = 'success' recorder.date_finished = timezone.now() recorder.save() - print('recorder.new_secret', recorder.new_secret) account = recorder.account + if not account: + print("Account not found, deleted ?", recorder) + return account.secret = recorder.new_secret account.save(update_fields=['secret']) diff --git a/apps/accounts/automations/push_account/manager.py b/apps/accounts/automations/push_account/manager.py index f2f21c51a..42a53fcb1 100644 --- a/apps/accounts/automations/push_account/manager.py +++ b/apps/accounts/automations/push_account/manager.py @@ -36,7 +36,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager): def get_accounts(self, privilege_account, accounts: QuerySet): if not privilege_account: - logger.debug(f'not privilege account') + print(f'not privilege account') return [] snapshot_account_usernames = self.execution.snapshot['accounts'] if '*' in snapshot_account_usernames: diff --git a/apps/accounts/migrations/0008_alter_account_options.py b/apps/accounts/migrations/0008_alter_account_options.py deleted file mode 100644 index 949840740..000000000 --- a/apps/accounts/migrations/0008_alter_account_options.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.2.14 on 2023-02-21 05:13 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('accounts', '0007_alter_account_options'), - ] - - operations = [ - migrations.AlterModelOptions( - name='account', - options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'}, - ), - ] diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py index 7367c53de..00934b759 100644 --- a/apps/accounts/models/account.py +++ b/apps/accounts/models/account.py @@ -68,6 +68,9 @@ class Account(AbsConnectivity, BaseAccount): ('push_account', _('Can push account')), ] + def __str__(self): + return '{}'.format(self.username) + @lazyproperty def platform(self): return self.asset.platform @@ -78,9 +81,6 @@ class Account(AbsConnectivity, BaseAccount): return self.username return self.name - def __str__(self): - return '{}'.format(self.username) - @lazyproperty def has_secret(self): return bool(self.secret) @@ -99,14 +99,6 @@ class Account(AbsConnectivity, BaseAccount): """ 排除自己和以自己为 su-from 的账号 """ return self.asset.accounts.exclude(id=self.id).exclude(su_from=self) - def secret_changed(self): - history = self.history.first() - if not history: - return True - if history.secret != self.secret or history.secret_type != self.secret_type: - return True - return False - class AccountTemplate(BaseAccount): class Meta: diff --git a/apps/accounts/serializers/account/account.py b/apps/accounts/serializers/account/account.py index 1f9c143bd..8cf92671e 100644 --- a/apps/accounts/serializers/account/account.py +++ b/apps/accounts/serializers/account/account.py @@ -43,7 +43,7 @@ class AccountSerializerCreateValidateMixin: def push_account(instance, push_now): if not push_now: return - push_accounts_to_assets_task.delay([instance.id], [instance.asset_id]) + push_accounts_to_assets_task.delay([instance.id]) def create(self, validated_data): push_now = validated_data.pop('push_now', None) @@ -102,7 +102,7 @@ class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): class Meta(BaseAccountSerializer.Meta): model = Account fields = BaseAccountSerializer.Meta.fields \ - + ['su_from', 'version', 'asset'] \ + + ['su_from', 'asset'] \ + ['template', 'push_now', 'source'] extra_kwargs = { **BaseAccountSerializer.Meta.extra_kwargs, diff --git a/apps/accounts/signal_handlers.py b/apps/accounts/signal_handlers.py index df2b0e5b7..bb4eaedb8 100644 --- a/apps/accounts/signal_handlers.py +++ b/apps/accounts/signal_handlers.py @@ -1,17 +1,3 @@ -from django.db.models.signals import pre_save -from django.dispatch import receiver - from common.utils import get_logger -from .models import Account logger = get_logger(__name__) - - -@receiver(pre_save, sender=Account) -def on_account_pre_create(sender, instance, update_fields=(), **kwargs): - # 这是创建时 - if instance.version == 0 or instance.secret_changed(): - instance.version += 1 - - # 即使在 root 组织也不怕 - instance.org_id = instance.asset.org_id diff --git a/apps/assets/api/asset/asset.py b/apps/assets/api/asset/asset.py index c791d6db7..5b67e9114 100644 --- a/apps/assets/api/asset/asset.py +++ b/apps/assets/api/asset/asset.py @@ -207,9 +207,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView): asset_ids = [asset.id] account_ids = accounts.values_list("id", flat=True) if action == "push_account": - task = push_accounts_to_assets_task.delay(account_ids, asset_ids) + task = push_accounts_to_assets_task.delay(account_ids) elif action == "test_account": - task = verify_accounts_connectivity_task.delay(account_ids, asset_ids) + task = verify_accounts_connectivity_task.delay(account_ids) else: task = None return task diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index 518008d26..7f765d9fd 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -64,7 +64,7 @@ class BasePlaybookManager: if not os.path.exists(path): os.makedirs(path, exist_ok=True, mode=0o755) if settings.DEBUG_DEV: - logger.debug('Ansible runtime dir: {}'.format(path)) + print(f'Ansible runtime dir: {path}') return path @staticmethod @@ -153,10 +153,9 @@ class BasePlaybookManager: return sub_playbook_path def get_runners(self): - # TODO 临时打印一下 找一下打印不出日志的原因 - print('ansible runner: 任务开始执行') assets_group_by_platform = self.get_assets_group_by_platform() - print('ansible runner: 获取资产分组', assets_group_by_platform) + if settings.DEBUG_DEV: + print("assets_group_by_platform: {}".format(assets_group_by_platform)) runners = [] for platform, assets in assets_group_by_platform.items(): assets_bulked = [assets[i:i + self.bulk_size] for i in range(0, len(assets), self.bulk_size)] @@ -216,6 +215,7 @@ class BasePlaybookManager: with open(path, 'r') as f: d = json.load(f) + def delete_keys(d, keys_to_delete): """ 递归函数:删除嵌套字典中的指定键 @@ -229,6 +229,7 @@ class BasePlaybookManager: else: delete_keys(d[key], keys_to_delete) return d + d = delete_keys(d, ['secret', 'ansible_password']) with open(path, 'w') as f: json.dump(d, f) diff --git a/apps/assets/migrations/0109_alter_asset_options.py b/apps/assets/migrations/0109_alter_asset_options.py index 859b1ca0c..4a1c93a15 100644 --- a/apps/assets/migrations/0109_alter_asset_options.py +++ b/apps/assets/migrations/0109_alter_asset_options.py @@ -12,6 +12,6 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='asset', - options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetaccount', 'Can push account to asset'), ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), ('change_assettonode', 'Can change asset nodes')], 'verbose_name': 'Asset'}, + options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'}, ), ] diff --git a/apps/assets/migrations/0110_alter_asset_options.py b/apps/assets/migrations/0110_alter_asset_options.py deleted file mode 100644 index fa5495e33..000000000 --- a/apps/assets/migrations/0110_alter_asset_options.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.2.14 on 2023-02-21 05:11 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('assets', '0109_alter_asset_options'), - ] - - operations = [ - migrations.AlterModelOptions( - name='asset', - options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'}, - ), - ] diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index f7c555504..b192cd993 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -530,7 +530,7 @@ class Config(dict): 'PERIOD_TASK_ENABLED': True, # 导航栏 帮助 - 'HELP_DOCUMENT_URL': 'http://docs.jumpserver.org', + 'HELP_DOCUMENT_URL': 'https://docs.jumpserver.org/zh/v3/', 'HELP_SUPPORT_URL': 'http://www.jumpserver.org/support/', 'FORGOT_PASSWORD_URL': '',