perf: 修改改密

2025-10-22 00:09:14 +00:00 · 2022-10-13 17:47:29 +08:00
parent 85a6f29a0a 22e211625e
commit 8c91cd7eb6
40 changed files with 4850 additions and 240 deletions
--- a/apps/assets/models/automations/change_secret.py
+++ b/apps/assets/models/automations/change_secret.py
@@ -2,55 +2,58 @@ from django.db import models
 from django.utils.translation import ugettext_lazy as _

 from common.db import fields
-from ops.const import PasswordStrategy, StrategyChoice
-from ops.utils import generate_random_password
+from common.db.models import JMSBaseModel
 from .base import BaseAutomation


-class ChangePasswordAutomation(BaseAutomation):
-    class PasswordStrategy(models.TextChoices):
-        custom = 'specific', _('Specific')
-        random_one = 'random_one', _('All assets use the same random password')
-        random_all = 'random_all', _('All assets use different random password')
+__all__ = ['ChangeSecretAutomation', 'ChangeSecretRecord', 'SecretStrategy']

+
+class SecretStrategy(models.TextChoices):
+    custom = 'specific', _('Specific')
+    random_one = 'random_one', _('All assets use the same random password')
+    random_all = 'random_all', _('All assets use different random password')
+
+
+class SSHKeyStrategy(models.TextChoices):
+    add = 'add', _('Append SSH KEY')
+    set = 'set', _('Empty and append SSH KEY')
+    set_jms = 'set_jms', _('Replace (The key generated by JumpServer) ')
+
+
+class ChangeSecretAutomation(BaseAutomation):
+    secret_types = models.JSONField(default=list, verbose_name=_('Secret types'))
+    password_strategy = models.CharField(choices=SecretStrategy.choices, max_length=16,
+                                         default=SecretStrategy.random_one, verbose_name=_('Password strategy'))
    password = fields.EncryptTextField(blank=True, null=True, verbose_name=_('Secret'))
-    recipients = models.ManyToManyField(
-        'users.User', related_name='recipients_change_auth_strategy', blank=True,
-        verbose_name=_("Recipient")
-    )
+    password_rules = models.JSONField(default=dict, verbose_name=_('Password rules'))
+
+    ssh_key_strategy = models.CharField(choices=SecretStrategy.choices, default=SecretStrategy.random_one, max_length=16)
+    ssh_key = fields.EncryptTextField(blank=True, null=True, verbose_name=_('SSH key'))
+    ssh_key_change_strategy = models.CharField(choices=SSHKeyStrategy.choices, max_length=16,
+                                               default=SSHKeyStrategy.add, verbose_name=_('SSH key strategy'))
+    recipients = models.ManyToManyField('users.User', blank=True, verbose_name=_("Recipient"))

    def save(self, *args, **kwargs):
-        self.type = 'change_password'
+        self.type = 'change_secret'
        super().save(*args, **kwargs)

    class Meta:
        verbose_name = _("Change auth strategy")

-    def gen_execute_password(self):
-        if self.password_strategy == PasswordStrategy.custom:
-            return self.password
-        elif self.password_strategy == PasswordStrategy.random_one:
-            return generate_random_password(**self.password_rules)
-        else:
-            return None

-    def to_attr_json(self):
-        attr_json = super().to_attr_json()
-        attr_json.update({
-            'type': StrategyChoice.change_auth,
+class ChangeSecretRecord(JMSBaseModel):
+    execution = models.ForeignKey('assets.AutomationExecution', on_delete=models.CASCADE)
+    account = models.ForeignKey('assets.Account', on_delete=models.CASCADE, null=True)
+    old_secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('Old secret'))
+    new_secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('Secret'))
+    date_started = models.DateTimeField(blank=True, null=True, verbose_name=_('Date started'))
+    date_finished = models.DateTimeField(blank=True, null=True, verbose_name=_('Date finished'))
+    status = models.CharField(max_length=16, default='pending')
+    error = models.TextField(blank=True, null=True, verbose_name=_('Error'))

-            'password': self.gen_execute_password(),
-            'is_password': self.is_password,
-            'password_rules': self.password_rules,
-            'password_strategy': self.password_strategy,
+    class Meta:
+        verbose_name = _("Change secret")

-            'is_ssh_key': self.is_ssh_key,
-            'public_key': self.public_key,
-            'private_key': self.private_key,
-            'ssh_key_strategy': self.ssh_key_strategy,
-            'recipients': {
-                str(recipient.id): (str(recipient), bool(recipient.secret_key))
-                for recipient in self.recipients.all()
-            }
-        })
-        return attr_json
+    def __str__(self):
+        return self.account.__str__()