From 95eeeb420803104fd119c49801c6af811c2ded48 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Mon, 20 Feb 2023 19:12:57 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E8=87=AA=E5=8A=A8=E5=8C=96=E8=84=B1?=
 =?UTF-8?q?=E6=95=8F=20aix=20(#9652)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: feng <1304903146@qq.com>
---
 .../change_secret/host/aix/main.yml           | 54 +++++++++++++++++++
 .../change_secret/host/aix/manifest.yml       |  6 +++
 apps/assets/automations/base/manager.py       | 26 +++++++++
 apps/assets/const/host.py                     |  8 ++-
 apps/ops/signal_handlers.py                   |  3 +-
 5 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100644 apps/accounts/automations/change_secret/host/aix/main.yml
 create mode 100644 apps/accounts/automations/change_secret/host/aix/manifest.yml

diff --git a/apps/accounts/automations/change_secret/host/aix/main.yml b/apps/accounts/automations/change_secret/host/aix/main.yml
new file mode 100644
index 000000000..cca9d681b
--- /dev/null
+++ b/apps/accounts/automations/change_secret/host/aix/main.yml
@@ -0,0 +1,54 @@
+- hosts: demo
+  gather_facts: no
+  tasks:
+    - name: Test privileged account
+      ansible.builtin.ping:
+
+    - name: Change password
+      ansible.builtin.user:
+        name: "{{ account.username }}"
+        password: "{{ account.secret | password_hash('des') }}"
+        update_password: always
+      when: secret_type == "password"
+
+    - name: create user If it already exists, no operation will be performed
+      ansible.builtin.user:
+        name: "{{ account.username }}"
+      when: secret_type == "ssh_key"
+
+    - name: remove jumpserver ssh key
+      ansible.builtin.lineinfile:
+        dest: "{{ kwargs.dest }}"
+        regexp: "{{ kwargs.regexp }}"
+        state: absent
+      when:
+      - secret_type == "ssh_key"
+      - kwargs.strategy == "set_jms"
+
+    - name: Change SSH key
+      ansible.builtin.authorized_key:
+        user: "{{ account.username }}"
+        key: "{{ account.secret }}"
+        exclusive: "{{ kwargs.exclusive }}"
+      when: secret_type == "ssh_key"
+
+    - name: Refresh connection
+      ansible.builtin.meta: reset_connection
+
+    - name: Verify password
+      ansible.builtin.ping:
+      become: no
+      vars:
+        ansible_user: "{{ account.username }}"
+        ansible_password: "{{ account.secret }}"
+        ansible_become: no
+      when: secret_type == "password"
+
+    - name: Verify SSH key
+      ansible.builtin.ping:
+      become: no
+      vars:
+        ansible_user: "{{ account.username }}"
+        ansible_ssh_private_key_file: "{{ account.private_key_path }}"
+        ansible_become: no
+      when: secret_type == "ssh_key"
diff --git a/apps/accounts/automations/change_secret/host/aix/manifest.yml b/apps/accounts/automations/change_secret/host/aix/manifest.yml
new file mode 100644
index 000000000..5c44f0350
--- /dev/null
+++ b/apps/accounts/automations/change_secret/host/aix/manifest.yml
@@ -0,0 +1,6 @@
+id: change_secret_aix
+name: Change secret for aix
+category: host
+type:
+  - AIX
+method: change_secret
diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py
index 9c7ac4fd1..be4aa91fe 100644
--- a/apps/assets/automations/base/manager.py
+++ b/apps/assets/automations/base/manager.py
@@ -1,3 +1,4 @@
+import json
 import os
 import shutil
 from collections import defaultdict
@@ -196,6 +197,30 @@ class BasePlaybookManager:
     def before_runner_start(self, runner):
         pass
 
+    @staticmethod
+    def delete_sensitive_data(path):
+        if settings.DEBUG_DEV:
+            return
+
+        with open(path, 'r') as f:
+            d = json.load(f)
+        def delete_keys(d, keys_to_delete):
+            """
+            递归函数：删除嵌套字典中的指定键
+            """
+            if not isinstance(d, dict):
+                return d
+            keys = list(d.keys())
+            for key in keys:
+                if key in keys_to_delete:
+                    del d[key]
+                else:
+                    delete_keys(d[key], keys_to_delete)
+            return d
+        d = delete_keys(d, ['secret', 'ansible_password'])
+        with open(path, 'w') as f:
+            json.dump(d, f)
+
     def run(self, *args, **kwargs):
         runners = self.get_runners()
         if len(runners) > 1:
@@ -213,6 +238,7 @@ class BasePlaybookManager:
             self.before_runner_start(runner)
             try:
                 cb = runner.run(**kwargs)
+                self.delete_sensitive_data(runner.inventory)
                 self.on_runner_success(runner, cb)
             except Exception as e:
                 self.on_runner_failed(runner, e)
diff --git a/apps/assets/const/host.py b/apps/assets/const/host.py
index 11d9e3407..a2e99865e 100644
--- a/apps/assets/const/host.py
+++ b/apps/assets/const/host.py
@@ -81,7 +81,13 @@ class HostTypes(BaseType):
                 {'name': 'Unix'},
                 {'name': 'macOS'},
                 {'name': 'BSD'},
-                {'name': 'AIX'},
+                {
+                    'name': 'AIX',
+                    'automation': {
+                        'push_account_method': 'push_account_aix',
+                        'change_secret_method': 'change_secret_aix',
+                    }
+                },
             ],
             cls.WINDOWS: [
                 {'name': 'Windows'},
diff --git a/apps/ops/signal_handlers.py b/apps/ops/signal_handlers.py
index 7d4e15789..b27a741ae 100644
--- a/apps/ops/signal_handlers.py
+++ b/apps/ops/signal_handlers.py
@@ -51,7 +51,8 @@ def check_registered_tasks(*args, **kwargs):
             continue
         for attr in attrs:
             if not hasattr(task, attr):
-                print('>>> Task {} has no attribute {}'.format(name, attr))
+                # print('>>> Task {} has no attribute {}'.format(name, attr))
+                pass
 
 
 @signals.before_task_publish.connect