From 4200fa7ff82cc7ea2badbe61c02181833889e2a6 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 21 Feb 2023 21:09:28 +0800 Subject: [PATCH 01/11] =?UTF-8?q?fix:=20=E8=B4=A6=E5=8F=B7=20su=20from=20?= =?UTF-8?q?=E8=BF=87=E6=BB=A4=E6=9C=AA=E7=94=9F=E6=95=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/accounts/api/account/account.py | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/accounts/api/account/account.py b/apps/accounts/api/account/account.py index 631669acc..17938358c 100644 --- a/apps/accounts/api/account/account.py +++ b/apps/accounts/api/account/account.py @@ -45,6 +45,7 @@ class AccountViewSet(OrgBulkModelViewSet): accounts = asset.accounts.all() else: accounts = [] + accounts = self.filter_queryset(accounts) serializer = serializers.AccountSerializer(accounts, many=True) return Response(data=serializer.data) From 02619e5ed88bd8dc9ef63b7f5fbc3924585babf9 Mon Sep 17 00:00:00 2001 From: jiangweidong Date: Tue, 21 Feb 2023 22:08:34 +0800 Subject: [PATCH 02/11] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=E9=83=A8?= =?UTF-8?q?=E5=88=86=E6=95=B0=E6=8D=AE=E5=BA=93=E5=9C=A8=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E5=90=8E=E4=BB=8D=E8=83=BDping=E9=80=9A?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../automations/verify_account/database/mongodb/main.yml | 4 ++-- .../automations/verify_account/database/oracle/main.yml | 6 +++--- .../automations/verify_account/database/sqlserver/main.yml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/accounts/automations/verify_account/database/mongodb/main.yml b/apps/accounts/automations/verify_account/database/mongodb/main.yml index 261fe63ca..483bfc127 100644 --- a/apps/accounts/automations/verify_account/database/mongodb/main.yml +++ b/apps/accounts/automations/verify_account/database/mongodb/main.yml @@ -6,8 +6,8 @@ tasks: - name: Verify account mongodb_ping: - login_user: "{{ jms_account.username }}" - login_password: "{{ jms_account.secret }}" + login_user: "{{ account.username }}" + login_password: "{{ account.secret }}" login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_database: "{{ jms_asset.spec_info.db_name }}" diff --git a/apps/accounts/automations/verify_account/database/oracle/main.yml b/apps/accounts/automations/verify_account/database/oracle/main.yml index 12896f09a..3da515e4f 100644 --- a/apps/accounts/automations/verify_account/database/oracle/main.yml +++ b/apps/accounts/automations/verify_account/database/oracle/main.yml @@ -6,9 +6,9 @@ tasks: - name: Verify account oracle_ping: - login_user: "{{ jms_account.username }}" - login_password: "{{ jms_account.secret }}" + login_user: "{{ account.username }}" + login_password: "{{ account.secret }}" login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" login_database: "{{ jms_asset.spec_info.db_name }}" - mode: "{{ jms_account.mode }}" + mode: "{{ account.mode }}" diff --git a/apps/accounts/automations/verify_account/database/sqlserver/main.yml b/apps/accounts/automations/verify_account/database/sqlserver/main.yml index bb079fa59..fa6c78ed7 100644 --- a/apps/accounts/automations/verify_account/database/sqlserver/main.yml +++ b/apps/accounts/automations/verify_account/database/sqlserver/main.yml @@ -6,8 +6,8 @@ tasks: - name: Verify account community.general.mssql_script: - login_user: "{{ jms_account.username }}" - login_password: "{{ jms_account.secret }}" + login_user: "{{ account.username }}" + login_password: "{{ account.secret }}" login_host: "{{ jms_asset.address }}" login_port: "{{ jms_asset.port }}" name: '{{ jms_asset.spec_info.db_name }}' From 8f5d280e31115d6bc34110d823ce6353547e874f Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 21 Feb 2023 22:25:50 +0800 Subject: [PATCH 03/11] =?UTF-8?q?fix:=20=E6=9C=AA=E6=BF=80=E6=B4=BB?= =?UTF-8?q?=E7=9A=84=E5=8F=91=E5=B8=83=E6=9C=BA=EF=BC=8C=E5=B0=86=E6=97=A0?= =?UTF-8?q?=E6=B3=95=E4=BD=BF=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/terminal/models/applet/applet.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/terminal/models/applet/applet.py b/apps/terminal/models/applet/applet.py index c71fe95c2..ee83c8e52 100644 --- a/apps/terminal/models/applet/applet.py +++ b/apps/terminal/models/applet/applet.py @@ -111,7 +111,8 @@ class Applet(JMSBaseModel): return instance def select_host_account(self): - hosts = list(self.hosts.all()) + # 选择激活的发布机 + hosts = list(self.hosts.filter(is_active=True).all()) if not hosts: return None From 1bb128526a6f8cdd97ff4312c0d39458efbd4354 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 21 Feb 2023 22:45:02 +0800 Subject: [PATCH 04/11] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E4=BD=BF?= =?UTF-8?q?=E7=94=A8key=20=E6=96=B9=E5=BC=8F=20ansible=20=E4=B8=8D?= =?UTF-8?q?=E8=83=BD=E8=BF=9E=E6=8E=A5=E7=9A=84=E9=97=AE=E9=A2=98=20(#9675?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Aaron3S --- apps/accounts/models/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/accounts/models/base.py b/apps/accounts/models/base.py index cd1fef5e8..7233a12a2 100644 --- a/apps/accounts/models/base.py +++ b/apps/accounts/models/base.py @@ -109,7 +109,7 @@ class BaseAccount(JMSOrgBaseModel): @property def private_key_path(self): - if not self.secret_type != SecretType.SSH_KEY \ + if self.secret_type != SecretType.SSH_KEY \ or not self.secret \ or not self.private_key: return None From 7f1cbc83361578d403afab8696e58493cf782b85 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 21 Feb 2023 22:52:52 +0800 Subject: [PATCH 05/11] =?UTF-8?q?fix:=20except=20=E6=97=A0=E6=B3=95?= =?UTF-8?q?=E8=A7=A3=E5=8E=8B=E7=9A=84=E6=96=87=E4=BB=B6=E5=8C=85=20(#9677?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Aaron3S --- apps/ops/api/playbook.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/ops/api/playbook.py b/apps/ops/api/playbook.py index c26643fe5..b3c1fe564 100644 --- a/apps/ops/api/playbook.py +++ b/apps/ops/api/playbook.py @@ -6,6 +6,7 @@ from django.conf import settings from django.shortcuts import get_object_or_404 from rest_framework import status +from common.exceptions import JMSException from orgs.mixins.api import OrgBulkModelViewSet from ..exception import PlaybookNoValidEntry from ..models import Playbook @@ -39,7 +40,11 @@ class PlaybookViewSet(OrgBulkModelViewSet): if 'multipart/form-data' in self.request.headers['Content-Type']: src_path = os.path.join(settings.MEDIA_ROOT, instance.path.name) dest_path = os.path.join(settings.DATA_DIR, "ops", "playbook", instance.id.__str__()) - unzip_playbook(src_path, dest_path) + try: + unzip_playbook(src_path, dest_path) + except RuntimeError as e: + raise JMSException(code='invalid_playbook_file', detail={"msg": "Unzip failed"}) + if 'main.yml' not in os.listdir(dest_path): raise PlaybookNoValidEntry From d7946ccb6f2915cab70a641eceea8de95766d6b9 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Tue, 21 Feb 2023 22:57:31 +0800 Subject: [PATCH 06/11] =?UTF-8?q?perf:=20=E8=B4=A6=E5=8F=B7=20=E8=B5=84?= =?UTF-8?q?=E4=BA=A7=20=E5=88=97=E8=A1=A8=E4=BB=BB=E5=8A=A1=20(#9676)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng <1304903146@qq.com> --- apps/accounts/api/account/task.py | 6 ++++++ apps/assets/api/asset/asset.py | 10 ++++++---- apps/assets/exceptions.py | 6 ++++++ apps/locale/ja/LC_MESSAGES/django.mo | 4 ++-- apps/locale/ja/LC_MESSAGES/django.po | 8 ++++++-- apps/locale/zh/LC_MESSAGES/django.mo | 4 ++-- apps/locale/zh/LC_MESSAGES/django.po | 8 ++++++-- 7 files changed, 34 insertions(+), 12 deletions(-) diff --git a/apps/accounts/api/account/task.py b/apps/accounts/api/account/task.py index 050e69052..e5d4b36bb 100644 --- a/apps/accounts/api/account/task.py +++ b/apps/accounts/api/account/task.py @@ -3,6 +3,7 @@ from rest_framework.response import Response from accounts import serializers from accounts.tasks import verify_accounts_connectivity_task, push_accounts_to_assets_task +from assets.exceptions import NotSupportedTemporarilyError __all__ = [ 'AccountsTaskCreateAPI', @@ -28,6 +29,11 @@ class AccountsTaskCreateAPI(CreateAPIView): if data['action'] == 'push': task = push_accounts_to_assets_task.delay(account_ids) else: + account = accounts[0] + asset = account.asset + if not asset.auto_info['ansible_enabled'] or \ + not asset.auto_info['ping_enabled']: + raise NotSupportedTemporarilyError() task = verify_accounts_connectivity_task.delay(account_ids) data = getattr(serializer, '_data', {}) diff --git a/apps/assets/api/asset/asset.py b/apps/assets/api/asset/asset.py index 5b6b9084b..c791d6db7 100644 --- a/apps/assets/api/asset/asset.py +++ b/apps/assets/api/asset/asset.py @@ -8,12 +8,10 @@ from rest_framework.response import Response from accounts.tasks import push_accounts_to_assets_task, verify_accounts_connectivity_task from assets import serializers +from assets.exceptions import NotSupportedTemporarilyError from assets.filters import IpInFilterBackend, LabelFilterBackend, NodeFilterBackend from assets.models import Asset, Gateway -from assets.tasks import ( - test_assets_connectivity_manual, - update_assets_hardware_info_manual -) +from assets.tasks import test_assets_connectivity_manual, update_assets_hardware_info_manual from common.api import SuggestionMixin from common.drf.filters import BaseFilterSet from common.utils import get_logger, is_uuid @@ -154,6 +152,10 @@ class AssetsTaskMixin: if data["action"] == "refresh": task = update_assets_hardware_info_manual(assets) else: + asset = assets[0] + if not asset.auto_info['ansible_enabled'] or \ + not asset.auto_info['ping_enabled']: + raise NotSupportedTemporarilyError() task = test_assets_connectivity_manual(assets) return task diff --git a/apps/assets/exceptions.py b/apps/assets/exceptions.py index 099e68f11..ad22b6339 100644 --- a/apps/assets/exceptions.py +++ b/apps/assets/exceptions.py @@ -1,6 +1,12 @@ +from django.utils.translation import ugettext_lazy as _ from rest_framework import status + from common.exceptions import JMSException class NodeIsBeingUpdatedByOthers(JMSException): status_code = status.HTTP_409_CONFLICT + + +class NotSupportedTemporarilyError(JMSException): + default_detail = _("This function is not supported temporarily") diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index df0751934..781aa1a90 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:331188bb5169bb463da018a635589e12a2136d476db264ac7e5d6e5d63ca474a -size 135916 +oid sha256:af57d16430705feb02ebbb99fc3a2f5fc3bab69209f558aa4d69b1e8055a6f5f +size 136036 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index 4e86c7f0c..6e38486bd 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-02-21 18:29+0800\n" +"POT-Creation-Date: 2023-02-21 22:44+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -908,7 +908,7 @@ msgstr "アプリケーション" msgid "Can match application" msgstr "アプリケーションを一致させることができます" -#: assets/api/asset/asset.py:144 +#: assets/api/asset/asset.py:142 msgid "Cannot create asset directly, you should create a host or other" msgstr "" "資産を直接作成することはできません。ホストまたはその他を作成する必要がありま" @@ -1051,6 +1051,10 @@ msgstr "基本" msgid "Script" msgstr "脚本" +#: assets/exceptions.py:12 +msgid "This function is not supported temporarily" +msgstr "この機能は一時的にサポートされていません" + #: assets/models/_user.py:25 msgid "SSH private key" msgstr "SSH秘密鍵" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index cd68677c8..02f116670 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2cdc2b875c98f41bd698833a989195d8cc4245f39f52b7eab41ad4d95075cb17 -size 111666 +oid sha256:3b6ee4a378810f2515be5020e3fa0b1297e1c207260ca60bb14dc5407ca19c43 +size 111750 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index dc0f1de28..c3f661344 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-02-21 18:29+0800\n" +"POT-Creation-Date: 2023-02-21 22:44+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -902,7 +902,7 @@ msgstr "应用程序" msgid "Can match application" msgstr "匹配应用" -#: assets/api/asset/asset.py:144 +#: assets/api/asset/asset.py:142 msgid "Cannot create asset directly, you should create a host or other" msgstr "不能直接创建资产, 你应该创建主机或其他资产" @@ -1043,6 +1043,10 @@ msgstr "基本" msgid "Script" msgstr "脚本" +#: assets/exceptions.py:12 +msgid "This function is not supported temporarily" +msgstr "暂时不支持此功能" + #: assets/models/_user.py:25 msgid "SSH private key" msgstr "SSH密钥" From b9dcce5c51670babdc29988dab6549865cf642d7 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 22 Feb 2023 11:04:29 +0800 Subject: [PATCH 07/11] =?UTF-8?q?fix:=20=E8=B5=84=E4=BA=A7=E6=9B=B4?= =?UTF-8?q?=E6=96=B0=E6=B2=A1=E6=9C=89=E8=B4=A6=E5=8F=B7=E5=8F=8A=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E5=8C=96=E4=BB=BB=E5=8A=A1=E6=9B=B4=E6=96=B0name=20(#?= =?UTF-8?q?9679)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng <1304903146@qq.com> --- apps/accounts/serializers/automations/base.py | 2 ++ apps/assets/serializers/asset/common.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/apps/accounts/serializers/automations/base.py b/apps/accounts/serializers/automations/base.py index b8b5339d7..6b3792559 100644 --- a/apps/accounts/serializers/automations/base.py +++ b/apps/accounts/serializers/automations/base.py @@ -38,6 +38,8 @@ class BaseAutomationSerializer(PeriodTaskSerializerMixin, BulkOrgResourceModelSe } def validate_name(self, name): + if self.instance: + return name if BaseAutomation.objects.filter(name=name, type=self.model_type).exists(): raise serializers.ValidationError(_('Name already exists')) return name diff --git a/apps/assets/serializers/asset/common.py b/apps/assets/serializers/asset/common.py index 9c31ee695..c5a9ed02d 100644 --- a/apps/assets/serializers/asset/common.py +++ b/apps/assets/serializers/asset/common.py @@ -277,6 +277,8 @@ class AssetSerializer(BulkOrgResourceModelSerializer, WritableNestedModelSeriali @atomic def update(self, instance, validated_data): + if not validated_data.get('accounts'): + validated_data.pop('accounts', None) nodes_display = validated_data.pop('nodes_display', '') instance = super().update(instance, validated_data) self.perform_nodes_display_create(instance, nodes_display) From 4c233cfb694fd889271e3c93b378bac8cb254b6e Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 22 Feb 2023 11:18:42 +0800 Subject: [PATCH 08/11] =?UTF-8?q?perf:=20=E4=BC=98=E5=8C=96=20account?= =?UTF-8?q?=EF=BC=8C=E5=8E=BB=E6=8E=89=E7=89=88=E6=9C=AC=E5=A5=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../automations/change_secret/manager.py | 14 +++++++--- .../automations/push_account/manager.py | 4 +-- .../migrations/0008_alter_account_options.py | 17 ------------ apps/accounts/models/account.py | 17 ++++++------ apps/accounts/serializers/account/account.py | 4 +-- apps/accounts/signal_handlers.py | 26 +++++++++---------- apps/assets/api/asset/asset.py | 4 +-- apps/assets/automations/base/manager.py | 9 ++++--- apps/jumpserver/conf.py | 2 +- 9 files changed, 43 insertions(+), 54 deletions(-) delete mode 100644 apps/accounts/migrations/0008_alter_account_options.py diff --git a/apps/accounts/automations/change_secret/manager.py b/apps/accounts/automations/change_secret/manager.py index c076ab56b..be2768eda 100644 --- a/apps/accounts/automations/change_secret/manager.py +++ b/apps/accounts/automations/change_secret/manager.py @@ -8,7 +8,7 @@ from django.utils import timezone from openpyxl import Workbook from accounts.const import AutomationTypes, SecretType, SSHKeyStrategy, SecretStrategy -from accounts.models import ChangeSecretRecord +from accounts.models import ChangeSecretRecord, Account from accounts.notifications import ChangeSecretExecutionTaskMsg from accounts.serializers import ChangeSecretRecordBackUpSerializer from assets.const import HostTypes @@ -86,6 +86,10 @@ class ChangeSecretManager(AccountBasePlaybookManager): accounts = accounts.filter(username__in=self.snapshot_account_usernames) accounts = accounts.filter(secret_type=self.secret_type) + if not accounts: + print('没有发现待改密账号: %s 用户名: %s 类型: %s' % (asset.name, account.username, self.secret_type)) + return [] + method_attr = getattr(automation, self.method_type() + '_method') method_hosts = self.method_hosts_mapper[method_attr] method_hosts = [h for h in method_hosts if h != host['name']] @@ -137,10 +141,12 @@ class ChangeSecretManager(AccountBasePlaybookManager): recorder.status = 'success' recorder.date_finished = timezone.now() recorder.save() - print('recorder.new_secret', recorder.new_secret) - account = recorder.account + account = Account.objects.filter(id=recorder.account_id).first() + if not account: + print("Account not found, deleted ?", recorder.account_id) + return account.secret = recorder.new_secret - account.save(update_fields=['secret']) + account.save(update_fields=['secret', 'version']) def on_host_error(self, host, error, result): recorder = self.name_recorder_mapper.get(host) diff --git a/apps/accounts/automations/push_account/manager.py b/apps/accounts/automations/push_account/manager.py index f2f21c51a..7ee45c070 100644 --- a/apps/accounts/automations/push_account/manager.py +++ b/apps/accounts/automations/push_account/manager.py @@ -36,7 +36,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager): def get_accounts(self, privilege_account, accounts: QuerySet): if not privilege_account: - logger.debug(f'not privilege account') + print(f'not privilege account') return [] snapshot_account_usernames = self.execution.snapshot['accounts'] if '*' in snapshot_account_usernames: @@ -103,7 +103,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager): if not account: return account.secret = new_secret - account.save(update_fields=['secret']) + account.save(update_fields=['secret', 'version']) def on_host_error(self, host, error, result): pass diff --git a/apps/accounts/migrations/0008_alter_account_options.py b/apps/accounts/migrations/0008_alter_account_options.py deleted file mode 100644 index 949840740..000000000 --- a/apps/accounts/migrations/0008_alter_account_options.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.2.14 on 2023-02-21 05:13 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('accounts', '0007_alter_account_options'), - ] - - operations = [ - migrations.AlterModelOptions( - name='account', - options={'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account')], 'verbose_name': 'Account'}, - ), - ] diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py index 7367c53de..7e654b285 100644 --- a/apps/accounts/models/account.py +++ b/apps/accounts/models/account.py @@ -68,6 +68,9 @@ class Account(AbsConnectivity, BaseAccount): ('push_account', _('Can push account')), ] + def __str__(self): + return '{}'.format(self.username) + @lazyproperty def platform(self): return self.asset.platform @@ -78,9 +81,6 @@ class Account(AbsConnectivity, BaseAccount): return self.username return self.name - def __str__(self): - return '{}'.format(self.username) - @lazyproperty def has_secret(self): return bool(self.secret) @@ -100,12 +100,11 @@ class Account(AbsConnectivity, BaseAccount): return self.asset.accounts.exclude(id=self.id).exclude(su_from=self) def secret_changed(self): - history = self.history.first() - if not history: - return True - if history.secret != self.secret or history.secret_type != self.secret_type: - return True - return False + pre_secret = self.history.exclude(version=self.version) \ + .values_list('secret', flat=True) \ + .first() + print("Pre secret is: ", pre_secret) + return pre_secret != self.secret class AccountTemplate(BaseAccount): diff --git a/apps/accounts/serializers/account/account.py b/apps/accounts/serializers/account/account.py index 1f9c143bd..8cf92671e 100644 --- a/apps/accounts/serializers/account/account.py +++ b/apps/accounts/serializers/account/account.py @@ -43,7 +43,7 @@ class AccountSerializerCreateValidateMixin: def push_account(instance, push_now): if not push_now: return - push_accounts_to_assets_task.delay([instance.id], [instance.asset_id]) + push_accounts_to_assets_task.delay([instance.id]) def create(self, validated_data): push_now = validated_data.pop('push_now', None) @@ -102,7 +102,7 @@ class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer): class Meta(BaseAccountSerializer.Meta): model = Account fields = BaseAccountSerializer.Meta.fields \ - + ['su_from', 'version', 'asset'] \ + + ['su_from', 'asset'] \ + ['template', 'push_now', 'source'] extra_kwargs = { **BaseAccountSerializer.Meta.extra_kwargs, diff --git a/apps/accounts/signal_handlers.py b/apps/accounts/signal_handlers.py index df2b0e5b7..4bdefda8e 100644 --- a/apps/accounts/signal_handlers.py +++ b/apps/accounts/signal_handlers.py @@ -1,17 +1,17 @@ -from django.db.models.signals import pre_save -from django.dispatch import receiver - from common.utils import get_logger -from .models import Account logger = get_logger(__name__) - -@receiver(pre_save, sender=Account) -def on_account_pre_create(sender, instance, update_fields=(), **kwargs): - # 这是创建时 - if instance.version == 0 or instance.secret_changed(): - instance.version += 1 - - # 即使在 root 组织也不怕 - instance.org_id = instance.asset.org_id +# +# @receiver(pre_save, sender=Account) +# def on_account_pre_save(sender, instance, **kwargs): +# if instance.secret != instance.pre_secret: +# instance.pre_secret = instance.secret +# +# +# @receiver(post_save, sender=Account) +# @on_transaction_commit +# def on_account_post_create(sender, instance, created=False, **kwargs): +# if created or instance.secret != instance.pre_secret: +# Account.objects.filter(id=instance.id) \ +# .update(version=F('version') + 1) diff --git a/apps/assets/api/asset/asset.py b/apps/assets/api/asset/asset.py index 5b6b9084b..ba2b36031 100644 --- a/apps/assets/api/asset/asset.py +++ b/apps/assets/api/asset/asset.py @@ -205,9 +205,9 @@ class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView): asset_ids = [asset.id] account_ids = accounts.values_list("id", flat=True) if action == "push_account": - task = push_accounts_to_assets_task.delay(account_ids, asset_ids) + task = push_accounts_to_assets_task.delay(account_ids) elif action == "test_account": - task = verify_accounts_connectivity_task.delay(account_ids, asset_ids) + task = verify_accounts_connectivity_task.delay(account_ids) else: task = None return task diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index bb5963981..03a74eee5 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -64,7 +64,7 @@ class BasePlaybookManager: if not os.path.exists(path): os.makedirs(path, exist_ok=True, mode=0o755) if settings.DEBUG_DEV: - logger.debug('Ansible runtime dir: {}'.format(path)) + print(f'Ansible runtime dir:{path}') return path @staticmethod @@ -153,10 +153,9 @@ class BasePlaybookManager: return sub_playbook_path def get_runners(self): - # TODO 临时打印一下 找一下打印不出日志的原因 - print('ansible runner: 任务开始执行') assets_group_by_platform = self.get_assets_group_by_platform() - print('ansible runner: 获取资产分组', assets_group_by_platform) + if settings.DEBUG_DEV: + print("assets_group_by_platform: {}".format(assets_group_by_platform)) runners = [] for platform, assets in assets_group_by_platform.items(): assets_bulked = [assets[i:i + self.bulk_size] for i in range(0, len(assets), self.bulk_size)] @@ -210,6 +209,7 @@ class BasePlaybookManager: with open(path, 'r') as f: d = json.load(f) + def delete_keys(d, keys_to_delete): """ 递归函数:删除嵌套字典中的指定键 @@ -223,6 +223,7 @@ class BasePlaybookManager: else: delete_keys(d[key], keys_to_delete) return d + d = delete_keys(d, ['secret', 'ansible_password']) with open(path, 'w') as f: json.dump(d, f) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index f7c555504..b192cd993 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -530,7 +530,7 @@ class Config(dict): 'PERIOD_TASK_ENABLED': True, # 导航栏 帮助 - 'HELP_DOCUMENT_URL': 'http://docs.jumpserver.org', + 'HELP_DOCUMENT_URL': 'https://docs.jumpserver.org/zh/v3/', 'HELP_SUPPORT_URL': 'http://www.jumpserver.org/support/', 'FORGOT_PASSWORD_URL': '', From fae494d707736e975eb10a320aba2ea97090a95c Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 22 Feb 2023 11:20:57 +0800 Subject: [PATCH 09/11] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20acount?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../migrations/0109_alter_asset_options.py | 2 +- .../migrations/0110_alter_asset_options.py | 17 ----------------- .../migrations/0111_alter_asset_options.py | 17 ----------------- 3 files changed, 1 insertion(+), 35 deletions(-) delete mode 100644 apps/assets/migrations/0110_alter_asset_options.py delete mode 100644 apps/assets/migrations/0111_alter_asset_options.py diff --git a/apps/assets/migrations/0109_alter_asset_options.py b/apps/assets/migrations/0109_alter_asset_options.py index 859b1ca0c..4a1c93a15 100644 --- a/apps/assets/migrations/0109_alter_asset_options.py +++ b/apps/assets/migrations/0109_alter_asset_options.py @@ -12,6 +12,6 @@ class Migration(migrations.Migration): operations = [ migrations.AlterModelOptions( name='asset', - options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetaccount', 'Can push account to asset'), ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), ('change_assettonode', 'Can change asset nodes')], 'verbose_name': 'Asset'}, + options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'}, ), ] diff --git a/apps/assets/migrations/0110_alter_asset_options.py b/apps/assets/migrations/0110_alter_asset_options.py deleted file mode 100644 index 6d0e2a7aa..000000000 --- a/apps/assets/migrations/0110_alter_asset_options.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.2.14 on 2023-02-21 05:11 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('assets', '0109_alter_asset_options'), - ] - - operations = [ - migrations.AlterModelOptions( - name='asset', - options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('push_assetaccount', 'Can push account to asset'), ('test_account', 'Can verify account'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'}, - ), - ] diff --git a/apps/assets/migrations/0111_alter_asset_options.py b/apps/assets/migrations/0111_alter_asset_options.py deleted file mode 100644 index 5a54d6830..000000000 --- a/apps/assets/migrations/0111_alter_asset_options.py +++ /dev/null @@ -1,17 +0,0 @@ -# Generated by Django 3.2.14 on 2023-02-21 05:22 - -from django.db import migrations - - -class Migration(migrations.Migration): - - dependencies = [ - ('assets', '0110_alter_asset_options'), - ] - - operations = [ - migrations.AlterModelOptions( - name='asset', - options={'ordering': ['name'], 'permissions': [('refresh_assethardwareinfo', 'Can refresh asset hardware info'), ('test_assetconnectivity', 'Can test asset connectivity'), ('match_asset', 'Can match asset'), ('change_assetnodes', 'Can change asset nodes')], 'verbose_name': 'Asset'}, - ), - ] From 0140d4349aa211b70ced3c72d43b389ede6eb6fb Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 22 Feb 2023 11:23:43 +0800 Subject: [PATCH 10/11] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20=E4=BC=98?= =?UTF-8?q?=E5=8C=96=E5=8E=BB=E6=8E=89=E7=89=88=E6=9C=AC=E5=8F=B7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/accounts/automations/change_secret/manager.py | 8 ++++---- apps/accounts/automations/push_account/manager.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/accounts/automations/change_secret/manager.py b/apps/accounts/automations/change_secret/manager.py index be2768eda..a6c14fa23 100644 --- a/apps/accounts/automations/change_secret/manager.py +++ b/apps/accounts/automations/change_secret/manager.py @@ -8,7 +8,7 @@ from django.utils import timezone from openpyxl import Workbook from accounts.const import AutomationTypes, SecretType, SSHKeyStrategy, SecretStrategy -from accounts.models import ChangeSecretRecord, Account +from accounts.models import ChangeSecretRecord from accounts.notifications import ChangeSecretExecutionTaskMsg from accounts.serializers import ChangeSecretRecordBackUpSerializer from assets.const import HostTypes @@ -141,12 +141,12 @@ class ChangeSecretManager(AccountBasePlaybookManager): recorder.status = 'success' recorder.date_finished = timezone.now() recorder.save() - account = Account.objects.filter(id=recorder.account_id).first() + account = recorder.account if not account: - print("Account not found, deleted ?", recorder.account_id) + print("Account not found, deleted ?", recorder) return account.secret = recorder.new_secret - account.save(update_fields=['secret', 'version']) + account.save(update_fields=['secret']) def on_host_error(self, host, error, result): recorder = self.name_recorder_mapper.get(host) diff --git a/apps/accounts/automations/push_account/manager.py b/apps/accounts/automations/push_account/manager.py index 7ee45c070..42a53fcb1 100644 --- a/apps/accounts/automations/push_account/manager.py +++ b/apps/accounts/automations/push_account/manager.py @@ -103,7 +103,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager): if not account: return account.secret = new_secret - account.save(update_fields=['secret', 'version']) + account.save(update_fields=['secret']) def on_host_error(self, host, error, result): pass From b5321e497bd92e9cab01ffd2f6bc4d9633f41dc1 Mon Sep 17 00:00:00 2001 From: ibuler Date: Wed, 22 Feb 2023 11:25:33 +0800 Subject: [PATCH 11/11] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E8=B4=A6?= =?UTF-8?q?=E5=8F=B7=E5=8E=BB=E6=8E=89=E6=97=A0=E7=94=A8=E7=9A=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/accounts/models/account.py | 7 ------- apps/accounts/signal_handlers.py | 14 -------------- apps/assets/automations/base/manager.py | 2 +- 3 files changed, 1 insertion(+), 22 deletions(-) diff --git a/apps/accounts/models/account.py b/apps/accounts/models/account.py index 7e654b285..00934b759 100644 --- a/apps/accounts/models/account.py +++ b/apps/accounts/models/account.py @@ -99,13 +99,6 @@ class Account(AbsConnectivity, BaseAccount): """ 排除自己和以自己为 su-from 的账号 """ return self.asset.accounts.exclude(id=self.id).exclude(su_from=self) - def secret_changed(self): - pre_secret = self.history.exclude(version=self.version) \ - .values_list('secret', flat=True) \ - .first() - print("Pre secret is: ", pre_secret) - return pre_secret != self.secret - class AccountTemplate(BaseAccount): class Meta: diff --git a/apps/accounts/signal_handlers.py b/apps/accounts/signal_handlers.py index 4bdefda8e..bb4eaedb8 100644 --- a/apps/accounts/signal_handlers.py +++ b/apps/accounts/signal_handlers.py @@ -1,17 +1,3 @@ from common.utils import get_logger logger = get_logger(__name__) - -# -# @receiver(pre_save, sender=Account) -# def on_account_pre_save(sender, instance, **kwargs): -# if instance.secret != instance.pre_secret: -# instance.pre_secret = instance.secret -# -# -# @receiver(post_save, sender=Account) -# @on_transaction_commit -# def on_account_post_create(sender, instance, created=False, **kwargs): -# if created or instance.secret != instance.pre_secret: -# Account.objects.filter(id=instance.id) \ -# .update(version=F('version') + 1) diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index 03a74eee5..68ebc028f 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -64,7 +64,7 @@ class BasePlaybookManager: if not os.path.exists(path): os.makedirs(path, exist_ok=True, mode=0o755) if settings.DEBUG_DEV: - print(f'Ansible runtime dir:{path}') + print(f'Ansible runtime dir: {path}') return path @staticmethod