diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml new file mode 100644 index 000000000..0f5309cac --- /dev/null +++ b/.github/workflows/jms-build-test.yml @@ -0,0 +1,32 @@ +name: "Run Build Test" +on: + push: + branches: + - pr@* + - repr@* + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - uses: docker/setup-qemu-action@v2 + + - uses: docker/setup-buildx-action@v2 + + - uses: docker/build-push-action@v3 + with: + context: . + push: false + tags: jumpserver/core:test + file: Dockerfile + cache-from: type=gha + cache-to: type=gha,mode=max + + - uses: LouisBrunner/checks-action@v1.5.0 + if: always() + with: + token: ${{ secrets.GITHUB_TOKEN }} + name: Check Build + conclusion: ${{ job.status }} diff --git a/apps/authentication/models/connection_token.py b/apps/authentication/models/connection_token.py index 5505f81a3..850a6c589 100644 --- a/apps/authentication/models/connection_token.py +++ b/apps/authentication/models/connection_token.py @@ -128,16 +128,18 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel): if self.account_name == '@INPUT' or not account: return { 'name': self.account_name, - 'username': self.username, + 'username': self.input_username, 'secret_type': 'password', - 'secret': self.secret + 'secret': self.input_secret, + 'su_from': None } else: return { 'name': account.name, 'username': account.username, 'secret_type': account.secret_type, - 'secret': account.secret or self.secret + 'secret': account.secret or self.input_secret, + 'su_from': account.su_from, } @lazyproperty diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py index 16ef7dc1b..225b8c8db 100644 --- a/apps/authentication/serializers/connection_token.py +++ b/apps/authentication/serializers/connection_token.py @@ -93,13 +93,22 @@ class ConnectionTokenAssetSerializer(serializers.ModelSerializer): 'org_id', 'specific'] -class ConnectionTokenAccountSerializer(serializers.ModelSerializer): +class SimpleAccountSerializer(serializers.ModelSerializer): """ Account """ + class Meta: + model = Account + fields = ['name', 'username', 'secret_type', 'secret'] + + +class ConnectionTokenAccountSerializer(serializers.ModelSerializer): + """ Account """ + su_from = SimpleAccountSerializer(required=False, label=_('Su from')) + class Meta: model = Account fields = [ - 'name', 'username', 'secret_type', 'secret', + 'name', 'username', 'secret_type', 'secret', 'su_from', ] @@ -139,9 +148,9 @@ class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin): expire_now = serializers.BooleanField(label=_('Expired now'), default=True) user = ConnectionTokenUserSerializer(read_only=True) asset = ConnectionTokenAssetSerializer(read_only=True) - platform = ConnectionTokenPlatform(read_only=True) account = ConnectionTokenAccountSerializer(read_only=True) gateway = ConnectionTokenGatewaySerializer(read_only=True) + platform = ConnectionTokenPlatform(read_only=True) # cmd_filter_rules = ConnectionTokenCmdFilterRuleSerializer(many=True) actions = ActionChoicesField() expire_at = serializers.IntegerField() @@ -149,7 +158,7 @@ class ConnectionTokenSecretSerializer(OrgResourceModelSerializerMixin): class Meta: model = ConnectionToken fields = [ - 'id', 'value', 'user', 'asset', 'platform', 'account', + 'id', 'value', 'user', 'asset', 'account', 'platform', 'protocol', 'gateway', 'actions', 'expire_at', 'expire_now', ] extra_kwargs = { diff --git a/apps/ops/models/job.py b/apps/ops/models/job.py index e74258b55..5ce5f38c8 100644 --- a/apps/ops/models/job.py +++ b/apps/ops/models/job.py @@ -113,6 +113,13 @@ class JobExecution(JMSOrgBaseModel): def job_type(self): return self.job.type + def compile_shell(self): + if self.job.type != 'adhoc': + return + result = "{}{}{} ".format('\'', self.job.args, '\'') + result += "chdir={}".format(self.job.chdir) + return result + def get_runner(self): inv = self.job.inventory inv.write_to_file(self.inventory_path) @@ -122,8 +129,9 @@ class JobExecution(JMSOrgBaseModel): extra_vars = {} if self.job.type == 'adhoc': + args = self.compile_shell() runner = AdHocRunner( - self.inventory_path, self.job.module, module_args=self.job.args, + self.inventory_path, self.job.module, module_args=args, pattern="all", project_dir=self.private_dir, extra_vars=extra_vars, ) elif self.job.type == 'playbook': diff --git a/apps/ops/serializers/adhoc.py b/apps/ops/serializers/adhoc.py index 48ddf6567..08d583be1 100644 --- a/apps/ops/serializers/adhoc.py +++ b/apps/ops/serializers/adhoc.py @@ -1,8 +1,6 @@ # ~*~ coding: utf-8 ~*~ from __future__ import unicode_literals -import datetime - from rest_framework import serializers from common.drf.fields import ReadableHiddenField @@ -17,5 +15,5 @@ class AdHocSerializer(BulkOrgResourceModelSerializer, serializers.ModelSerialize class Meta: model = AdHoc - fields = ["id", "name", "module", "row_count", "size", "args", "creator", "comment", "date_created", - "date_updated"] + read_only_field = ["id", "row_count", "size", "creator", "date_created", "date_updated"] + fields = read_only_field + ["id", "name", "module", "args", "comment"] diff --git a/apps/ops/serializers/playbook.py b/apps/ops/serializers/playbook.py index 57c7f2fe5..4ff43abb4 100644 --- a/apps/ops/serializers/playbook.py +++ b/apps/ops/serializers/playbook.py @@ -24,6 +24,7 @@ class PlaybookSerializer(BulkOrgResourceModelSerializer, serializers.ModelSerial class Meta: model = Playbook - fields = [ - "id", "name", "path", "comment", "date_created", "creator", "date_updated" + read_only_fields = ["id", "date_created", "date_updated"] + fields = read_only_fields + [ + "id", "name", "comment", "creator", ]