Merge pull request #5504 from jumpserver/dev

Dev

.github/ISSUE_TEMPLATE.md

@@ -1,17 +0,0 @@
-[简述你的问题]
-
-
-##### 使用版本
-[请提供你使用的Jumpserver版本 1.x.x 注: 0.3.x不再提供支持]
-
-##### 问题复现步骤
-1. [步骤1]
-2. [步骤2]
-
-##### 具体表现[截图可能会更好些,最好能截全]
-
-
-##### 其他
-
-
-[注:] 完成后请关闭 issue

.github/ISSUE_TEMPLATE/----.md

@@ -0,0 +1,10 @@
+---
+name: 需求建议
+about: 提出针对本项目的想法和建议
+title: "[Feature] "
+labels: 类型:需求
+assignees: ibuler
+
+---
+
+**请描述您的需求或者改进建议.**

.github/ISSUE_TEMPLATE/bug---.md

@@ -0,0 +1,22 @@
+---
+name: Bug 提交
+about: 提交产品缺陷帮助我们更好的改进
+title: "[Bug] "
+labels: 类型:bug
+assignees: wojiushixiaobai
+
+---
+
+**JumpServer 版本(v1.5.9以下不再支持)**
+
+
+**浏览器版本**
+
+
+**Bug 描述**
+
+
+**Bug 重现步骤(有截图更好)**
+1.  
+2. 
+3. 

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,10 @@
+---
+name: 问题咨询
+about: 提出针对本项目安装部署、使用及其他方面的相关问题
+title: "[Question] "
+labels: 类型:提问
+assignees: wojiushixiaobai
+
+---
+
+**请描述您的问题.**

.github/release-config.yml

@@ -0,0 +1,44 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+categories:
+  - title: '🌱 新功能 Features'
+    labels:
+      - 'feature'
+      - 'enhancement'
+      - 'feat'
+      - '新功能'
+  - title: '🚀 性能优化 Optimization'
+    labels:
+      - 'perf'
+      - 'opt'
+      - 'refactor'
+      - 'Optimization'
+      - '优化'
+  - title: '🐛 Bug修复 Bug Fixes'
+    labels:
+      - 'fix'
+      - 'bugfix'
+      - 'bug'
+  - title: '🧰 其它 Maintenance'
+    labels:
+      - 'chore'
+      - 'docs'
+exclude-labels:
+  - 'no'
+  - '无需处理'
+  - 'wontfix'
+change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch
+template: |
+  ## 版本变化  What’s Changed
+  $CHANGES

.github/workflows/jms-generic-action-handler.yml

@@ -0,0 +1,12 @@
+on: [push, pull_request, release]
+
+name: JumpServer repos generic handler
+
+jobs:
+  generic_handler:
+    name: Run generic handler
+    runs-on: ubuntu-latest
+    steps:
+      - uses: jumpserver/action-generic-handler@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.PRIVATE_TOKEN }}

.github/workflows/release-drafter.yml

@@ -0,0 +1,46 @@
+on:
+  push:
+    # Sequence of patterns matched against refs/tags
+    tags:
+      - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+
+name: Create Release And Upload assets
+
+jobs:
+  create-realese:
+    name: Create Release
+    runs-on: ubuntu-latest
+    outputs:
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Get version
+        id: get_version
+        run: |
+          TAG=$(basename ${GITHUB_REF})
+          VERSION=${TAG/v/}
+          echo "::set-output name=TAG::$TAG"
+          echo "::set-output name=VERSION::$VERSION"
+      - name: Create Release
+        id: create_release
+        uses: release-drafter/release-drafter@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          config-name: release-config.yml
+          version: ${{ steps.get_version.outputs.TAG }}
+          tag: ${{ steps.get_version.outputs.TAG }}
+
+  build-and-release:
+    needs: create-realese
+    name: Build and Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build it and upload
+        uses: jumpserver/action-build-upload-assets@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.create-realese.outputs.upload_url }}

.gitignore

@@ -36,3 +36,5 @@ xpack
 logs/*
 ### Vagrant ###
 .vagrant/
+release/*
+releashe

Dockerfile

@@ -1,25 +1,46 @@
-FROM registry.fit2cloud.com/public/python:v3
-MAINTAINER Jumpserver Team <ibuler@qq.com>
+# 编译代码
+FROM python:3.8.6-slim as stage-build
+MAINTAINER JumpServer Team <ibuler@qq.com>
+ARG VERSION
+ENV VERSION=$VERSION
 
 WORKDIR /opt/jumpserver
-RUN useradd jumpserver
+ADD . .
+RUN cd utils && bash -ixeu build.sh
 
-COPY ./requirements /tmp/requirements
 
-RUN yum -y install epel-release && \
-      echo -e "[mysql]\nname=mysql\nbaseurl=https://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql57-community-el6/\ngpgcheck=0\nenabled=1" > /etc/yum.repos.d/mysql.repo
-RUN cd /tmp/requirements && yum -y install $(cat rpm_requirements.txt)
-RUN cd /tmp/requirements && pip install --upgrade pip setuptools && pip install wheel && \
-    pip install -i https://mirrors.aliyun.com/pypi/simple/ -r requirements.txt || pip install -r requirements.txt
-RUN mkdir -p /root/.ssh/ && echo -e "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config
+# 构建运行时环境
+FROM python:3.8.6-slim
+ARG PIP_MIRROR=https://pypi.douban.com/simple
+ENV PIP_MIRROR=$PIP_MIRROR
+ARG PIP_JMS_MIRROR=https://pypi.douban.com/simple
+ENV PIP_JMS_MIRROR=$PIP_JMS_MIRROR
+
+WORKDIR /opt/jumpserver
+
+COPY ./requirements/deb_buster_requirements.txt ./requirements/deb_buster_requirements.txt
+RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
+    && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list \
+    && apt update \
+    && grep -v '^#' ./requirements/deb_buster_requirements.txt | xargs apt -y install \
+    && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \
+    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
+
+COPY ./requirements/requirements.txt ./requirements/requirements.txt
+RUN pip install --upgrade pip==20.2.4 setuptools==49.6.0 wheel==0.34.2 -i ${PIP_MIRROR} \
+    && pip config set global.index-url ${PIP_MIRROR} \
+    && pip install --no-cache-dir $(grep 'jms' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
+    && pip install --no-cache-dir -r requirements/requirements.txt
+
+COPY --from=stage-build /opt/jumpserver/release/jumpserver /opt/jumpserver
+RUN mkdir -p /root/.ssh/ \
+    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config
 
-COPY . /opt/jumpserver
 RUN echo > config.yml
 VOLUME /opt/jumpserver/data
 VOLUME /opt/jumpserver/logs
 
 ENV LANG=zh_CN.UTF-8
-ENV LC_ALL=zh_CN.UTF-8
 
 EXPOSE 8070
 EXPOSE 8080

README.md

@@ -1,198 +1,407 @@
-# Jumpserver 多云环境下更好用的堡垒机
+# JumpServer 多云环境下更好用的堡垒机
 
 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
-[![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
-[![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
-[![Paramiko](https://img.shields.io/badge/paramiko-2.4.1-green.svg?style=plastic)](http://www.paramiko.org/)
+[![Django](https://img.shields.io/badge/django-2.2-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
+[![Docker Pulls](https://img.shields.io/docker/pulls/jumpserver/jms_all.svg)](https://hub.docker.com/u/jumpserver)
 
-Jumpserver 是全球首款完全开源的堡垒机，使用 GNU GPL v2.0 开源协议，是符合 4A 机制的运维安全审计系统。
+- [ENGLISH](https://github.com/jumpserver/jumpserver/blob/master/README_EN.md)
 
-Jumpserver 使用 Python / Django 进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 方案，交互界面美观、用户体验好。
+## 紧急BUG修复通知
+JumpServer发现远程执行漏洞，请速度修复
 
-Jumpserver 采纳分布式架构，支持多机房跨区域部署，支持横向扩展，无资产数量及并发限制。
+非常感谢  **reactivity of Alibaba Hackerone bug bounty program**(瑞典) 向我们报告了此 BUG
+
+**影响版本:**
+```
+< v2.6.2
+< v2.5.4
+< v2.4.5 
+= v1.5.9
+>= v1.5.3
+```
+**安全版本:**
+```
+>= v2.6.2
+>= v2.5.4
+>= v2.4.5 
+= v1.5.9 （版本号没变）
+< v1.5.3
+```
+
+**修复方案:**
+
+将JumpServer升级至安全版本；
+
+**临时修复方案:**
+
+修改 Nginx 配置文件屏蔽漏洞接口 
+
+```
+/api/v1/authentication/connection-token/
+/api/v1/users/connection-token/
+```
+
+Nginx 配置文件位置
+```
+# 社区老版本
+/etc/nginx/conf.d/jumpserver.conf
+
+# 企业老版本
+jumpserver-release/nginx/http_server.conf
+ 
+# 新版本在 
+jumpserver-release/compose/config_static/http_server.conf
+```
+
+修改 Nginx 配置文件实例
+```
+### 保证在 /api 之前 和 / 之前
+location /api/v1/authentication/connection-token/ {
+   return 403;
+}
+ 
+location /api/v1/users/connection-token/ {
+   return 403;
+}
+### 新增以上这些
+ 
+location /api/ {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass http://core:8080;
+  }
+ 
+...
+```
+
+修改完成后重启 nginx
+
+```
+docker方式: 
+docker restart jms_nginx
+
+nginx方式:
+systemctl restart nginx
+
+```
+
+**修复验证**
+
+```
+$ wget https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_bug_check.sh 
+
+# 使用方法 bash jms_bug_check.sh HOST 
+$ bash jms_bug_check.sh demo.jumpserver.org
+漏洞已修复
+```
+
+**入侵检测**
+
+下载脚本到 jumpserver 日志目录，这个目录中存在 gunicorn.log，然后执行
+
+```
+$ pwd
+/opt/jumpserver/core/logs
+
+$ ls gunicorn.log 
+gunicorn.log
+
+$ wget 'https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_check_attack.sh'
+$ bash jms_check_attack.sh
+系统未被入侵
+```
+
+--------------------------
+
+JumpServer 正在寻找开发者，一起为改变世界做些贡献吧，哪怕一点点，联系我 <ibuler@fit2cloud.com> 
+
+JumpServer 是全球首款开源的堡垒机，使用 GNU GPL v2.0 开源协议，是符合 4A 规范的运维安全审计系统。
+
+JumpServer 使用 Python / Django 为主进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 方案，交互界面美观、用户体验好。
+
+JumpServer 采纳分布式架构，支持多机房跨区域部署，支持横向扩展，无资产数量及并发限制。
 
 改变世界，从一点点开始。
 
-注: [KubeOperator](https://github.com/KubeOperator/KubeOperator) 是 Jumpserver 团队在 Kubernetes 领域的的又一全新力作，欢迎关注和使用。
+> 注: [KubeOperator](https://github.com/KubeOperator/KubeOperator) 是 JumpServer 团队在 Kubernetes 领域的的又一全新力作，欢迎关注和使用。
 
-## 核心功能列表
+## 特色优势
 
-<table class="subscription-level-table">
-    <tr class="subscription-level-tr-border">
-        <td class="features-first-td-background-style" rowspan="4">身份验证 Authentication</td>
-        <td class="features-second-td-background-style" rowspan="3" >登录认证
-        </td>
-        <td class="features-third-td-background-style">资源统一登录和认证
-        </td>
+- 开源: 零门槛，线上快速获取和安装；
+- 分布式: 轻松支持大规模并发访问；
+- 无插件: 仅需浏览器，极致的 Web Terminal 使用体验；
+- 多云支持: 一套系统，同时管理不同云上面的资产；
+- 云端存储: 审计录像云端存储，永不丢失；
+- 多租户: 一套系统，多个子公司和部门同时使用；
+- 多应用支持: 数据库，Windows远程应用，Kubernetes。
+
+## 版本说明
+
+自 v2.0.0 发布后， JumpServer 版本号命名将变更为：v大版本.功能版本.Bug修复版本。比如：
+
+```
+v2.0.1 是 v2.0.0 之后的Bug修复版本；
+v2.1.0 是 v2.0.0 之后的功能版本。
+```
+
+像其它优秀开源项目一样，JumpServer 每个月会发布一个功能版本，并同时维护 3 个功能版本。比如：
+
+```
+在 v2.4 发布前，我们会同时维护 v2.1、v2.2、v2.3；
+在 v2.4 发布后，我们会同时维护 v2.2、v2.3、v2.4；v2.1 会停止维护。
+```
+
+## 功能列表
+
+<table>
+  <tr>
+    <td rowspan="8">身份认证<br>Authentication</td>
+    <td rowspan="5">登录认证</td>
+    <td>资源统一登录与认证</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">LDAP 认证
-        </td>
+  <tr>
+    <td>LDAP/AD 认证</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">支持 OpenID，实现单点登录
-        </td>
+  <tr>
+    <td>RADIUS 认证</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style">多因子认证
-        </td>
-        <td class="features-third-td-background-style">MFA（Google Authenticator）
-        </td>
+  <tr>
+    <td>OpenID 认证（实现单点登录）</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-first-td-background-style" rowspan="9">账号管理 Account</td>
-        <td class="features-second-td-background-style" rowspan="2">集中账号管理
-        </td>
-        <td class="features-third-td-background-style">管理用户管理
-        </td>
+  <tr>
+    <td>CAS 认证 （实现单点登录）</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">系统用户管理
-        </td>
+  <tr>
+    <td rowspan="2">MFA认证</td>
+    <td>MFA 二次认证（Google Authenticator）</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style" rowspan="4">统一密码管理
-        </td>
-        <td class="features-third-td-background-style">资产密码托管
-        </td>
+  <tr>
+    <td>RADIUS 二次认证</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">自动生成密码
-        </td>
+  <tr>
+    <td>登录复核（X-PACK）</td>
+    <td>用户登录行为受管理员的监管与控制</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">密码自动推送
-        </td>
+  <tr>
+    <td rowspan="11">账号管理<br>Account</td>
+    <td rowspan="2">集中账号</td>
+    <td>管理用户管理</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">密码过期设置
-        </td>
+  <tr>
+    <td>系统用户管理</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-outline-td-background-style" rowspan="2">批量密码变更(X-PACK)
-        </td>
-        <td class="features-outline-td-background-style">定期批量修改密码
-        </td>
+  <tr>
+    <td rowspan="4">统一密码</td>
+    <td>资产密码托管</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-outline-td-background-style">生成随机密码
-        </td>
+  <tr>
+    <td>自动生成密码</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-outline-td-background-style">多云环境的资产纳管(X-PACK)
-        </td>
-        <td class="features-outline-td-background-style">对私有云、公有云资产统一纳管
-        </td>
+  <tr>
+    <td>自动推送密码</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-first-td-background-style" rowspan="9">授权控制 Authorization</td>
-        <td class="features-second-td-background-style" rowspan="3">资产授权管理
-        </td>
-        <td class="features-third-td-background-style">资产树
-        </td>
+  <tr>
+    <td>密码过期设置</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">资产或资产组灵活授权
-        </td>
+  <tr>
+    <td rowspan="2">批量改密（X-PACK）</td>
+    <td>定期批量改密</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">节点内资产自动继承授权
-        </td>
+  <tr>
+    <td>多种密码策略</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-outline-td-background-style">RemoteApp(X-PACK)
-        </td>
-        <td class="features-outline-td-background-style">实现更细粒度的应用级授权
-        </td>
+  <tr>
+    <td>多云纳管（X-PACK）</td>
+    <td>对私有云、公有云资产自动统一纳管</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-outline-td-background-style">组织管理(X-PACK)
-        </td>
-        <td class="features-outline-td-background-style">实现多租户管理，权限隔离
-        </td>
+  <tr>
+    <td>收集用户（X-PACK）</td>
+    <td>自定义任务定期收集主机用户</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style">多维度授权
-        </td>
-        <td class="features-third-td-background-style">可对用户、用户组或系统角色授权
-        </td>
+  <tr>
+    <td>密码匣子（X-PACK）</td>
+    <td>统一对资产主机的用户密码进行查看、更新、测试操作</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style">指令限制
-        </td>
-        <td class="features-third-td-background-style">限制特权指令使用，支持黑白名单
-        </td>
+  <tr>
+    <td rowspan="15">授权控制<br>Authorization</td>
+    <td>多维授权</td>
+    <td>对用户、用户组、资产、资产节点、应用以及系统用户进行授权</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style">统一文件传输
-        </td>
-        <td class="features-third-td-background-style">SFTP 文件上传/下载
-        </td>
+  <tr>
+    <td rowspan="4">资产授权</td>
+    <td>资产以树状结构进行展示</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style">文件管理
-        </td>
-        <td class="features-third-td-background-style">Web SFTP 文件管理
-        </td>
+  <tr>
+    <td>资产和节点均可灵活授权</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-first-td-background-style" rowspan="6">安全审计 Audit</td>
-        <td class="features-second-td-background-style" rowspan="2">会话管理
-        </td>
-        <td class="features-third-td-background-style">在线会话管理
-        </td>
+  <tr>
+    <td>节点内资产自动继承授权</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">历史会话管理
-        </td>
+  <tr>
+    <td>子节点自动继承父节点授权</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style" rowspan="2">录像管理
-        </td>
-        <td class="features-third-td-background-style">Linux 录像支持
-        </td>
+  <tr>
+    <td rowspan="2">应用授权</td>
+    <td>实现更细粒度的应用级授权</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-third-td-background-style">Windows 录像支持
-        </td>
+  <tr>
+    <td>MySQL 数据库应用、RemoteApp 远程应用（X-PACK）</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style">指令审计
-        </td>
-        <td class="features-third-td-background-style">指令记录
-        </td>
+  <tr>
+    <td>动作授权</td>
+    <td>实现对授权资产的文件上传、下载以及连接动作的控制</td>
   </tr>
-    <tr class="subscription-level-tr-border">
-        <td class="features-second-td-background-style">文件传输审计
-        </td>
-        <td class="features-third-td-background-style">上传/下载记录审计
-        </td>
+  <tr>
+    <td>时间授权</td>
+    <td>实现对授权资源使用时间段的限制</td>
+  </tr>
+  <tr>
+    <td>特权指令</td>
+    <td>实现对特权指令的使用（支持黑白名单）</td>
+  </tr>
+  <tr>
+    <td>命令过滤</td>
+    <td>实现对授权系统用户所执行的命令进行控制</td>
+  </tr>
+  <tr>
+    <td>文件传输</td>
+    <td>SFTP 文件上传/下载</td>
+  </tr>
+  <tr>
+    <td>文件管理</td>
+    <td>实现 Web SFTP 文件管理</td>
+  </tr>
+  <tr>
+    <td>工单管理（X-PACK）</td>
+    <td>支持对用户登录请求行为进行控制</td>
+  </tr>
+  <tr>
+    <td>组织管理（X-PACK）</td>
+    <td>实现多租户管理与权限隔离</td>
+  </tr>
+  <tr>
+    <td rowspan="7">安全审计<br>Audit</td>
+    <td>操作审计</td>
+    <td>用户操作行为审计</td>
+  </tr>
+  <tr>
+    <td rowspan="2">会话审计</td>
+    <td>在线会话内容审计</td>
+  </tr>
+  <tr>
+    <td>历史会话内容审计</td>
+  </tr>
+  <tr>
+    <td rowspan="2">录像审计</td>
+    <td>支持对 Linux、Windows 等资产操作的录像进行回放审计</td>
+  </tr>
+  <tr>
+    <td>支持对 RemoteApp（X-PACK）、MySQL 等应用操作的录像进行回放审计</td>
+  </tr>
+  <tr>
+    <td>指令审计</td>
+    <td>支持对资产和应用等操作的命令进行审计</td>
+  </tr>
+  <tr>
+    <td>文件传输</td>
+    <td>可对文件的上传、下载记录进行审计</td>
+  </tr>
+  <tr>
+    <td rowspan="20">数据库审计<br>Database</td>
+    <td rowspan="2">连接方式</td>
+    <td>命令方式</td>
+  </tr>
+  <tr>
+    <td>Web UI方式 (X-PACK)</td>
+  </tr>
+
+  <tr>
+    <td rowspan="4">支持的数据库</td>
+    <td>MySQL</td>
+  </tr>
+  <tr>
+    <td>Oracle (X-PACK)</td>
+  </tr>
+  <tr>
+    <td>MariaDB (X-PACK)</td>
+  </tr>
+  <tr>
+    <td>PostgreSQL (X-PACK)</td>
+  </tr>
+  <tr>
+    <td rowspan="6">功能亮点</td>
+    <td>语法高亮</td>
+  </tr>
+  <tr>
+    <td>SQL格式化</td>
+  </tr>
+  <tr>
+    <td>支持快捷键</td>
+  </tr>
+  <tr>
+    <td>支持选中执行</td>
+  </tr>
+  <tr>
+    <td>SQL历史查询</td>
+  </tr>
+  <tr>
+    <td>支持页面创建 DB, TABLE</td>
+  </tr>
+  <tr>
+    <td rowspan="2">会话审计</td>
+    <td>命令记录</td>
+  </tr>
+  <tr>
+    <td>录像回放</td>
   </tr>
 </table>
 
-## 安装及使用指南
+## 快速开始
 
--  [Docker 快速安装文档](http://docs.jumpserver.org/zh/docs/dockerinstall.html)
--  [Step by Step 安装文档](http://docs.jumpserver.org/zh/docs/step_by_step.html)
--  [完整文档](http://docs.jumpserver.org)
+- [极速安装](https://docs.jumpserver.org/zh/master/install/setup_by_fast/)
+- [完整文档](https://docs.jumpserver.org)
+- [演示视频](https://www.bilibili.com/video/BV1ZV41127GB)
 
-## 演示视频和截屏
+## 组件项目
+- [Lina](https://github.com/jumpserver/lina) JumpServer Web UI 项目
+- [Luna](https://github.com/jumpserver/luna) JumpServer Web Terminal 项目
+- [Koko](https://github.com/jumpserver/koko) JumpServer 字符协议 Connector 项目，替代原来 Python 版本的 [Coco](https://github.com/jumpserver/coco)
+- [Guacamole](https://github.com/jumpserver/docker-guacamole) JumpServer 图形协议 Connector 项目，依赖 [Apache Guacamole](https://guacamole.apache.org/)
 
-我们提供了演示视频和系统截图可以让你快速了解 Jumpserver：
+## 致谢
+- [Apache Guacamole](https://guacamole.apache.org/) Web页面连接 RDP, SSH, VNC协议设备，JumpServer 图形化连接依赖
+- [OmniDB](https://omnidb.org/) Web页面连接使用数据库，JumpServer Web数据库依赖
 
-- [演示视频](https://jumpserver.oss-cn-hangzhou.aliyuncs.com/jms-media/%E3%80%90%E6%BC%94%E7%A4%BA%E8%A7%86%E9%A2%91%E3%80%91Jumpserver%20%E5%A0%A1%E5%9E%92%E6%9C%BA%20V1.5.0%20%E6%BC%94%E7%A4%BA%E8%A7%86%E9%A2%91%20-%20final.mp4)
-- [系统截图](http://docs.jumpserver.org/zh/docs/snapshot.html)
 
-## SDK
+## JumpServer 企业版 
+- [申请企业版试用](https://jinshuju.net/f/kyOYpi)
+> 注：企业版支持离线安装，申请通过后会提供高速下载链接。
 
-我们编写了一些SDK，供您的其它系统快速和 Jumpserver API 交互：
+## 案例研究
 
-- [Python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver 其它组件使用这个 SDK 完成交互
-- [Java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) 恺珺同学提供的 Java 版本的 SDK
+- [JumpServer 堡垒机护航顺丰科技超大规模资产安全运维](https://blog.fit2cloud.com/?p=1147)；
+- [JumpServer 堡垒机让“大智慧”的混合 IT 运维更智慧](https://blog.fit2cloud.com/?p=882)；
+- [携程 JumpServer 堡垒机部署与运营实战](https://blog.fit2cloud.com/?p=851)；
+- [小红书的JumpServer堡垒机大规模资产跨版本迁移之路](https://blog.fit2cloud.com/?p=516)；
+- [JumpServer堡垒机助力中手游提升多云环境下安全运维能力](https://blog.fit2cloud.com/?p=732)；
+- [中通快递：JumpServer主机安全运维实践](https://blog.fit2cloud.com/?p=708)；
+- [东方明珠：JumpServer高效管控异构化、分布式云端资产](https://blog.fit2cloud.com/?p=687)；
+- [江苏农信：JumpServer堡垒机助力行业云安全运维](https://blog.fit2cloud.com/?p=666)。
+
+## 安全说明
+
+JumpServer是一款安全产品，请参考 [基本安全建议](https://docs.jumpserver.org/zh/master/install/install_security/) 部署安装.
+
+如果你发现安全问题，可以直接联系我们：
+
+- ibuler@fit2cloud.com 
+- support@fit2cloud.com 
+- 400-052-0755
 
 ## License & Copyright
 
-Copyright (c) 2014-2019 飞致云 FIT2CLOUD, All rights reserved.
+Copyright (c) 2014-2020 飞致云 FIT2CLOUD, All rights reserved.
 
 Licensed under The GNU General Public License version 2 (GPLv2)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
 

README_EN.md

@@ -1,22 +1,135 @@
 ## Jumpserver 
 
-![Total visitor](https://visitor-count-badge.herokuapp.com/total.svg?repo_id=jumpserver)
-![Visitors in today](https://visitor-count-badge.herokuapp.com/today.svg?repo_id=jumpserver)
 [![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
-[![Django](https://img.shields.io/badge/django-2.1-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
-[![Ansible](https://img.shields.io/badge/ansible-2.4.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
-[![Paramiko](https://img.shields.io/badge/paramiko-2.4.1-green.svg?style=plastic)](http://www.paramiko.org/)
+[![Django](https://img.shields.io/badge/django-2.2-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
+[![Docker Pulls](https://img.shields.io/docker/pulls/jumpserver/jms_all.svg)](https://hub.docker.com/u/jumpserver)
 
+---- 
+## CRITICAL BUG WARNING
+
+Recently we have found a critical bug for remote execution vulnerability which leads to pre-auth and info leak, please fix it as soon as possible.
+
+Thanks for **reactivity from Alibaba Hackerone bug bounty program** report us this bug
+
+**Vulnerable version:**
+```
+< v2.6.2
+< v2.5.4
+< v2.4.5 
+= v1.5.9
+>= v1.5.3
+```
+
+**Safe and Stable version:**
+```
+>= v2.6.2
+>= v2.5.4
+>= v2.4.5 
+= v1.5.9 （version tag didn't change）
+< v1.5.3
+```
+
+**Bug Fix Solution:**
+Upgrade to the latest version or the version mentioned above
+
+
+**Temporary Solution (upgrade asap):**
+
+Modify the Nginx config file and disable the vulnerable api listed below
+
+```
+/api/v1/authentication/connection-token/
+/api/v1/users/connection-token/
+```
+
+Path to Nginx config file
+
+```
+# Previous Community version
+/etc/nginx/conf.d/jumpserver.conf
+
+# Previous Enterprise version
+jumpserver-release/nginx/http_server.conf
+ 
+# Latest version
+jumpserver-release/compose/config_static/http_server.conf
+```
+
+Changes in Nginx config file
+
+```
+### Put the following code on top of location server, or before /api and /
+location /api/v1/authentication/connection-token/ {
+   return 403;
+}
+ 
+location /api/v1/users/connection-token/ {
+   return 403;
+}
+### End right here
+ 
+location /api/ {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass http://core:8080;
+  }
+ 
+...
+```
+
+Save the file and restart Nginx
+
+```
+docker deployment: 
+$ docker restart jms_nginx
+
+rpm or other deployment:
+$ systemctl restart nginx
+
+```
+
+**Bug Fix Verification**
+
+```
+# Download the following script to check if it is fixed
+$ wget https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_bug_check.sh 
+
+# Run the code to verify it
+$ bash jms_bug_check.sh demo.jumpserver.org
+漏洞已修复 (It means the bug is fixed)
+漏洞未修复 (It means the bug is not fixed and the system is still vulnerable)
+```
+
+
+**Attack Simulation**
+
+Go to the logs directory which should contain gunicorn.log file. Then download the "attack" script and execute it
+
+```
+$ pwd
+/opt/jumpserver/core/logs
+
+$ ls gunicorn.log
+gunicorn.log
+
+$ wget 'https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_check_attack.sh'
+$ bash jms_check_attack.sh
+系统未被入侵 (It means the system is safe)
+系统已被入侵 (It means the system is being attacked)
+```
+
+--------------------------
 
 ----
 
-- [中文版](https://github.com/jumpserver/jumpserver/blob/master/README_EN.md)
+- [中文版](https://github.com/jumpserver/jumpserver/blob/master/README.md)
 
-Jumpserver is the first fully open source bastion in the world, based on the GNU GPL v2.0 open source protocol. Jumpserver is a  professional operation and maintenance audit system conforms to 4A specifications.
+Jumpserver is the world's first open-source PAM (Privileged Access Management System) and is licensed under the GNU GPL v2.0. It is a 4A-compliant professional operation and maintenance security audit system.
 
-Jumpserver is developed using Python / Django, conforms to the Web 2.0 specification, and is equipped with the industry-leading Web Terminal solution which have beautiful interface and great user experience.
+Jumpserver uses Python / Django for development, follows Web 2.0 specifications, and is equipped with an industry-leading Web Terminal solution that provides a beautiful user interface and great user experience
 
-Jumpserver adopts a distributed architecture to support multi-branch deployment across multiple areas. The central node provides APIs, and login nodes are deployed in each branch. It can be scaled horizontally without concurrency restrictions.
+Jumpserver adopts a distributed architecture to support multi-branch deployment across multiple cross-regional areas. The central node provides APIs, and login nodes are deployed in each branch. It can be scaled horizontally without concurrency restrictions.
 
 Change the world, starting from little things.
 
@@ -47,7 +160,7 @@ We provide online demo, demo video and screenshots to get you started quickly.
 We provide the SDK for your other systems to quickly interact with the Jumpserver API.
 
 - [Python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver other components use this SDK to complete the interaction.
-- [Java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) 恺珺同学提供的Java版本的SDK thanks to 恺珺 for provide Java SDK
+- [Java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) Thanks to 恺珺 for providing his Java SDK vesrion.
 
 
 ### License & Copyright

apps/.gitattributes

@@ -0,0 +1,2 @@
+*.js linguist-language=python
+*.html linguist-language=python

apps/applications/api/__init__.py

@@ -1 +1,3 @@
+from .application import *
+from .mixin import *
 from .remote_app import *

apps/applications/api/application.py

@@ -0,0 +1,19 @@
+# coding: utf-8
+#
+
+from orgs.mixins.api import OrgBulkModelViewSet
+
+from ..hands import IsOrgAdminOrAppUser
+from .. import models, serializers
+
+
+__all__ = ['ApplicationViewSet']
+
+
+class ApplicationViewSet(OrgBulkModelViewSet):
+    model = models.Application
+    filterset_fields = ('name', 'type', 'category')
+    search_fields = filterset_fields
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = serializers.ApplicationSerializer
+

apps/applications/api/mixin.py

@@ -0,0 +1,89 @@
+from orgs.models import Organization
+
+
+__all__ = ['SerializeApplicationToTreeNodeMixin']
+
+
+class SerializeApplicationToTreeNodeMixin:
+
+    @staticmethod
+    def _serialize_db(db):
+        return {
+            'id': db.id,
+            'name': db.name,
+            'title': db.name,
+            'pId': '',
+            'open': False,
+            'iconSkin': 'database',
+            'meta': {'type': 'database_app'}
+        }
+
+    @staticmethod
+    def _serialize_remote_app(remote_app):
+        return {
+            'id': remote_app.id,
+            'name': remote_app.name,
+            'title': remote_app.name,
+            'pId': '',
+            'open': False,
+            'isParent': False,
+            'iconSkin': 'chrome',
+            'meta': {'type': 'remote_app'}
+        }
+
+    @staticmethod
+    def _serialize_cloud(cloud):
+        return {
+            'id': cloud.id,
+            'name': cloud.name,
+            'title': cloud.name,
+            'pId': '',
+            'open': False,
+            'isParent': False,
+            'iconSkin': 'k8s',
+            'meta': {'type': 'k8s_app'}
+        }
+
+    def _serialize_application(self, application):
+        method_name = f'_serialize_{application.category}'
+        data = getattr(self, method_name)(application)
+        data.update({
+            'pId': application.org.id,
+            'org_name': application.org_name
+        })
+        return data
+
+    def serialize_applications(self, applications):
+        data = [self._serialize_application(application) for application in applications]
+        return data
+
+    @staticmethod
+    def _serialize_organization(org):
+        return {
+            'id': org.id,
+            'name': org.name,
+            'title': org.name,
+            'pId': '',
+            'open': True,
+            'isParent': True,
+            'meta': {
+                'type': 'node'
+            }
+        }
+
+    def serialize_organizations(self, organizations):
+        data = [self._serialize_organization(org) for org in organizations]
+        return data
+
+    @staticmethod
+    def filter_organizations(applications):
+        organizations_id = set(applications.values_list('org_id', flat=True))
+        organizations = [Organization.get_instance(org_id) for org_id in organizations_id]
+        return organizations
+
+    def serialize_applications_with_org(self, applications):
+        organizations = self.filter_organizations(applications)
+        data_organizations = self.serialize_organizations(organizations)
+        data_applications = self.serialize_applications(applications)
+        data = data_organizations + data_applications
+        return data

apps/applications/api/remote_app.py

@@ -1,27 +1,19 @@
 # coding: utf-8
 #
 
-from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
-from ..hands import IsOrgAdmin, IsAppUser
-from ..models import RemoteApp
-from ..serializers import RemoteAppSerializer, RemoteAppConnectionInfoSerializer
+from ..hands import IsAppUser
+from .. import models
+from ..serializers import RemoteAppConnectionInfoSerializer
+from ..permissions import IsRemoteApp
 
 
 __all__ = [
-    'RemoteAppViewSet', 'RemoteAppConnectionInfoApi',
+    'RemoteAppConnectionInfoApi',
 ]
 
 
-class RemoteAppViewSet(OrgBulkModelViewSet):
-    model = RemoteApp
-    filter_fields = ('name',)
-    search_fields = filter_fields
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = RemoteAppSerializer
-
-
 class RemoteAppConnectionInfoApi(generics.RetrieveAPIView):
-    model = RemoteApp
-    permission_classes = (IsAppUser, )
+    model = models.Application
+    permission_classes = (IsAppUser, IsRemoteApp)
     serializer_class = RemoteAppConnectionInfoSerializer

apps/applications/const.py

@@ -1,68 +1,49 @@
 #  coding: utf-8
 #
 
+from django.db.models import TextChoices
 from django.utils.translation import ugettext_lazy as _
 
 
-# RemoteApp
-REMOTE_APP_BOOT_PROGRAM_NAME = '||jmservisor'
+class ApplicationCategoryChoices(TextChoices):
+    db = 'db', _('Database')
+    remote_app = 'remote_app', _('Remote app')
+    cloud = 'cloud', 'Cloud'
 
-REMOTE_APP_TYPE_CHROME = 'chrome'
-REMOTE_APP_TYPE_MYSQL_WORKBENCH = 'mysql_workbench'
-REMOTE_APP_TYPE_VMWARE_CLIENT = 'vmware_client'
-REMOTE_APP_TYPE_CUSTOM = 'custom'
+    @classmethod
+    def get_label(cls, category):
+        return dict(cls.choices).get(category, '')
 
-REMOTE_APP_TYPE_CHOICES = (
-    (
-        _('Browser'),
-        (
-            (REMOTE_APP_TYPE_CHROME, 'Chrome'),
-        )
-    ),
-    (
-        _('Database tools'),
-        (
-            (REMOTE_APP_TYPE_MYSQL_WORKBENCH, 'MySQL Workbench'),
-        )
-    ),
-    (
-        _('Virtualization tools'),
-        (
-            (REMOTE_APP_TYPE_VMWARE_CLIENT, 'vSphere Client'),
-        )
-    ),
-    (REMOTE_APP_TYPE_CUSTOM, _('Custom')),
 
-)
+class ApplicationTypeChoices(TextChoices):
+    # db category
+    mysql = 'mysql', 'MySQL'
+    oracle = 'oracle', 'Oracle'
+    pgsql = 'postgresql', 'PostgreSQL'
+    mariadb = 'mariadb', 'MariaDB'
 
-# Fields attribute write_only default => False
+    # remote-app category
+    chrome = 'chrome', 'Chrome'
+    mysql_workbench = 'mysql_workbench', 'MySQL Workbench'
+    vmware_client = 'vmware_client', 'vSphere Client'
+    custom = 'custom', _('Custom')
 
-REMOTE_APP_TYPE_CHROME_FIELDS = [
-    {'name': 'chrome_target'},
-    {'name': 'chrome_username'},
-    {'name': 'chrome_password', 'write_only': True}
-]
-REMOTE_APP_TYPE_MYSQL_WORKBENCH_FIELDS = [
-    {'name': 'mysql_workbench_ip'},
-    {'name': 'mysql_workbench_name'},
-    {'name': 'mysql_workbench_username'},
-    {'name': 'mysql_workbench_password', 'write_only': True}
-]
-REMOTE_APP_TYPE_VMWARE_CLIENT_FIELDS = [
-    {'name': 'vmware_target'},
-    {'name': 'vmware_username'},
-    {'name': 'vmware_password', 'write_only': True}
-]
-REMOTE_APP_TYPE_CUSTOM_FIELDS = [
-    {'name': 'custom_cmdline'},
-    {'name': 'custom_target'},
-    {'name': 'custom_username'},
-    {'name': 'custom_password', 'write_only': True}
-]
+    # cloud category
+    k8s = 'k8s', 'Kubernetes'
+
+    @classmethod
+    def get_label(cls, tp):
+        return dict(cls.choices).get(tp, '')
+
+    @classmethod
+    def db_types(cls):
+        return [cls.mysql.value, cls.oracle.value, cls.pgsql.value, cls.mariadb.value]
+
+    @classmethod
+    def remote_app_types(cls):
+        return [cls.chrome.value, cls.mysql_workbench.value, cls.vmware_client.value, cls.custom.value]
+
+    @classmethod
+    def cloud_types(cls):
+        return [cls.k8s.value]
 
-REMOTE_APP_TYPE_MAP_FIELDS = {
-    REMOTE_APP_TYPE_CHROME: REMOTE_APP_TYPE_CHROME_FIELDS,
-    REMOTE_APP_TYPE_MYSQL_WORKBENCH: REMOTE_APP_TYPE_MYSQL_WORKBENCH_FIELDS,
-    REMOTE_APP_TYPE_VMWARE_CLIENT: REMOTE_APP_TYPE_VMWARE_CLIENT_FIELDS,
-    REMOTE_APP_TYPE_CUSTOM: REMOTE_APP_TYPE_CUSTOM_FIELDS
-}

apps/applications/forms/__init__.py

@@ -1 +0,0 @@
-from .remote_app import *

apps/applications/forms/remote_app.py

@@ -1,123 +0,0 @@
-#  coding: utf-8
-#
-
-from django.utils.translation import ugettext as _
-from django import forms
-
-from orgs.mixins.forms import OrgModelForm
-from assets.models import SystemUser
-
-from ..models import RemoteApp
-from .. import const
-
-
-__all__ = [
-    'RemoteAppCreateUpdateForm',
-]
-
-
-class RemoteAppTypeChromeForm(forms.ModelForm):
-    chrome_target = forms.CharField(
-        max_length=128, label=_('Target URL'), required=False
-    )
-    chrome_username = forms.CharField(
-        max_length=128, label=_('Login username'), required=False
-    )
-    chrome_password = forms.CharField(
-        widget=forms.PasswordInput, strip=True,
-        max_length=128, label=_('Login password'), required=False
-    )
-
-
-class RemoteAppTypeMySQLWorkbenchForm(forms.ModelForm):
-    mysql_workbench_ip = forms.CharField(
-        max_length=128, label=_('Database IP'), required=False
-    )
-    mysql_workbench_name = forms.CharField(
-        max_length=128, label=_('Database name'), required=False
-    )
-    mysql_workbench_username = forms.CharField(
-        max_length=128, label=_('Database username'), required=False
-    )
-    mysql_workbench_password = forms.CharField(
-        widget=forms.PasswordInput, strip=True,
-        max_length=128, label=_('Database password'), required=False
-    )
-
-
-class RemoteAppTypeVMwareForm(forms.ModelForm):
-    vmware_target = forms.CharField(
-        max_length=128, label=_('Target address'), required=False
-    )
-    vmware_username = forms.CharField(
-        max_length=128, label=_('Login username'), required=False
-    )
-    vmware_password = forms.CharField(
-        widget=forms.PasswordInput, strip=True,
-        max_length=128, label=_('Login password'), required=False
-    )
-
-
-class RemoteAppTypeCustomForm(forms.ModelForm):
-    custom_cmdline = forms.CharField(
-        max_length=128, label=_('Operating parameter'), required=False
-    )
-    custom_target = forms.CharField(
-        max_length=128, label=_('Target address'), required=False
-    )
-    custom_username = forms.CharField(
-        max_length=128, label=_('Login username'), required=False
-    )
-    custom_password = forms.CharField(
-        widget=forms.PasswordInput, strip=True,
-        max_length=128, label=_('Login password'), required=False
-    )
-
-
-class RemoteAppTypeForms(
-    RemoteAppTypeChromeForm,
-    RemoteAppTypeMySQLWorkbenchForm,
-    RemoteAppTypeVMwareForm,
-    RemoteAppTypeCustomForm
-):
-    pass
-
-
-class RemoteAppCreateUpdateForm(RemoteAppTypeForms, OrgModelForm):
-    def __init__(self, *args, **kwargs):
-        # 过滤RDP资产和系统用户
-        super().__init__(*args, **kwargs)
-        field_asset = self.fields['asset']
-        field_asset.queryset = field_asset.queryset.has_protocol('rdp')
-
-    class Meta:
-        model = RemoteApp
-        fields = [
-            'name', 'asset', 'type', 'path', 'comment'
-        ]
-        widgets = {
-            'asset': forms.Select(attrs={
-                'class': 'select2', 'data-placeholder': _('Asset')
-            }),
-        }
-
-    def _clean_params(self):
-        app_type = self.data.get('type')
-        fields = const.REMOTE_APP_TYPE_MAP_FIELDS.get(app_type, [])
-        params = {}
-        for field in fields:
-            name = field['name']
-            value = self.cleaned_data[name]
-            params.update({name: value})
-        return params
-
-    def _save_params(self, instance):
-        params = self._clean_params()
-        instance.params = params
-        instance.save()
-        return instance
-
-    def save(self, commit=True):
-        instance = super().save(commit=commit)
-        instance = self._save_params(instance)
-        return instance

apps/applications/hands.py

@@ -6,7 +6,7 @@
 
     Other module of this app shouldn't connect with other app.
 
-    :copyright: (c) 2014-2018 by Jumpserver Team.
+    :copyright: (c) 2014-2018 by JumpServer Team.
     :license: GPL v2, see LICENSE for more details.
 """
 

apps/applications/migrations/0003_auto_20191210_1659.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.1.11 on 2019-12-10 08:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('applications', '0002_remove_remoteapp_system_user'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='remoteapp',
+            name='type',
+            field=models.CharField(choices=[('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom')], default='chrome', max_length=128, verbose_name='App type'),
+        ),
+    ]

apps/applications/migrations/0004_auto_20191218_1705.py

@@ -0,0 +1,38 @@
+# Generated by Django 2.1.11 on 2019-12-18 09:05
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('applications', '0003_auto_20191210_1659'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='DatabaseApp',
+            fields=[
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('type', models.CharField(choices=[('mysql', 'MySQL')], default='mysql', max_length=128, verbose_name='Type')),
+                ('host', models.CharField(db_index=True, max_length=128, verbose_name='Host')),
+                ('port', models.IntegerField(default=3306, verbose_name='Port')),
+                ('database', models.CharField(blank=True, db_index=True, max_length=128, null=True, verbose_name='Database')),
+                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
+            ],
+            options={
+                'verbose_name': 'DatabaseApp',
+                'ordering': ('name',),
+            },
+        ),
+        migrations.AlterUniqueTogether(
+            name='databaseapp',
+            unique_together={('org_id', 'name')},
+        ),
+    ]

apps/applications/migrations/0005_k8sapp.py

@@ -0,0 +1,34 @@
+# Generated by Django 2.2.13 on 2020-08-07 07:13
+
+from django.db import migrations, models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('applications', '0004_auto_20191218_1705'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='K8sApp',
+            fields=[
+                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('type', models.CharField(choices=[('k8s', 'Kubernetes')], default='k8s', max_length=128, verbose_name='Type')),
+                ('cluster', models.CharField(max_length=1024, verbose_name='Cluster')),
+                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
+            ],
+            options={
+                'verbose_name': 'KubernetesApp',
+                'ordering': ('name',),
+                'unique_together': {('org_id', 'name')},
+            },
+        ),
+    ]

apps/applications/migrations/0006_application.py

@@ -0,0 +1,140 @@
+# Generated by Django 2.2.13 on 2020-10-19 12:01
+
+from django.db import migrations, models
+import django.db.models.deletion
+import django_mysql.models
+import uuid
+
+
+CATEGORY_DB_LIST = ['mysql', 'oracle', 'postgresql', 'mariadb']
+CATEGORY_REMOTE_LIST = ['chrome', 'mysql_workbench', 'vmware_client', 'custom']
+CATEGORY_CLOUD_LIST = ['k8s']
+
+CATEGORY_DB = 'db'
+CATEGORY_REMOTE = 'remote_app'
+CATEGORY_CLOUD = 'cloud'
+CATEGORY_LIST = [CATEGORY_DB, CATEGORY_REMOTE, CATEGORY_CLOUD]
+
+
+def get_application_category(old_app):
+    _type = old_app.type
+    if _type in CATEGORY_DB_LIST:
+        category = CATEGORY_DB
+    elif _type in CATEGORY_REMOTE_LIST:
+        category = CATEGORY_REMOTE
+    elif _type in CATEGORY_CLOUD_LIST:
+        category = CATEGORY_CLOUD
+    else:
+        category = None
+    return category
+
+
+def common_to_application_json(old_app):
+    category = get_application_category(old_app)
+    date_updated = old_app.date_updated if hasattr(old_app, 'date_updated') else old_app.date_created
+    return {
+        'id': old_app.id,
+        'name': old_app.name,
+        'type': old_app.type,
+        'category': category,
+        'comment': old_app.comment,
+        'created_by': old_app.created_by,
+        'date_created': old_app.date_created,
+        'date_updated': date_updated,
+        'org_id': old_app.org_id
+    }
+
+
+def db_to_application_json(database):
+    app_json = common_to_application_json(database)
+    app_json.update({
+        'attrs': {
+            'host': database.host,
+            'port': database.port,
+            'database': database.database
+        }
+    })
+    return app_json
+
+
+def remote_to_application_json(remote):
+    app_json = common_to_application_json(remote)
+    attrs = {
+        'asset': str(remote.asset.id),
+        'path': remote.path,
+    }
+    attrs.update(remote.params)
+    app_json.update({
+        'attrs': attrs
+    })
+    return app_json
+
+
+def k8s_to_application_json(k8s):
+    app_json = common_to_application_json(k8s)
+    app_json.update({
+        'attrs': {
+            'cluster': k8s.cluster
+        }
+    })
+    return app_json
+
+
+def migrate_and_integrate_applications(apps, schema_editor):
+    db_alias = schema_editor.connection.alias
+
+    database_app_model = apps.get_model("applications", "DatabaseApp")
+    remote_app_model = apps.get_model("applications", "RemoteApp")
+    k8s_app_model = apps.get_model("applications", "K8sApp")
+
+    database_apps = database_app_model.objects.using(db_alias).all()
+    remote_apps = remote_app_model.objects.using(db_alias).all()
+    k8s_apps = k8s_app_model.objects.using(db_alias).all()
+
+    database_applications = [db_to_application_json(db_app) for db_app in database_apps]
+    remote_applications = [remote_to_application_json(remote_app) for remote_app in remote_apps]
+    k8s_applications = [k8s_to_application_json(k8s_app) for k8s_app in k8s_apps]
+
+    applications_json = database_applications + remote_applications + k8s_applications
+    application_model = apps.get_model("applications", "Application")
+    applications = [
+        application_model(**application_json)
+        for application_json in applications_json
+        if application_json['category'] in CATEGORY_LIST
+    ]
+    for application in applications:
+        if application_model.objects.using(db_alias).filter(name=application.name).exists():
+            application.name = '{}-{}'.format(application.name, application.type)
+        application.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0057_fill_node_value_assets_amount_and_parent_key'),
+        ('applications', '0005_k8sapp'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Application',
+            fields=[
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('category', models.CharField(choices=[('db', 'Database'), ('remote_app', 'Remote app'), ('cloud', 'Cloud')], max_length=16, verbose_name='Category')),
+                ('type', models.CharField(choices=[('mysql', 'MySQL'), ('oracle', 'Oracle'), ('postgresql', 'PostgreSQL'), ('mariadb', 'MariaDB'), ('chrome', 'Chrome'), ('mysql_workbench', 'MySQL Workbench'), ('vmware_client', 'vSphere Client'), ('custom', 'Custom'), ('k8s', 'Kubernetes')], max_length=16, verbose_name='Type')),
+                ('attrs', django_mysql.models.JSONField(default=dict)),
+                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
+                ('domain', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='applications', to='assets.Domain', verbose_name='Domain')),
+            ],
+            options={
+                'ordering': ('name',),
+                'unique_together': {('org_id', 'name')},
+            },
+        ),
+        migrations.RunPython(migrate_and_integrate_applications),
+    ]

apps/applications/migrations/0007_auto_20201119_1110.py

@@ -0,0 +1,18 @@
+# Generated by Django 3.1 on 2020-11-19 03:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('applications', '0006_application'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='application',
+            name='attrs',
+            field=models.JSONField(),
+        ),
+    ]

apps/applications/migrations/0008_auto_20210104_0435.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.1 on 2021-01-03 20:35
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('perms', '0017_auto_20210104_0435'),
+        ('applications', '0007_auto_20201119_1110'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='DatabaseApp',
+        ),
+        migrations.DeleteModel(
+            name='K8sApp',
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='attrs',
+            field=models.JSONField(default=dict, verbose_name='Attrs'),
+        ),
+        migrations.DeleteModel(
+            name='RemoteApp',
+        ),
+    ]

apps/applications/models/__init__.py

@@ -1 +1 @@
-from .remote_app import *
+from .application import *

apps/applications/models/application.py

@@ -0,0 +1,37 @@
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+from orgs.mixins.models import OrgModelMixin
+from common.mixins import CommonModelMixin
+from .. import const
+
+
+class Application(CommonModelMixin, OrgModelMixin):
+    name = models.CharField(max_length=128, verbose_name=_('Name'))
+    category = models.CharField(
+        max_length=16, choices=const.ApplicationCategoryChoices.choices, verbose_name=_('Category')
+    )
+    type = models.CharField(
+        max_length=16, choices=const.ApplicationTypeChoices.choices, verbose_name=_('Type')
+    )
+    domain = models.ForeignKey(
+        'assets.Domain', null=True, blank=True, related_name='applications',
+        on_delete=models.SET_NULL, verbose_name=_("Domain"),
+    )
+    attrs = models.JSONField(default=dict, verbose_name=_('Attrs'))
+    comment = models.TextField(
+        max_length=128, default='', blank=True, verbose_name=_('Comment')
+    )
+
+    class Meta:
+        unique_together = [('org_id', 'name')]
+        ordering = ('name',)
+
+    def __str__(self):
+        category_display = self.get_category_display()
+        type_display = self.get_type_display()
+        return f'{self.name}({type_display})[{category_display}]'
+
+    @property
+    def category_remote_app(self):
+        return self.category == const.ApplicationCategoryChoices.remote_app.value

apps/applications/models/remote_app.py

@@ -1,78 +0,0 @@
-# coding: utf-8
-#
-
-import uuid
-from django.db import models
-from django.utils.translation import ugettext_lazy as _
-
-from orgs.mixins.models import OrgModelMixin
-from common.fields.model import EncryptJsonDictTextField
-
-from .. import const
-
-
-__all__ = [
-    'RemoteApp',
-]
-
-
-class RemoteApp(OrgModelMixin):
-    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
-    name = models.CharField(max_length=128, verbose_name=_('Name'))
-    asset = models.ForeignKey(
-        'assets.Asset', on_delete=models.CASCADE, verbose_name=_('Asset')
-    )
-    type = models.CharField(
-        default=const.REMOTE_APP_TYPE_CHROME,
-        choices=const.REMOTE_APP_TYPE_CHOICES,
-        max_length=128, verbose_name=_('App type')
-    )
-    path = models.CharField(
-        max_length=128, blank=False, null=False,
-        verbose_name=_('App path')
-    )
-    params = EncryptJsonDictTextField(
-        max_length=4096, default={}, blank=True, null=True,
-        verbose_name=_('Parameters')
-    )
-    created_by = models.CharField(
-        max_length=32, null=True, blank=True, verbose_name=_('Created by')
-    )
-    date_created = models.DateTimeField(
-        auto_now_add=True, null=True, blank=True, verbose_name=_('Date created')
-    )
-    comment = models.TextField(
-        max_length=128, default='', blank=True, verbose_name=_('Comment')
-    )
-
-    class Meta:
-        verbose_name = _("RemoteApp")
-        unique_together = [('org_id', 'name')]
-        ordering = ('name', )
-
-    def __str__(self):
-        return self.name
-
-    @property
-    def parameters(self):
-        """
-        返回Guacamole需要的RemoteApp配置参数信息中的parameters参数
-        """
-        _parameters = list()
-        _parameters.append(self.type)
-        path = '\"%s\"' % self.path
-        _parameters.append(path)
-        for field in const.REMOTE_APP_TYPE_MAP_FIELDS[self.type]:
-            value = self.params.get(field['name'])
-            if value is None:
-                continue
-            _parameters.append(value)
-        _parameters = ' '.join(_parameters)
-        return _parameters
-
-    @property
-    def asset_info(self):
-        return {
-            'id': self.asset.id,
-            'hostname': self.asset.hostname
-        }

apps/applications/permissions.py

@@ -0,0 +1,9 @@
+from rest_framework import permissions
+
+
+__all__ = ['IsRemoteApp']
+
+
+class IsRemoteApp(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        return obj.category_remote_app

apps/applications/serializers/__init__.py

@@ -1 +1,2 @@
+from .application import *
 from .remote_app import *

apps/applications/serializers/application.py

@@ -0,0 +1,64 @@
+# coding: utf-8
+#
+
+from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
+from orgs.mixins.serializers import BulkOrgResourceModelSerializer
+from common.drf.serializers import MethodSerializer
+from .attrs import category_serializer_classes_mapping, type_serializer_classes_mapping
+
+from .. import models
+
+__all__ = [
+    'ApplicationSerializer', 'ApplicationSerializerMixin',
+]
+
+
+class ApplicationSerializerMixin(serializers.Serializer):
+    attrs = MethodSerializer()
+
+    def get_attrs_serializer(self):
+        default_serializer = serializers.Serializer(read_only=True)
+        if isinstance(self.instance, models.Application):
+            _type = self.instance.type
+            _category = self.instance.category
+        else:
+            _type = self.context['request'].query_params.get('type')
+            _category = self.context['request'].query_params.get('category')
+
+        if _type:
+            serializer_class = type_serializer_classes_mapping.get(_type)
+        elif _category:
+            serializer_class = category_serializer_classes_mapping.get(_category)
+        else:
+            serializer_class = default_serializer
+
+        if not serializer_class:
+            serializer_class = default_serializer
+
+        if isinstance(serializer_class, type):
+            serializer = serializer_class()
+        else:
+            serializer = serializer_class
+        return serializer
+
+
+class ApplicationSerializer(ApplicationSerializerMixin, BulkOrgResourceModelSerializer):
+    category_display = serializers.ReadOnlyField(source='get_category_display', label=_('Category'))
+    type_display = serializers.ReadOnlyField(source='get_type_display', label=_('Type'))
+
+    class Meta:
+        model = models.Application
+        fields = [
+            'id', 'name', 'category', 'category_display', 'type', 'type_display', 'attrs',
+            'domain', 'created_by', 'date_created', 'date_updated', 'comment'
+        ]
+        read_only_fields = [
+            'created_by', 'date_created', 'date_updated', 'get_type_display',
+        ]
+
+    def validate_attrs(self, attrs):
+        _attrs = self.instance.attrs if self.instance else {}
+        _attrs.update(attrs)
+        return _attrs
+

apps/applications/serializers/attrs/__init__.py

@@ -0,0 +1 @@
+from .attrs import *

apps/applications/serializers/attrs/application_category/__init__.py

@@ -0,0 +1,3 @@
+from .remote_app import *
+from .db import *
+from .cloud import *

apps/applications/serializers/attrs/application_category/cloud.py

@@ -0,0 +1,9 @@
+from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
+
+
+__all__ = ['CloudSerializer']
+
+
+class CloudSerializer(serializers.Serializer):
+    cluster = serializers.CharField(max_length=1024, label=_('Cluster'), allow_null=True)

apps/applications/serializers/attrs/application_category/db.py

@@ -0,0 +1,15 @@
+# coding: utf-8
+#
+from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
+
+
+__all__ = ['DBSerializer']
+
+
+class DBSerializer(serializers.Serializer):
+    host = serializers.CharField(max_length=128, label=_('Host'), allow_null=True)
+    port = serializers.IntegerField(label=_('Port'), allow_null=True)
+    database = serializers.CharField(
+        max_length=128, required=True, allow_null=True, label=_('Database')
+    )

apps/applications/serializers/attrs/application_category/remote_app.py

@@ -0,0 +1,52 @@
+# coding: utf-8
+#
+
+from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
+from django.core.exceptions import ObjectDoesNotExist
+
+from common.utils import get_logger, is_uuid
+from assets.models import Asset
+
+logger = get_logger(__file__)
+
+
+__all__ = ['RemoteAppSerializer']
+
+
+class CharPrimaryKeyRelatedField(serializers.PrimaryKeyRelatedField):
+
+    def to_internal_value(self, data):
+        instance = super().to_internal_value(data)
+        return str(instance.id)
+
+    def to_representation(self, value):
+        # value is instance.id
+        if self.pk_field is not None:
+            return self.pk_field.to_representation(value)
+        return value
+
+
+class RemoteAppSerializer(serializers.Serializer):
+    asset_info = serializers.SerializerMethodField()
+    asset = CharPrimaryKeyRelatedField(
+        queryset=Asset.objects, required=False, label=_("Asset"), allow_null=True
+    )
+    path = serializers.CharField(
+        max_length=128, label=_('Application path'), allow_null=True
+    )
+
+    @staticmethod
+    def get_asset_info(obj):
+        asset_id = obj.get('asset')
+        if not asset_id or is_uuid(asset_id):
+            return {}
+        try:
+            asset = Asset.objects.filter(id=str(asset_id)).values_list('id', 'hostname')
+        except ObjectDoesNotExist as e:
+            logger.error(e)
+            return {}
+        if not asset:
+            return {}
+        asset_info = {'id': str(asset[0]), 'hostname': asset[1]}
+        return asset_info

apps/applications/serializers/attrs/application_type/__init__.py

@@ -0,0 +1,12 @@
+
+from .mysql import *
+from .mariadb import *
+from .oracle import *
+from .pgsql import *
+
+from .chrome import *
+from .mysql_workbench import *
+from .vmware_client import *
+from .custom import *
+
+from .k8s import *

apps/applications/serializers/attrs/application_type/chrome.py

@@ -0,0 +1,26 @@
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import serializers
+
+from ..application_category import RemoteAppSerializer
+
+
+__all__ = ['ChromeSerializer']
+
+
+class ChromeSerializer(RemoteAppSerializer):
+    CHROME_PATH = 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'
+
+    path = serializers.CharField(
+        max_length=128, label=_('Application path'), default=CHROME_PATH, allow_null=True,
+    )
+    chrome_target = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Target URL'), allow_null=True,
+    )
+    chrome_username = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Username'), allow_null=True,
+    )
+    chrome_password = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'),
+        allow_null=True
+    )
+

apps/applications/serializers/attrs/application_type/custom.py

@@ -0,0 +1,27 @@
+
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import serializers
+
+from ..application_category import RemoteAppSerializer
+
+
+__all__ = ['CustomSerializer']
+
+
+class CustomSerializer(RemoteAppSerializer):
+    custom_cmdline = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Operating parameter'),
+        allow_null=True,
+    )
+    custom_target = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Target url'),
+        allow_null=True,
+    )
+    custom_username = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Username'),
+        allow_null=True,
+    )
+    custom_password = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'),
+        allow_null=True,
+    )

apps/applications/serializers/attrs/application_type/k8s.py

@@ -0,0 +1,8 @@
+from ..application_category import CloudSerializer
+
+
+__all__ = ['K8SSerializer']
+
+
+class K8SSerializer(CloudSerializer):
+    pass

apps/applications/serializers/attrs/application_type/mariadb.py

@@ -0,0 +1,8 @@
+from .mysql import MySQLSerializer
+
+
+__all__ = ['MariaDBSerializer']
+
+
+class MariaDBSerializer(MySQLSerializer):
+    pass

apps/applications/serializers/attrs/application_type/mysql.py

@@ -0,0 +1,15 @@
+from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
+
+from ..application_category import DBSerializer
+
+
+__all__ = ['MySQLSerializer']
+
+
+class MySQLSerializer(DBSerializer):
+    port = serializers.IntegerField(default=3306, label=_('Port'), allow_null=True)
+
+
+
+

apps/applications/serializers/attrs/application_type/mysql_workbench.py

@@ -0,0 +1,36 @@
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import serializers
+
+from ..application_category import RemoteAppSerializer
+
+
+__all__ = ['MySQLWorkbenchSerializer']
+
+
+class MySQLWorkbenchSerializer(RemoteAppSerializer):
+    MYSQL_WORKBENCH_PATH = 'C:\Program Files\MySQL\MySQL Workbench 8.0 CE\MySQLWorkbench.exe'
+
+    path = serializers.CharField(
+        max_length=128, label=_('Application path'), default=MYSQL_WORKBENCH_PATH,
+        allow_null=True,
+    )
+    mysql_workbench_ip = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('IP'),
+        allow_null=True,
+    )
+    mysql_workbench_port = serializers.IntegerField(
+        required=False, label=_('Port'),
+        allow_null=True,
+    )
+    mysql_workbench_name = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Database'),
+        allow_null=True,
+    )
+    mysql_workbench_username = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Username'),
+        allow_null=True,
+    )
+    mysql_workbench_password = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'),
+        allow_null=True,
+    )

apps/applications/serializers/attrs/application_type/oracle.py

@@ -0,0 +1,12 @@
+from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
+
+from ..application_category import DBSerializer
+
+
+__all__ = ['OracleSerializer']
+
+
+class OracleSerializer(DBSerializer):
+    port = serializers.IntegerField(default=1521, label=_('Port'), allow_null=True)
+

apps/applications/serializers/attrs/application_type/pgsql.py

@@ -0,0 +1,12 @@
+from rest_framework import serializers
+from django.utils.translation import ugettext_lazy as _
+
+from ..application_category import DBSerializer
+
+
+__all__ = ['PostgreSerializer']
+
+
+class PostgreSerializer(DBSerializer):
+    port = serializers.IntegerField(default=5432, label=_('Port'), allow_null=True)
+

apps/applications/serializers/attrs/application_type/vmware_client.py

@@ -0,0 +1,32 @@
+from django.utils.translation import ugettext_lazy as _
+from rest_framework import serializers
+
+from ..application_category import RemoteAppSerializer
+
+
+__all__ = ['VMwareClientSerializer']
+
+
+class VMwareClientSerializer(RemoteAppSerializer):
+    PATH = r'''
+    C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient
+    .exe
+    '''
+    VMWARE_CLIENT_PATH = ''.join(PATH.split())
+
+    path = serializers.CharField(
+        max_length=128, label=_('Application path'), default=VMWARE_CLIENT_PATH,
+        allow_null=True
+    )
+    vmware_target = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Target URL'),
+        allow_null=True
+    )
+    vmware_username = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Username'),
+        allow_null=True
+    )
+    vmware_password = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, write_only=True, label=_('Password'),
+        allow_null=True
+    )

apps/applications/serializers/attrs/attrs.py

@@ -0,0 +1,42 @@
+from rest_framework import serializers
+from applications import const
+from . import application_category, application_type
+
+
+__all__ = [
+    'category_serializer_classes_mapping',
+    'type_serializer_classes_mapping',
+    'get_serializer_class_by_application_type',
+]
+
+
+# define `attrs` field `category serializers mapping`
+# ---------------------------------------------------
+
+category_serializer_classes_mapping = {
+    const.ApplicationCategoryChoices.db.value: application_category.DBSerializer,
+    const.ApplicationCategoryChoices.remote_app.value: application_category.RemoteAppSerializer,
+    const.ApplicationCategoryChoices.cloud.value: application_category.CloudSerializer,
+}
+
+# define `attrs` field `type serializers mapping`
+# -----------------------------------------------
+
+type_serializer_classes_mapping = {
+    # db
+    const.ApplicationTypeChoices.mysql.value: application_type.MySQLSerializer,
+    const.ApplicationTypeChoices.mariadb.value: application_type.MariaDBSerializer,
+    const.ApplicationTypeChoices.oracle.value: application_type.OracleSerializer,
+    const.ApplicationTypeChoices.pgsql.value: application_type.PostgreSerializer,
+    # remote-app
+    const.ApplicationTypeChoices.chrome.value: application_type.ChromeSerializer,
+    const.ApplicationTypeChoices.mysql_workbench.value: application_type.MySQLWorkbenchSerializer,
+    const.ApplicationTypeChoices.vmware_client.value: application_type.VMwareClientSerializer,
+    const.ApplicationTypeChoices.custom.value: application_type.CustomSerializer,
+    # cloud
+    const.ApplicationTypeChoices.k8s.value: application_type.K8SSerializer
+}
+
+
+def get_serializer_class_by_application_type(_application_type):
+    return type_serializer_classes_mapping.get(_application_type)

apps/applications/serializers/remote_app.py

@@ -1,103 +1,57 @@
 # coding: utf-8
 #
-
-
 from rest_framework import serializers
-
-from common.serializers import AdaptedBulkListSerializer
-from orgs.mixins.serializers import BulkOrgResourceModelSerializer
-
-from .. import const
-from ..models import RemoteApp
+from common.utils import get_logger
+from ..models import Application
 
 
-__all__ = [
-    'RemoteAppSerializer', 'RemoteAppConnectionInfoSerializer',
-]
+logger = get_logger(__file__)
 
 
-class RemoteAppParamsDictField(serializers.DictField):
-    """
-    RemoteApp field => params
-    """
-    @staticmethod
-    def filter_attribute(attribute, instance):
-        """
-        过滤掉params字段值中write_only特性的key-value值
-        For example, the chrome_password field is not returned when serializing
-        {
-            'chrome_target': 'http://www.jumpserver.org/',
-            'chrome_username': 'admin',
-            'chrome_password': 'admin',
-        }
-        """
-        for field in const.REMOTE_APP_TYPE_MAP_FIELDS[instance.type]:
-            if field.get('write_only', False):
-                attribute.pop(field['name'], None)
-        return attribute
-
-    def get_attribute(self, instance):
-        """
-        序列化时调用
-        """
-        attribute = super().get_attribute(instance)
-        attribute = self.filter_attribute(attribute, instance)
-        return attribute
-
-    @staticmethod
-    def filter_value(dictionary, value):
-        """
-        过滤掉不属于当前app_type所包含的key-value值
-        """
-        app_type = dictionary.get('type', const.REMOTE_APP_TYPE_CHROME)
-        fields = const.REMOTE_APP_TYPE_MAP_FIELDS[app_type]
-        fields_names = [field['name'] for field in fields]
-        no_need_keys = [k for k in value.keys() if k not in fields_names]
-        for k in no_need_keys:
-            value.pop(k)
-        return value
-
-    def get_value(self, dictionary):
-        """
-        反序列化时调用
-        """
-        value = super().get_value(dictionary)
-        value = self.filter_value(dictionary, value)
-        return value
-
-
-class RemoteAppSerializer(BulkOrgResourceModelSerializer):
-    params = RemoteAppParamsDictField()
-
-    class Meta:
-        model = RemoteApp
-        list_serializer_class = AdaptedBulkListSerializer
-        fields = [
-            'id', 'name', 'asset', 'type', 'path', 'params',
-            'comment', 'created_by', 'date_created', 'asset_info',
-            'get_type_display',
-        ]
-        read_only_fields = [
-            'created_by', 'date_created', 'asset_info',
-            'get_type_display'
-        ]
+__all__ = ['RemoteAppConnectionInfoSerializer']
 
 
 class RemoteAppConnectionInfoSerializer(serializers.ModelSerializer):
     parameter_remote_app = serializers.SerializerMethodField()
+    asset = serializers.SerializerMethodField()
 
     class Meta:
-        model = RemoteApp
+        model = Application
         fields = [
             'id', 'name', 'asset', 'parameter_remote_app',
         ]
         read_only_fields = ['parameter_remote_app']
 
     @staticmethod
-    def get_parameter_remote_app(obj):
-        parameter = {
-            'program': const.REMOTE_APP_BOOT_PROGRAM_NAME,
+    def get_asset(obj):
+        return obj.attrs.get('asset')
+
+    @staticmethod
+    def get_parameters(obj):
+        """
+        返回Guacamole需要的RemoteApp配置参数信息中的parameters参数
+        """
+        from .attrs import get_serializer_class_by_application_type
+        serializer_class = get_serializer_class_by_application_type(obj.type)
+        fields = serializer_class().get_fields()
+
+        parameters = [obj.type]
+        for field_name in list(fields.keys()):
+            if field_name in ['asset']:
+                continue
+            value = obj.attrs.get(field_name)
+            if not value:
+                continue
+            if field_name == 'path':
+                value = '\"%s\"' % value
+            parameters.append(str(value))
+
+        parameters = ' '.join(parameters)
+        return parameters
+
+    def get_parameter_remote_app(self, obj):
+        return {
+            'program': '||jmservisor',
             'working_directory': '',
-            'parameters': obj.parameters,
+            'parameters': self.get_parameters(obj)
         }
-        return parameter

apps/applications/templates/applications/remote_app_create_update.html

@@ -1,158 +0,0 @@
-{% extends '_base_create_update.html' %}
-{% load static %}
-{% load bootstrap3 %}
-{% load i18n %}
-
-{% block form %}
-    <form id="appForm" method="post" class="form-horizontal">
-        {% if form.non_field_errors %}
-            <div class="alert alert-danger">
-                {{ form.non_field_errors }}
-            </div>
-        {% endif %}
-        {% csrf_token %}
-        {% bootstrap_field form.name layout="horizontal" %}
-        {% bootstrap_field form.asset layout="horizontal" %}
-        {% bootstrap_field form.type layout="horizontal" %}
-        {% bootstrap_field form.path layout="horizontal" %}
-
-        <div class="hr-line-dashed"></div>
-
-        {# chrome #}
-        <div class="chrome-fields">
-        {% bootstrap_field form.chrome_target layout="horizontal" %}
-        {% bootstrap_field form.chrome_username layout="horizontal" %}
-        {% bootstrap_field form.chrome_password layout="horizontal" %}
-        </div>
-
-        {# mysql workbench #}
-        <div class="mysql_workbench-fields">
-            {% bootstrap_field form.mysql_workbench_ip layout="horizontal" %}
-            {% bootstrap_field form.mysql_workbench_name layout="horizontal" %}
-            {% bootstrap_field form.mysql_workbench_username layout="horizontal" %}
-            {% bootstrap_field form.mysql_workbench_password layout="horizontal" %}
-        </div>
-
-        {# vmware #}
-        <div class="vmware_client-fields">
-        {% bootstrap_field form.vmware_target layout="horizontal" %}
-        {% bootstrap_field form.vmware_username layout="horizontal" %}
-        {% bootstrap_field form.vmware_password layout="horizontal" %}
-        </div>
-
-        {# custom #}
-        <div class="custom-fields">
-        {% bootstrap_field form.custom_cmdline layout="horizontal" %}
-        {% bootstrap_field form.custom_target layout="horizontal" %}
-        {% bootstrap_field form.custom_username layout="horizontal" %}
-        {% bootstrap_field form.custom_password layout="horizontal" %}
-        </div>
-
-        {% bootstrap_field form.comment layout="horizontal" %}
-        <div class="hr-line-dashed"></div>
-        <div class="form-group">
-            <div class="col-sm-4 col-sm-offset-2">
-                <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
-
-                <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
-            </div>
-        </div>
-
-    </form>
-{% endblock %}
-
-{% block custom_foot_js %}
-<script type="text/javascript">
-var app_type_id = '#' + '{{ form.type.id_for_label }}';
-var app_path_id = '#' + '{{ form.path.id_for_label }}';
-var all_type_fields = [
-    '.chrome-fields',
-    '.mysql_workbench-fields',
-    '.vmware_client-fields',
-    '.custom-fields'
-];
-var app_type_map_default_fields_value = {
-    'chrome': {
-        'app_path': 'C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe'
-    },
-    'mysql_workbench': {
-        'app_path': 'C:\\Program Files\\MySQL\\MySQL Workbench 8.0 CE\\MySQLWorkbench.exe'
-    },
-    'vmware_client': {
-        'app_path': 'C:\\Program Files (x86)\\VMware\\Infrastructure\\Virtual Infrastructure Client\\Launcher\\VpxClient.exe'
-    },
-    'custom': {'app_path': ''}
-};
-function getAppType(){
-    return $(app_type_id+ " option:selected").val();
-}
-function initialDefaultValue(){
-    var app_type = getAppType();
-    var app_path = $(app_path_id).val();
-    if(app_path){
-        app_type_map_default_fields_value[app_type]['app_path'] = app_path
-    }
-}
-function setDefaultValue(){
-    // 设置类型相关字段的默认值
-    var app_type = getAppType();
-    var app_path = app_type_map_default_fields_value[app_type]['app_path'];
-    $(app_path_id).val(app_path)
-}
-function hiddenFields(){
-    var app_type = getAppType();
-    $.each(all_type_fields, function(index, value){
-        $(value).addClass('hidden')
-    });
-    $('.' + app_type + '-fields').removeClass('hidden');
-}
-function constructParams(data) {
-    var typeList = ['chrome', 'mysql_workbench', 'vmware_client', 'custom'];
-    var params = {};
-    $.each(typeList, function(index, value){
-        if (data.type === value){
-            for (var k in data){
-                if (k.startsWith(value)){
-                    params[k] = data[k]
-                }
-            }
-        }
-    });
-    return params;
-}
-$(document).ready(function () {
-    $('.select2').select2({
-        closeOnSelect: true
-    });
-    initialDefaultValue();
-    hiddenFields();
-    setDefaultValue();
-})
-.on('change', app_type_id, function(){
-    hiddenFields();
-    setDefaultValue();
-})
-.on("submit", "form", function (evt) {
-    evt.preventDefault();
-    var the_url = '{% url "api-applications:remote-app-list" %}';
-    var redirect_to = '{% url "applications:remote-app-list" %}';
-    var method = "POST";
-    {% if type == "update" %}
-        the_url = '{% url "api-applications:remote-app-detail" object.id %}';
-        method = "PUT";
-    {% endif %}
-    var form = $("form");
-    var data = form.serializeObject();
-    data["params"] = constructParams(data);
-    var props = {
-        url: the_url,
-        data: data,
-        method: method,
-        form: form,
-        redirect_to: redirect_to
-     };
-    formSubmit(props);
- })
-;
-</script>
-{% endblock %}

apps/applications/templates/applications/remote_app_detail.html

@@ -1,105 +0,0 @@
-{% extends 'base.html' %}
-{% load static %}
-{% load i18n %}
-
-{% block custom_head_css_js %}
-    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
-    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
-{% endblock %}
-
-{% block content %}
-    <div class="wrapper wrapper-content animated fadeInRight">
-        <div class="row">
-            <div class="col-sm-12">
-                <div class="ibox float-e-margins">
-                    <div class="panel-options">
-                        <ul class="nav nav-tabs">
-                            <li class="active">
-                                <a href="{% url 'applications:remote-app-detail' pk=remote_app.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
-                            </li>
-                            <li class="pull-right">
-                                <a class="btn btn-outline btn-default" href="{% url 'applications:remote-app-update' pk=remote_app.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
-                            </li>
-                            <li class="pull-right">
-                                <a class="btn btn-outline btn-danger btn-delete-application">
-                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
-                                </a>
-                            </li>
-                        </ul>
-                    </div>
-                    <div class="tab-content">
-                        <div class="col-sm-8" style="padding-left: 0;">
-                            <div class="ibox float-e-margins">
-                                <div class="ibox-title">
-                                    <span class="label"><b>{{ remote_app.name }}</b></span>
-                                    <div class="ibox-tools">
-                                        <a class="collapse-link">
-                                            <i class="fa fa-chevron-up"></i>
-                                        </a>
-                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
-                                            <i class="fa fa-wrench"></i>
-                                        </a>
-                                        <ul class="dropdown-menu dropdown-user">
-                                        </ul>
-                                        <a class="close-link">
-                                            <i class="fa fa-times"></i>
-                                        </a>
-                                    </div>
-                                </div>
-                                <div class="ibox-content">
-                                    <table class="table">
-                                        <tbody>
-                                        <tr class="no-borders-tr">
-                                            <td>{% trans 'Name' %}:</td>
-                                            <td><b>{{ remote_app.name }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Asset' %}:</td>
-                                            <td><b><a href="{% url 'assets:asset-detail' pk=remote_app.asset.id %}">{{ remote_app.asset.hostname }}</a></b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'App type' %}:</td>
-                                            <td><b>{{ remote_app.get_type_display }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'App path' %}:</td>
-                                            <td><b>{{ remote_app.path }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Date created' %}:</td>
-                                            <td><b>{{ remote_app.date_created }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Created by' %}:</td>
-                                            <td><b>{{ remote_app.created_by  }}</b></td>
-                                        </tr>
-                                        <tr>
-                                            <td>{% trans 'Comment' %}:</td>
-                                            <td><b>{{ remote_app.comment }}</b></td>
-                                        </tr>
-                                        </tbody>
-                                    </table>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-{% endblock %}
-{% block custom_foot_js %}
-<script>
-jumpserver.nodes_selected = {};
-$(document).ready(function () {
-})
-.on('click', '.btn-delete-application', function () {
-    var $this = $(this);
-    var name = "{{ remote_app.name }}";
-    var rid = "{{ remote_app.id }}";
-    var the_url = '{% url "api-applications:remote-app-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', rid);
-    var redirect_url = "{% url 'applications:remote-app-list' %}";
-    objectDelete($this, name, the_url, redirect_url);
-})
-</script>
-{% endblock %}

apps/applications/templates/applications/remote_app_list.html

@@ -1,87 +0,0 @@
-{% extends '_base_list.html' %}
-{% load i18n static %}
-{% block help_message %}
-<div class="alert alert-info help-message">
-    {% trans 'Before using this feature, make sure that the application loader has been uploaded to the application server and successfully published as a RemoteApp application' %}
-    <b><a href="https://github.com/jumpserver/Jmservisor/releases" target="view_window" >{% trans 'Download application loader' %}</a></b>
-</div>
-{% endblock %}
-{% block table_search %}{% endblock %}
-{% block table_container %}
-    <div class="uc pull-left  m-r-5">
-        <a href="{% url 'applications:remote-app-create' %}" class="btn btn-sm btn-primary"> {% trans "Create RemoteApp" %} </a>
-    </div>
-    <table class="table table-striped table-bordered table-hover " id="remote_app_list_table" >
-        <thead>
-        <tr>
-            <th class="text-center">
-                <input type="checkbox" id="check_all" class="ipt_check_all" >
-            </th>
-            <th class="text-center">{% trans 'Name' %}</th>
-            <th class="text-center">{% trans 'App type' %}</th>
-            <th class="text-center">{% trans 'Asset' %}</th>
-            <th class="text-center">{% trans 'Comment' %}</th>
-            <th class="text-center">{% trans 'Action' %}</th>
-        </tr>
-        </thead>
-        <tbody>
-        </tbody>
-    </table>
-{% endblock %}
-{% block content_bottom_left %}{% endblock %}
-{% block custom_foot_js %}
-<script>
-function initTable() {
-    var options = {
-        ele: $('#remote_app_list_table'),
-        columnDefs: [
-            {targets: 1, createdCell: function (td, cellData, rowData) {
-                    cellData = htmlEscape(cellData);
-                    {% url 'applications:remote-app-detail' pk=DEFAULT_PK as the_url  %}
-                    var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
-                    $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
-                }},
-            {targets: 3, createdCell: function (td, cellData, rowData) {
-                    var hostname = htmlEscape(cellData.hostname);
-                    var detail_btn = '<a href="{% url 'assets:asset-detail' pk=DEFAULT_PK %}">' + hostname + '</a>';
-                    $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', cellData.id));
-                }},
-            {targets: 3, createdCell: function (td, cellData, rowData) {
-                    var comment = htmlEscape(cellData);
-                    $(td).html(comment)
-                }},
-            {targets: 5, createdCell: function (td, cellData, rowData) {
-                    var update_btn = '<a href="{% url "applications:remote-app-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
-                    var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-rid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
-                    $(td).html(update_btn + del_btn)
-                }}
-        ],
-        ajax_url: '{% url "api-applications:remote-app-list" %}',
-        columns: [
-            {data: "id"},
-            {data: "name" },
-            {data: "get_type_display", orderable: false},
-            {data: "asset_info", orderable: false},
-            {data: "comment"},
-            {data: "id", orderable: false}
-        ],
-        op_html: $('#actions').html()
-    };
-    jumpserver.initServerSideDataTable(options);
-}
-$(document).ready(function(){
-    initTable();
-})
-.on('click', '.btn-delete', function () {
-    var $this = $(this);
-    var $data_table = $('#remote_app_list_table').DataTable();
-    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
-    var rid = $this.data('rid');
-    var the_url = '{% url "api-applications:remote-app-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', rid);
-    objectDelete($this, name, the_url);
-    setTimeout( function () {
-        $data_table.ajax.reload();
-    }, 3000);
-});
-</script>
-{% endblock %}

apps/applications/templates/applications/user_remote_app_list.html

@@ -1,73 +0,0 @@
-{% extends 'base.html' %}
-{% load i18n static %}
-
-{% block custom_head_css_js %}
-    <script src="{% static 'js/jquery.form.min.js' %}"></script>
-{% endblock %}
-
-{% block content %}
-<div class="mail-box-header">
-    <table class="table table-striped table-bordered table-hover " id="remote_app_list_table" >
-        <thead>
-        <tr>
-            <th class="text-center">
-                <input type="checkbox" id="check_all" class="ipt_check_all" >
-            </th>
-            <th class="text-center">{% trans 'Name' %}</th>
-            <th class="text-center">{% trans 'App type' %}</th>
-            <th class="text-center">{% trans 'Asset' %}</th>
-            <th class="text-center">{% trans 'Comment' %}</th>
-            <th class="text-center">{% trans 'Action' %}</th>
-        </tr>
-        </thead>
-        <tbody>
-        </tbody>
-    </table>
-</div>
-{% endblock %}
-{% block custom_foot_js %}
-<script>
-var inited = false;
-var remote_app_table, url;
-
-function initTable() {
-    if (inited){
-        return
-    } else {
-        inited = true;
-    }
-    url = '{% url "api-perms:my-remote-apps" %}';
-    var options = {
-        ele: $('#remote_app_list_table'),
-        columnDefs: [
-            {targets: 1, createdCell: function (td, cellData, rowData) {
-                    var name = htmlEscape(cellData);
-                    $(td).html(name)
-                }},
-            {targets: 3, createdCell: function (td, cellData, rowData) {
-                    var hostname = htmlEscape(cellData.hostname);
-                    $(td).html(hostname);
-                }},
-            {targets: 5, createdCell: function (td, cellData, rowData) {
-                    var conn_btn = '<a href="{% url "luna-view" %}?type=remote_app&login_to=' +  cellData +'" class="btn btn-xs btn-primary" target="_blank">{% trans "Connect" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
-                    $(td).html(conn_btn)
-                }}
-        ],
-        ajax_url: url,
-        columns: [
-            {data: "id"},
-            {data: "name"},
-            {data: "get_type_display", orderable: false},
-            {data: "asset_info", orderable: false},
-            {data: "comment", orderable: false},
-            {data: "id", orderable: false}
-        ]
-    };
-    remote_app_table = jumpserver.initServerSideDataTable(options);
-    return remote_app_table
-}
-$(document).ready(function(){
-    initTable();
-})
-</script>
-{% endblock %}

apps/applications/urls/api_urls.py

@@ -1,22 +1,20 @@
 # coding:utf-8
 #
-
-from django.urls import path, re_path
+from django.urls import path
 from rest_framework_bulk.routes import BulkRouter
-
-from common import api as capi
 from .. import api
 
+
 app_name = 'applications'
 
+
 router = BulkRouter()
-router.register(r'remote-apps', api.RemoteAppViewSet, 'remote-app')
+router.register(r'applications', api.ApplicationViewSet, 'application')
+
 
 urlpatterns = [
     path('remote-apps/<uuid:pk>/connection-info/', api.RemoteAppConnectionInfoApi.as_view(), name='remote-app-connection-info'),
 ]
-old_version_urlpatterns = [
-    re_path('(?P<resource>remote-app)/.*', capi.redirect_plural_name_api)
-]
 
-urlpatterns += router.urls + old_version_urlpatterns
+
+urlpatterns += router.urls

apps/applications/urls/views_urls.py

@@ -1,16 +0,0 @@
-# coding:utf-8
-from django.urls import path
-from .. import views
-
-app_name = 'applications'
-
-urlpatterns = [
-    # RemoteApp
-    path('remote-app/', views.RemoteAppListView.as_view(), name='remote-app-list'),
-    path('remote-app/create/', views.RemoteAppCreateView.as_view(), name='remote-app-create'),
-    path('remote-app/<uuid:pk>/update/', views.RemoteAppUpdateView.as_view(), name='remote-app-update'),
-    path('remote-app/<uuid:pk>/', views.RemoteAppDetailView.as_view(), name='remote-app-detail'),
-    # User RemoteApp view
-    path('user-remote-app/', views.UserRemoteAppListView.as_view(), name='user-remote-app-list')
-
-]

apps/applications/views/__init__.py

@@ -1 +0,0 @@
-from .remote_app import *

apps/applications/views/remote_app.py

@@ -1,105 +0,0 @@
-#  coding: utf-8
-#
-
-from django.utils.translation import ugettext as _
-from django.views.generic import TemplateView
-from django.views.generic.edit import CreateView, UpdateView
-from django.views.generic.detail import DetailView
-from django.contrib.messages.views import SuccessMessageMixin
-from django.urls import reverse_lazy
-
-
-from common.permissions import PermissionsMixin, IsOrgAdmin, IsValidUser
-from common.const import create_success_msg, update_success_msg
-
-from ..models import RemoteApp
-from .. import forms
-
-
-__all__ = [
-    'RemoteAppListView', 'RemoteAppCreateView', 'RemoteAppUpdateView',
-    'RemoteAppDetailView', 'UserRemoteAppListView',
-]
-
-
-class RemoteAppListView(PermissionsMixin, TemplateView):
-    template_name = 'applications/remote_app_list.html'
-    permission_classes = [IsOrgAdmin]
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': _('Applications'),
-            'action': _('RemoteApp list'),
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-
-class RemoteAppCreateView(PermissionsMixin, SuccessMessageMixin, CreateView):
-    template_name = 'applications/remote_app_create_update.html'
-    model = RemoteApp
-    form_class = forms.RemoteAppCreateUpdateForm
-    success_url = reverse_lazy('applications:remote-app-list')
-    permission_classes = [IsOrgAdmin]
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': _('Applications'),
-            'action': _('Create RemoteApp'),
-            'type': 'create'
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-    def get_success_message(self, cleaned_data):
-        return create_success_msg % ({'name': cleaned_data['name']})
-
-
-class RemoteAppUpdateView(PermissionsMixin, SuccessMessageMixin, UpdateView):
-    template_name = 'applications/remote_app_create_update.html'
-    model = RemoteApp
-    form_class = forms.RemoteAppCreateUpdateForm
-    success_url = reverse_lazy('applications:remote-app-list')
-    permission_classes = [IsOrgAdmin]
-
-    def get_initial(self):
-        return {k: v for k, v in self.object.params.items()}
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': _('Applications'),
-            'action': _('Update RemoteApp'),
-            'type': 'update'
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-    def get_success_message(self, cleaned_data):
-        return update_success_msg % ({'name': cleaned_data['name']})
-
-
-class RemoteAppDetailView(PermissionsMixin, DetailView):
-    template_name = 'applications/remote_app_detail.html'
-    model = RemoteApp
-    context_object_name = 'remote_app'
-    permission_classes = [IsOrgAdmin]
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'app': _('Applications'),
-            'action': _('RemoteApp detail'),
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)
-
-
-class UserRemoteAppListView(PermissionsMixin, TemplateView):
-    template_name = 'applications/user_remote_app_list.html'
-    permission_classes = [IsValidUser]
-
-    def get_context_data(self, **kwargs):
-        context = {
-            'action': _('My RemoteApp'),
-        }
-        kwargs.update(context)
-        return super().get_context_data(**kwargs)

apps/assets/api/__init__.py

@@ -1,7 +1,9 @@
+from .mixin import *
 from .admin_user import *
 from .asset import *
 from .label import *
 from .system_user import *
+from .system_user_relation import *
 from .node import *
 from .domain import *
 from .cmd_filter import *

apps/assets/api/admin_user.py

@@ -1,20 +1,10 @@
-# ~*~ coding: utf-8 ~*~
-# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
-#
-# Licensed under the GNU General Public License v2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.gnu.org/licenses/gpl-2.0.html
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+
 
 from django.db import transaction
+from django.db.models import Count
 from django.shortcuts import get_object_or_404
+from django.utils.translation import ugettext as _
+from rest_framework import status
 from rest_framework.response import Response
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
@@ -39,11 +29,24 @@ class AdminUserViewSet(OrgBulkModelViewSet):
     Admin user api set, for add,delete,update,list,retrieve resource
     """
     model = AdminUser
-    filter_fields = ("name", "username")
-    search_fields = filter_fields
+    filterset_fields = ("name", "username")
+    search_fields = filterset_fields
     serializer_class = serializers.AdminUserSerializer
     permission_classes = (IsOrgAdmin,)
 
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(assets_amount=Count('assets'))
+        return queryset
+
+    def destroy(self, request, *args, **kwargs):
+        instance = self.get_object()
+        has_related_asset = instance.assets.exists()
+        if has_related_asset:
+            data = {'msg': _('Deleted failed, There are related assets')}
+            return Response(data=data, status=status.HTTP_400_BAD_REQUEST)
+        return super().destroy(request, *args, **kwargs)
+
 
 class AdminUserAuthApi(generics.UpdateAPIView):
     model = AdminUser
@@ -90,9 +93,8 @@ class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
 class AdminUserAssetsListView(generics.ListAPIView):
     permission_classes = (IsOrgAdmin,)
     serializer_class = serializers.AssetSimpleSerializer
-    filter_fields = ("hostname", "ip")
-    http_method_names = ['get']
-    search_fields = filter_fields
+    filterset_fields = ("hostname", "ip")
+    search_fields = filterset_fields
 
     def get_object(self):
         pk = self.kwargs.get('pk')

apps/assets/api/asset.py

@@ -1,41 +1,54 @@
 # -*- coding: utf-8 -*-
 #
-
-import random
-
+from assets.api import FilterAssetByNodeMixin
+from rest_framework.viewsets import ModelViewSet
+from rest_framework.generics import RetrieveAPIView
 from rest_framework.response import Response
+from rest_framework import status
 from django.shortcuts import get_object_or_404
 
 from common.utils import get_logger, get_object_or_none
-from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, IsSuperUser
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
-from ..models import Asset, Node
+from ..models import Asset, Node, Platform
 from .. import serializers
-from ..tasks import update_asset_hardware_info_manual, \
-    test_asset_connectivity_manual
-from ..filters import AssetByNodeFilterBackend, LabelFilterBackend
+from ..tasks import (
+    update_assets_hardware_info_manual, test_assets_connectivity_manual
+)
+from ..filters import FilterAssetByNodeFilterBackend, LabelFilterBackend, IpInFilterBackend
 
 
 logger = get_logger(__file__)
 __all__ = [
-    'AssetViewSet',
-    'AssetRefreshHardwareApi', 'AssetAdminUserTestApi',
-    'AssetGatewayApi',
+    'AssetViewSet', 'AssetPlatformRetrieveApi',
+    'AssetGatewayListApi', 'AssetPlatformViewSet',
+    'AssetTaskCreateApi', 'AssetsTaskCreateApi',
 ]
 
 
-class AssetViewSet(OrgBulkModelViewSet):
+class AssetViewSet(FilterAssetByNodeMixin, OrgBulkModelViewSet):
     """
     API endpoint that allows Asset to be viewed or edited.
     """
     model = Asset
-    filter_fields = ("hostname", "ip", "systemuser__id", "admin_user__id")
+    filterset_fields = {
+        'hostname': ['exact'],
+        'ip': ['exact'],
+        'systemuser__id': ['exact'],
+        'admin_user__id': ['exact'],
+        'platform__base': ['exact'],
+        'is_active': ['exact'],
+        'protocols': ['exact', 'icontains']
+    }
     search_fields = ("hostname", "ip")
     ordering_fields = ("hostname", "ip", "port", "cpu_cores")
-    serializer_class = serializers.AssetSerializer
+    serializer_classes = {
+        'default': serializers.AssetSerializer,
+        'display': serializers.AssetDisplaySerializer,
+    }
     permission_classes = (IsOrgAdminOrAppUser,)
-    extra_filter_backends = [AssetByNodeFilterBackend, LabelFilterBackend]
+    extra_filter_backends = [FilterAssetByNodeFilterBackend, LabelFilterBackend, IpInFilterBackend]
 
     def set_assets_node(self, assets):
         if not isinstance(assets, list):
@@ -53,49 +66,79 @@ class AssetViewSet(OrgBulkModelViewSet):
         self.set_assets_node(assets)
 
 
-class AssetRefreshHardwareApi(generics.RetrieveAPIView):
-    """
-    Refresh asset hardware info
-    """
+class AssetPlatformRetrieveApi(RetrieveAPIView):
+    queryset = Platform.objects.all()
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = serializers.PlatformSerializer
+
+    def get_object(self):
+        asset_pk = self.kwargs.get('pk')
+        asset = get_object_or_404(Asset, pk=asset_pk)
+        return asset.platform
+
+
+class AssetPlatformViewSet(ModelViewSet):
+    queryset = Platform.objects.all()
+    permission_classes = (IsSuperUser,)
+    serializer_class = serializers.PlatformSerializer
+    filterset_fields = ['name', 'base']
+    search_fields = ['name']
+
+    def get_permissions(self):
+        if self.request.method.lower() in ['get', 'options']:
+            self.permission_classes = (IsOrgAdmin,)
+        return super().get_permissions()
+
+    def check_object_permissions(self, request, obj):
+        if request.method.lower() in ['delete', 'put', 'patch'] and obj.internal:
+            self.permission_denied(
+                request, message={"detail": "Internal platform"}
+            )
+        return super().check_object_permissions(request, obj)
+
+
+class AssetsTaskMixin:
+    def perform_assets_task(self, serializer):
+        data = serializer.validated_data
+        assets = data['assets']
+        action = data['action']
+        if action == "refresh":
+            task = update_assets_hardware_info_manual.delay(assets)
+        else:
+            task = test_assets_connectivity_manual.delay(assets)
+        data = getattr(serializer, '_data', {})
+        data["task"] = task.id
+        setattr(serializer, '_data', data)
+
+    def perform_create(self, serializer):
+        self.perform_assets_task(serializer)
+
+
+class AssetTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
     model = Asset
-    serializer_class = serializers.AssetSerializer
+    serializer_class = serializers.AssetTaskSerializer
     permission_classes = (IsOrgAdmin,)
 
-    def retrieve(self, request, *args, **kwargs):
-        asset_id = kwargs.get('pk')
-        asset = get_object_or_404(Asset, pk=asset_id)
-        task = update_asset_hardware_info_manual.delay(asset)
-        return Response({"task": task.id})
+    def create(self, request, *args, **kwargs):
+        pk = self.kwargs.get('pk')
+        request.data['assets'] = [pk]
+        return super().create(request, *args, **kwargs)
 
 
-class AssetAdminUserTestApi(generics.RetrieveAPIView):
-    """
-    Test asset admin user assets_connectivity
-    """
+class AssetsTaskCreateApi(AssetsTaskMixin, generics.CreateAPIView):
     model = Asset
+    serializer_class = serializers.AssetTaskSerializer
     permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.TaskIDSerializer
-
-    def retrieve(self, request, *args, **kwargs):
-        asset_id = kwargs.get('pk')
-        asset = get_object_or_404(Asset, pk=asset_id)
-        task = test_asset_connectivity_manual.delay(asset)
-        return Response({"task": task.id})
 
 
-class AssetGatewayApi(generics.RetrieveAPIView):
+class AssetGatewayListApi(generics.ListAPIView):
     permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.GatewayWithAuthSerializer
-    model = Asset
 
-    def retrieve(self, request, *args, **kwargs):
-        asset_id = kwargs.get('pk')
+    def get_queryset(self):
+        asset_id = self.kwargs.get('pk')
         asset = get_object_or_404(Asset, pk=asset_id)
-
-        if asset.domain and \
-                asset.domain.gateways.filter(protocol='ssh').exists():
-            gateway = random.choice(asset.domain.gateways.filter(protocol='ssh'))
-            serializer = serializers.GatewayWithAuthSerializer(instance=gateway)
-            return Response(serializer.data)
-        else:
-            return Response({"msg": "Not have gateway"}, status=404)
+        if not asset.domain:
+            return []
+        queryset = asset.domain.gateways.filter(protocol='ssh')
+        return queryset

apps/assets/api/asset_user.py

@@ -1,26 +1,24 @@
 # -*- coding: utf-8 -*-
 #
-
-from rest_framework.response import Response
-from rest_framework import generics
-from rest_framework import filters
-from rest_framework_bulk import BulkModelViewSet
-from django.shortcuts import get_object_or_404
-from django.http import Http404
+import coreapi
 from django.conf import settings
+from rest_framework.response import Response
+from rest_framework import generics, filters
+from rest_framework_bulk import BulkModelViewSet
 
 from common.permissions import IsOrgAdminOrAppUser, NeedMFAVerify
 from common.utils import get_object_or_none, get_logger
 from common.mixins import CommonApiMixin
 from ..backends import AssetUserManager
-from ..models import Asset, Node, SystemUser, AdminUser
+from ..models import Asset, Node, SystemUser
 from .. import serializers
-from ..tasks import test_asset_users_connectivity_manual
+from ..tasks import (
+    test_asset_users_connectivity_manual, push_system_user_a_asset_manual
+)
 
 
 __all__ = [
-    'AssetUserViewSet', 'AssetUserAuthInfoApi', 'AssetUserTestConnectiveApi',
-    'AssetUserExportViewSet',
+    'AssetUserViewSet', 'AssetUserAuthInfoViewSet', 'AssetUserTaskCreateAPI',
 ]
 
 
@@ -30,14 +28,21 @@ logger = get_logger(__name__)
 class AssetUserFilterBackend(filters.BaseFilterBackend):
     def filter_queryset(self, request, queryset, view):
         kwargs = {}
-        for field in view.filter_fields:
+        for field in view.filterset_fields:
             value = request.GET.get(field)
             if not value:
                 continue
-            if field in ("node_id", "system_user_id", "admin_user_id"):
+            if field == "node_id":
+                value = get_object_or_none(Node, pk=value)
+                kwargs["node"] = value
                 continue
+            elif field == "asset_id":
+                field = "asset"
             kwargs[field] = value
-        return queryset.filter(**kwargs)
+        if kwargs:
+            queryset = queryset.filter(**kwargs)
+        logger.debug("Filter {}".format(kwargs))
+        return queryset
 
 
 class AssetUserSearchBackend(filters.BaseFilterBackend):
@@ -45,140 +50,108 @@ class AssetUserSearchBackend(filters.BaseFilterBackend):
         value = request.GET.get('search')
         if not value:
             return queryset
-        _queryset = AssetUserManager.none()
-        for field in view.search_fields:
-            if field in ("node_id", "system_user_id", "admin_user_id"):
-                continue
-            _queryset |= queryset.filter(**{field: value})
-        return _queryset.distinct()
+        queryset = queryset.search(value)
+        return queryset
+
+
+class AssetUserLatestFilterBackend(filters.BaseFilterBackend):
+    def get_schema_fields(self, view):
+        return [
+            coreapi.Field(
+                name='latest', location='query', required=False,
+                type='string', example='1',
+                description='Only the latest version'
+            )
+        ]
+
+    def filter_queryset(self, request, queryset, view):
+        latest = request.GET.get('latest') == '1'
+        if latest:
+            queryset = queryset.distinct()
+        return queryset
 
 
 class AssetUserViewSet(CommonApiMixin, BulkModelViewSet):
-    serializer_class = serializers.AssetUserSerializer
+    serializer_classes = {
+        'default': serializers.AssetUserWriteSerializer,
+        'display': serializers.AssetUserReadSerializer,
+        'retrieve': serializers.AssetUserReadSerializer,
+    }
     permission_classes = [IsOrgAdminOrAppUser]
-    http_method_names = ['get', 'post']
-    filter_fields = [
-        "id", "ip", "hostname", "username", "asset_id", "node_id",
-        "system_user_id", "admin_user_id"
+    filterset_fields = [
+        "id", "ip", "hostname", "username",
+        "asset_id", "node_id",
+        "prefer", "prefer_id",
     ]
-    search_fields = filter_fields
-    filter_backends = (
-        filters.OrderingFilter,
+    search_fields = ["ip", "hostname", "username"]
+    filter_backends = [
         AssetUserFilterBackend, AssetUserSearchBackend,
-    )
+        AssetUserLatestFilterBackend,
+    ]
 
     def allow_bulk_destroy(self, qs, filtered):
         return False
 
-    def get_queryset(self):
-        # 尽可能先返回更少的数据
-        username = self.request.GET.get('username')
-        asset_id = self.request.GET.get('asset_id')
-        node_id = self.request.GET.get('node_id')
-        admin_user_id = self.request.GET.get("admin_user_id")
-        system_user_id = self.request.GET.get("system_user_id")
+    def get_object(self):
+        pk = self.kwargs.get("pk")
+        if pk is None:
+            return
+        queryset = self.get_queryset()
+        obj = queryset.get(id=pk)
+        return obj
 
-        kwargs = {}
-        assets = None
+    def get_exception_handler(self):
+        def handler(e, context):
+            logger.error(e, exc_info=True)
+            return Response({"error": str(e)}, status=400)
+        return handler
 
+    def perform_destroy(self, instance):
         manager = AssetUserManager()
-        if system_user_id:
-            system_user = get_object_or_404(SystemUser, id=system_user_id)
-            assets = system_user.get_all_assets()
-            username = system_user.username
-        elif admin_user_id:
-            admin_user = get_object_or_404(AdminUser, id=admin_user_id)
-            assets = admin_user.assets.all()
-            username = admin_user.username
-            manager.prefer('admin_user')
+        manager.delete(instance)
 
-        if asset_id:
-            asset = get_object_or_404(Asset, id=asset_id)
-            assets = [asset]
-        elif node_id:
-            node = get_object_or_404(Node, id=node_id)
-            assets = node.get_all_assets()
-
-        if username:
-            kwargs['username'] = username
-        if assets is not None:
-            kwargs['assets'] = assets
-
-        queryset = manager.filter(**kwargs)
+    def get_queryset(self):
+        manager = AssetUserManager()
+        queryset = manager.all()
         return queryset
 
 
-class AssetUserExportViewSet(AssetUserViewSet):
-    serializer_class = serializers.AssetUserExportSerializer
-    http_method_names = ['get']
+class AssetUserAuthInfoViewSet(AssetUserViewSet):
+    serializer_classes = {"default": serializers.AssetUserAuthInfoSerializer}
+    http_method_names = ['get', 'post']
     permission_classes = [IsOrgAdminOrAppUser]
 
     def get_permissions(self):
-        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
+        if settings.SECURITY_VIEW_AUTH_NEED_MFA:
             self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
         return super().get_permissions()
 
 
-class AssetUserAuthInfoApi(generics.RetrieveAPIView):
-    serializer_class = serializers.AssetUserAuthInfoSerializer
-    permission_classes = [IsOrgAdminOrAppUser]
-
-    def get_permissions(self):
-        if settings.CONFIG.SECURITY_VIEW_AUTH_NEED_MFA:
-            self.permission_classes = [IsOrgAdminOrAppUser, NeedMFAVerify]
-        return super().get_permissions()
-
-    def get_object(self):
-        query_params = self.request.query_params
-        username = query_params.get('username')
-        asset_id = query_params.get('asset_id')
-        prefer = query_params.get("prefer")
-        asset = get_object_or_none(Asset, pk=asset_id)
-        try:
-            manger = AssetUserManager()
-            instance = manger.get(username, asset, prefer=prefer)
-        except Exception as e:
-            raise Http404("Not found")
-        else:
-            return instance
-
-
-class AssetUserTestConnectiveApi(generics.RetrieveAPIView):
-    """
-    Test asset users connective
-    """
+class AssetUserTaskCreateAPI(generics.CreateAPIView):
     permission_classes = (IsOrgAdminOrAppUser,)
-    serializer_class = serializers.TaskIDSerializer
+    serializer_class = serializers.AssetUserTaskSerializer
+    filter_backends = AssetUserViewSet.filter_backends
+    filterset_fields = AssetUserViewSet.filterset_fields
 
     def get_asset_users(self):
-        username = self.request.GET.get('username')
-        asset_id = self.request.GET.get('asset_id')
-        prefer = self.request.GET.get("prefer")
-        asset = get_object_or_none(Asset, pk=asset_id)
         manager = AssetUserManager()
-        asset_users = manager.filter(username=username, assets=[asset], prefer=prefer)
-        return asset_users
+        queryset = manager.all()
+        for cls in self.filter_backends:
+            queryset = cls().filter_queryset(self.request, queryset, self)
+        return list(queryset)
 
-    def retrieve(self, request, *args, **kwargs):
+    def perform_create(self, serializer):
         asset_users = self.get_asset_users()
-        prefer = self.request.GET.get("prefer")
-        kwargs = {}
-        if prefer == "admin_user":
-            kwargs["run_as_admin"] = True
-        task = test_asset_users_connectivity_manual.delay(asset_users, **kwargs)
-        return Response({"task": task.id})
+        # action = serializer.validated_data["action"]
+        # only this
+        # if action == "test":
+        task = test_asset_users_connectivity_manual.delay(asset_users)
+        data = getattr(serializer, '_data', {})
+        data["task"] = task.id
+        setattr(serializer, '_data', data)
+        return task
 
-
-class AssetUserPushApi(generics.CreateAPIView):
-    """
-    Test asset users connective
-    """
-    serializer_class = serializers.AssetUserPushSerializer
-    permission_classes = (IsOrgAdminOrAppUser,)
-
-    def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        asset = serializer.validated_data["asset"]
-        username = serializer.validated_data["username"]
-        pass
+    def get_exception_handler(self):
+        def handler(e, context):
+            return Response({"error": str(e)}, status=400)
+        return handler

apps/assets/api/cmd_filter.py

@@ -14,16 +14,16 @@ __all__ = ['CommandFilterViewSet', 'CommandFilterRuleViewSet']
 
 class CommandFilterViewSet(OrgBulkModelViewSet):
     model = CommandFilter
-    filter_fields = ("name",)
-    search_fields = filter_fields
+    filterset_fields = ("name",)
+    search_fields = filterset_fields
     permission_classes = (IsOrgAdmin,)
     serializer_class = serializers.CommandFilterSerializer
 
 
 class CommandFilterRuleViewSet(OrgBulkModelViewSet):
     model = CommandFilterRule
-    filter_fields = ("content",)
-    search_fields = filter_fields
+    filterset_fields = ("content",)
+    search_fields = filterset_fields
     permission_classes = (IsOrgAdmin,)
     serializer_class = serializers.CommandFilterRuleSerializer
 

apps/assets/api/domain.py

@@ -1,7 +1,9 @@
 # ~*~ coding: utf-8 ~*~
 
-from rest_framework.views import APIView, Response
 from django.views.generic.detail import SingleObjectMixin
+from django.utils.translation import ugettext as _
+from rest_framework.views import APIView, Response
+from rest_framework.serializers import ValidationError
 
 from common.utils import get_logger
 from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
@@ -16,8 +18,8 @@ __all__ = ['DomainViewSet', 'GatewayViewSet', "GatewayTestConnectionApi"]
 
 class DomainViewSet(OrgBulkModelViewSet):
     model = Domain
-    filter_fields = ("name", )
-    search_fields = filter_fields
+    filterset_fields = ("name", )
+    search_fields = filterset_fields
     permission_classes = (IsOrgAdminOrAppUser,)
     serializer_class = serializers.DomainSerializer
 
@@ -29,8 +31,8 @@ class DomainViewSet(OrgBulkModelViewSet):
 
 class GatewayViewSet(OrgBulkModelViewSet):
     model = Gateway
-    filter_fields = ("domain__name", "name", "username", "ip", "domain__id")
-    search_fields = filter_fields
+    filterset_fields = ("domain__name", "name", "username", "ip", "domain")
+    search_fields = ("domain__name", "name", "username", "ip")
     permission_classes = (IsOrgAdmin,)
     serializer_class = serializers.GatewaySerializer
 
@@ -42,6 +44,10 @@ class GatewayTestConnectionApi(SingleObjectMixin, APIView):
     def post(self, request, *args, **kwargs):
         self.object = self.get_object(Gateway.objects.all())
         local_port = self.request.data.get('port') or self.object.port
+        try:
+            local_port = int(local_port)
+        except ValueError:
+            raise ValidationError({'port': _('Number required')})
         ok, e = self.object.test_connective(local_port=local_port)
         if ok:
             return Response("ok")

apps/assets/api/favorite_asset.py

@@ -13,7 +13,7 @@ __all__ = ['FavoriteAssetViewSet']
 class FavoriteAssetViewSet(BulkModelViewSet):
     serializer_class = FavoriteAssetSerializer
     permission_classes = (IsValidUser,)
-    filter_fields = ['asset']
+    filterset_fields = ['asset']
 
     def dispatch(self, request, *args, **kwargs):
         with tmp_to_root_org():

apps/assets/api/gathered_user.py

@@ -18,5 +18,5 @@ class GatheredUserViewSet(OrgModelViewSet):
     permission_classes = [IsOrgAdmin]
     extra_filter_backends = [AssetRelatedByNodeFilterBackend]
 
-    filter_fields = ['asset', 'username', 'present']
+    filterset_fields = ['asset', 'username', 'present', 'asset__ip', 'asset__hostname', 'asset_id']
     search_fields = ['username', 'asset__ip', 'asset__hostname']

apps/assets/api/label.py

@@ -28,8 +28,8 @@ __all__ = ['LabelViewSet']
 
 class LabelViewSet(OrgBulkModelViewSet):
     model = Label
-    filter_fields = ("name", "value")
-    search_fields = filter_fields
+    filterset_fields = ("name", "value")
+    search_fields = filterset_fields
     permission_classes = (IsOrgAdmin,)
     serializer_class = serializers.LabelSerializer
 

apps/assets/api/mixin.py

@@ -0,0 +1,90 @@
+from typing import List
+
+from assets.models import Node, Asset
+from assets.pagination import AssetLimitOffsetPagination
+from common.utils import lazyproperty, dict_get_any, is_uuid, get_object_or_none
+from assets.utils import get_node, is_query_node_all_assets
+
+
+class SerializeToTreeNodeMixin:
+    permission_classes = ()
+
+    def serialize_nodes(self, nodes: List[Node], with_asset_amount=False):
+        if with_asset_amount:
+            def _name(node: Node):
+                return '{} ({})'.format(node.value, node.assets_amount)
+        else:
+            def _name(node: Node):
+                return node.value
+        data = [
+            {
+                'id': node.key,
+                'name': _name(node),
+                'title': _name(node),
+                'pId': node.parent_key,
+                'isParent': True,
+                'open': node.is_org_root(),
+                'meta': {
+                    'node': {
+                        "id": node.id,
+                        "key": node.key,
+                        "value": node.value,
+                    },
+                    'type': 'node'
+                }
+            }
+            for node in nodes
+        ]
+        return data
+
+    def get_platform(self, asset: Asset):
+        default = 'file'
+        icon = {'windows', 'linux'}
+        platform = asset.platform_base.lower()
+        if platform in icon:
+            return platform
+        return default
+
+    def serialize_assets(self, assets, node_key=None):
+        if node_key is None:
+            get_pid = lambda asset: getattr(asset, 'parent_key', '')
+        else:
+            get_pid = lambda asset: node_key
+
+        data = [
+            {
+                'id': str(asset.id),
+                'name': asset.hostname,
+                'title': asset.ip,
+                'pId': get_pid(asset),
+                'isParent': False,
+                'open': False,
+                'iconSkin': self.get_platform(asset),
+                'chkDisabled': not asset.is_active,
+                'meta': {
+                    'type': 'asset',
+                    'asset': {
+                        'id': asset.id,
+                        'hostname': asset.hostname,
+                        'ip': asset.ip,
+                        'protocols': asset.protocols_as_list,
+                        'platform': asset.platform_base,
+                        'org_name': asset.org_name
+                    },
+                }
+            }
+            for asset in assets
+        ]
+        return data
+
+
+class FilterAssetByNodeMixin:
+    pagination_class = AssetLimitOffsetPagination
+
+    @lazyproperty
+    def is_query_node_all_assets(self):
+        return is_query_node_all_assets(self.request)
+
+    @lazyproperty
+    def node(self):
+        return get_node(self.request)

apps/assets/api/node.py

@@ -1,54 +1,60 @@
 # ~*~ coding: utf-8 ~*~
-# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
-#
-# Licensed under the GNU General Public License v2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.gnu.org/licenses/gpl-2.0.html
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+from functools import partial
+from collections import namedtuple, defaultdict
 
 from rest_framework import status
 from rest_framework.serializers import ValidationError
-from rest_framework.views import APIView
 from rest_framework.response import Response
+from rest_framework.decorators import action
 from django.utils.translation import ugettext_lazy as _
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, Http404
+from django.utils.decorators import method_decorator
+from django.db.models.signals import m2m_changed
 
+from common.const.http import POST
+from common.exceptions import SomeoneIsDoingThis
+from common.const.signals import PRE_REMOVE, POST_REMOVE
+from assets.models import Asset
 from common.utils import get_logger, get_object_or_none
 from common.tree import TreeNodeSerializer
+from common.const.distributed_lock_key import UPDATE_NODE_TREE_LOCK_KEY
 from orgs.mixins.api import OrgModelViewSet
 from orgs.mixins import generics
+from orgs.lock import org_level_transaction_lock
+from orgs.utils import current_org
+from assets.tasks import check_node_assets_amount_task
 from ..hands import IsOrgAdmin
 from ..models import Node
 from ..tasks import (
-    update_assets_hardware_info_util, test_asset_connectivity_util
+    update_node_assets_hardware_info_manual,
+    test_node_assets_connectivity_manual,
 )
 from .. import serializers
+from .mixin import SerializeToTreeNodeMixin
 
 
 logger = get_logger(__file__)
 __all__ = [
     'NodeViewSet', 'NodeChildrenApi', 'NodeAssetsApi',
-    'NodeAddAssetsApi', 'NodeRemoveAssetsApi', 'NodeReplaceAssetsApi',
-    'NodeAddChildrenApi', 'RefreshNodeHardwareInfoApi',
-    'TestNodeConnectiveApi', 'NodeListAsTreeApi',
-    'NodeChildrenAsTreeApi', 'RefreshNodesCacheApi',
+    'NodeAddAssetsApi', 'NodeRemoveAssetsApi', 'MoveAssetsToNodeApi',
+    'NodeAddChildrenApi', 'NodeListAsTreeApi',
+    'NodeChildrenAsTreeApi',
+    'NodeTaskCreateApi',
 ]
 
 
 class NodeViewSet(OrgModelViewSet):
     model = Node
-    filter_fields = ('value', 'key', 'id')
+    filterset_fields = ('value', 'key', 'id')
     search_fields = ('value', )
     permission_classes = (IsOrgAdmin,)
     serializer_class = serializers.NodeSerializer
 
+    @action(methods=[POST], detail=False, url_name='launch-check-assets-amount-task')
+    def launch_check_assets_amount_task(self, request):
+        task = check_node_assets_amount_task.delay(current_org.id)
+        return Response(data={'task': task.id})
+
     # 仅支持根节点指直接创建，子节点下的节点需要通过children接口创建
     def perform_create(self, serializer):
         child_key = Node.org_root().get_next_child_key()
@@ -64,9 +70,12 @@ class NodeViewSet(OrgModelViewSet):
 
     def destroy(self, request, *args, **kwargs):
         node = self.get_object()
-        if node.has_children_or_contains_assets():
-            msg = _("Deletion failed and the node contains children or assets")
-            return Response(data={'msg': msg}, status=status.HTTP_403_FORBIDDEN)
+        if node.is_org_root():
+            error = _("You can't delete the root node ({})".format(node.value))
+            return Response(data={'error': error}, status=status.HTTP_403_FORBIDDEN)
+        if node.has_children_or_has_assets():
+            error = _("Deletion failed and the node contains children or assets")
+            return Response(data={'error': error}, status=status.HTTP_403_FORBIDDEN)
         return super().destroy(request, *args, **kwargs)
 
 
@@ -148,7 +157,7 @@ class NodeChildrenApi(generics.ListCreateAPIView):
         return queryset
 
 
-class NodeChildrenAsTreeApi(NodeChildrenApi):
+class NodeChildrenAsTreeApi(SerializeToTreeNodeMixin, NodeChildrenApi):
     """
     节点子节点作为树返回，
     [
@@ -162,31 +171,23 @@ class NodeChildrenAsTreeApi(NodeChildrenApi):
 
     """
     model = Node
-    serializer_class = TreeNodeSerializer
-    http_method_names = ['get']
 
-    def get_queryset(self):
-        queryset = super().get_queryset()
-        queryset = [node.as_tree_node() for node in queryset]
-        queryset = self.add_assets_if_need(queryset)
-        queryset = sorted(queryset)
-        return queryset
+    def list(self, request, *args, **kwargs):
+        nodes = self.get_queryset().order_by('value')
+        nodes = self.serialize_nodes(nodes, with_asset_amount=True)
+        assets = self.get_assets()
+        data = [*nodes, *assets]
+        return Response(data=data)
 
-    def add_assets_if_need(self, queryset):
+    def get_assets(self):
         include_assets = self.request.query_params.get('assets', '0') == '1'
         if not include_assets:
-            return queryset
+            return []
         assets = self.instance.get_assets().only(
-            "id", "hostname", "ip", 'platform', "os",
-            "org_id", "protocols",
+            "id", "hostname", "ip", "os",
+            "org_id", "protocols", "is_active"
         )
-        for asset in assets:
-            queryset.append(asset.as_tree_node(self.instance))
-        return queryset
-
-    def check_need_refresh_nodes(self):
-        if self.request.query_params.get('refresh', '0') == '1':
-            Node.refresh_nodes()
+        return self.serialize_assets(assets, self.instance.key)
 
 
 class NodeAssetsApi(generics.ListAPIView):
@@ -212,14 +213,14 @@ class NodeAddChildrenApi(generics.UpdateAPIView):
     def put(self, request, *args, **kwargs):
         instance = self.get_object()
         nodes_id = request.data.get("nodes")
-        children = [get_object_or_none(Node, id=pk) for pk in nodes_id]
+        children = Node.objects.filter(id__in=nodes_id)
         for node in children:
-            if not node:
-                continue
             node.parent = instance
         return Response("OK")
 
 
+@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='patch')
+@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='put')
 class NodeAddAssetsApi(generics.UpdateAPIView):
     model = Node
     serializer_class = serializers.NodeAssetsSerializer
@@ -232,6 +233,8 @@ class NodeAddAssetsApi(generics.UpdateAPIView):
         instance.assets.add(*tuple(assets))
 
 
+@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='patch')
+@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='put')
 class NodeRemoveAssetsApi(generics.UpdateAPIView):
     model = Node
     serializer_class = serializers.NodeAssetsSerializer
@@ -240,15 +243,17 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView):
 
     def perform_update(self, serializer):
         assets = serializer.validated_data.get('assets')
-        instance = self.get_object()
-        if instance != Node.org_root():
-            instance.assets.remove(*tuple(assets))
-        else:
-            assets = [asset for asset in assets if asset.nodes.count() > 1]
-            instance.assets.remove(*tuple(assets))
+        node = self.get_object()
+        node.assets.remove(*assets)
+
+        # 把孤儿资产添加到 root 节点
+        orphan_assets = Asset.objects.filter(id__in=[a.id for a in assets], nodes__isnull=True).distinct()
+        Node.org_root().assets.add(*orphan_assets)
 
 
-class NodeReplaceAssetsApi(generics.UpdateAPIView):
+@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='patch')
+@method_decorator(org_level_transaction_lock(UPDATE_NODE_TREE_LOCK_KEY), name='put')
+class MoveAssetsToNodeApi(generics.UpdateAPIView):
     model = Node
     serializer_class = serializers.NodeAssetsSerializer
     permission_classes = (IsOrgAdmin,)
@@ -256,46 +261,75 @@ class NodeReplaceAssetsApi(generics.UpdateAPIView):
 
     def perform_update(self, serializer):
         assets = serializer.validated_data.get('assets')
-        instance = self.get_object()
-        for asset in assets:
-            asset.nodes.set([instance])
+        node = self.get_object()
+        self.remove_old_nodes(assets)
+        node.assets.add(*assets)
+
+    def remove_old_nodes(self, assets):
+        m2m_model = Asset.nodes.through
+
+        # 查询资产与节点关系表，查出要移动资产与节点的所有关系
+        relates = m2m_model.objects.filter(asset__in=assets).values_list('asset_id', 'node_id')
+        if relates:
+            # 对关系以资产进行分组，用来发 `reverse=False` 信号
+            asset_nodes_mapper = defaultdict(set)
+            for asset_id, node_id in relates:
+                asset_nodes_mapper[asset_id].add(node_id)
+
+            # 组建一个资产 id -> Asset 的 mapper
+            asset_mapper = {asset.id: asset for asset in assets}
+
+            # 创建删除关系信号发送函数
+            senders = []
+            for asset_id, node_id_set in asset_nodes_mapper.items():
+                senders.append(partial(m2m_changed.send, sender=m2m_model, instance=asset_mapper[asset_id],
+                                       reverse=False, model=Node, pk_set=node_id_set))
+            # 发送 pre 信号
+            [sender(action=PRE_REMOVE) for sender in senders]
+            num = len(relates)
+            asset_ids, node_ids = zip(*relates)
+            # 删除之前的关系
+            rows, _i = m2m_model.objects.filter(asset_id__in=asset_ids, node_id__in=node_ids).delete()
+            if rows != num:
+                raise SomeoneIsDoingThis
+            # 发送 post 信号
+            [sender(action=POST_REMOVE) for sender in senders]
 
 
-class RefreshNodeHardwareInfoApi(APIView):
+class NodeTaskCreateApi(generics.CreateAPIView):
     model = Node
+    serializer_class = serializers.NodeTaskSerializer
     permission_classes = (IsOrgAdmin,)
 
-    def get(self, request, *args, **kwargs):
-        node_id = kwargs.get('pk')
-        node = get_object_or_404(self.model, id=node_id)
-        assets = node.get_all_assets()
-        # task_name = _("更新节点资产硬件信息: {}".format(node.name))
-        task_name = _("Update node asset hardware information: {}").format(node.name)
-        task = update_assets_hardware_info_util.delay(assets, task_name=task_name)
-        return Response({"task": task.id})
+    def get_object(self):
+        node_id = self.kwargs.get('pk')
+        node = get_object_or_none(self.model, id=node_id)
+        return node
 
+    @staticmethod
+    def set_serializer_data(s, task):
+        data = getattr(s, '_data', {})
+        data["task"] = task.id
+        setattr(s, '_data', data)
 
-class TestNodeConnectiveApi(APIView):
-    permission_classes = (IsOrgAdmin,)
-    model = Node
+    @staticmethod
+    def refresh_nodes_cache():
+        Task = namedtuple('Task', ['id'])
+        task = Task(id="0")
+        return task
 
-    def get(self, request, *args, **kwargs):
-        node_id = kwargs.get('pk')
-        node = get_object_or_404(self.model, id=node_id)
-        assets = node.get_all_assets()
-        # task_name = _("测试节点下资产是否可连接: {}".format(node.name))
-        task_name = _("Test if the assets under the node are connectable: {}".format(node.name))
-        task = test_asset_connectivity_util.delay(assets, task_name=task_name)
-        return Response({"task": task.id})
+    def perform_create(self, serializer):
+        action = serializer.validated_data["action"]
+        node = self.get_object()
+        if action == "refresh_cache" and node is None:
+            task = self.refresh_nodes_cache()
+            self.set_serializer_data(serializer, task)
+            return
+        if node is None:
+            raise Http404()
+        if action == "refresh":
+            task = update_node_assets_hardware_info_manual.delay(node)
+        else:
+            task = test_node_assets_connectivity_manual.delay(node)
+        self.set_serializer_data(serializer, task)
 
-
-class RefreshNodesCacheApi(APIView):
-    permission_classes = (IsOrgAdmin,)
-
-    def get(self, request, *args, **kwargs):
-        Node.refresh_nodes()
-        return Response("Ok")
-
-    def delete(self, *args, **kwargs):
-        self.get(*args, **kwargs)
-        return Response(status=204)

apps/assets/api/system_user.py

@@ -1,42 +1,26 @@
 # ~*~ coding: utf-8 ~*~
-# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
-#
-# Licensed under the GNU General Public License v2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.gnu.org/licenses/gpl-2.0.html
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 from django.shortcuts import get_object_or_404
-from django.conf import settings
 from rest_framework.response import Response
 
-from common.serializers import CeleryTaskSerializer
 from common.utils import get_logger
-from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser, IsAppUser
+from common.permissions import IsOrgAdmin, IsOrgAdminOrAppUser
+from common.drf.filters import CustomFilter
 from orgs.mixins.api import OrgBulkModelViewSet
 from orgs.mixins import generics
+from orgs.utils import tmp_to_org
 from ..models import SystemUser, Asset
 from .. import serializers
+from ..serializers import SystemUserWithAuthInfoSerializer
 from ..tasks import (
     push_system_user_to_assets_manual, test_system_user_connectivity_manual,
-    push_system_user_a_asset_manual, test_system_user_connectivity_a_asset,
+    push_system_user_to_assets
 )
 
 
 logger = get_logger(__file__)
 __all__ = [
     'SystemUserViewSet', 'SystemUserAuthInfoApi', 'SystemUserAssetAuthInfoApi',
-    'SystemUserPushApi', 'SystemUserTestConnectiveApi',
-    'SystemUserAssetsListView', 'SystemUserPushToAssetApi',
-    'SystemUserTestAssetConnectivityApi', 'SystemUserCommandFilterRuleListApi',
-
+    'SystemUserCommandFilterRuleListApi', 'SystemUserTaskApi', 'SystemUserAssetsListView',
 ]
 
 
@@ -45,9 +29,17 @@ class SystemUserViewSet(OrgBulkModelViewSet):
     System user api set, for add,delete,update,list,retrieve resource
     """
     model = SystemUser
-    filter_fields = ("name", "username")
-    search_fields = filter_fields
+    filterset_fields = {
+        'name': ['exact'],
+        'username': ['exact'],
+        'protocol': ['exact', 'in']
+    }
+    search_fields = filterset_fields
     serializer_class = serializers.SystemUserSerializer
+    serializer_classes = {
+        'default': serializers.SystemUserSerializer,
+        'list': serializers.SystemUserListSerializer,
+    }
     permission_classes = (IsOrgAdminOrAppUser,)
 
 
@@ -57,7 +49,7 @@ class SystemUserAuthInfoApi(generics.RetrieveUpdateDestroyAPIView):
     """
     model = SystemUser
     permission_classes = (IsOrgAdminOrAppUser,)
-    serializer_class = serializers.SystemUserAuthSerializer
+    serializer_class = SystemUserWithAuthInfoSerializer
 
     def destroy(self, request, *args, **kwargs):
         instance = self.get_object()
@@ -70,88 +62,66 @@ class SystemUserAssetAuthInfoApi(generics.RetrieveAPIView):
     Get system user with asset auth info
     """
     model = SystemUser
-    permission_classes = (IsAppUser,)
-    serializer_class = serializers.SystemUserAuthSerializer
+    permission_classes = (IsOrgAdminOrAppUser,)
+    serializer_class = SystemUserWithAuthInfoSerializer
+
+    def get_exception_handler(self):
+        def handler(e, context):
+            return Response({"error": str(e)}, status=400)
+        return handler
 
     def get_object(self):
         instance = super().get_object()
-        aid = self.kwargs.get('aid')
-        asset = get_object_or_404(Asset, pk=aid)
-        instance.load_specific_asset_auth(asset)
+        username = instance.username
+        if instance.username_same_with_user:
+            username = self.request.query_params.get("username")
+        asset_id = self.kwargs.get('aid')
+        asset = get_object_or_404(Asset, pk=asset_id)
+
+        with tmp_to_org(asset.org_id):
+            instance.load_asset_special_auth(asset=asset, username=username)
             return instance
 
 
-class SystemUserPushApi(generics.RetrieveAPIView):
-    """
-    Push system user to cluster assets api
-    """
-    model = SystemUser
+class SystemUserTaskApi(generics.CreateAPIView):
     permission_classes = (IsOrgAdmin,)
-    serializer_class = CeleryTaskSerializer
+    serializer_class = serializers.SystemUserTaskSerializer
 
-    def retrieve(self, request, *args, **kwargs):
-        system_user = self.get_object()
-        nodes = system_user.nodes.all()
-        for node in nodes:
-            system_user.assets.add(*tuple(node.get_all_assets()))
+    def do_push(self, system_user, assets_id=None):
+        if assets_id is None:
             task = push_system_user_to_assets_manual.delay(system_user)
-        return Response({"task": task.id})
+        else:
+            username = self.request.query_params.get('username')
+            task = push_system_user_to_assets.delay(
+                system_user.id, assets_id, username=username
+            )
+        return task
 
-
-class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
-    """
-    Push system user to cluster assets api
-    """
-    model = SystemUser
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = CeleryTaskSerializer
-
-    def retrieve(self, request, *args, **kwargs):
-        system_user = self.get_object()
+    @staticmethod
+    def do_test(system_user):
         task = test_system_user_connectivity_manual.delay(system_user)
-        return Response({"task": task.id})
-
-
-class SystemUserAssetsListView(generics.ListAPIView):
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.AssetSimpleSerializer
-    filter_fields = ("hostname", "ip")
-    http_method_names = ['get']
-    search_fields = filter_fields
+        return task
 
     def get_object(self):
         pk = self.kwargs.get('pk')
         return get_object_or_404(SystemUser, pk=pk)
 
-    def get_queryset(self):
+    def perform_create(self, serializer):
+        action = serializer.validated_data["action"]
+        asset = serializer.validated_data.get('asset')
+        assets = serializer.validated_data.get('assets') or []
+
         system_user = self.get_object()
-        return system_user.assets.all()
-
-
-class SystemUserPushToAssetApi(generics.RetrieveAPIView):
-    model = SystemUser
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.TaskIDSerializer
-
-    def retrieve(self, request, *args, **kwargs):
-        system_user = self.get_object()
-        asset_id = self.kwargs.get('aid')
-        asset = get_object_or_404(Asset, id=asset_id)
-        task = push_system_user_a_asset_manual.delay(system_user, asset)
-        return Response({"task": task.id})
-
-
-class SystemUserTestAssetConnectivityApi(generics.RetrieveAPIView):
-    model = SystemUser
-    permission_classes = (IsOrgAdmin,)
-    serializer_class = serializers.TaskIDSerializer
-
-    def retrieve(self, request, *args, **kwargs):
-        system_user = self.get_object()
-        asset_id = self.kwargs.get('aid')
-        asset = get_object_or_404(Asset, id=asset_id)
-        task = test_system_user_connectivity_a_asset.delay(system_user, asset)
-        return Response({"task": task.id})
+        if action == 'push':
+            assets = [asset] if asset else assets
+            assets_id = [asset.id for asset in assets]
+            assets_id = assets_id if assets_id else None
+            task = self.do_push(system_user, assets_id)
+        else:
+            task = self.do_test(system_user)
+        data = getattr(serializer, '_data', {})
+        data["task"] = task.id
+        setattr(serializer, '_data', data)
 
 
 class SystemUserCommandFilterRuleListApi(generics.ListAPIView):
@@ -165,3 +135,18 @@ class SystemUserCommandFilterRuleListApi(generics.ListAPIView):
         pk = self.kwargs.get('pk', None)
         system_user = get_object_or_404(SystemUser, pk=pk)
         return system_user.cmd_filter_rules
+
+
+class SystemUserAssetsListView(generics.ListAPIView):
+    permission_classes = (IsOrgAdmin,)
+    serializer_class = serializers.AssetSimpleSerializer
+    filterset_fields = ("hostname", "ip")
+    search_fields = filterset_fields
+
+    def get_object(self):
+        pk = self.kwargs.get('pk')
+        return get_object_or_404(SystemUser, pk=pk)
+
+    def get_queryset(self):
+        system_user = self.get_object()
+        return system_user.get_all_assets()

apps/assets/api/system_user_relation.py

@@ -0,0 +1,136 @@
+# -*- coding: utf-8 -*-
+#
+from collections import defaultdict
+from django.db.models import F, Value
+from django.db.models.signals import m2m_changed
+from django.db.models.functions import Concat
+
+from common.permissions import IsOrgAdmin
+from orgs.mixins.api import OrgBulkModelViewSet
+from orgs.utils import current_org
+from .. import models, serializers
+
+__all__ = [
+    'SystemUserAssetRelationViewSet', 'SystemUserNodeRelationViewSet',
+    'SystemUserUserRelationViewSet',
+]
+
+
+class RelationMixin:
+    def get_queryset(self):
+        queryset = self.model.objects.all()
+        org_id = current_org.org_id()
+        if org_id is not None:
+            queryset = queryset.filter(systemuser__org_id=org_id)
+        queryset = queryset.annotate(systemuser_display=Concat(
+            F('systemuser__name'), Value('('), F('systemuser__username'),
+            Value(')')
+        ))
+        return queryset
+
+    def send_post_add_signal(self, instance):
+        if not isinstance(instance, list):
+            instance = [instance]
+
+        system_users_objects_map = defaultdict(list)
+        model, object_field = self.get_objects_attr()
+
+        for i in instance:
+            _id = getattr(i, object_field).id
+            system_users_objects_map[i.systemuser].append(_id)
+
+        sender = self.get_sender()
+        for system_user, objects in system_users_objects_map.items():
+            m2m_changed.send(
+                sender=sender, instance=system_user, action='post_add',
+                reverse=False, model=model, pk_set=objects
+            )
+
+    def get_sender(self):
+        return self.model
+
+    def get_objects_attr(self):
+        return models.Asset, 'asset'
+
+    def perform_create(self, serializer):
+        instance = serializer.save()
+        self.send_post_add_signal(instance)
+
+
+class BaseRelationViewSet(RelationMixin, OrgBulkModelViewSet):
+    pass
+
+
+class SystemUserAssetRelationViewSet(BaseRelationViewSet):
+    serializer_class = serializers.SystemUserAssetRelationSerializer
+    model = models.SystemUser.assets.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'asset', 'systemuser',
+    ]
+    search_fields = [
+        "id", "asset__hostname", "asset__ip",
+        "systemuser__name", "systemuser__username"
+    ]
+
+    def get_objects_attr(self):
+        return models.Asset, 'asset'
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(
+            asset_display=Concat(
+                F('asset__hostname'), Value('('),
+                F('asset__ip'), Value(')')
+            )
+        )
+        return queryset
+
+
+class SystemUserNodeRelationViewSet(BaseRelationViewSet):
+    serializer_class = serializers.SystemUserNodeRelationSerializer
+    model = models.SystemUser.nodes.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'node', 'systemuser',
+    ]
+    search_fields = [
+        "node__value", "systemuser__name", "systemuser__username"
+    ]
+
+    def get_objects_attr(self):
+        return models.Node, 'node'
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset \
+            .annotate(node_key=F('node__key'))
+        return queryset
+
+
+class SystemUserUserRelationViewSet(BaseRelationViewSet):
+    serializer_class = serializers.SystemUserUserRelationSerializer
+    model = models.SystemUser.users.through
+    permission_classes = (IsOrgAdmin,)
+    filterset_fields = [
+        'id', 'user', 'systemuser',
+    ]
+    search_fields = [
+        "user__username", "user__name",
+        "systemuser__name", "systemuser__username",
+    ]
+
+    def get_objects_attr(self):
+        from users.models import User
+        return User, 'user'
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        queryset = queryset.annotate(
+            user_display=Concat(
+                F('user__name'), Value('('),
+                F('user__username'), Value(')')
+            )
+        )
+        return queryset
+

apps/assets/backends/admin_user.py

@@ -1,10 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-
-from ..models import AdminUser
-from .asset_user import AssetUserBackend
-
-
-class AdminUserBackend(AssetUserBackend):
-    model = AdminUser
-    backend = 'AdminUser'

apps/assets/backends/asset_user.py

@@ -1,58 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from collections import defaultdict
-from .base import BaseBackend
-
-
-class AssetUserBackend(BaseBackend):
-    model = None
-    backend = "AssetUser"
-
-    @classmethod
-    def filter_queryset_more(cls, queryset):
-        return queryset
-
-    @classmethod
-    def filter(cls, username=None, assets=None, **kwargs):
-        queryset = cls.model.objects.all()
-        prefer_id = kwargs.get('prefer_id')
-        if prefer_id:
-            queryset = queryset.filter(id=prefer_id)
-            instances = cls.construct_authbook_objects(queryset, assets)
-            return instances
-        if username:
-            queryset = queryset.filter(username=username)
-        if assets:
-            queryset = queryset.filter(assets__in=assets).distinct()
-
-        queryset = cls.filter_queryset_more(queryset)
-        instances = cls.construct_authbook_objects(queryset, assets)
-        return instances
-
-    @classmethod
-    def construct_authbook_objects(cls, asset_users, assets):
-        instances = []
-        assets_user_assets_map = defaultdict(set)
-        if isinstance(asset_users, list):
-            assets_user_assets_map = {
-                asset_user.id: asset_user.assets.values_list('id', flat=True)
-                for asset_user in asset_users
-            }
-        else:
-            assets_user_assets = asset_users.values_list('id', 'assets')
-            for i, asset_id in assets_user_assets:
-                assets_user_assets_map[i].add(asset_id)
-
-        for asset_user in asset_users:
-            if not assets:
-                related_assets = asset_user.assets.all()
-            else:
-                assets_map = {a.id: a for a in assets}
-                related_assets = [
-                    assets_map.get(i) for i in assets_user_assets_map.get(asset_user.id) if i in assets_map
-                ]
-            for asset in related_assets:
-                instance = asset_user.construct_to_authbook(asset)
-                instance.backend = cls.backend
-                instances.append(instance)
-        return instances

apps/assets/backends/base.py

@@ -1,93 +1,48 @@
 # -*- coding: utf-8 -*-
 #
-import uuid
 from abc import abstractmethod
 
+from ..models import Asset
+
 
 class BaseBackend:
-    @classmethod
     @abstractmethod
-    def filter(cls, username=None, assets=None, latest=True, prefer=None, prefer_id=None):
-        """
-        :param username: 用户名
-        :param assets: <Asset>对象
-        :param latest: 是否是最新记录
-        :param prefer: 优先使用
-        :param prefer_id: 使用id
-        :return: 元素为<AuthBook>的可迭代对象(<list> or <QuerySet>)
-        """
+    def all(self):
         pass
 
+    @abstractmethod
+    def filter(self, username=None, hostname=None, ip=None, assets=None,
+               node=None, prefer_id=None, **kwargs):
+        pass
 
-class AssetUserQuerySet(list):
-    def order_by(self, *ordering):
-        _ordering = []
-        reverse = False
-        for i in ordering:
-            if i[0] == '-':
-                reverse = True
-                i = i[1:]
-            _ordering.append(i)
-        self.sort(key=lambda obj: [getattr(obj, j) for j in _ordering], reverse=reverse)
-        return self
+    @abstractmethod
+    def search(self, item):
+        pass
 
-    def filter_in(self, kwargs):
-        in_kwargs = {}
-        queryset = []
-        for k, v in kwargs.items():
-            if len(v) == 0:
-                return self
-            if k.find("__in") >= 0:
-                _k = k.split('__')[0]
-                in_kwargs[_k] = v
-            else:
-                in_kwargs[k] = v
-        for k in in_kwargs:
-            kwargs.pop(k)
+    @abstractmethod
+    def get_queryset(self):
+        pass
 
-        if len(in_kwargs) == 0:
-            return self
-        for i in self:
-            matched = False
-            for k, v in in_kwargs.items():
-                attr = getattr(i, k, None)
-                # 如果属性或者value中是uuid,则转换成string
-                if isinstance(v[0], uuid.UUID):
-                    v = [str(i) for i in v]
-                if isinstance(attr, uuid.UUID):
-                    attr = str(attr)
-                if v in attr:
-                    matched = True
-            if matched:
-                queryset.append(i)
-        return AssetUserQuerySet(queryset)
+    @abstractmethod
+    def delete(self, union_id):
+        pass
 
-    def filter_equal(self, kwargs):
-        def filter_it(obj):
-            wanted = []
-            real = []
-            for k, v in kwargs.items():
-                wanted.append(v)
-                value = getattr(obj, k)
-                if isinstance(value, uuid.UUID):
-                    value = str(value)
-                real.append(value)
-            return wanted == real
-        if len(kwargs) > 0:
-            queryset = AssetUserQuerySet([i for i in self if filter_it(i)])
-        else:
-            queryset = self
-        return queryset
+    @staticmethod
+    def qs_to_values(qs):
+        values = qs.values(
+            'hostname', 'ip', "asset_id",
+            'username', 'password', 'private_key', 'public_key',
+            'score', 'version',
+            "asset_username", "union_id",
+            'date_created', 'date_updated',
+            'org_id', 'backend',
+        )
+        return values
 
-    def filter(self, **kwargs):
-        queryset = self.filter_in(kwargs).filter_equal(kwargs)
-        return queryset
-
-    def distinct(self):
-        items = list(set(self))
-        self[:] = items
-        return self
-
-    def __or__(self, other):
-        self.extend(other)
-        return self
+    @staticmethod
+    def make_assets_as_id(assets):
+        if not assets:
+            return []
+        if isinstance(assets[0], Asset):
+            assets = [a.id for a in assets]
+        return assets

apps/assets/backends/db.py

@@ -1,29 +1,318 @@
 # -*- coding: utf-8 -*-
 #
+from django.utils.translation import ugettext as _
+from functools import reduce
+from django.db.models import F, CharField, Value, IntegerField, Q, Count
+from django.db.models.functions import Concat
 
-from ..models import AuthBook
+from common.utils import get_object_or_none
+from orgs.utils import current_org
+from ..models import AuthBook, SystemUser, Asset, AdminUser
 from .base import BaseBackend
 
 
-class AuthBookBackend(BaseBackend):
-    @classmethod
-    def filter(cls, username=None, assets=None, latest=True, **kwargs):
-        queryset = AuthBook.objects.all()
-        if username is not None:
-            queryset = queryset.filter(username=username)
-        if assets:
-            queryset = queryset.filter(asset__in=assets)
-        if latest:
-            queryset = queryset.latest_version()
-        return queryset
+class DBBackend(BaseBackend):
+    union_id_length = 2
 
-    @classmethod
-    def create(cls, **kwargs):
-        auth_info = {
-            'password': kwargs.pop('password', ''),
-            'public_key': kwargs.pop('public_key', ''),
-            'private_key': kwargs.pop('private_key', '')
-        }
-        obj = AuthBook.objects.create(**kwargs)
-        obj.set_auth(**auth_info)
-        return obj
+    def __init__(self, queryset=None):
+        if queryset is None:
+            queryset = self.all()
+        self.queryset = queryset
+
+    def _clone(self):
+        return self.__class__(self.queryset)
+
+    def all(self):
+        return AuthBook.objects.none()
+
+    def count(self):
+        return self.queryset.count()
+
+    def get_queryset(self):
+        return self.queryset
+
+    def delete(self, union_id):
+        cleaned_union_id = union_id.split('_')
+        # 如果union_id通不过本检查，代表可能不是本backend, 应该返回空
+        if not self._check_union_id(union_id, cleaned_union_id):
+            return
+        return self._perform_delete_by_union_id(cleaned_union_id)
+
+    def _perform_delete_by_union_id(self, union_id_cleaned):
+        pass
+
+    def filter(self, assets=None, node=None, prefer=None, prefer_id=None,
+               union_id=None, id__in=None, **kwargs):
+        clone = self._clone()
+        clone._filter_union_id(union_id)
+        clone._filter_prefer(prefer, prefer_id)
+        clone._filter_node(node)
+        clone._filter_assets(assets)
+        clone._filter_other(kwargs)
+        clone._filter_id_in(id__in)
+        return clone
+
+    def _filter_union_id(self, union_id):
+        if not union_id:
+            return
+        cleaned_union_id = union_id.split('_')
+        # 如果union_id通不过本检查，代表可能不是本backend, 应该返回空
+        if not self._check_union_id(union_id, cleaned_union_id):
+            self.queryset = self.queryset.none()
+            return
+        return self._perform_filter_union_id(union_id, cleaned_union_id)
+
+    def _check_union_id(self, union_id, cleaned_union_id):
+        return union_id and len(cleaned_union_id) == self.union_id_length
+
+    def _perform_filter_union_id(self, union_id, union_id_cleaned):
+        self.queryset = self.queryset.filter(union_id=union_id)
+
+    def _filter_assets(self, assets):
+        assets_id = self.make_assets_as_id(assets)
+        if assets_id:
+            self.queryset = self.queryset.filter(asset_id__in=assets_id)
+
+    def _filter_node(self, node):
+        pass
+
+    def _filter_id_in(self, ids):
+        if ids and isinstance(ids, list):
+            self.queryset = self.queryset.filter(union_id__in=ids)
+
+    @staticmethod
+    def clean_kwargs(kwargs):
+        return {k: v for k, v in kwargs.items() if v}
+
+    def _filter_other(self, kwargs):
+        kwargs = self.clean_kwargs(kwargs)
+        if kwargs:
+            self.queryset = self.queryset.filter(**kwargs)
+
+    def _filter_prefer(self, prefer, prefer_id):
+        pass
+
+    def search(self, item):
+        qs = []
+        for i in ['hostname', 'ip', 'username']:
+            kwargs = {i + '__startswith': item}
+            qs.append(Q(**kwargs))
+        q = reduce(lambda x, y: x | y, qs)
+        clone = self._clone()
+        clone.queryset = clone.queryset.filter(q).distinct()
+        return clone
+
+
+class SystemUserBackend(DBBackend):
+    model = SystemUser.assets.through
+    backend = 'system_user'
+    prefer = backend
+    base_score = 0
+    union_id_length = 2
+
+    def _filter_prefer(self, prefer, prefer_id):
+        if prefer and prefer != self.prefer:
+            self.queryset = self.queryset.none()
+
+        if prefer_id:
+            self.queryset = self.queryset.filter(systemuser__id=prefer_id)
+
+    def _perform_filter_union_id(self, union_id, union_id_cleaned):
+        system_user_id, asset_id = union_id_cleaned
+        self.queryset = self.queryset.filter(
+            asset_id=asset_id, systemuser__id=system_user_id,
+        )
+
+    def _perform_delete_by_union_id(self, union_id_cleaned):
+        system_user_id, asset_id = union_id_cleaned
+        system_user = get_object_or_none(SystemUser, pk=system_user_id)
+        asset = get_object_or_none(Asset, pk=asset_id)
+        if all((system_user, asset)):
+            system_user.assets.remove(asset)
+
+    def _filter_node(self, node):
+        if node:
+            self.queryset = self.queryset.filter(asset__nodes__id=node.id)
+
+    def get_annotate(self):
+        kwargs = dict(
+            hostname=F("asset__hostname"),
+            ip=F("asset__ip"),
+            username=F("systemuser__username"),
+            password=F("systemuser__password"),
+            private_key=F("systemuser__private_key"),
+            public_key=F("systemuser__public_key"),
+            score=F("systemuser__priority") + self.base_score,
+            version=Value(0, IntegerField()),
+            date_created=F("systemuser__date_created"),
+            date_updated=F("systemuser__date_updated"),
+            asset_username=Concat(F("asset__id"), Value("_"),
+                                  F("systemuser__username"),
+                                  output_field=CharField()),
+            union_id=Concat(F("systemuser_id"), Value("_"), F("asset_id"),
+                            output_field=CharField()),
+            org_id=F("asset__org_id"),
+            backend=Value(self.backend, CharField())
+        )
+        return kwargs
+
+    def get_filter(self):
+        return dict(
+            systemuser__username_same_with_user=False,
+        )
+
+    def all(self):
+        kwargs = self.get_annotate()
+        filters = self.get_filter()
+        qs = self.model.objects.all().annotate(**kwargs)
+        if current_org.org_id() is not None:
+            filters['org_id'] = current_org.org_id()
+        qs = qs.filter(**filters)
+        qs = self.qs_to_values(qs)
+        return qs
+
+
+class DynamicSystemUserBackend(SystemUserBackend):
+    backend = 'system_user_dynamic'
+    prefer = 'system_user'
+    union_id_length = 3
+
+    def get_annotate(self):
+        kwargs = super().get_annotate()
+        kwargs.update(dict(
+            username=F("systemuser__users__username"),
+            asset_username=Concat(
+                F("asset__id"), Value("_"),
+                F("systemuser__users__username"),
+                output_field=CharField()
+            ),
+            union_id=Concat(
+                F("systemuser_id"), Value("_"), F("asset_id"),
+                Value("_"), F("systemuser__users__id"),
+                output_field=CharField()
+            ),
+            users_count=Count('systemuser__users'),
+        ))
+        return kwargs
+
+    def _perform_filter_union_id(self, union_id, union_id_cleaned):
+        system_user_id, asset_id, user_id = union_id_cleaned
+        self.queryset = self.queryset.filter(
+            asset_id=asset_id, systemuser_id=system_user_id,
+            union_id=union_id,
+        )
+
+    def _perform_delete_by_union_id(self, union_id_cleaned):
+        system_user_id, asset_id, user_id = union_id_cleaned
+        system_user = get_object_or_none(SystemUser, pk=system_user_id)
+        if not system_user:
+            return
+        system_user.users.remove(user_id)
+        if system_user.users.count() == 0:
+            system_user.assets.remove(asset_id)
+
+    def get_filter(self):
+        return dict(
+            users_count__gt=0,
+            systemuser__username_same_with_user=True
+        )
+
+
+class AdminUserBackend(DBBackend):
+    model = Asset
+    backend = 'admin_user'
+    prefer = backend
+    base_score = 200
+
+    def _filter_prefer(self, prefer, prefer_id):
+        if prefer and prefer != self.backend:
+            self.queryset = self.queryset.none()
+        if prefer_id:
+            self.queryset = self.queryset.filter(admin_user__id=prefer_id)
+
+    def _filter_node(self, node):
+        if node:
+            self.queryset = self.queryset.filter(nodes__id=node.id)
+
+    def _perform_filter_union_id(self, union_id, union_id_cleaned):
+        admin_user_id, asset_id = union_id_cleaned
+        self.queryset = self.queryset.filter(
+            id=asset_id, admin_user_id=admin_user_id,
+        )
+
+    def _perform_delete_by_union_id(self, union_id_cleaned):
+        raise PermissionError(_("Could not remove asset admin user"))
+
+    def all(self):
+        qs = self.model.objects.all().annotate(
+            asset_id=F("id"),
+            username=F("admin_user__username"),
+            password=F("admin_user__password"),
+            private_key=F("admin_user__private_key"),
+            public_key=F("admin_user__public_key"),
+            score=Value(self.base_score, IntegerField()),
+            version=Value(0, IntegerField()),
+            date_updated=F("admin_user__date_updated"),
+            asset_username=Concat(F("id"), Value("_"), F("admin_user__username"), output_field=CharField()),
+            union_id=Concat(F("admin_user_id"), Value("_"), F("id"), output_field=CharField()),
+            backend=Value(self.backend, CharField()),
+        )
+        qs = self.qs_to_values(qs)
+        return qs
+
+
+class AuthbookBackend(DBBackend):
+    model = AuthBook
+    backend = 'db'
+    prefer = backend
+    base_score = 400
+
+    def _filter_node(self, node):
+        if node:
+            self.queryset = self.queryset.filter(asset__nodes__id=node.id)
+
+    def _filter_prefer(self, prefer, prefer_id):
+        if not prefer or not prefer_id:
+            return
+        if prefer.lower() == "admin_user":
+            model = AdminUser
+        elif prefer.lower() == "system_user":
+            model = SystemUser
+        else:
+            self.queryset = self.queryset.none()
+            return
+        obj = get_object_or_none(model, pk=prefer_id)
+        if obj is None:
+            self.queryset = self.queryset.none()
+            return
+        username = obj.get_username()
+        if isinstance(username, str):
+            self.queryset = self.queryset.filter(username=username)
+        # dynamic system user return more username
+        else:
+            self.queryset = self.queryset.filter(username__in=username)
+
+    def _perform_filter_union_id(self, union_id, union_id_cleaned):
+        authbook_id, asset_id = union_id_cleaned
+        self.queryset = self.queryset.filter(
+            id=authbook_id, asset_id=asset_id,
+        )
+
+    def _perform_delete_by_union_id(self, union_id_cleaned):
+        authbook_id, asset_id = union_id_cleaned
+        authbook = get_object_or_none(AuthBook, pk=authbook_id)
+        if authbook.is_latest:
+            raise PermissionError(_("Latest version could not be delete"))
+        AuthBook.objects.filter(id=authbook_id).delete()
+
+    def all(self):
+        qs = self.model.objects.all().annotate(
+            hostname=F("asset__hostname"),
+            ip=F("asset__ip"),
+            score=F('version') + self.base_score,
+            asset_username=Concat(F("asset__id"), Value("_"), F("username"), output_field=CharField()),
+            union_id=Concat(F("id"), Value("_"), F("asset_id"), output_field=CharField()),
+            backend=Value(self.backend, CharField()),
+        )
+        qs = self.qs_to_values(qs)
+        return qs

apps/assets/backends/manager.py

@@ -1,110 +1,162 @@
 # -*- coding: utf-8 -*-
 #
+from itertools import chain, groupby
 from django.core.exceptions import MultipleObjectsReturned, ObjectDoesNotExist
 
-from .base import AssetUserQuerySet
-from .db import AuthBookBackend
-from .system_user import SystemUserBackend
-from .admin_user import AdminUserBackend
+from orgs.utils import current_org
+from common.utils import get_logger, lazyproperty
+from common.struct import QuerySetChain
+
+from ..models import AssetUser, AuthBook
+from .db import (
+    AuthbookBackend, SystemUserBackend, AdminUserBackend,
+    DynamicSystemUserBackend
+)
+
+logger = get_logger(__name__)
 
 
 class NotSupportError(Exception):
     pass
 
 
-class AssetUserManager:
-    """
-    资产用户管理器
-    """
+class AssetUserQueryset:
     ObjectDoesNotExist = ObjectDoesNotExist
     MultipleObjectsReturned = MultipleObjectsReturned
-    NotSupportError = NotSupportError
-    MSG_NOT_EXIST = '{} Object matching query does not exist'
-    MSG_MULTIPLE = '{} get() returned more than one object ' \
-                   '-- it returned {}!'
 
-    backends = (
-        ('db', AuthBookBackend),
+    def __init__(self, backends=()):
+        self.backends = backends
+        self._distinct_queryset = None
+
+    def backends_queryset(self):
+        return [b.get_queryset() for b in self.backends]
+
+    @lazyproperty
+    def backends_counts(self):
+        return [b.count() for b in self.backends]
+
+    def filter(self, hostname=None, ip=None, username=None,
+               assets=None, asset=None, node=None,
+               id=None, prefer_id=None, prefer=None, id__in=None):
+        if not assets and asset:
+            assets = [asset]
+
+        kwargs = dict(
+            hostname=hostname, ip=ip, username=username,
+            assets=assets, node=node, prefer=prefer, prefer_id=prefer_id,
+            id__in=id__in, union_id=id,
+        )
+        logger.debug("Filter: {}".format(kwargs))
+        backends = []
+        for backend in self.backends:
+            clone = backend.filter(**kwargs)
+            backends.append(clone)
+        return self._clone(backends)
+
+    def _clone(self, backends=None):
+        if backends is None:
+            backends = self.backends
+        return self.__class__(backends)
+
+    def search(self, item):
+        backends = []
+        for backend in self.backends:
+            new = backend.search(item)
+            backends.append(new)
+        return self._clone(backends)
+
+    def distinct(self):
+        logger.debug("Distinct asset user queryset")
+        queryset_chain = chain(*(backend.get_queryset() for backend in self.backends))
+        queryset_sorted = sorted(
+            queryset_chain,
+            key=lambda item: (item["asset_username"], item["score"]),
+            reverse=True,
+        )
+        results = groupby(queryset_sorted, key=lambda item: item["asset_username"])
+        final = [next(result[1]) for result in results]
+        self._distinct_queryset = final
+        return self
+
+    def get(self, latest=False, **kwargs):
+        queryset = self.filter(**kwargs)
+        if latest:
+            queryset = queryset.distinct()
+        queryset = list(queryset)
+        count = len(queryset)
+        if count == 1:
+            data = queryset[0]
+            return data
+        elif count > 1:
+            msg = 'Should return 1 record, but get {}'.format(count)
+            raise MultipleObjectsReturned(msg)
+        else:
+            msg = 'No record found(org is {})'.format(current_org.name)
+            raise ObjectDoesNotExist(msg)
+
+    def get_latest(self, **kwargs):
+        return self.get(latest=True, **kwargs)
+
+    @staticmethod
+    def to_asset_user(data):
+        obj = AssetUser()
+        for k, v in data.items():
+            setattr(obj, k, v)
+        return obj
+
+    @property
+    def queryset(self):
+        if self._distinct_queryset is not None:
+            return self._distinct_queryset
+        return QuerySetChain(self.backends_queryset())
+
+    def count(self):
+        if self._distinct_queryset is not None:
+            return len(self._distinct_queryset)
+        else:
+            return sum(self.backends_counts)
+
+    def __getitem__(self, ndx):
+        return self.queryset.__getitem__(ndx)
+
+    def __iter__(self):
+        self._data = iter(self.queryset)
+        return self
+
+    def __next__(self):
+        return self.to_asset_user(next(self._data))
+
+
+class AssetUserManager:
+    support_backends = (
+        ('db', AuthbookBackend),
         ('system_user', SystemUserBackend),
         ('admin_user', AdminUserBackend),
+        ('system_user_dynamic', DynamicSystemUserBackend),
     )
 
-    _prefer = "system_user"
+    def __init__(self):
+        self.backends = [backend() for name, backend in self.support_backends]
+        self._queryset = AssetUserQueryset(self.backends)
 
-    def filter(self, username=None, assets=None, latest=True, prefer=None, prefer_id=None):
-        if assets is not None and not assets:
-            return AssetUserQuerySet([])
+    def all(self):
+        return self._queryset
 
-        if prefer:
-            self._prefer = prefer
-
-        instances_map = {}
-        instances = []
-        for name, backend in self.backends:
-            # if name != "db":
-            #     continue
-            _instances = backend.filter(
-                username=username, assets=assets, latest=latest,
-                prefer=self._prefer, prefer_id=prefer_id,
-            )
-            instances_map[name] = _instances
-
-        # 如果不是获取最新版本，就不再merge
-        if not latest:
-            for _instances in instances_map.values():
-                instances.extend(_instances)
-            return AssetUserQuerySet(instances)
-
-        # merge的顺序
-        ordering = ["db"]
-        if self._prefer == "system_user":
-            ordering.extend(["system_user", "admin_user"])
+    def delete(self, obj):
+        name_backends_map = dict(self.support_backends)
+        backend_name = obj.backend
+        backend_cls = name_backends_map.get(backend_name)
+        union_id = obj.union_id
+        if backend_cls:
+            backend_cls().delete(union_id)
         else:
-            ordering.extend(["admin_user", "system_user"])
-        # 根据prefer决定优先使用系统用户或管理用户谁的
-        ordering_instances = [instances_map.get(i, []) for i in ordering]
-        instances = self._merge_instances(*ordering_instances)
-        return AssetUserQuerySet(instances)
-
-    def get(self, username, asset, **kwargs):
-        instances = self.filter(username, assets=[asset], **kwargs)
-        if len(instances) == 1:
-            return instances[0]
-        elif len(instances) == 0:
-            self.raise_does_not_exist(self.__class__.__name__)
-        else:
-            self.raise_multiple_return(self.__class__.__name__, len(instances))
-
-    def raise_does_not_exist(self, name):
-        raise self.ObjectDoesNotExist(self.MSG_NOT_EXIST.format(name))
-
-    def raise_multiple_return(self, name, length):
-        raise self.MultipleObjectsReturned(self.MSG_MULTIPLE.format(name, length))
+            raise ObjectDoesNotExist("Not backend found")
 
     @staticmethod
     def create(**kwargs):
-        instance = AuthBookBackend.create(**kwargs)
-        return instance
+        # 使用create方法创建AuthBook对象，解决并发创建问题（添加锁机制）
+        authbook = AuthBook.create(**kwargs)
+        return authbook
 
-    def all(self):
-        return self.filter()
-
-    def prefer(self, s):
-        self._prefer = s
-        return self
-
-    @staticmethod
-    def none():
-        return AssetUserQuerySet()
-
-    @staticmethod
-    def _merge_instances(*args):
-        instances = list(args[0])
-        keywords = [obj.keyword for obj in instances]
-
-        for _instances in args[1:]:
-            need_merge_instances = [obj for obj in _instances if obj.keyword not in keywords]
-            need_merge_keywords = [obj.keyword for obj in need_merge_instances]
-            instances.extend(need_merge_instances)
-            keywords.extend(need_merge_keywords)
-        return instances
+    def __getattr__(self, item):
+        return getattr(self._queryset, item)

apps/assets/backends/system_user.py

@@ -1,30 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-
-import itertools
-
-from assets.models import SystemUser
-from .asset_user import AssetUserBackend
-
-
-class SystemUserBackend(AssetUserBackend):
-    model = SystemUser
-    backend = 'SystemUser'
-
-    @classmethod
-    def filter_queryset_more(cls, queryset):
-        queryset = cls._distinct_system_users_by_username(queryset)
-        return queryset
-
-    @classmethod
-    def _distinct_system_users_by_username(cls, system_users):
-        system_users = sorted(
-            system_users,
-            key=lambda su: (su.username, su.priority, su.date_updated),
-            reverse=True,
-        )
-        results = itertools.groupby(system_users, key=lambda su: su.username)
-        system_users = [next(result[1]) for result in results]
-        return system_users
-
-

apps/assets/backends/utils.py

@@ -3,14 +3,5 @@
 
 # from django.conf import settings
 
-from .db import AuthBookBackend
 # from .vault import VaultBackend
 
-
-def get_backend():
-    default_backend = AuthBookBackend
-
-    # if settings.BACKEND_ASSET_USER_AUTH_VAULT:
-    #     return VaultBackend
-
-    return default_backend

apps/assets/backends/vault.py

@@ -1,11 +1,4 @@
 # -*- coding: utf-8 -*-
 #
 
-from .base import BaseBackend
 
-
-class VaultBackend(BaseBackend):
-
-    @classmethod
-    def filter(cls, username=None, asset=None, latest=True):
-        pass

apps/assets/const.py

@@ -1,14 +1,2 @@
 # -*- coding: utf-8 -*-
 #
-
-from django.utils.translation import ugettext_lazy as _
-
-
-GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_HELP_TEXT = _(
-    'Cannot contain special characters: [ {} ]'
-).format(" ".join(['/', '\\']))
-
-GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_PATTERN = r"[/\\]"
-
-GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_ERROR_MSG = \
-    _("* The contains characters that are not allowed")

apps/assets/exceptions.py

@@ -0,0 +1,6 @@
+from rest_framework import status
+from common.exceptions import JMSException
+
+
+class NodeIsBeingUpdatedByOthers(JMSException):
+    status_code = status.HTTP_409_CONFLICT

apps/assets/filters.py

@@ -1,12 +1,12 @@
 # -*- coding: utf-8 -*-
 #
 
-import coreapi
+from rest_framework.compat import coreapi, coreschema
 from rest_framework import filters
 from django.db.models import Q
 
-from common.utils import dict_get_any, is_uuid, get_object_or_none
-from .models import Node, Label
+from .models import Label
+from assets.utils import is_query_node_all_assets, get_node
 
 
 class AssetByNodeFilterBackend(filters.BaseFilterBackend):
@@ -21,49 +21,58 @@ class AssetByNodeFilterBackend(filters.BaseFilterBackend):
             for field in self.fields
         ]
 
-    @staticmethod
-    def is_query_all(request):
-        query_all_arg = request.query_params.get('all')
-        show_current_asset_arg = request.query_params.get('show_current_asset')
+    def filter_node_related_all(self, queryset, node):
+        return queryset.filter(
+            Q(nodes__key__istartswith=f'{node.key}:') |
+            Q(nodes__key=node.key)
+        ).distinct()
 
-        query_all = query_all_arg == '1'
-        if show_current_asset_arg is not None:
-            query_all = show_current_asset_arg != '1'
-        return query_all
-
-    @staticmethod
-    def get_query_node(request):
-        node_id = dict_get_any(request.query_params, ['node', 'node_id'])
-        if not node_id:
-            return None, False
-
-        if is_uuid(node_id):
-            node = get_object_or_none(Node, id=node_id)
-        else:
-            node = get_object_or_none(Node, key=node_id)
-        return node, True
-
-    @staticmethod
-    def perform_query(pattern, queryset):
-        return queryset.filter(nodes__key__regex=pattern).distinct()
+    def filter_node_related_direct(self, queryset, node):
+        return queryset.filter(nodes__key=node.key).distinct()
 
     def filter_queryset(self, request, queryset, view):
-        node, has_query_arg = self.get_query_node(request)
-        if not has_query_arg:
-            return queryset
-
+        node = get_node(request)
         if node is None:
             return queryset
-        query_all = self.is_query_all(request)
+
+        query_all = is_query_node_all_assets(request)
         if query_all:
-            pattern = node.get_all_children_pattern(with_self=True)
+            return self.filter_node_related_all(queryset, node)
         else:
-            pattern = node.get_children_key_pattern(with_self=True)
-        return self.perform_query(pattern, queryset)
+            return self.filter_node_related_direct(queryset, node)
+
+
+class FilterAssetByNodeFilterBackend(filters.BaseFilterBackend):
+    """
+    需要与 `assets.api.mixin.FilterAssetByNodeMixin` 配合使用
+    """
+    fields = ['node', 'all']
+
+    def get_schema_fields(self, view):
+        return [
+            coreapi.Field(
+                name=field, location='query', required=False,
+                type='string', example='', description='', schema=None,
+            )
+            for field in self.fields
+        ]
+
+    def filter_queryset(self, request, queryset, view):
+        node = view.node
+        if node is None:
+            return queryset
+        query_all = view.is_query_node_all_assets
+        if query_all:
+            return queryset.filter(
+                Q(nodes__key__istartswith=f'{node.key}:') |
+                Q(nodes__key=node.key)
+            ).distinct()
+        else:
+            return queryset.filter(nodes__key=node.key).distinct()
 
 
 class LabelFilterBackend(filters.BaseFilterBackend):
-    sep = '#'
+    sep = ':'
     query_arg = 'label'
 
     def get_schema_fields(self, view):
@@ -82,6 +91,8 @@ class LabelFilterBackend(filters.BaseFilterBackend):
 
         q = None
         for kv in labels_query:
+            if '#' in kv:
+                self.sep = '#'
             if self.sep not in kv:
                 continue
             key, value = kv.strip().split(self.sep)[:2]
@@ -109,7 +120,32 @@ class LabelFilterBackend(filters.BaseFilterBackend):
 
 
 class AssetRelatedByNodeFilterBackend(AssetByNodeFilterBackend):
-    @staticmethod
-    def perform_query(pattern, queryset):
-        return queryset.filter(asset__nodes__key__regex=pattern).distinct()
+    def filter_node_related_all(self, queryset, node):
+        return queryset.filter(
+            Q(asset__nodes__key__istartswith=f'{node.key}:') |
+            Q(asset__nodes__key=node.key)
+        ).distinct()
 
+    def filter_node_related_direct(self, queryset, node):
+        return queryset.filter(asset__nodes__key=node.key).distinct()
+
+
+class IpInFilterBackend(filters.BaseFilterBackend):
+    def filter_queryset(self, request, queryset, view):
+        ips = request.query_params.get('ips')
+        if not ips:
+            return queryset
+        ip_list = [i.strip() for i in ips.split(',')]
+        queryset = queryset.filter(ip__in=ip_list)
+        return queryset
+
+    def get_schema_fields(self, view):
+        return [
+            coreapi.Field(
+                name='ips', location='query', required=False, type='string',
+                schema=coreschema.String(
+                    title='ips',
+                    description='ip in filter'
+                )
+            )
+        ]

apps/assets/forms/__init__.py

@@ -1,7 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from .asset import *
-from .label import *
-from .user import *
-from .domain import *
-from .cmd_filter import *

apps/assets/forms/asset.py

@@ -1,190 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from django import forms
-from django.utils.translation import gettext_lazy as _
-
-from common.utils import get_logger
-from orgs.mixins.forms import OrgModelForm
-
-from ..models import Asset, Node
-from ..const import GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_HELP_TEXT
-
-
-logger = get_logger(__file__)
-__all__ = [
-    'AssetCreateForm', 'AssetUpdateForm', 'AssetBulkUpdateForm', 'ProtocolForm',
-]
-
-
-class ProtocolForm(forms.Form):
-    name = forms.ChoiceField(
-        choices=Asset.PROTOCOL_CHOICES, label=_("Name"), initial='ssh',
-        widget=forms.Select(attrs={'class': 'form-control protocol-name'})
-    )
-    port = forms.IntegerField(
-        max_value=65534, min_value=1, label=_("Port"), initial=22,
-        widget=forms.TextInput(attrs={'class': 'form-control protocol-port'})
-    )
-
-
-class AssetCreateForm(OrgModelForm):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        if self.data:
-            return
-        nodes_field = self.fields['nodes']
-        if self.instance:
-            nodes_field.choices = [(n.id, n.full_value) for n in
-                                   self.instance.nodes.all()]
-        else:
-            nodes_field.choices = []
-
-    def add_nodes_initial(self, node):
-        nodes_field = self.fields['nodes']
-        nodes_field.choices.append((node.id, node.full_value))
-        nodes_field.initial = [node]
-
-    class Meta:
-        model = Asset
-        fields = [
-            'hostname', 'ip', 'public_ip', 'protocols', 'comment',
-            'nodes', 'is_active', 'admin_user', 'labels', 'platform',
-            'domain',
-        ]
-        widgets = {
-            'nodes': forms.SelectMultiple(attrs={
-                'class': 'nodes-select2', 'data-placeholder': _('Nodes')
-            }),
-            'admin_user': forms.Select(attrs={
-                'class': 'select2', 'data-placeholder': _('Admin user')
-            }),
-            'labels': forms.SelectMultiple(attrs={
-                'class': 'select2', 'data-placeholder': _('Label')
-            }),
-            'domain': forms.Select(attrs={
-                'class': 'select2', 'data-placeholder': _('Domain')
-            }),
-        }
-        labels = {
-            'nodes': _("Node"),
-        }
-        help_texts = {
-            'hostname': GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_HELP_TEXT,
-            'admin_user': _(
-                'root or other NOPASSWD sudo privilege user existed in asset,'
-                'If asset is windows or other set any one, more see admin user left menu'
-            ),
-            'platform': _("Windows 2016 RDP protocol is different, If is window 2016, set it"),
-            'domain': _("If your have some network not connect with each other, you can set domain")
-        }
-
-
-class AssetUpdateForm(OrgModelForm):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        if self.data:
-            return
-        nodes_field = self.fields['nodes']
-        if self.instance:
-            nodes_field.choices = ((n.id, n.full_value) for n in
-                                   self.instance.nodes.all())
-        else:
-            nodes_field.choices = []
-
-    class Meta:
-        model = Asset
-        fields = [
-            'hostname', 'ip', 'protocols', 'nodes',  'is_active', 'platform',
-            'public_ip', 'number', 'comment', 'admin_user', 'labels',
-            'domain',
-        ]
-        widgets = {
-            'nodes': forms.SelectMultiple(attrs={
-                'class': 'nodes-select2', 'data-placeholder': _('Node')
-            }),
-            'admin_user': forms.Select(attrs={
-                'class': 'select2', 'data-placeholder': _('Admin user')
-            }),
-            'labels': forms.SelectMultiple(attrs={
-                'class': 'select2', 'data-placeholder': _('Label')
-            }),
-            'domain': forms.Select(attrs={
-                'class': 'select2', 'data-placeholder': _('Domain')
-            }),
-        }
-        labels = {
-            'nodes': _("Node"),
-        }
-        help_texts = {
-            'hostname': GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_HELP_TEXT,
-            'admin_user': _(
-                'root or other NOPASSWD sudo privilege user existed in asset,'
-                'If asset is windows or other set any one, more see admin user left menu'
-            ),
-            'platform': _("Windows 2016 RDP protocol is different, If is window 2016, set it"),
-            'domain': _("If your have some network not connect with each other, you can set domain")
-        }
-
-
-class AssetBulkUpdateForm(OrgModelForm):
-    assets = forms.ModelMultipleChoiceField(
-        required=True,
-        label=_('Select assets'), queryset=Asset.objects,
-        widget=forms.SelectMultiple(
-            attrs={
-                'class': 'select2',
-                'data-placeholder': _('Select assets')
-            }
-        )
-    )
-
-    class Meta:
-        model = Asset
-        fields = [
-            'assets', 'admin_user', 'labels', 'platform',
-            'domain',
-        ]
-        widgets = {
-            'labels': forms.SelectMultiple(
-                attrs={'class': 'select2', 'data-placeholder': _('Label')}
-            ),
-            'nodes': forms.SelectMultiple(
-                attrs={'class': 'select2', 'data-placeholder': _('Node')}
-            ),
-        }
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.set_fields_queryset()
-
-        # 重写其他字段为不再required
-        for name, field in self.fields.items():
-            if name != 'assets':
-                field.required = False
-
-    def set_fields_queryset(self):
-        assets_field = self.fields['assets']
-        if hasattr(self, 'data'):
-            assets_field.queryset = Asset.objects.all()
-
-    def save(self, commit=True):
-        changed_fields = []
-        for field in self._meta.fields:
-            if self.data.get(field) not in [None, '']:
-                changed_fields.append(field)
-
-        cleaned_data = {k: v for k, v in self.cleaned_data.items()
-                        if k in changed_fields}
-        assets = cleaned_data.pop('assets')
-        labels = cleaned_data.pop('labels', [])
-        nodes = cleaned_data.pop('nodes', None)
-        assets = Asset.objects.filter(id__in=[asset.id for asset in assets])
-        assets.update(**cleaned_data)
-
-        if labels:
-            for asset in assets:
-                asset.labels.set(labels)
-        if nodes:
-            for asset in assets:
-                asset.nodes.set(nodes)
-        return assets

apps/assets/forms/cmd_filter.py

@@ -1,40 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from django import forms
-from django.core.exceptions import ValidationError
-from django.utils.translation import ugettext_lazy as _
-import re
-
-from orgs.mixins.forms import OrgModelForm
-from ..models import CommandFilter, CommandFilterRule
-
-__all__ = ['CommandFilterForm', 'CommandFilterRuleForm']
-
-
-class CommandFilterForm(OrgModelForm):
-    class Meta:
-        model = CommandFilter
-        fields = ['name', 'comment']
-
-
-class CommandFilterRuleForm(OrgModelForm):
-    invalid_pattern = re.compile(r'[\.\*\+\[\\\?\{\}\^\$\|\(\)\#\<\>]')
-
-    class Meta:
-        model = CommandFilterRule
-        fields = [
-            'filter', 'type', 'content', 'priority', 'action', 'comment'
-        ]
-        widgets = {
-            'content':  forms.Textarea(attrs={
-                'placeholder': 'eg:\r\nreboot\r\nrm -rf'
-            }),
-        }
-
-    def clean_content(self):
-        content = self.cleaned_data.get("content")
-        if self.invalid_pattern.search(content):
-            invalid_char = self.invalid_pattern.pattern.replace('\\', '')
-            msg = _("Content should not be contain: {}").format(invalid_char)
-            raise ValidationError(msg)
-        return content

apps/assets/forms/domain.py

@@ -1,79 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from django import forms
-from django.utils.translation import gettext_lazy as _
-
-from orgs.mixins.forms import OrgModelForm
-from ..models import Domain, Asset, Gateway
-from .user import PasswordAndKeyAuthForm
-
-__all__ = ['DomainForm', 'GatewayForm']
-
-
-class DomainForm(forms.ModelForm):
-    assets = forms.ModelMultipleChoiceField(
-        queryset=Asset.objects, label=_('Asset'), required=False,
-        widget=forms.SelectMultiple(
-            attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
-        )
-    )
-
-    class Meta:
-        model = Domain
-        fields = ['name', 'comment', 'assets']
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.set_fields_queryset()
-
-    def set_fields_queryset(self):
-        assets_field = self.fields.get('assets')
-
-        # 没有data代表是渲染表单, 有data代表是提交创建/更新表单
-        if not self.data:
-            # 有instance 代表渲染更新表单, 否则是创建表单
-            # 前端渲染优化, 防止过多资产, 设置assets queryset为none
-            if self.instance:
-                assets_field.initial = self.instance.assets.all()
-                assets_field.queryset = self.instance.assets.all()
-            else:
-                assets_field.queryset = Asset.objects.none()
-        else:
-            assets_field.queryset = Asset.objects.all()
-
-    def save(self, commit=True):
-        instance = super().save(commit=commit)
-        assets = self.cleaned_data['assets']
-        instance.assets.set(assets)
-        return instance
-
-
-class GatewayForm(PasswordAndKeyAuthForm, OrgModelForm):
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        password_field = self.fields.get('password')
-        password_field.help_text = _('Password should not contain special characters')
-        protocol_field = self.fields.get('protocol')
-        protocol_field.choices = [Gateway.PROTOCOL_CHOICES[0]]
-
-    def save(self, commit=True):
-        # Because we define custom field, so we need rewrite :method: `save`
-        instance = super().save()
-        password = self.cleaned_data.get('password')
-        private_key, public_key = super().gen_keys()
-        instance.set_auth(password=password, private_key=private_key)
-        return instance
-
-    class Meta:
-        model = Gateway
-        fields = [
-            'name', 'ip', 'port', 'username', 'protocol', 'domain', 'password',
-            'private_key',  'is_active', 'comment',
-        ]
-        help_texts = {
-            'protocol': _("SSH gateway support proxy SSH,RDP,VNC")
-        }
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
-            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
-        }

apps/assets/forms/label.py

@@ -1,46 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from django import forms
-from django.utils.translation import gettext_lazy as _
-
-from ..models import Label, Asset
-
-__all__ = ['LabelForm']
-
-
-class LabelForm(forms.ModelForm):
-    assets = forms.ModelMultipleChoiceField(
-        queryset=Asset.objects.none(), label=_('Asset'), required=False,
-        widget=forms.SelectMultiple(
-            attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
-        )
-    )
-
-    class Meta:
-        model = Label
-        fields = ['name', 'value', 'assets']
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.set_fields_queryset()
-
-    def set_fields_queryset(self):
-        assets_field = self.fields.get('assets')
-
-        # 没有data代表是渲染表单, 有data代表是提交创建/更新表单
-        if not self.data:
-            # 有instance 代表渲染更新表单, 否则是创建表单
-            # 前端渲染优化, 防止过多资产, 设置assets queryset为none
-            if self.instance:
-                assets_field.initial = self.instance.assets.all()
-                assets_field.queryset = self.instance.assets.all()
-            else:
-                assets_field.queryset = Asset.objects.none()
-        else:
-            assets_field.queryset = Asset.objects.all()
-
-    def save(self, commit=True):
-        label = super().save(commit=commit)
-        assets = self.cleaned_data['assets']
-        label.assets.set(assets)
-        return label

apps/assets/forms/user.py

@@ -1,109 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-from django import forms
-from django.utils.translation import gettext_lazy as _
-
-from common.utils import validate_ssh_private_key, ssh_pubkey_gen, get_logger
-from orgs.mixins.forms import OrgModelForm
-from ..models import AdminUser, SystemUser
-from ..const import GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_HELP_TEXT
-
-logger = get_logger(__file__)
-__all__ = [
-    'FileForm', 'SystemUserForm', 'AdminUserForm', 'PasswordAndKeyAuthForm',
-]
-
-
-class FileForm(forms.Form):
-    file = forms.FileField()
-
-
-class PasswordAndKeyAuthForm(forms.ModelForm):
-    # Form field name can not start with `_`, so redefine it,
-    password = forms.CharField(
-        widget=forms.PasswordInput, max_length=128,
-        strip=True, required=False,
-        help_text=_('Password or private key passphrase'),
-        label=_("Password"),
-    )
-    # Need use upload private key file except paste private key content
-    private_key = forms.FileField(required=False, label=_("Private key"))
-
-    def clean_private_key(self):
-        private_key_f = self.cleaned_data['private_key']
-        password = self.cleaned_data['password']
-
-        if private_key_f:
-            key_string = private_key_f.read()
-            private_key_f.seek(0)
-            key_string = key_string.decode()
-
-            if not validate_ssh_private_key(key_string, password):
-                msg = _('Invalid private key, Only support '
-                        'RSA/DSA format key')
-                raise forms.ValidationError(msg)
-        return private_key_f
-
-    def validate_password_key(self):
-        password = self.cleaned_data['password']
-        private_key_f = self.cleaned_data.get('private_key', '')
-
-        if not password and not private_key_f:
-            raise forms.ValidationError(_(
-                'Password and private key file must be input one'
-            ))
-
-    def gen_keys(self):
-        password = self.cleaned_data.get('password', '') or None
-        private_key_f = self.cleaned_data['private_key']
-        public_key = private_key = None
-
-        if private_key_f:
-            private_key = private_key_f.read().strip().decode('utf-8')
-            public_key = ssh_pubkey_gen(private_key=private_key, password=password)
-        return private_key, public_key
-
-
-class AdminUserForm(PasswordAndKeyAuthForm):
-    def save(self, commit=True):
-        raise forms.ValidationError("Use api to save")
-
-    class Meta:
-        model = AdminUser
-        fields = ['name', 'username', 'password', 'private_key', 'comment']
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
-            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
-        }
-
-
-class SystemUserForm(OrgModelForm, PasswordAndKeyAuthForm):
-    # Admin user assets define, let user select, save it in form not in view
-    auto_generate_key = forms.BooleanField(initial=True, required=False)
-
-    def save(self, commit=True):
-        raise forms.ValidationError("Use api to save")
-
-    class Meta:
-        model = SystemUser
-        fields = [
-            'name', 'username', 'protocol', 'auto_generate_key',
-            'password', 'private_key', 'auto_push', 'sudo',
-            'comment', 'shell', 'priority', 'login_mode', 'cmd_filters',
-        ]
-        widgets = {
-            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
-            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
-            'cmd_filters': forms.SelectMultiple(attrs={
-                'class': 'select2', 'data-placeholder': _('Command filter')
-            }),
-        }
-        help_texts = {
-            'name': GENERAL_FORBIDDEN_SPECIAL_CHARACTERS_HELP_TEXT,
-            'auto_push': _('Auto push system user to asset'),
-            'priority': _('1-100, High level will be using login asset as default, '
-                          'if user was granted more than 2 system user'),
-            'login_mode': _('If you choose manual login mode, you do not '
-                            'need to fill in the username and password.'),
-            'sudo': _("Use comma split multi command, ex: /bin/whoami,/bin/ifconfig")
-        }

apps/assets/hands.py

@@ -6,7 +6,7 @@
 
     Other module of this app shouldn't connect with other app.
 
-    :copyright: (c) 2014-2018 by Jumpserver Team.
+    :copyright: (c) 2014-2018 by JumpServer Team.
     :license: GPL v2, see LICENSE for more details.
 """
 

apps/assets/migrations/0043_auto_20191114_1111.py

@@ -0,0 +1,23 @@
+# Generated by Django 2.2.5 on 2019-11-14 03:11
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0042_favoriteasset'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='gathereduser',
+            name='date_last_login',
+            field=models.DateTimeField(null=True, verbose_name='Date last login'),
+        ),
+        migrations.AddField(
+            model_name='gathereduser',
+            name='ip_last_login',
+            field=models.CharField(default='', max_length=39, verbose_name='IP last login'),
+        ),
+    ]

apps/assets/migrations/0044_platform.py

@@ -0,0 +1,48 @@
+# Generated by Django 2.2.7 on 2019-12-06 07:26
+
+import common.fields.model
+from django.db import migrations, models
+
+
+def create_internal_platform(apps, schema_editor):
+    model = apps.get_model("assets", "Platform")
+    db_alias = schema_editor.connection.alias
+    type_platforms = (
+        ('Linux', 'Linux', None),
+        ('Unix', 'Unix', None),
+        ('MacOS', 'MacOS', None),
+        ('BSD', 'BSD', None),
+        ('Windows', 'Windows', None),
+        ('Windows2016', 'Windows', {'security': 'tls'}),
+        ('Other', 'Other', None),
+    )
+    for name, base, meta in type_platforms:
+        model.objects.using(db_alias).create(
+            name=name, base=base, internal=True, meta=meta
+        )
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0043_auto_20191114_1111'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Platform',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.SlugField(allow_unicode=True, unique=True, verbose_name='Name')),
+                ('base', models.CharField(choices=[('Linux', 'Linux'), ('Unix', 'Unix'), ('MacOS', 'MacOS'), ('BSD', 'BSD'), ('Windows', 'Windows'), ('Other', 'Other')], default='Linux', max_length=16, verbose_name='Base')),
+                ('charset', models.CharField(choices=[('utf8', 'UTF-8'), ('gbk', 'GBK')], default='utf8', max_length=8, verbose_name='Charset')),
+                ('meta', common.fields.model.JsonDictTextField(blank=True, null=True, verbose_name='Meta')),
+                ('internal', models.BooleanField(default=False, verbose_name='Internal')),
+                ('comment', models.TextField(blank=True, null=True, verbose_name='Comment')),
+            ],
+            options={
+                'verbose_name': 'Platform'
+            }
+        ),
+        migrations.RunPython(create_internal_platform)
+    ]

apps/assets/migrations/0045_auto_20191206_1607.py

@@ -0,0 +1,47 @@
+# Generated by Django 2.2.7 on 2019-12-06 08:07
+
+import assets.models.asset
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+def migrate_platform_to_asset_type(apps, schema_editor):
+    asset_model = apps.get_model("assets", "Asset")
+    platform_model = apps.get_model("assets", "Platform")
+    db_alias = schema_editor.connection.alias
+
+    platforms = platform_model.objects.using(db_alias).all()
+    platforms_map = {p.name: p for p in platforms}
+    for name, p in platforms_map.items():
+        asset_model.objects.using(db_alias)\
+            .filter(_platform=name)\
+            .update(platform=p)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0044_platform'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='asset',
+            old_name='platform',
+            new_name='_platform',
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='platform',
+            field=models.ForeignKey(
+                default=assets.models.asset.Platform.default,
+                on_delete=django.db.models.deletion.PROTECT,
+                related_name='assets', to='assets.Platform',
+                verbose_name='Platform'),
+        ),
+        migrations.RunPython(migrate_platform_to_asset_type),
+        migrations.RemoveField(
+            model_name='asset',
+            name='_platform',
+        ),
+    ]

apps/assets/migrations/0046_auto_20191218_1705.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.1.11 on 2019-12-18 09:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0045_auto_20191206_1607'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='systemuser',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet'), ('vnc', 'vnc'), ('mysql', 'mysql')], default='ssh', max_length=16, verbose_name='Protocol'),
+        ),
+    ]

apps/assets/migrations/0047_assetuser.py

@@ -0,0 +1,24 @@
+# Generated by Django 2.2.7 on 2020-01-06 07:34
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0046_auto_20191218_1705'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AssetUser',
+            fields=[
+            ],
+            options={
+                'proxy': True,
+                'indexes': [],
+                'constraints': [],
+            },
+            bases=('assets.authbook',),
+        ),
+    ]

apps/assets/migrations/0048_auto_20191230_1512.py

@@ -0,0 +1,35 @@
+# Generated by Django 2.2.7 on 2019-12-30 07:12
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('assets', '0047_assetuser'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='authbook',
+            name='is_active',
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='username_same_with_user',
+            field=models.BooleanField(default=False, verbose_name='Username same with user'),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='users',
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Users'),
+        ),
+        migrations.AddField(
+            model_name='systemuser',
+            name='groups',
+            field=models.ManyToManyField(blank=True, to='users.UserGroup',
+                                         verbose_name='User groups'),
+        ),
+    ]

apps/assets/migrations/0049_systemuser_sftp_root.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.7 on 2020-01-19 07:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0048_auto_20191230_1512'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='systemuser',
+            name='sftp_root',
+            field=models.CharField(default='tmp', max_length=128, verbose_name='SFTP Root'),
+        ),
+    ]

apps/assets/migrations/0050_auto_20200711_1740.py

@@ -0,0 +1,18 @@
+# Generated by Django 2.2.10 on 2020-07-11 09:40
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0049_systemuser_sftp_root'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='asset',
+            name='created_by',
+            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by'),
+        ),
+    ]

apps/assets/migrations/0051_auto_20200713_1143.py

@@ -0,0 +1,22 @@
+# Generated by Django 2.2.10 on 2020-07-13 03:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0050_auto_20200711_1740'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='domain',
+            name='name',
+            field=models.CharField(max_length=128, verbose_name='Name'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='domain',
+            unique_together={('org_id', 'name')},
+        ),
+    ]

apps/assets/migrations/0052_auto_20200715_1535.py

@@ -0,0 +1,22 @@
+# Generated by Django 2.2.10 on 2020-07-15 07:35
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0051_auto_20200713_1143'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='commandfilter',
+            name='name',
+            field=models.CharField(max_length=64, verbose_name='Name'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='commandfilter',
+            unique_together={('org_id', 'name')},
+        ),
+    ]

apps/assets/migrations/0053_auto_20200723_1232.py

@@ -0,0 +1,34 @@
+# Generated by Django 2.2.10 on 2020-07-23 04:32
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0052_auto_20200715_1535'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='adminuser',
+            name='username',
+            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='authbook',
+            name='username',
+            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='gateway',
+            name='username',
+            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='username',
+            field=models.CharField(blank=True, db_index=True, max_length=128, validators=[django.core.validators.RegexValidator('^[0-9a-zA-Z_@\\-\\.]*$', 'Special char not allowed')], verbose_name='Username'),
+        ),
+    ]

apps/assets/migrations/0054_auto_20200807_1032.py

@@ -0,0 +1,23 @@
+# Generated by Django 2.2.13 on 2020-08-07 02:32
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('assets', '0053_auto_20200723_1232'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='systemuser',
+            name='token',
+            field=models.TextField(default='', verbose_name='Token'),
+        ),
+        migrations.AlterField(
+            model_name='systemuser',
+            name='protocol',
+            field=models.CharField(choices=[('ssh', 'ssh'), ('rdp', 'rdp'), ('telnet', 'telnet'), ('vnc', 'vnc'), ('mysql', 'mysql'), ('k8s', 'k8s')], default='ssh', max_length=16, verbose_name='Protocol'),
+        ),
+    ]