fix: 修复周期监测任务配置的bug

fix: 添加启动失效缓存

apps/acls/models/login_acl.py

@@ -33,6 +33,9 @@ class LoginACL(BaseACL):
     class Meta:
         ordering = ('priority', '-date_updated', 'name')
 
+    def __str__(self):
+        return self.name
+
     @property
     def action_reject(self):
         return self.action == self.ActionChoices.reject

apps/acls/models/login_asset_acl.py

@@ -38,6 +38,9 @@ class LoginAssetACL(BaseACL, OrgModelMixin):
         unique_together = ('name', 'org_id')
         ordering = ('priority', '-date_updated', 'name')
 
+    def __str__(self):
+        return self.name
+
     @classmethod
     def filter(cls, user, asset, system_user, action):
         queryset = cls.objects.filter(action=action)

apps/acls/serializers/login_asset_acl.py

@@ -54,7 +54,7 @@ class LoginAssetACLSystemUsersSerializer(serializers.Serializer):
     protocol_group = serializers.ListField(
         default=['*'], child=serializers.CharField(max_length=16), label=_('Protocol'),
         help_text=protocol_group_help_text.format(
-            ', '.join(SystemUser.ASSET_CATEGORY_PROTOCOLS)
+            ', '.join([SystemUser.PROTOCOL_SSH, SystemUser.PROTOCOL_TELNET])
         )
     )
 

apps/assets/tasks/push_system_user.py

@@ -56,8 +56,8 @@ def get_push_unixlike_system_user_tasks(system_user, username=None):
         'shell': system_user.shell or Empty,
         'state': 'present',
         'home': system_user.home or Empty,
+        'expires': -1,
         'groups': groups or Empty,
-        'expires': 99999,
         'comment': comment
     }
 

apps/audits/signals_handler.py

@@ -27,11 +27,23 @@ json_render = JSONRenderer()
 
 
 MODELS_NEED_RECORD = (
-    'User', 'UserGroup', 'Asset', 'Node', 'AdminUser', 'SystemUser',
+    # users
-    'Domain', 'Gateway', 'Organization', 'AssetPermission', 'CommandFilter',
+    'User', 'UserGroup',
-    'CommandFilterRule', 'License', 'Setting', 'Account', 'SyncInstanceTask',
+    # acls
-    'Platform', 'ChangeAuthPlan', 'GatherUserTask',
+    'LoginACL', 'LoginAssetACL',
-    'RemoteApp', 'RemoteAppPermission', 'DatabaseApp', 'DatabaseAppPermission',
+    # assets
+    'Asset', 'Node', 'AdminUser', 'SystemUser', 'Domain', 'Gateway', 'CommandFilterRule',
+    'CommandFilter', 'Platform',
+    # applications
+    'Application',
+    # orgs
+    'Organization',
+    # settings
+    'Setting',
+    # perms
+    'AssetPermission', 'ApplicationPermission',
+    # xpack
+    'License', 'Account', 'SyncInstanceTask', 'ChangeAuthPlan', 'GatherUserTask',
 )
 
 

apps/common/management/commands/expire_caches.py

@@ -0,0 +1,19 @@
+from django.core.management.base import BaseCommand
+
+from assets.signals_handler.node_assets_mapping import expire_node_assets_mapping_for_memory
+from orgs.models import Organization
+
+
+def expire_node_assets_mapping():
+    org_ids = Organization.objects.all().values_list('id', flat=True)
+    org_ids = [*org_ids, '00000000-0000-0000-0000-000000000000']
+
+    for org_id in org_ids:
+        expire_node_assets_mapping_for_memory(org_id)
+
+
+class Command(BaseCommand):
+    help = 'Expire caches'
+
+    def handle(self, *args, **options):
+        expire_node_assets_mapping()

apps/jumpserver/__init__.py

@@ -1 +1,2 @@
 
+

apps/jumpserver/conf.py

@@ -268,7 +268,7 @@ class Config(dict):
         'WINDOWS_SSH_DEFAULT_SHELL': 'cmd',
         'FLOWER_URL': "127.0.0.1:5555",
         'DEFAULT_ORG_SHOW_ALL_USERS': True,
-        'PERIOD_TASK_ENABLE': True,
+        'PERIOD_TASK_ENABLED': True,
         'FORCE_SCRIPT_NAME': '',
         'LOGIN_CONFIRM_ENABLE': False,
         'WINDOWS_SKIP_ALL_MANUAL_PASSWORD': False,

apps/locale/zh/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: JumpServer 0.3.3\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-04-14 17:52+0800\n"
+"POT-Creation-Date: 2021-04-20 11:56+0800\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: ibuler <ibuler@qq.com>\n"
 "Language-Team: JumpServer team<ibuler@qq.com>\n"
@@ -984,25 +984,25 @@ msgid ""
 "The task of self-checking is already running and cannot be started repeatedly"
 msgstr "自检程序已经在运行，不能重复启动"
 
-#: assets/tasks/push_system_user.py:192
+#: assets/tasks/push_system_user.py:193
 #: assets/tasks/system_user_connectivity.py:89
 msgid "System user is dynamic: {}"
 msgstr "系统用户是动态的: {}"
 
-#: assets/tasks/push_system_user.py:232
+#: assets/tasks/push_system_user.py:233
 msgid "Start push system user for platform: [{}]"
 msgstr "推送系统用户到平台: [{}]"
 
-#: assets/tasks/push_system_user.py:233
+#: assets/tasks/push_system_user.py:234
 #: assets/tasks/system_user_connectivity.py:81
 msgid "Hosts count: {}"
 msgstr "主机数量: {}"
 
-#: assets/tasks/push_system_user.py:272 assets/tasks/push_system_user.py:298
+#: assets/tasks/push_system_user.py:273 assets/tasks/push_system_user.py:299
 msgid "Push system users to assets: {}"
 msgstr "推送系统用户到入资产: {}"
 
-#: assets/tasks/push_system_user.py:284
+#: assets/tasks/push_system_user.py:285
 msgid "Push system users to asset: {}({}) => {}"
 msgstr "推送系统用户到入资产: {}({}) => {}"
 
@@ -3036,7 +3036,7 @@ msgstr "正常"
 
 #: terminal/const.py:34
 msgid "Offline"
-msgstr ""
+msgstr "离线"
 
 #: terminal/exceptions.py:8
 msgid "Bulk create not support"

config_example.yml

@@ -122,7 +122,7 @@ REDIS_PORT: 6379
 # USER_LOGIN_SINGLE_MACHINE_ENABLED: False
 #
 # 启用定时任务
-# PERIOD_TASK_ENABLE: True
+# PERIOD_TASK_ENABLED: True
 #
 # 启用二次复合认证配置
 # LOGIN_CONFIRM_ENABLE: False

jms

@@ -97,6 +97,14 @@ def check_migrations():
     # sys.exit(1)
 
 
+def expire_caches():
+    apps_dir = os.path.join(BASE_DIR, 'apps')
+    code = subprocess.call("python manage.py expire_caches", shell=True, cwd=apps_dir)
+
+    if code == 1:
+        return
+
+
 def perform_db_migrate():
     logging.info("Check database structure change ...")
     os.chdir(os.path.join(BASE_DIR, 'apps'))
@@ -116,6 +124,7 @@ def prepare():
     check_database_connection()
     check_migrations()
     upgrade_db()
+    expire_caches()
 
 
 def check_pid(pid):