perf: Modify error message for desktop client login

* fix: session viewset api permission validation

* fix: some api permission validation

---------

Co-authored-by: Bai <baijiangjie@gmail.com>

.github/ISSUE_TEMPLATE/----.md

@@ -1,11 +0,0 @@
----
-name: 需求建议
-about: 提出针对本项目的想法和建议
-title: "[Feature] "
-labels: 类型:需求
-assignees: 
-  - ibuler
-  - baijiangjie
----
-
-**请描述您的需求或者改进建议.**

.github/ISSUE_TEMPLATE/1_bug_report.yml

@@ -0,0 +1,72 @@
+name: '🐛 Bug Report'
+description: 'Report an Bug'
+title: '[Bug] '
+labels: ['🐛 Bug']
+assignees: 
+  - baijiangjie
+body:
+  - type: input
+    attributes:
+      label: 'Product Version'
+      description: The versions prior to v2.28 (inclusive) are no longer supported.
+    validations:
+      required: true
+
+  - type: checkboxes
+    attributes:
+      label: 'Product Edition'
+      options:
+        - label: 'Community Edition'
+        - label: 'Enterprise Edition'
+        - label: 'Enterprise Trial Edition'
+    validations:
+      required: true
+    
+  - type: checkboxes
+    attributes:
+      label: 'Installation Method'
+      options:
+        - label: 'Online Installation (One-click command installation)'
+        - label: 'Offline Package Installation'
+        - label: 'All-in-One'
+        - label: '1Panel'
+        - label: 'Kubernetes'
+        - label: 'Source Code'
+
+  - type: textarea
+    attributes:
+      label: 'Environment Information'
+      description: Please provide a clear and concise description outlining your environment information.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: '🐛 Bug Description'
+      description:
+        Please provide a clear and concise description of the defect. If the issue is complex, please provide detailed explanations. <br/>
+        Unclear descriptions will not be processed. Please ensure you provide enough detail and information to support replicating and fixing the defect.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: 'Recurrence Steps'
+      description: Please provide a clear and concise description outlining how to reproduce the issue.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: 'Expected Behavior'
+      description: Please provide a clear and concise description of what you expect to happen.
+
+  - type: textarea
+    attributes:
+      label: 'Additional Information'
+      description: Please add any additional background information about the issue here.
+
+  - type: textarea
+    attributes:
+      label: 'Attempted Solutions'
+      description: If you have already attempted to solve the issue, please list the solutions you have tried here.

.github/ISSUE_TEMPLATE/1_bug_report_cn.yml

@@ -0,0 +1,72 @@
+name: '🐛 反馈缺陷'
+description: '反馈一个缺陷'
+title: '[Bug] '
+labels: ['🐛 Bug']
+assignees: 
+  - baijiangjie
+body:
+  - type: input
+    attributes:
+      label: '产品版本'
+      description: 不再支持 v2.28（含）之前的版本。
+    validations:
+      required: true
+
+  - type: checkboxes
+    attributes:
+      label: '版本类型'
+      options:
+        - label: '社区版'
+        - label: '企业版'
+        - label: '企业试用版'
+    validations:
+      required: true
+    
+  - type: checkboxes
+    attributes:
+      label: '安装方式'
+      options:
+        - label: '在线安装 (一键命令安装)'
+        - label: '离线包安装'
+        - label: 'All-in-One'
+        - label: '1Panel'
+        - label: 'Kubernetes'
+        - label: '源码安装'
+
+  - type: textarea
+    attributes:
+      label: '环境信息'
+      description: 请提供一个清晰且简洁的描述，说明你的环境信息。
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: '🐛 缺陷描述'
+      description: |
+        请提供一个清晰且简洁的缺陷描述，如果问题比较复杂，也请详细说明。<br/> 
+        针对不清晰的描述信息将不予处理。请确保提供足够的细节和信息，以支持对缺陷进行复现和修复。
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: '复现步骤'
+      description: 请提供一个清晰且简洁的描述，说明如何复现问题。
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: '期望结果'
+      description: 请提供一个清晰且简洁的描述，说明你期望发生什么。
+
+  - type: textarea
+    attributes:
+      label: '补充信息'
+      description: 在这里添加关于问题的任何其他背景信息。
+      
+  - type: textarea
+    attributes:
+      label: '尝试过的解决方案'
+      description: 如果你已经尝试解决问题，请在此列出你尝试过的解决方案。

.github/ISSUE_TEMPLATE/2_feature_request.yml

@@ -0,0 +1,56 @@
+name: '⭐️ Feature Request'
+description: 'Suggest an idea'
+title: '[Feature] '
+labels: ['⭐️ Feature Request']
+assignees: 
+  - baijiangjie
+  - ibuler
+body:
+  - type: input
+    attributes:
+      label: 'Product Version'
+      description: The versions prior to v2.28 (inclusive) are no longer supported.
+    validations:
+      required: true
+
+  - type: checkboxes
+    attributes:
+      label: 'Product Edition'
+      options:
+        - label: 'Community Edition'
+        - label: 'Enterprise Edition'
+        - label: 'Enterprise Trial Edition'
+    validations:
+      required: true
+    
+  - type: checkboxes
+    attributes:
+      label: 'Installation Method'
+      options:
+        - label: 'Online Installation (One-click command installation)'
+        - label: 'Offline Package Installation'
+        - label: 'All-in-One'
+        - label: '1Panel'
+        - label: 'Kubernetes'
+        - label: 'Source Code'
+
+  - type: textarea
+    attributes:
+      label: '⭐️ Feature Description'
+      description: |
+        Please add a clear and concise description of the problem you aim to solve with this feature request.<br/>
+        Unclear descriptions will not be processed.      
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: 'Proposed Solution'
+      description: Please provide a clear and concise description of the solution you desire.
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: 'Additional Information'
+      description: Please add any additional background information about the issue here.

.github/ISSUE_TEMPLATE/2_feature_request_cn.yml

@@ -0,0 +1,56 @@
+name: '⭐️ 功能需求'
+description: '提出需求或建议'
+title: '[Feature] '
+labels: ['⭐️ Feature Request']
+assignees: 
+  - baijiangjie
+  - ibuler
+body:
+  - type: input
+    attributes:
+      label: '产品版本'
+      description: 不再支持 v2.28（含）之前的版本。
+    validations:
+      required: true
+
+  - type: checkboxes
+    attributes:
+      label: '版本类型'
+      options:
+        - label: '社区版'
+        - label: '企业版'
+        - label: '企业试用版'
+    validations:
+      required: true
+    
+  - type: checkboxes
+    attributes:
+      label: '安装方式'
+      options:
+        - label: '在线安装 (一键命令安装)'
+        - label: '离线包安装'
+        - label: 'All-in-One'
+        - label: '1Panel'
+        - label: 'Kubernetes'
+        - label: '源码安装'
+
+  - type: textarea
+    attributes:
+      label: '⭐️ 需求描述'
+      description: |
+        请添加一个清晰且简洁的问题描述，阐述你希望通过这个功能需求解决的问题。<br/>
+        针对不清晰的描述信息将不予处理。
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: '解决方案'
+      description: 请清晰且简洁地描述你想要的解决方案。
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: '补充信息'
+      description: 在这里添加关于问题的任何其他背景信息。

.github/ISSUE_TEMPLATE/3_question.yml

@@ -0,0 +1,60 @@
+name: '🤔 Question'
+description: 'Pose a question'
+title: '[Question] '
+labels: ['🤔 Question']
+assignees: 
+  - baijiangjie
+body:
+  - type: input
+    attributes:
+      label: 'Product Version'
+      description: The versions prior to v2.28 (inclusive) are no longer supported.
+    validations:
+      required: true
+
+  - type: checkboxes
+    attributes:
+      label: 'Product Edition'
+      options:
+        - label: 'Community Edition'
+        - label: 'Enterprise Edition'
+        - label: 'Enterprise Trial Edition'
+    validations:
+      required: true
+    
+  - type: checkboxes
+    attributes:
+      label: 'Installation Method'
+      options:
+        - label: 'Online Installation (One-click command installation)'
+        - label: 'Offline Package Installation'
+        - label: 'All-in-One'
+        - label: '1Panel'
+        - label: 'Kubernetes'
+        - label: 'Source Code'
+
+  - type: textarea
+    attributes:
+      label: 'Environment Information'
+      description: Please provide a clear and concise description outlining your environment information.
+    validations:
+      required: true
+      
+  - type: textarea
+    attributes:
+      label: '🤔 Question Description'
+      description: |
+        Please provide a clear and concise description of the defect. If the issue is complex, please provide detailed explanations. <br/>
+        Unclear descriptions will not be processed. 
+    validations:
+      required: true
+      
+  - type: textarea
+    attributes:
+      label: 'Expected Behavior'
+      description: Please provide a clear and concise description of what you expect to happen.
+
+  - type: textarea
+    attributes:
+      label: 'Additional Information'
+      description: Please add any additional background information about the issue here.

.github/ISSUE_TEMPLATE/3_question_cn.yml

@@ -0,0 +1,61 @@
+name: '🤔 问题咨询'
+description: '提出一个问题'
+title: '[Question] '
+labels: ['🤔 Question']
+assignees: 
+  - baijiangjie
+body:
+  - type: input
+    attributes:
+      label: '产品版本'
+      description: 不再支持 v2.28（含）之前的版本。
+    validations:
+      required: true
+
+  - type: checkboxes
+    attributes:
+      label: '版本类型'
+      options:
+        - label: '社区版'
+        - label: '企业版'
+        - label: '企业试用版'
+    validations:
+      required: true
+    
+  - type: checkboxes
+    attributes:
+      label: '安装方式'
+      options:
+        - label: '在线安装 (一键命令安装)'
+        - label: '离线包安装'
+        - label: 'All-in-One'
+        - label: '1Panel'
+        - label: 'Kubernetes'
+        - label: '源码安装'
+
+  - type: textarea
+    attributes:
+      label: '环境信息'
+      description: 请在此详细描述你的环境信息，如操作系统、浏览器和部署架构等。
+    validations:
+      required: true
+
+  - type: textarea
+    attributes:
+      label: '🤔 问题描述'
+      description: |
+        请提供一个清晰且简洁的问题描述，如果问题比较复杂，也请详细说明。<br/> 
+        针对不清晰的描述信息将不予处理。
+    validations:
+      required: true
+      
+  - type: textarea
+    attributes:
+      label: '期望结果'
+      description: 请提供一个清晰且简洁的描述，说明你期望发生什么。
+
+  - type: textarea
+    attributes:
+      label: '补充信息'
+      description: 在这里添加关于问题的任何其他背景信息。
+

.github/ISSUE_TEMPLATE/bug---.md

@@ -1,22 +0,0 @@
----
-name: Bug 提交
-about: 提交产品缺陷帮助我们更好的改进
-title: "[Bug] "
-labels: 类型:Bug
-assignees: 
-   - baijiangjie
----
-
-**JumpServer 版本( v2.28 之前的版本不再支持 )**
-
-
-**浏览器版本**
-
-
-**Bug 描述**
-
-
-**Bug 重现步骤(有截图更好)**
-1.
-2.
-3.

.github/ISSUE_TEMPLATE/question.md

@@ -1,10 +0,0 @@
----
-name: 问题咨询
-about: 提出针对本项目安装部署、使用及其他方面的相关问题
-title: "[Question] "
-labels: 类型:提问
-assignees: 
-  - baijiangjie
----
-
-**请描述您的问题.**

.github/workflows/issue-close-require.yml

@@ -12,7 +12,9 @@ jobs:
         uses: actions-cool/issues-helper@v2
         with:
           actions: 'close-issues'
-          labels: '状态:待反馈'
+          labels: '⏳ Pending feedback'
           inactive-day: 30
           body: |
+            You haven't provided feedback for over 30 days. 
+            We will close this issue. If you have any further needs, you can reopen it or submit a new issue.
             您超过 30 天未反馈信息，我们将关闭该 issue，如有需求您可以重新打开或者提交新的 issue。

.github/workflows/issue-close.yml

@@ -13,4 +13,4 @@ jobs:
         if: ${{ !github.event.issue.pull_request }}
         with:
           actions: 'remove-labels'
-          labels: '状态:待处理,状态:待反馈'
+          labels: '🔔 Pending processing,⏳ Pending feedback'

.github/workflows/issue-comment.yml

@@ -13,13 +13,13 @@ jobs:
         uses: actions-cool/issues-helper@v2
         with:
           actions: 'add-labels'
-          labels: '状态:待处理'
+          labels: '🔔 Pending processing'
 
       - name: Remove require reply label
         uses: actions-cool/issues-helper@v2
         with:
           actions: 'remove-labels'
-          labels: '状态:待反馈'
+          labels: '⏳ Pending feedback'
 
   add-label-if-is-member:
     runs-on: ubuntu-latest
@@ -55,11 +55,11 @@ jobs:
         uses: actions-cool/issues-helper@v2
         with:
           actions: 'add-labels'
-          labels: '状态:待反馈'
+          labels: '⏳ Pending feedback'
 
       - name: Remove require handle label
         if: contains(steps.member_names.outputs.data, github.event.comment.user.login)
         uses: actions-cool/issues-helper@v2
         with:
           actions: 'remove-labels'
-          labels: '状态:待处理'
+          labels: '🔔 Pending processing'

.github/workflows/issue-open.yml

@@ -13,4 +13,4 @@ jobs:
         if: ${{ !github.event.issue.pull_request }}
         with:
           actions: 'add-labels'
-          labels: '状态:待处理'
+          labels: '🔔 Pending processing'

.github/workflows/jms-build-test.yml

@@ -1,36 +1,63 @@
 name: "Run Build Test"
 on:
   push:
-    branches:
-      - pr@*
-      - repr@*
+    paths:
+      - 'Dockerfile'
+      - 'Dockerfile*'
+      - 'Dockerfile-*'
+      - 'pyproject.toml'
+      - 'poetry.lock'
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        component: [core]
+        version: [v4]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+    - uses: docker/setup-buildx-action@v3
 
-    - uses: docker/setup-qemu-action@v2
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    
+    - name: Prepare Build
+      run: |
+        sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile-ee
 
-    - uses: docker/setup-buildx-action@v2
-
-    - uses: docker/build-push-action@v3
+    - name: Build CE Image
+      uses: docker/build-push-action@v5
       with:
         context: .
-        push: false
-        tags: jumpserver/core-ce:test
-        file: Dockerfile-ce
+        push: true
+        file: Dockerfile
+        tags: ghcr.io/jumpserver/${{ matrix.component }}:${{ matrix.version }}-ce
+        platforms: linux/amd64
         build-args: |
+          VERSION=${{ matrix.version }}
           APT_MIRROR=http://deb.debian.org
           PIP_MIRROR=https://pypi.org/simple
-          PIP_JMS_MIRROR=https://pypi.org/simple
+        outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
         cache-from: type=gha
         cache-to: type=gha,mode=max
 
-    - uses: LouisBrunner/checks-action@v1.5.0
-      if: always()
+    - name: Build EE Image
+      uses: docker/build-push-action@v5
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        name: Check Build
-        conclusion: ${{ job.status }}
+        context: .
+        push: false
+        file: Dockerfile-ee
+        tags: ghcr.io/jumpserver/${{ matrix.component }}:${{ matrix.version }}
+        platforms: linux/amd64
+        build-args: |
+          VERSION=${{ matrix.version }}
+          APT_MIRROR=http://deb.debian.org
+          PIP_MIRROR=https://pypi.org/simple
+        outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

.github/workflows/jms-generic-action-handler.yml

@@ -10,3 +10,4 @@ jobs:
       - uses: jumpserver/action-generic-handler@master
         env:
           GITHUB_TOKEN: ${{ secrets.PRIVATE_TOKEN }}
+          I18N_TOKEN: ${{ secrets.I18N_TOKEN }}

.gitignore

@@ -43,3 +43,5 @@ releashe
 data/*
 test.py
 .history/
+.test/
+*.mo

CONTRIBUTING.md

@@ -1,5 +1,10 @@
 # Contributing
 
+As a contributor, you should agree that:
+
+- The producer can adjust the open-source agreement to be more strict or relaxed as deemed necessary.
+- Your contributed code may be used for commercial purposes, including but not limited to its cloud business operations.
+
 ## Create pull request
 PR are always welcome, even if they only contain small fixes like typos or a few lines of code. If there will be a significant effort, please document it as an issue and get a discussion going before starting to work on it.
 

Dockerfile

@@ -0,0 +1,139 @@
+FROM debian:bullseye-slim AS stage-1
+ARG TARGETARCH
+
+ARG DEPENDENCIES="                    \
+        ca-certificates               \
+        wget"
+
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
+    set -ex \
+    && rm -f /etc/apt/apt.conf.d/docker-clean \
+    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
+    && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
+    && echo "no" | dpkg-reconfigure dash
+
+WORKDIR /opt
+
+ARG CHECK_VERSION=v1.0.2
+RUN set -ex \
+    && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
+    && mv check /usr/local/bin/ \
+    && chown root:root /usr/local/bin/check \
+    && chmod 755 /usr/local/bin/check \
+    && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
+
+ARG VERSION
+
+WORKDIR /opt/jumpserver
+ADD . .
+RUN echo > /opt/jumpserver/config.yml \
+    && \
+    if [ -n "${VERSION}" ]; then \
+        sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \
+    fi
+
+FROM python:3.11-slim-bullseye AS stage-2
+ARG TARGETARCH
+
+ARG BUILD_DEPENDENCIES="              \
+        g++                           \
+        make                          \
+        pkg-config"
+
+ARG DEPENDENCIES="                    \
+        default-libmysqlclient-dev    \
+        freetds-dev                   \
+        gettext                       \
+        libkrb5-dev                   \
+        libldap2-dev                  \
+        libsasl2-dev"
+
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
+    set -ex \
+    && rm -f /etc/apt/apt.conf.d/docker-clean \
+    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
+    && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
+    && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
+    && echo "no" | dpkg-reconfigure dash
+
+WORKDIR /opt/jumpserver
+
+ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple
+RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \
+    --mount=type=bind,source=poetry.lock,target=poetry.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    set -ex \
+    && python3 -m venv /opt/py3 \
+    && pip install poetry -i ${PIP_MIRROR} \
+    && poetry config virtualenvs.create false \
+    && . /opt/py3/bin/activate \
+    && poetry install --only main
+
+COPY --from=stage-1 /opt/jumpserver /opt/jumpserver
+
+RUN set -ex \
+    && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \
+    && . /opt/py3/bin/activate \
+    && cd apps \
+    && python manage.py compilemessages
+
+FROM python:3.11-slim-bullseye
+ARG TARGETARCH
+ENV LANG=en_US.UTF-8 \
+    PATH=/opt/py3/bin:$PATH
+
+ARG DEPENDENCIES="                    \
+        libldap2-dev                  \
+        libx11-dev"
+
+ARG TOOLS="                           \
+        ca-certificates               \
+        default-libmysqlclient-dev    \
+        openssh-client                \
+        sshpass                       \
+        bubblewrap"
+
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
+    set -ex \
+    && rm -f /etc/apt/apt.conf.d/docker-clean \
+    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
+    && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
+    && apt-get -y install --no-install-recommends ${TOOLS} \
+    && mkdir -p /root/.ssh/ \
+    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
+    && echo "no" | dpkg-reconfigure dash \
+    && sed -i "s@# export @export @g" ~/.bashrc \
+    && sed -i "s@# alias @alias @g" ~/.bashrc
+
+COPY --from=stage-2 /opt /opt
+COPY --from=stage-1 /usr/local/bin /usr/local/bin
+COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/
+
+WORKDIR /opt/jumpserver
+
+ARG VERSION
+ENV VERSION=$VERSION
+
+VOLUME /opt/jumpserver/data
+
+ENTRYPOINT ["./entrypoint.sh"]
+
+EXPOSE 8080
+
+STOPSIGNAL SIGQUIT
+
+CMD ["start", "all"]

Dockerfile-ce

@@ -1,126 +0,0 @@
-FROM python:3.11-slim-bullseye as stage-1
-ARG TARGETARCH
-
-ARG VERSION
-ENV VERSION=$VERSION
-
-WORKDIR /opt/jumpserver
-ADD . .
-RUN echo > /opt/jumpserver/config.yml \
-    && cd utils && bash -ixeu build.sh
-
-FROM python:3.11-slim-bullseye as stage-2
-ARG TARGETARCH
-
-ARG BUILD_DEPENDENCIES="              \
-        g++                           \
-        make                          \
-        pkg-config"
-
-ARG DEPENDENCIES="                    \
-        freetds-dev                   \
-        libffi-dev                    \
-        libjpeg-dev                   \
-        libkrb5-dev                   \
-        libldap2-dev                  \
-        libpq-dev                     \
-        libsasl2-dev                  \
-        libssl-dev                    \
-        libxml2-dev                   \
-        libxmlsec1-dev                \
-        libxmlsec1-openssl            \
-        freerdp2-dev                  \
-        libaio-dev"
-
-ARG TOOLS="                           \
-        ca-certificates               \
-        curl                          \
-        default-libmysqlclient-dev    \
-        default-mysql-client          \
-        git                           \
-        git-lfs                       \
-        unzip                         \
-        xz-utils                      \
-        wget"
-
-ARG APT_MIRROR=http://mirrors.ustc.edu.cn
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
-    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core-apt \
-    sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
-    && rm -f /etc/apt/apt.conf.d/docker-clean \
-    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
-    && apt-get update \
-    && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
-    && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
-    && apt-get -y install --no-install-recommends ${TOOLS} \
-    && echo "no" | dpkg-reconfigure dash
-
-WORKDIR /opt/jumpserver
-
-ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple
-RUN --mount=type=cache,target=/root/.cache \
-    --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \
-    --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \
-    set -ex \
-    && python3 -m venv /opt/py3 \
-    && pip install poetry -i ${PIP_MIRROR} \
-    && poetry config virtualenvs.create false \
-    && . /opt/py3/bin/activate \
-    && poetry install
-
-FROM python:3.11-slim-bullseye
-ARG TARGETARCH
-ENV LANG=zh_CN.UTF-8 \
-    PATH=/opt/py3/bin:$PATH
-
-ARG DEPENDENCIES="                    \
-        libjpeg-dev                   \
-        libpq-dev                     \
-        libx11-dev                    \
-        freerdp2-dev                  \
-        libxmlsec1-openssl"
-
-ARG TOOLS="                           \
-        ca-certificates               \
-        curl                          \
-        default-libmysqlclient-dev    \
-        default-mysql-client          \
-        iputils-ping                  \
-        locales                       \
-        nmap                          \
-        openssh-client                \
-        patch                         \
-        sshpass                       \
-        telnet                        \
-        vim                           \
-        wget"
-
-ARG APT_MIRROR=http://mirrors.ustc.edu.cn
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
-    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core-apt \
-    sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
-    && rm -f /etc/apt/apt.conf.d/docker-clean \
-    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
-    && apt-get update \
-    && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
-    && apt-get -y install --no-install-recommends ${TOOLS} \
-    && mkdir -p /root/.ssh/ \
-    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
-    && echo "no" | dpkg-reconfigure dash \
-    && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
-    && sed -i "s@# export @export @g" ~/.bashrc \
-    && sed -i "s@# alias @alias @g" ~/.bashrc
-
-COPY --from=stage-2 /opt/py3 /opt/py3
-COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver
-
-WORKDIR /opt/jumpserver
-
-ARG VERSION
-ENV VERSION=$VERSION
-
-VOLUME /opt/jumpserver/data
-
-EXPOSE 8080
-
-ENTRYPOINT ["./entrypoint.sh"]

Dockerfile-ee

@@ -1,5 +1,52 @@
 ARG VERSION
-FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} as build-xpack
-FROM registry.fit2cloud.com/jumpserver/core-ce:${VERSION}
 
+FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} AS build-xpack
+FROM python:3.11-slim-bullseye AS build-core
+ARG BUILD_DEPENDENCIES="              \
+        g++"
+
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
+    set -ex \
+    && rm -f /etc/apt/apt.conf.d/docker-clean \
+    && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \
+    && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \
+    && echo "no" | dpkg-reconfigure dash
+
+WORKDIR /opt/jumpserver
+
+ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple
+RUN --mount=type=cache,target=/root/.cache,sharing=locked,id=core \
+    --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \
+    --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \
+    set -ex \
+    && python3 -m venv /opt/py3 \
+    && pip install poetry -i ${PIP_MIRROR} \
+    && poetry config virtualenvs.create false \
+    && . /opt/py3/bin/activate \
+    && poetry install --only xpack
+
+FROM registry.fit2cloud.com/jumpserver/core:${VERSION}-ce
+ARG TARGETARCH
+
+ARG TOOLS="                           \
+        curl                          \
+        iputils-ping                  \
+        netcat-openbsd                \
+        nmap                          \
+        telnet                        \
+        vim                           \
+        wget"
+
+ARG APT_MIRROR=http://mirrors.ustc.edu.cn
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
+    set -ex \
+    && apt-get update \
+    && apt-get -y install --no-install-recommends ${TOOLS}
+
+COPY --from=build-core /opt/py3 /opt/py3
 COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack

README.md

@@ -1,125 +1,112 @@
-<p align="center">
-  <a href="https://jumpserver.org"><img src="https://download.jumpserver.org/images/jumpserver-logo.svg" alt="JumpServer" width="300" /></a>
-</p>
-<h3 align="center">广受欢迎的开源堡垒机</h3>
+<div align="center">
+  <a name="readme-top"></a>
+  <a href="https://jumpserver.org/index-en.html"><img src="https://download.jumpserver.org/images/jumpserver-logo.svg" alt="JumpServer" width="300" /></a>
+  
+## An open-source PAM tool (Bastion Host)
 
-<p align="center">
-  <a href="https://www.gnu.org/licenses/gpl-3.0.html"><img src="https://img.shields.io/github/license/jumpserver/jumpserver" alt="License: GPLv3"></a>
-  <a href="https://hub.docker.com/u/jumpserver"><img src="https://img.shields.io/docker/pulls/jumpserver/jms_all.svg" alt="Docker pulls"></a>
-  <a href="https://github.com/jumpserver/jumpserver/releases/latest"><img src="https://img.shields.io/github/v/release/jumpserver/jumpserver" alt="Latest release"></a>
-  <a href="https://github.com/jumpserver/jumpserver"><img src="https://img.shields.io/github/stars/jumpserver/jumpserver?color=%231890FF&style=flat-square" alt="Stars"></a>
-</p>
+[![][license-shield]][license-link]
+[![][discord-shield]][discord-link]
+[![][docker-shield]][docker-link]
+[![][github-release-shield]][github-release-link]
+[![][github-stars-shield]][github-stars-link]
+
+**English** · [简体中文](./README.zh-CN.md) · [Documents][docs-link] · [Report Bug][github-issues-link] · [Request Feature][github-issues-link]
+</div>
+<br/>
+
+## What is JumpServer?
+
+JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and Remote App endpoints through a web browser.
+
+![JumpServer Overview](https://github.com/jumpserver/jumpserver/assets/41712985/eb9e6f39-3911-4d4a-bca9-aa50cc3b761d)
+
+## Screenshots
+
+<table style="border-collapse: collapse; border: 1px solid black;">
+  <tr>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/99fabe5b-0475-4a53-9116-4c370a1426c4" alt="JumpServer Console"   /></td>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/a424d731-1c70-4108-a7d8-5bbf387dda9a" alt="JumpServer Audits"   /></td>
+  </tr>
+
+  <tr>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/393d2c27-a2d0-4dea-882d-00ed509e00c9" alt="JumpServer Workbench"   /></td>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/3a2611cd-8902-49b8-b82b-2a6dac851f3e" alt="JumpServer Settings"   /></td>
+  </tr>
+
+  <tr>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/1e236093-31f7-4563-8eb1-e36d865f1568" alt="JumpServer SSH"   /></td>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/69373a82-f7ab-41e8-b763-bbad2ba52167" alt="JumpServer RDP"   /></td>
+  </tr>
+  <tr>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/5bed98c6-cbe8-4073-9597-d53c69dc3957" alt="JumpServer K8s"   /></td>
+    <td style="padding: 5px;background-color:#fff;"><img src= "https://github.com/jumpserver/jumpserver/assets/32935519/b80ad654-548f-42bc-ba3d-c1cfdf1b46d6" alt="JumpServer DB"   /></td>
+  </tr>
+</table>
+
+## Quick Start
+Prepare a clean Linux Server ( 64bit, >= 4c8g )
+
+```
+curl -sSL https://github.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
+```
+
+Access JumpServer in your browser at `http://your-ip/`, `admin`/`admin`
+
+## Components
+
+JumpServer consists of multiple key components, which collectively form the functional framework of JumpServer, providing users with comprehensive capabilities for operations management and security control.
+
+| Project                                                | Status                                                                                                                                                                 | Description                                                                                             |
+|--------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|
+| [Lina](https://github.com/jumpserver/lina)             | <a href="https://github.com/jumpserver/lina/releases"><img alt="Lina release" src="https://img.shields.io/github/release/jumpserver/lina.svg" /></a>                   | JumpServer Web UI                                                                                       |
+| [Luna](https://github.com/jumpserver/luna)             | <a href="https://github.com/jumpserver/luna/releases"><img alt="Luna release" src="https://img.shields.io/github/release/jumpserver/luna.svg" /></a>                   | JumpServer Web Terminal                                                                                 |
+| [KoKo](https://github.com/jumpserver/koko)             | <a href="https://github.com/jumpserver/koko/releases"><img alt="Koko release" src="https://img.shields.io/github/release/jumpserver/koko.svg" /></a>                   | JumpServer Character Protocol Connector                                                                 |
+| [Lion](https://github.com/jumpserver/lion)             | <a href="https://github.com/jumpserver/lion/releases"><img alt="Lion release" src="https://img.shields.io/github/release/jumpserver/lion.svg" /></a>                   | JumpServer Graphical Protocol Connector                                                                 |
+| [Chen](https://github.com/jumpserver/chen)             | <a href="https://github.com/jumpserver/chen/releases"><img alt="Chen release" src="https://img.shields.io/github/release/jumpserver/chen.svg" />                       | JumpServer Web DB                                                                                       |  
+| [Razor](https://github.com/jumpserver/razor)           | <img alt="Chen" src="https://img.shields.io/badge/release-private-red" />                                                                                              | JumpServer RDP Proxy Connector                                                                          |
+| [Tinker](https://github.com/jumpserver/tinker)         | <img alt="Tinker" src="https://img.shields.io/badge/release-private-red" />                                                                                            | JumpServer Remote Application Connector (Windows)                                                       |
+| [Panda](https://github.com/jumpserver/Panda)           | <img alt="Panda" src="https://img.shields.io/badge/release-private-red" />                                                                                             | JumpServer Remote Application Connector (Linux)                                                         |
+| [Magnus](https://github.com/jumpserver/magnus)         | <img alt="Magnus" src="https://img.shields.io/badge/release-private-red" />                                                                                            | JumpServer Database Proxy Connector                                                                     |
 
 
-<p align="center">
-    9 年时间，倾情投入，用心做好一款开源堡垒机。
-</p>
 
-------------------------------
-JumpServer 是广受欢迎的开源堡垒机，是符合 4A 规范的专业运维安全审计系统。
+## Contributing
 
-JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型的资产，包括：
+Welcome to submit PR to contribute. Please refer to [CONTRIBUTING.md][contributing-link] for guidelines.
 
-- **SSH**: Linux / Unix / 网络设备 等；
-- **Windows**: Web 方式连接 / 原生 RDP 连接；
-- **数据库**: MySQL / MariaDB / PostgreSQL / Oracle / SQLServer / ClickHouse 等；
-- **NoSQL**: Redis / MongoDB 等；
-- **GPT**: ChatGPT 等;
-- **云服务**: Kubernetes / VMware vSphere 等;
-- **Web 站点**: 各类系统的 Web 管理后台；
-- **应用**: 通过 Remote App 连接各类应用。
+## Security
 
-## 产品特色
+JumpServer is a mission critical product. Please refer to the Basic Security Recommendations for installation and deployment. If you encounter any security-related issues, please contact us directly:
 
-- **开源**: 零门槛，线上快速获取和安装；
-- **无插件**: 仅需浏览器，极致的 Web Terminal 使用体验；
-- **分布式**: 支持分布式部署和横向扩展，轻松支持大规模并发访问；
-- **多云支持**: 一套系统，同时管理不同云上面的资产；
-- **多租户**: 一套系统，多个子公司或部门同时使用；
-- **云端存储**: 审计录像云端存储，永不丢失；
+- Email: support@fit2cloud.com
 
-## UI 展示
-
-![UI展示](https://docs.jumpserver.org/zh/v3/img/dashboard.png)
-
-## 在线体验
-
-- 环境地址：<https://demo.jumpserver.org/>
-
-| :warning: 注意                 |
-|:-----------------------------|
-| 该环境仅作体验目的使用，我们会定时清理、重置数据！    |
-| 请勿修改体验环境用户的密码！               |
-| 请勿在环境中添加业务生产环境地址、用户名密码等敏感信息！ |
-
-## 快速开始
-
-- [快速入门](https://docs.jumpserver.org/zh/v3/quick_start/)
-- [产品文档](https://docs.jumpserver.org)
-- [在线学习](https://edu.fit2cloud.com/page/2635362)
-- [知识库](https://kb.fit2cloud.com/categories/jumpserver)
-
-## 案例研究
-
-- [腾讯音乐娱乐集团：基于JumpServer的安全运维审计解决方案](https://blog.fit2cloud.com/?p=a04cdf0d-6704-4d18-9b40-9180baecd0e2)
-- [腾讯海外游戏：基于JumpServer构建游戏安全运营能力](https://blog.fit2cloud.com/?p=3704)
-- [万华化学：通过JumpServer管理全球化分布式IT资产，并且实现与云管平台的联动](https://blog.fit2cloud.com/?p=3504)
-- [雪花啤酒：JumpServer堡垒机使用体会](https://blog.fit2cloud.com/?p=3412)
-- [顺丰科技：JumpServer 堡垒机护航顺丰科技超大规模资产安全运维](https://blog.fit2cloud.com/?p=1147)
-- [沐瞳游戏：通过JumpServer管控多项目分布式资产](https://blog.fit2cloud.com/?p=3213)
-- [携程：JumpServer 堡垒机部署与运营实战](https://blog.fit2cloud.com/?p=851)
-- [大智慧：JumpServer 堡垒机让“大智慧”的混合 IT 运维更智慧](https://blog.fit2cloud.com/?p=882)
-- [小红书：JumpServer 堡垒机大规模资产跨版本迁移之路](https://blog.fit2cloud.com/?p=516)
-- [中手游：JumpServer堡垒机助力中手游提升多云环境下安全运维能力](https://blog.fit2cloud.com/?p=732)
-- [中通快递：JumpServer主机安全运维实践](https://blog.fit2cloud.com/?p=708)
-- [东方明珠：JumpServer高效管控异构化、分布式云端资产](https://blog.fit2cloud.com/?p=687)
-- [江苏农信：JumpServer堡垒机助力行业云安全运维](https://blog.fit2cloud.com/?p=666)
-
-## 社区交流
-
-如果您在使用过程中有任何疑问或对建议，欢迎提交 [GitHub Issue](https://github.com/jumpserver/jumpserver/issues/new/choose)。
-
-您也可以到我们的 [社区论坛](https://bbs.fit2cloud.com/c/js/5) 当中进行交流沟通。
-
-### 参与贡献
-
-欢迎提交 PR 参与贡献。 参考 [CONTRIBUTING.md](https://github.com/jumpserver/jumpserver/blob/dev/CONTRIBUTING.md)
-
-## 组件项目
-
-| 项目                                                     | 状态                                                                                                                                                                     | 描述                                                                                |
-|--------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|
-| [Lina](https://github.com/jumpserver/lina)             | <a href="https://github.com/jumpserver/lina/releases"><img alt="Lina release" src="https://img.shields.io/github/release/jumpserver/lina.svg" /></a>                   | JumpServer Web UI 项目                                                              |
-| [Luna](https://github.com/jumpserver/luna)             | <a href="https://github.com/jumpserver/luna/releases"><img alt="Luna release" src="https://img.shields.io/github/release/jumpserver/luna.svg" /></a>                   | JumpServer Web Terminal 项目                                                        |
-| [KoKo](https://github.com/jumpserver/koko)             | <a href="https://github.com/jumpserver/koko/releases"><img alt="Koko release" src="https://img.shields.io/github/release/jumpserver/koko.svg" /></a>                   | JumpServer 字符协议 Connector 项目                                                      |
-| [Lion](https://github.com/jumpserver/lion-release)     | <a href="https://github.com/jumpserver/lion-release/releases"><img alt="Lion release" src="https://img.shields.io/github/release/jumpserver/lion-release.svg" /></a>   | JumpServer 图形协议 Connector 项目，依赖 [Apache Guacamole](https://guacamole.apache.org/) |
-| [Razor](https://github.com/jumpserver/razor)           | <img alt="Chen" src="https://img.shields.io/badge/release-私有发布-red" />                                                                                                 | JumpServer RDP 代理 Connector 项目                                                    |
-| [Tinker](https://github.com/jumpserver/tinker)         | <img alt="Tinker" src="https://img.shields.io/badge/release-私有发布-red" />                                                                                               | JumpServer 远程应用 Connector 项目 (Windows)                                                      |
-| [Panda](https://github.com/jumpserver/Panda)         | <img alt="Panda" src="https://img.shields.io/badge/release-私有发布-red" />                                                                                               | JumpServer 远程应用 Connector 项目 (Linux)                                                      |
-| [Magnus](https://github.com/jumpserver/magnus-release) | <a href="https://github.com/jumpserver/magnus-release/releases"><img alt="Magnus release" src="https://img.shields.io/github/release/jumpserver/magnus-release.svg" /> | JumpServer 数据库代理 Connector 项目                                                     |
-| [Chen](https://github.com/jumpserver/chen-release)     | <a href="https://github.com/jumpserver/chen-release/releases"><img alt="Chen release" src="https://img.shields.io/github/release/jumpserver/chen-release.svg" />       | JumpServer Web DB 项目，替代原来的 OmniDB                                                 |
-| [Kael](https://github.com/jumpserver/kael)             | <a href="https://github.com/jumpserver/kael/releases"><img alt="Kael release" src="https://img.shields.io/github/release/jumpserver/kael.svg" />                       | JumpServer 连接 GPT 资产的组件项目                                                         |
-| [Wisp](https://github.com/jumpserver/wisp)             | <a href="https://github.com/jumpserver/wisp/releases"><img alt="Magnus release" src="https://img.shields.io/github/release/jumpserver/wisp.svg" />                     | JumpServer 各系统终端组件和 Core API 通信的组件项目                                              |
-| [Clients](https://github.com/jumpserver/clients)       | <a href="https://github.com/jumpserver/clients/releases"><img alt="Clients release" src="https://img.shields.io/github/release/jumpserver/clients.svg" />              | JumpServer 客户端 项目                                                                 |
-| [Installer](https://github.com/jumpserver/installer)   | <a href="https://github.com/jumpserver/installer/releases"><img alt="Installer release" src="https://img.shields.io/github/release/jumpserver/installer.svg" />        | JumpServer 安装包 项目                                                                 |
-
-## 安全说明
-
-JumpServer是一款安全产品，请参考 [基本安全建议](https://docs.jumpserver.org/zh/master/install/install_security/)
-进行安装部署。如果您发现安全相关问题，请直接联系我们：
-
-- 邮箱：support@fit2cloud.com
-- 电话：400-052-0755
-
-## License & Copyright
+## License
 
 Copyright (c) 2014-2024 飞致云 FIT2CLOUD, All rights reserved.
 
-Licensed under The GNU General Public License version 3 (GPLv3)  (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
+Licensed under The GNU General Public License version 3 (GPLv3) (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
 
 https://www.gnu.org/licenses/gpl-3.0.html
 
-Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "
-AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific
-language governing permissions and limitations under the License.
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an " AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+
+<!-- JumpServer official link -->
+[docs-link]: https://en-docs.jumpserver.org/
+[discord-link]: https://discord.com/invite/jcM5tKWJ
+[contributing-link]: https://github.com/jumpserver/jumpserver/blob/dev/CONTRIBUTING.md
+
+<!-- JumpServer Other link-->
+[license-link]: https://www.gnu.org/licenses/gpl-3.0.html
+[docker-link]: https://hub.docker.com/u/jumpserver
+[github-release-link]: https://github.com/jumpserver/jumpserver/releases/latest
+[github-stars-link]: https://github.com/jumpserver/jumpserver
+[github-issues-link]: https://github.com/jumpserver/jumpserver/issues
+
+<!-- Shield link-->
+[github-release-shield]: https://img.shields.io/github/v/release/jumpserver/jumpserver
+[github-stars-shield]: https://img.shields.io/github/stars/jumpserver/jumpserver?color=%231890FF&style=flat-square
+[docker-shield]: https://img.shields.io/docker/pulls/jumpserver/jms_all.svg
+[license-shield]: https://img.shields.io/github/license/jumpserver/jumpserver
+[discord-shield]: https://img.shields.io/discord/1194233267294052363?style=flat&logo=discord&logoColor=%23f5f5f5&labelColor=%235462eb&color=%235462eb
+
+<!-- Image link -->

README.zh-CN.md

@@ -0,0 +1,125 @@
+<p align="center">
+  <a href="https://jumpserver.org"><img src="https://download.jumpserver.org/images/jumpserver-logo.svg" alt="JumpServer" width="300" /></a>
+</p>
+<h3 align="center">广受欢迎的开源堡垒机</h3>
+
+<p align="center">
+  <a href="https://www.gnu.org/licenses/gpl-3.0.html"><img src="https://img.shields.io/github/license/jumpserver/jumpserver" alt="License: GPLv3"></a>
+  <a href="https://hub.docker.com/u/jumpserver"><img src="https://img.shields.io/docker/pulls/jumpserver/jms_all.svg" alt="Docker pulls"></a>
+  <a href="https://github.com/jumpserver/jumpserver/releases/latest"><img src="https://img.shields.io/github/v/release/jumpserver/jumpserver" alt="Latest release"></a>
+  <a href="https://github.com/jumpserver/jumpserver"><img src="https://img.shields.io/github/stars/jumpserver/jumpserver?color=%231890FF&style=flat-square" alt="Stars"></a>
+</p>
+
+
+<p align="center">
+    9 年时间，倾情投入，用心做好一款开源堡垒机。
+</p>
+
+------------------------------
+JumpServer 是广受欢迎的开源堡垒机，是符合 4A 规范的专业运维安全审计系统。
+
+JumpServer 堡垒机帮助企业以更安全的方式管控和登录各种类型的资产，包括：
+
+- **SSH**: Linux / Unix / 网络设备 等；
+- **Windows**: Web 方式连接 / 原生 RDP 连接；
+- **数据库**: MySQL / MariaDB / PostgreSQL / Oracle / SQLServer / ClickHouse 等；
+- **NoSQL**: Redis / MongoDB 等；
+- **GPT**: ChatGPT 等;
+- **云服务**: Kubernetes / VMware vSphere 等;
+- **Web 站点**: 各类系统的 Web 管理后台；
+- **应用**: 通过 Remote App 连接各类应用。
+
+## 产品特色
+
+- **开源**: 零门槛，线上快速获取和安装；
+- **无插件**: 仅需浏览器，极致的 Web Terminal 使用体验；
+- **分布式**: 支持分布式部署和横向扩展，轻松支持大规模并发访问；
+- **多云支持**: 一套系统，同时管理不同云上面的资产；
+- **多租户**: 一套系统，多个子公司或部门同时使用；
+- **云端存储**: 审计录像云端存储，永不丢失；
+
+## UI 展示
+
+![UI展示](https://docs.jumpserver.org/zh/v3/img/dashboard.png)
+
+## 在线体验
+
+- 环境地址：<https://demo.jumpserver.org/>
+
+| :warning: 注意                 |
+|:-----------------------------|
+| 该环境仅作体验目的使用，我们会定时清理、重置数据！    |
+| 请勿修改体验环境用户的密码！               |
+| 请勿在环境中添加业务生产环境地址、用户名密码等敏感信息！ |
+
+## 快速开始
+
+- [快速入门](https://docs.jumpserver.org/zh/v3/quick_start/)
+- [产品文档](https://docs.jumpserver.org)
+- [在线学习](https://edu.fit2cloud.com/page/2635362)
+- [知识库](https://kb.fit2cloud.com/categories/jumpserver)
+
+## 案例研究
+
+- [腾讯音乐娱乐集团：基于JumpServer的安全运维审计解决方案](https://blog.fit2cloud.com/?p=a04cdf0d-6704-4d18-9b40-9180baecd0e2)
+- [腾讯海外游戏：基于JumpServer构建游戏安全运营能力](https://blog.fit2cloud.com/?p=3704)
+- [万华化学：通过JumpServer管理全球化分布式IT资产，并且实现与云管平台的联动](https://blog.fit2cloud.com/?p=3504)
+- [雪花啤酒：JumpServer堡垒机使用体会](https://blog.fit2cloud.com/?p=3412)
+- [顺丰科技：JumpServer 堡垒机护航顺丰科技超大规模资产安全运维](https://blog.fit2cloud.com/?p=1147)
+- [沐瞳游戏：通过JumpServer管控多项目分布式资产](https://blog.fit2cloud.com/?p=3213)
+- [携程：JumpServer 堡垒机部署与运营实战](https://blog.fit2cloud.com/?p=851)
+- [大智慧：JumpServer 堡垒机让“大智慧”的混合 IT 运维更智慧](https://blog.fit2cloud.com/?p=882)
+- [小红书：JumpServer 堡垒机大规模资产跨版本迁移之路](https://blog.fit2cloud.com/?p=516)
+- [中手游：JumpServer堡垒机助力中手游提升多云环境下安全运维能力](https://blog.fit2cloud.com/?p=732)
+- [中通快递：JumpServer主机安全运维实践](https://blog.fit2cloud.com/?p=708)
+- [东方明珠：JumpServer高效管控异构化、分布式云端资产](https://blog.fit2cloud.com/?p=687)
+- [江苏农信：JumpServer堡垒机助力行业云安全运维](https://blog.fit2cloud.com/?p=666)
+
+## 社区交流
+
+如果您在使用过程中有任何疑问或对建议，欢迎提交 [GitHub Issue](https://github.com/jumpserver/jumpserver/issues/new/choose)。
+
+您也可以到我们的 [社区论坛](https://bbs.fit2cloud.com/c/js/5) 当中进行交流沟通。
+
+### 参与贡献
+
+欢迎提交 PR 参与贡献。 参考 [CONTRIBUTING.md](https://github.com/jumpserver/jumpserver/blob/dev/CONTRIBUTING.md)
+
+## 组件项目
+
+| 项目                                                     | 状态                                                                                                                                                                     | 描述                                                                                |
+|--------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------|
+| [Lina](https://github.com/jumpserver/lina)             | <a href="https://github.com/jumpserver/lina/releases"><img alt="Lina release" src="https://img.shields.io/github/release/jumpserver/lina.svg" /></a>                   | JumpServer Web UI 项目                                                              |
+| [Luna](https://github.com/jumpserver/luna)             | <a href="https://github.com/jumpserver/luna/releases"><img alt="Luna release" src="https://img.shields.io/github/release/jumpserver/luna.svg" /></a>                   | JumpServer Web Terminal 项目                                                        |
+| [KoKo](https://github.com/jumpserver/koko)             | <a href="https://github.com/jumpserver/koko/releases"><img alt="Koko release" src="https://img.shields.io/github/release/jumpserver/koko.svg" /></a>                   | JumpServer 字符协议 Connector 项目                                                      |
+| [Lion](https://github.com/jumpserver/lion-release)     | <a href="https://github.com/jumpserver/lion-release/releases"><img alt="Lion release" src="https://img.shields.io/github/release/jumpserver/lion-release.svg" /></a>   | JumpServer 图形协议 Connector 项目，依赖 [Apache Guacamole](https://guacamole.apache.org/) |
+| [Razor](https://github.com/jumpserver/razor)           | <img alt="Chen" src="https://img.shields.io/badge/release-私有发布-red" />                                                                                                 | JumpServer RDP 代理 Connector 项目                                                    |
+| [Tinker](https://github.com/jumpserver/tinker)         | <img alt="Tinker" src="https://img.shields.io/badge/release-私有发布-red" />                                                                                               | JumpServer 远程应用 Connector 项目 (Windows)                                                      |
+| [Panda](https://github.com/jumpserver/Panda)         | <img alt="Panda" src="https://img.shields.io/badge/release-私有发布-red" />                                                                                               | JumpServer 远程应用 Connector 项目 (Linux)                                                      |
+| [Magnus](https://github.com/jumpserver/magnus-release) | <a href="https://github.com/jumpserver/magnus-release/releases"><img alt="Magnus release" src="https://img.shields.io/github/release/jumpserver/magnus-release.svg" /> | JumpServer 数据库代理 Connector 项目                                                     |
+| [Chen](https://github.com/jumpserver/chen-release)     | <a href="https://github.com/jumpserver/chen-release/releases"><img alt="Chen release" src="https://img.shields.io/github/release/jumpserver/chen-release.svg" />       | JumpServer Web DB 项目，替代原来的 OmniDB                                                 |
+| [Kael](https://github.com/jumpserver/kael)             | <a href="https://github.com/jumpserver/kael/releases"><img alt="Kael release" src="https://img.shields.io/github/release/jumpserver/kael.svg" />                       | JumpServer 连接 GPT 资产的组件项目                                                         |
+| [Wisp](https://github.com/jumpserver/wisp)             | <a href="https://github.com/jumpserver/wisp/releases"><img alt="Magnus release" src="https://img.shields.io/github/release/jumpserver/wisp.svg" />                     | JumpServer 各系统终端组件和 Core API 通信的组件项目                                              |
+| [Clients](https://github.com/jumpserver/clients)       | <a href="https://github.com/jumpserver/clients/releases"><img alt="Clients release" src="https://img.shields.io/github/release/jumpserver/clients.svg" />              | JumpServer 客户端 项目                                                                 |
+| [Installer](https://github.com/jumpserver/installer)   | <a href="https://github.com/jumpserver/installer/releases"><img alt="Installer release" src="https://img.shields.io/github/release/jumpserver/installer.svg" />        | JumpServer 安装包 项目                                                                 |
+
+## 安全说明
+
+JumpServer是一款安全产品，请参考 [基本安全建议](https://docs.jumpserver.org/zh/master/install/install_security/)
+进行安装部署。如果您发现安全相关问题，请直接联系我们：
+
+- 邮箱：support@fit2cloud.com
+- 电话：400-052-0755
+
+## License & Copyright
+
+Copyright (c) 2014-2024 飞致云 FIT2CLOUD, All rights reserved.
+
+Licensed under The GNU General Public License version 3 (GPLv3)  (the "License"); you may not use this file except in
+compliance with the License. You may obtain a copy of the License at
+
+https://www.gnu.org/licenses/gpl-3.0.html
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "
+AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific
+language governing permissions and limitations under the License.

README_EN.md

@@ -1,94 +0,0 @@
-<p align="center"><a href="https://jumpserver.org"><img src="https://download.jumpserver.org/images/jumpserver-logo.svg" alt="JumpServer" width="300" /></a></p>
-<h3 align="center">Open Source Bastion Host</h3>
-
-<p align="center">
-  <a href="https://www.gnu.org/licenses/gpl-3.0.html"><img src="https://img.shields.io/github/license/jumpserver/jumpserver" alt="License: GPLv3"></a>
-  <a href="https://shields.io/github/downloads/jumpserver/jumpserver/total"><img src="https://shields.io/github/downloads/jumpserver/jumpserver/total" alt=" release"></a>
-  <a href="https://hub.docker.com/u/jumpserver"><img src="https://img.shields.io/docker/pulls/jumpserver/jms_all.svg" alt="Codacy"></a>
-  <a href="https://github.com/jumpserver/jumpserver"><img src="https://img.shields.io/github/stars/jumpserver/jumpserver?color=%231890FF&style=flat-square" alt="Stars"></a>
-</p>
-
-JumpServer is the world's first open-source Bastion Host and is licensed under the GPLv3. It is a 4A-compliant professional operation and maintenance security audit system.
-
-JumpServer uses Python / Django for development, follows Web 2.0 specifications, and is equipped with an industry-leading Web Terminal solution that provides a beautiful user interface and great user experience
-
-JumpServer adopts a distributed architecture to support multi-branch deployment across multiple cross-regional areas. The central node provides APIs, and login nodes are deployed in each branch. It can be scaled horizontally without concurrency restrictions.
-
-Change the world by taking every little step
-
-----
-### Advantages
-
-- Open Source: huge transparency and free to access with quick installation process.
-- Distributed: support large-scale concurrent access with ease.
-- No Plugin required: all you need is a browser, the ultimate Web Terminal experience.
-- Multi-Cloud supported: a unified system to manage assets on different clouds at the same time
-- Cloud storage: audit records are stored in the cloud. Data lost no more!
-- Multi-Tenant system: multiple subsidiary companies or departments access the same system simultaneously.
-- Many applications supported: link to databases, windows remote applications, and Kubernetes cluster, etc.
-
-
-### JumpServer Component Projects
-- [Lina](https://github.com/jumpserver/lina) JumpServer Web UI
-- [Luna](https://github.com/jumpserver/luna) JumpServer Web Terminal
-- [KoKo](https://github.com/jumpserver/koko) JumpServer Character protocaol Connector, replace original Python Version [Coco](https://github.com/jumpserver/coco)
-- [Lion](https://github.com/jumpserver/lion-release) JumpServer Graphics protocol Connector，rely on [Apache Guacamole](https://guacamole.apache.org/)
-
-### Contribution
-If you have any good ideas or helping us to fix bugs, please submit a Pull Request and accept our thanks :)
-
-Thanks to the following contributors for making JumpServer better everyday!
-
-<a href="https://github.com/jumpserver/jumpserver/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=jumpserver/jumpserver" />
-</a>
-
-<a href="https://github.com/jumpserver/koko/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=jumpserver/koko" />
-</a>
-
-<a href="https://github.com/jumpserver/lina/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=jumpserver/lina" />
-</a>
-
-<a href="https://github.com/jumpserver/luna/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=jumpserver/luna" />
-</a>
-
-### Thanks to
-- [Apache Guacamole](https://guacamole.apache.org/) Web page connection RDP, SSH, VNC protocol equipment. JumpServer graphical connection dependent.
-- [OmniDB](https://omnidb.org/) Web page connection to databases. JumpServer Web database dependent.
-
-
-### JumpServer Enterprise Version 
-- [Apply for it](https://jinshuju.net/f/kyOYpi)
-
-### Case Study
-
-- [JumpServer 堡垒机护航顺丰科技超大规模资产安全运维](https://blog.fit2cloud.com/?p=1147)；
-- [JumpServer 堡垒机让“大智慧”的混合 IT 运维更智慧](https://blog.fit2cloud.com/?p=882)；
-- [携程 JumpServer 堡垒机部署与运营实战](https://blog.fit2cloud.com/?p=851)；
-- [小红书的JumpServer堡垒机大规模资产跨版本迁移之路](https://blog.fit2cloud.com/?p=516)；
-- [JumpServer堡垒机助力中手游提升多云环境下安全运维能力](https://blog.fit2cloud.com/?p=732)；
-- [中通快递：JumpServer主机安全运维实践](https://blog.fit2cloud.com/?p=708)；
-- [东方明珠：JumpServer高效管控异构化、分布式云端资产](https://blog.fit2cloud.com/?p=687)；
-- [江苏农信：JumpServer堡垒机助力行业云安全运维](https://blog.fit2cloud.com/?p=666)。
-
-### For safety instructions
-
-JumpServer is a security product. Please refer to [Basic Security Recommendations](https://docs.jumpserver.org/zh/master/install/install_security/) for deployment and installation.
-
-If you find a security problem, please contact us directly：
-
-- ibuler@fit2cloud.com 
-- support@fit2cloud.com 
-- 400-052-0755
-
-### License & Copyright
-Copyright (c) 2014-2022 FIT2CLOUD Tech, Inc., All rights reserved.
-
-Licensed under The GNU General Public License version 3 (GPLv3)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
-
-https://www.gnu.org/licenses/gpl-3.0.htmll
-
-Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

apps/accounts/api/automations/backup.py

@@ -18,9 +18,8 @@ __all__ = [
 
 class AccountBackupPlanViewSet(OrgBulkModelViewSet):
     model = AccountBackupAutomation
-    filter_fields = ('name',)
-    search_fields = filter_fields
-    ordering = ('name',)
+    filterset_fields = ('name',)
+    search_fields = filterset_fields
     serializer_class = serializers.AccountBackupSerializer
 
 

apps/accounts/api/automations/base.py

@@ -20,8 +20,8 @@ __all__ = [
 class AutomationAssetsListApi(generics.ListAPIView):
     model = BaseAutomation
     serializer_class = serializers.AutomationAssetsSerializer
-    filter_fields = ("name", "address")
-    search_fields = filter_fields
+    filterset_fields = ("name", "address")
+    search_fields = filterset_fields
 
     def get_object(self):
         pk = self.kwargs.get('pk')

apps/accounts/api/automations/change_secret.py

@@ -6,9 +6,12 @@ from rest_framework.response import Response
 
 from accounts import serializers
 from accounts.const import AutomationTypes
+from accounts.filters import ChangeSecretRecordFilterSet
 from accounts.models import ChangeSecretAutomation, ChangeSecretRecord
 from accounts.tasks import execute_automation_record_task
+from authentication.permissions import UserConfirmation, ConfirmType
 from orgs.mixins.api import OrgBulkModelViewSet, OrgGenericViewSet
+from rbac.permissions import RBACPermission
 from .base import (
     AutomationAssetsListApi, AutomationRemoveAssetApi, AutomationAddAssetApi,
     AutomationNodeAddRemoveApi, AutomationExecutionViewSet
@@ -24,35 +27,54 @@ __all__ = [
 
 class ChangeSecretAutomationViewSet(OrgBulkModelViewSet):
     model = ChangeSecretAutomation
-    filter_fields = ('name', 'secret_type', 'secret_strategy')
-    search_fields = filter_fields
+    filterset_fields = ('name', 'secret_type', 'secret_strategy')
+    search_fields = filterset_fields
     serializer_class = serializers.ChangeSecretAutomationSerializer
 
 
 class ChangeSecretRecordViewSet(mixins.ListModelMixin, OrgGenericViewSet):
-    serializer_class = serializers.ChangeSecretRecordSerializer
-    filterset_fields = ('asset_id', 'execution_id')
+    filterset_class = ChangeSecretRecordFilterSet
     search_fields = ('asset__address',)
     tp = AutomationTypes.change_secret
+    serializer_classes = {
+        'default': serializers.ChangeSecretRecordSerializer,
+        'secret': serializers.ChangeSecretRecordViewSecretSerializer,
+    }
     rbac_perms = {
         'execute': 'accounts.add_changesecretexecution',
+        'secret': 'accounts.view_changesecretrecord',
     }
 
+    def get_permissions(self):
+        if self.action == 'secret':
+            self.permission_classes = [
+                RBACPermission,
+                UserConfirmation.require(ConfirmType.MFA)
+            ]
+        return super().get_permissions()
+
     def get_queryset(self):
         return ChangeSecretRecord.objects.all()
 
     @action(methods=['post'], detail=False, url_path='execute')
     def execute(self, request, *args, **kwargs):
-        record_id = request.data.get('record_id')
-        record = self.get_queryset().filter(pk=record_id)
-        if not record:
+        record_ids = request.data.get('record_ids')
+        records = self.get_queryset().filter(id__in=record_ids)
+        execution_count = records.values_list('execution_id', flat=True).distinct().count()
+        if execution_count != 1:
             return Response(
-                {'detail': 'record not found'},
-                status=status.HTTP_404_NOT_FOUND
+                {'detail': 'Only one execution is allowed to execute'},
+                status=status.HTTP_400_BAD_REQUEST
             )
-        task = execute_automation_record_task.delay(record_id, self.tp)
+        task = execute_automation_record_task.delay(record_ids, self.tp)
         return Response({'task': task.id}, status=status.HTTP_200_OK)
 
+    @action(methods=['get'], detail=True, url_path='secret')
+    def secret(self, request, *args, **kwargs):
+        instance = self.get_object()
+        serializer = self.get_serializer(instance)
+        return Response(serializer.data)
+
 
 class ChangSecretExecutionViewSet(AutomationExecutionViewSet):
     rbac_perms = (

apps/accounts/api/automations/gather_accounts.py

@@ -20,8 +20,8 @@ __all__ = [
 
 class GatherAccountsAutomationViewSet(OrgBulkModelViewSet):
     model = GatherAccountsAutomation
-    filter_fields = ('name',)
-    search_fields = filter_fields
+    filterset_fields = ('name',)
+    search_fields = filterset_fields
     serializer_class = serializers.GatherAccountAutomationSerializer
 
 

apps/accounts/api/automations/push_account.py

@@ -20,8 +20,8 @@ __all__ = [
 
 class PushAccountAutomationViewSet(OrgBulkModelViewSet):
     model = PushAccountAutomation
-    filter_fields = ('name', 'secret_type', 'secret_strategy')
-    search_fields = filter_fields
+    filterset_fields = ('name', 'secret_type', 'secret_strategy')
+    search_fields = filterset_fields
     serializer_class = serializers.PushAccountAutomationSerializer
 
 

apps/accounts/apps.py

@@ -4,6 +4,7 @@ from django.apps import AppConfig
 class AccountsConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'accounts'
+    verbose_name = 'App Accounts'
 
     def ready(self):
         from . import signal_handlers  # noqa

apps/accounts/automations/backup_account/handlers.py

@@ -3,10 +3,11 @@ import time
 from collections import defaultdict, OrderedDict
 
 from django.conf import settings
+from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 from xlsxwriter import Workbook
 
-from accounts.const.automation import AccountBackupType
+from accounts.const import AccountBackupType
 from accounts.models.automations.backup_account import AccountBackupAutomation
 from accounts.notifications import AccountBackupExecutionTaskMsg, AccountBackupByObjStorageExecutionTaskMsg
 from accounts.serializers import AccountSecretSerializer
@@ -17,7 +18,7 @@ from terminal.models.component.storage import ReplayStorage
 from users.models import User
 
 PATH = os.path.join(os.path.dirname(settings.BASE_DIR), 'tmp')
-
+split_help_text = _('The account key will be split into two parts and sent')
 
 class RecipientsNotFound(Exception):
     pass
@@ -115,8 +116,8 @@ class AssetAccountHandler(BaseAccountHandler):
             data = AccountSecretSerializer(_accounts, many=True).data
             cls.handler_secret(data, section)
             data_map.update(cls.add_rows(data, header_fields, sheet_name))
-
-        print('\n\033[33m- 共备份 {} 条账号\033[0m'.format(accounts.count()))
+        number_of_backup_accounts = _('Number of backup accounts')
+        print('\n\033[33m- {}: {}\033[0m'.format(number_of_backup_accounts, accounts.count()))
         return data_map
 
 
@@ -127,9 +128,10 @@ class AccountBackupHandler:
         self.is_frozen = False  # 任务状态冻结标志
 
     def create_excel(self, section='complete'):
+        hint = _('Generating asset or application related backup information files')
         print(
             '\n'
-            '\033[32m>>> 正在生成资产或应用相关备份信息文件\033[0m'
+            f'\033[32m>>> {hint}\033[0m'
             ''
         )
         # Print task start date
@@ -151,7 +153,9 @@ class AccountBackupHandler:
         wb.close()
         files.append(filename)
         timedelta = round((time.time() - time_start), 2)
-        print('创建备份文件完成: 用时 {}s'.format(timedelta))
+        time_cost = _('Time cost')
+        file_created = _('Backup file creation completed')
+        print('{}: {} {}s'.format(file_created, time_cost, timedelta))
         return files
 
     def send_backup_mail(self, files, recipients):
@@ -160,7 +164,7 @@ class AccountBackupHandler:
         recipients = User.objects.filter(id__in=list(recipients))
         print(
             '\n'
-            '\033[32m>>> 开始发送备份邮件\033[0m'
+            f'\033[32m>>> {_("Start sending backup emails")}\033[0m'
             ''
         )
         plan_name = self.plan_name
@@ -172,7 +176,8 @@ class AccountBackupHandler:
                 encrypt_and_compress_zip_file(attachment, user.secret_key, files)
                 attachment_list = [attachment, ]
             AccountBackupExecutionTaskMsg(plan_name, user).publish(attachment_list)
-            print('邮件已发送至{}({})'.format(user, user.email))
+            email_sent_to = _('Email sent to')
+            print('{} {}({})'.format(email_sent_to, user, user.email))
         for file in files:
             os.remove(file)
 
@@ -182,20 +187,22 @@ class AccountBackupHandler:
         recipients = ReplayStorage.objects.filter(id__in=list(recipients))
         print(
             '\n'
-            '\033[32m>>> 开始发送备份文件到sftp服务器\033[0m'
+            '\033[32m>>> 📃 ---> sftp \033[0m'
             ''
         )
         plan_name = self.plan_name
+        encrypt_file = _('Encrypting files using encryption password')
         for rec in recipients:
             attachment = os.path.join(PATH, f'{plan_name}-{local_now_filename()}-{time.time()}.zip')
             if password:
-                print('\033[32m>>> 使用加密密码对文件进行加密中\033[0m')
+                print(f'\033[32m>>> {encrypt_file}\033[0m')
                 encrypt_and_compress_zip_file(attachment, password, files)
             else:
                 zip_files(attachment, files)
             attachment_list = attachment
             AccountBackupByObjStorageExecutionTaskMsg(plan_name, rec).publish(attachment_list)
-            print('备份文件将发送至{}({})'.format(rec.name, rec.id))
+            file_sent_to = _('The backup file will be sent to')
+            print('{}: {}({})'.format(file_sent_to, rec.name, rec.id))
         for file in files:
             os.remove(file)
 
@@ -203,14 +210,15 @@ class AccountBackupHandler:
         self.execution.reason = reason[:1024]
         self.execution.is_success = is_success
         self.execution.save()
-        print('\n已完成对任务状态的更新\n')
+        finish = _('Finish')
+        print(f'\n{finish}\n')
 
     @staticmethod
     def step_finished(is_success):
         if is_success:
-            print('任务执行成功')
+            print(_('Success'))
         else:
-            print('任务执行失败')
+            print(_('Failed'))
 
     def _run(self):
         is_success = False
@@ -223,8 +231,6 @@ class AccountBackupHandler:
                 self.backup_by_obj_storage()
         except Exception as e:
             self.is_frozen = True
-            print('任务执行被异常中断')
-            print('下面打印发生异常的 Traceback 信息 : ')
             print(e)
             error = str(e)
         else:
@@ -239,15 +245,16 @@ class AccountBackupHandler:
         zip_encrypt_password = AccountBackupAutomation.objects.get(id=object_id).zip_encrypt_password
         obj_recipients_part_one = self.execution.snapshot.get('obj_recipients_part_one', [])
         obj_recipients_part_two = self.execution.snapshot.get('obj_recipients_part_two', [])
+        no_assigned_sftp_server = _('The backup task has no assigned sftp server')
         if not obj_recipients_part_one and not obj_recipients_part_two:
             print(
                 '\n'
-                '\033[31m>>> 该备份任务未分配sftp服务器\033[0m'
+                f'\033[31m>>> {no_assigned_sftp_server}\033[0m'
                 ''
             )
             raise RecipientsNotFound('Not Found Recipients')
         if obj_recipients_part_one and obj_recipients_part_two:
-            print('\033[32m>>> 账号的密钥将被拆分成前后两部分发送\033[0m')
+            print(f'\033[32m>>> {split_help_text}\033[0m')
             files = self.create_excel(section='front')
             self.send_backup_obj_storage(files, obj_recipients_part_one, zip_encrypt_password)
 
@@ -259,17 +266,19 @@ class AccountBackupHandler:
             self.send_backup_obj_storage(files, recipients, zip_encrypt_password)
 
     def backup_by_email(self):
+
+        warn_text = _('The backup task has no assigned recipient')
         recipients_part_one = self.execution.snapshot.get('recipients_part_one', [])
         recipients_part_two = self.execution.snapshot.get('recipients_part_two', [])
         if not recipients_part_one and not recipients_part_two:
             print(
                 '\n'
-                '\033[31m>>> 该备份任务未分配收件人\033[0m'
+                f'\033[31m>>> {warn_text}\033[0m'
                 ''
             )
             raise RecipientsNotFound('Not Found Recipients')
         if recipients_part_one and recipients_part_two:
-            print('\033[32m>>> 账号的密钥将被拆分成前后两部分发送\033[0m')
+            print(f'\033[32m>>> {split_help_text}\033[0m')
             files = self.create_excel(section='front')
             self.send_backup_mail(files, recipients_part_one)
 
@@ -281,15 +290,18 @@ class AccountBackupHandler:
             self.send_backup_mail(files, recipients)
 
     def run(self):
-        print('任务开始: {}'.format(local_now_display()))
+        plan_start = _('Plan start')
+        plan_end = _('Plan end')
+        time_cost = _('Time cost')
+        error = _('An exception occurred during task execution')
+        print('{}: {}'.format(plan_start, local_now_display()))
         time_start = time.time()
         try:
             self._run()
         except Exception as e:
-            print('任务运行出现异常')
-            print('下面显示异常 Traceback 信息: ')
+            print(error)
             print(e)
         finally:
-            print('\n任务结束: {}'.format(local_now_display()))
+            print('\n{}: {}'.format(plan_end, local_now_display()))
             timedelta = round((time.time() - time_start), 2)
-            print('用时: {}s'.format(timedelta))
+            print('{}: {}s'.format(time_cost, timedelta))

apps/accounts/automations/backup_account/manager.py

@@ -3,6 +3,7 @@
 import time
 
 from django.utils import timezone
+from django.utils.translation import gettext_lazy as _
 
 from common.utils.timezone import local_now_display
 from .handlers import AccountBackupHandler
@@ -19,7 +20,8 @@ class AccountBackupManager:
 
     def do_run(self):
         execution = self.execution
-        print('\n\033[33m# 账号备份计划正在执行\033[0m')
+        account_backup_execution_being_executed = _('The account backup plan is being executed')
+        print(f'\n\033[33m# {account_backup_execution_being_executed}\033[0m')
         handler = AccountBackupHandler(execution)
         handler.run()
 
@@ -32,9 +34,11 @@ class AccountBackupManager:
         self.date_end = timezone.now()
 
         print('\n\n' + '-' * 80)
-        print('计划执行结束 {}\n'.format(local_now_display()))
+        plan_execution_end = _('Plan execution end')
+        print('{} {}\n'.format(plan_execution_end, local_now_display()))
         self.timedelta = self.time_end - self.time_start
-        print('用时: {}s'.format(self.timedelta))
+        time_cost = _('Time cost')
+        print('{}: {}s'.format(time_cost, self.timedelta))
         self.execution.timedelta = self.timedelta
         self.execution.save()
 

apps/accounts/automations/change_secret/custom/ssh/main.yml

@@ -13,11 +13,13 @@
         login_password: "{{ jms_account.secret }}"
         login_secret_type: "{{ jms_account.secret_type }}"
         login_private_key_path: "{{ jms_account.private_key_path }}"
-        become: "{{ custom_become | default(False) }}"
-        become_method: "{{ custom_become_method | default('su') }}"
-        become_user: "{{ custom_become_user | default('') }}"
-        become_password: "{{ custom_become_password | default('') }}"
-        become_private_key_path: "{{ custom_become_private_key_path | default(None) }}"
+        become: "{{ jms_custom_become | default(False) }}"
+        become_method: "{{ jms_custom_become_method | default('su') }}"
+        become_user: "{{ jms_custom_become_user | default('') }}"
+        become_password: "{{ jms_custom_become_password | default('') }}"
+        become_private_key_path: "{{ jms_custom_become_private_key_path | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
+        gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
       register: ping_info
       delegate_to: localhost
 
@@ -29,11 +31,11 @@
         login_port: "{{ jms_asset.port }}"
         login_secret_type: "{{ jms_account.secret_type }}"
         login_private_key_path: "{{ jms_account.private_key_path }}"
-        become: "{{ custom_become | default(False) }}"
-        become_method: "{{ custom_become_method | default('su') }}"
-        become_user: "{{ custom_become_user | default('') }}"
-        become_password: "{{ custom_become_password | default('') }}"
-        become_private_key_path: "{{ custom_become_private_key_path | default(None) }}"
+        become: "{{ jms_custom_become | default(False) }}"
+        become_method: "{{ jms_custom_become_method | default('su') }}"
+        become_user: "{{ jms_custom_become_user | default('') }}"
+        become_password: "{{ jms_custom_become_password | default('') }}"
+        become_private_key_path: "{{ jms_custom_become_private_key_path | default(None) }}"
         name: "{{ account.username }}"
         password: "{{ account.secret }}"
         commands: "{{ params.commands }}"
@@ -54,4 +56,6 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
+        gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"
       delegate_to: localhost

apps/accounts/automations/change_secret/host/aix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,5 +96,6 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost

apps/accounts/automations/change_secret/host/posix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,5 +96,6 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost

apps/accounts/automations/change_secret/manager.py

@@ -7,9 +7,9 @@ from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from xlsxwriter import Workbook
 
-from accounts.const import AutomationTypes, SecretType, SSHKeyStrategy, SecretStrategy
-from accounts.models import ChangeSecretRecord
-from accounts.notifications import ChangeSecretExecutionTaskMsg
+from accounts.const import AutomationTypes, SecretType, SSHKeyStrategy, SecretStrategy, ChangeSecretRecordStatusChoice
+from accounts.models import ChangeSecretRecord, BaseAccountQuerySet
+from accounts.notifications import ChangeSecretExecutionTaskMsg, ChangeSecretFailedMsg
 from accounts.serializers import ChangeSecretRecordBackUpSerializer
 from assets.const import HostTypes
 from common.utils import get_logger
@@ -27,7 +27,7 @@ class ChangeSecretManager(AccountBasePlaybookManager):
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self.record_id = self.execution.snapshot.get('record_id')
+        self.record_map = self.execution.snapshot.get('record_map', {})
         self.secret_type = self.execution.snapshot.get('secret_type')
         self.secret_strategy = self.execution.snapshot.get(
             'secret_strategy', SecretStrategy.custom
@@ -68,10 +68,10 @@ class ChangeSecretManager(AccountBasePlaybookManager):
         else:
             return self.secret_generator(secret_type).get_secret()
 
-    def get_accounts(self, privilege_account):
+    def get_accounts(self, privilege_account) -> BaseAccountQuerySet | None:
         if not privilege_account:
-            print(f'not privilege account')
-            return []
+            print('Not privilege account')
+            return
 
         asset = privilege_account.asset
         accounts = asset.accounts.all()
@@ -97,10 +97,9 @@ class ChangeSecretManager(AccountBasePlaybookManager):
             return host
 
         accounts = self.get_accounts(account)
+        error_msg = _("No pending accounts found")
         if not accounts:
-            print('没有发现待处理的账号: %s 用户ID: %s 类型: %s' % (
-                asset.name, self.account_ids, self.secret_type
-            ))
+            print(f'{asset}: {error_msg}')
             return []
 
         records = []
@@ -109,6 +108,9 @@ class ChangeSecretManager(AccountBasePlaybookManager):
             print(f'Windows {asset} does not support ssh key push')
             return inventory_hosts
 
+        if asset.type == HostTypes.WINDOWS:
+            accounts = accounts.filter(secret_type=SecretType.PASSWORD)
+
         host['ssh_params'] = {}
         for account in accounts:
             h = deepcopy(host)
@@ -123,14 +125,20 @@ class ChangeSecretManager(AccountBasePlaybookManager):
                 print(f'new_secret is None, account: {account}')
                 continue
 
-            if self.record_id is None:
+            asset_account_id = f'{asset.id}-{account.id}'
+            if asset_account_id not in self.record_map:
                 recorder = ChangeSecretRecord(
                     asset=asset, account=account, execution=self.execution,
                     old_secret=account.secret, new_secret=new_secret,
                 )
                 records.append(recorder)
             else:
-                recorder = ChangeSecretRecord.objects.get(id=self.record_id)
+                record_id = self.record_map[asset_account_id]
+                try:
+                    recorder = ChangeSecretRecord.objects.get(id=record_id)
+                except ChangeSecretRecord.DoesNotExist:
+                    print(f"Record {record_id} not found")
+                    continue
 
             self.name_recorder_mapper[h['name']] = recorder
 
@@ -158,25 +166,43 @@ class ChangeSecretManager(AccountBasePlaybookManager):
         recorder = self.name_recorder_mapper.get(host)
         if not recorder:
             return
-        recorder.status = 'success'
+        recorder.status = ChangeSecretRecordStatusChoice.success.value
         recorder.date_finished = timezone.now()
-        recorder.save()
+
         account = recorder.account
         if not account:
             print("Account not found, deleted ?")
             return
         account.secret = recorder.new_secret
         account.date_updated = timezone.now()
-        account.save(update_fields=['secret', 'date_updated'])
+
+        max_retries = 3
+        retry_count = 0
+
+        while retry_count < max_retries:
+            try:
+                recorder.save()
+                account.save(update_fields=['secret', 'version', 'date_updated'])
+                break
+            except Exception as e:
+                retry_count += 1
+                if retry_count == max_retries:
+                    self.on_host_error(host, str(e), result)
+                else:
+                    print(f'retry {retry_count} times for {host} recorder save error: {e}')
+                    time.sleep(1)
 
     def on_host_error(self, host, error, result):
         recorder = self.name_recorder_mapper.get(host)
         if not recorder:
             return
-        recorder.status = 'failed'
+        recorder.status = ChangeSecretRecordStatusChoice.failed.value
         recorder.date_finished = timezone.now()
         recorder.error = error
-        recorder.save()
+        try:
+            recorder.save()
+        except Exception as e:
+            print(f"\033[31m Save {host} recorder error: {e} \033[0m\n")
 
     def on_runner_failed(self, runner, e):
         logger.error("Account error: ", e)
@@ -192,7 +218,7 @@ class ChangeSecretManager(AccountBasePlaybookManager):
     def get_summary(recorders):
         total, succeed, failed = 0, 0, 0
         for recorder in recorders:
-            if recorder.status == 'success':
+            if recorder.status == ChangeSecretRecordStatusChoice.success.value:
                 succeed += 1
             else:
                 failed += 1
@@ -203,24 +229,44 @@ class ChangeSecretManager(AccountBasePlaybookManager):
 
     def run(self, *args, **kwargs):
         if self.secret_type and not self.check_secret():
+            self.execution.status = 'success'
+            self.execution.date_finished = timezone.now()
+            self.execution.save()
             return
         super().run(*args, **kwargs)
         recorders = list(self.name_recorder_mapper.values())
         summary = self.get_summary(recorders)
         print(summary, end='')
 
-        if self.record_id:
+        if self.record_map:
             return
 
-        self.send_recorder_mail(recorders, summary)
+        failed_recorders = [
+            r for r in recorders
+            if r.status == ChangeSecretRecordStatusChoice.failed.value
+        ]
 
-    def send_recorder_mail(self, recorders, summary):
         recipients = self.execution.recipients
-        if not recorders or not recipients:
+        recipients = User.objects.filter(id__in=list(recipients.keys()))
+        if not recipients:
             return
 
-        recipients = User.objects.filter(id__in=list(recipients.keys()))
+        if failed_recorders:
+            name = self.execution.snapshot.get('name')
+            execution_id = str(self.execution.id)
+            _ids = [r.id for r in failed_recorders]
+            asset_account_errors = ChangeSecretRecord.objects.filter(
+                id__in=_ids).values_list('asset__name', 'account__username', 'error')
 
+            for user in recipients:
+                ChangeSecretFailedMsg(name, execution_id, user, asset_account_errors).publish()
+
+        if not recorders:
+            return
+
+        self.send_recorder_mail(recipients, recorders, summary)
+
+    def send_recorder_mail(self, recipients, recorders, summary):
         name = self.execution.snapshot['name']
         path = os.path.join(os.path.dirname(settings.BASE_DIR), 'tmp')
         filename = os.path.join(path, f'{name}-{local_now_filename()}-{time.time()}.xlsx')

apps/accounts/automations/gather_accounts/manager.py

@@ -51,14 +51,22 @@ class GatherAccountsManager(AccountBasePlaybookManager):
         data = self.generate_data(asset, result)
         self.asset_account_info[asset] = data
 
+    @staticmethod
+    def get_nested_info(data, *keys):
+        for key in keys:
+            data = data.get(key, {})
+            if not data:
+                break
+        return data
+
     def on_host_success(self, host, result):
-        info = result.get('debug', {}).get('res', {}).get('info', {})
+        info = self.get_nested_info(result, 'debug', 'res', 'info')
         asset = self.host_asset_mapper.get(host)
         if asset and info:
             result = self.filter_success_result(asset.type, info)
             self.collect_asset_account_info(asset, result)
         else:
-            logger.error(f'Not found {host} info')
+            print(f'\033[31m Not found {host} info \033[0m\n')
 
     def update_or_create_accounts(self):
         for asset, data in self.asset_account_info.items():

apps/accounts/automations/push_account/host/aix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,6 +96,7 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost
 

apps/accounts/automations/push_account/host/posix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,6 +96,7 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost
 

apps/accounts/automations/remove_account/database/mysql/main.yml

@@ -2,6 +2,7 @@
   gather_facts: no
   vars:
     ansible_python_interpreter: /opt/py3/bin/python
+    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
 
   tasks:
     - name: "Remove account"

apps/accounts/automations/remove_account/host/posix/main.yml

@@ -12,11 +12,13 @@
         path: "{{ user_home_dir.stdout }}"
       register: home_dir
       when: user_home_dir.stdout != ""
+      ignore_errors: yes
 
     - name: "Rename user home directory if it exists"
       ansible.builtin.command:
         cmd: "mv {{ user_home_dir.stdout }} {{ user_home_dir.stdout }}.bak"
       when: home_dir.stat | default(false) and user_home_dir.stdout != ""
+      ignore_errors: yes
 
     - name: "Remove account"
       ansible.builtin.user:

apps/accounts/automations/remove_account/host/windows/main.yml

@@ -4,6 +4,4 @@
     - name: "Remove account"
       ansible.windows.win_user:
         name: "{{ account.username }}"
-        state: absent
-        purge: yes
-        force: yes
+        state: absent

apps/accounts/automations/remove_account/manager.py

@@ -60,8 +60,11 @@ class RemoveAccountManager(AccountBasePlaybookManager):
         if not tuple_asset_gather_account:
             return
         asset, gather_account = tuple_asset_gather_account
-        Account.objects.filter(
-            asset_id=asset.id,
-            username=gather_account.username
-        ).delete()
-        gather_account.delete()
+        try:
+            Account.objects.filter(
+                asset_id=asset.id,
+                username=gather_account.username
+            ).delete()
+            gather_account.delete()
+        except Exception as e:
+            print(f'\033[31m Delete account {gather_account.username} failed: {e} \033[0m\n')

apps/accounts/automations/verify_account/custom/rdp/main.yml

@@ -3,6 +3,7 @@
   vars:
     ansible_shell_type: sh
     ansible_connection: local
+    ansible_python_interpreter: /opt/py3/bin/python
 
   tasks:
     - name: Verify account (pyfreerdp)

apps/accounts/automations/verify_account/custom/ssh/main.yml

@@ -19,3 +19,5 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
+        gateway_args: "{{ jms_asset.ansible_ssh_common_args | default(None) }}"

apps/accounts/automations/verify_account/manager.py

@@ -76,8 +76,14 @@ class VerifyAccountManager(AccountBasePlaybookManager):
 
     def on_host_success(self, host, result):
         account = self.host_account_mapper.get(host)
-        account.set_connectivity(Connectivity.OK)
+        try:
+            account.set_connectivity(Connectivity.OK)
+        except Exception as e:
+            print(f'\033[31m Update account {account.name} connectivity failed: {e} \033[0m\n')
 
     def on_host_error(self, host, error, result):
         account = self.host_account_mapper.get(host)
-        account.set_connectivity(Connectivity.ERR)
+        try:
+            account.set_connectivity(Connectivity.ERR)
+        except Exception as e:
+            print(f'\033[31m Update account {account.name} connectivity failed: {e} \033[0m\n')

apps/accounts/const/account.py

@@ -15,6 +15,7 @@ class AliasAccount(TextChoices):
     INPUT = '@INPUT', _('Manual input')
     USER = '@USER', _('Dynamic user')
     ANON = '@ANON', _('Anonymous account')
+    SPEC = '@SPEC', _('Specified account')
 
     @classmethod
     def virtual_choices(cls):

apps/accounts/const/automation.py

@@ -16,7 +16,7 @@ DEFAULT_PASSWORD_RULES = {
 __all__ = [
     'AutomationTypes', 'SecretStrategy', 'SSHKeyStrategy', 'Connectivity',
     'DEFAULT_PASSWORD_LENGTH', 'DEFAULT_PASSWORD_RULES', 'TriggerChoice',
-    'PushAccountActionChoice', 'AccountBackupType'
+    'PushAccountActionChoice', 'AccountBackupType', 'ChangeSecretRecordStatusChoice',
 ]
 
 
@@ -103,3 +103,9 @@ class AccountBackupType(models.TextChoices):
     email = 'email', _('Email')
     # 目前只支持sftp方式
     object_storage = 'object_storage', _('SFTP')
+
+
+class ChangeSecretRecordStatusChoice(models.TextChoices):
+    failed = 'failed', _('Failed')
+    success = 'success', _('Success')
+    pending = 'pending', _('Pending')

apps/accounts/filters.py

@@ -5,7 +5,7 @@ from django_filters import rest_framework as drf_filters
 
 from assets.models import Node
 from common.drf.filters import BaseFilterSet
-from .models import Account, GatheredAccount
+from .models import Account, GatheredAccount, ChangeSecretRecord
 
 
 class AccountFilterSet(BaseFilterSet):
@@ -61,3 +61,13 @@ class GatheredAccountFilterSet(BaseFilterSet):
     class Meta:
         model = GatheredAccount
         fields = ['id', 'username']
+
+
+class ChangeSecretRecordFilterSet(BaseFilterSet):
+    asset_name = drf_filters.CharFilter(field_name='asset__name', lookup_expr='icontains')
+    account_username = drf_filters.CharFilter(field_name='account__username', lookup_expr='icontains')
+    execution_id = drf_filters.CharFilter(field_name='execution_id', lookup_expr='exact')
+
+    class Meta:
+        model = ChangeSecretRecord
+        fields = ['id', 'status', 'asset_id', 'execution']

apps/accounts/migrations/0001_initial.py

@@ -1,10 +1,8 @@
-# Generated by Django 3.2.14 on 2022-12-28 07:29
+# Generated by Django 4.1.13 on 2024-05-09 03:16
 
 import uuid
 
-import django.db.models.deletion
 import simple_history.models
-from django.conf import settings
 from django.db import migrations, models
 
 import common.db.encoder
@@ -12,11 +10,10 @@ import common.db.fields
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('assets', '0098_auto_20220430_2126'),
     ]
 
     operations = [
@@ -29,63 +26,65 @@ class Migration(migrations.Migration):
                 ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
                 ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
                 ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('org_id',
-                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('connectivity',
-                 models.CharField(choices=[('-', 'Unknown'), ('ok', 'Ok'), ('err', 'Error')], default='-',
-                                  max_length=16, verbose_name='Connectivity')),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('connectivity', models.CharField(choices=[('-', 'Unknown'), ('ok', 'OK'), ('err', 'Error')], default='-', max_length=16, verbose_name='Connectivity')),
                 ('date_verified', models.DateTimeField(null=True, verbose_name='Date verified')),
+                ('_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
                 ('name', models.CharField(max_length=128, verbose_name='Name')),
                 ('username', models.CharField(blank=True, db_index=True, max_length=128, verbose_name='Username')),
-                ('secret_type', models.CharField(
-                    choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
-                             ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
-                    verbose_name='Secret type')),
-                ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
+                ('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
                 ('privileged', models.BooleanField(default=False, verbose_name='Privileged')),
                 ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
                 ('version', models.IntegerField(default=0, verbose_name='Version')),
                 ('source', models.CharField(default='local', max_length=30, verbose_name='Source')),
-                ('asset', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='accounts',
-                                            to='assets.asset', verbose_name='Asset')),
-                ('su_from',
-                 models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='su_to',
-                                   to='accounts.account', verbose_name='Su from')),
+                ('source_id', models.CharField(blank=True, max_length=128, null=True, verbose_name='Source ID')),
             ],
             options={
                 'verbose_name': 'Account',
-                'permissions': [('view_accountsecret', 'Can view asset account secret'),
-                                ('view_historyaccount', 'Can view asset history account'),
-                                ('view_historyaccountsecret', 'Can view asset history account secret')],
-                'unique_together': {('username', 'asset', 'secret_type'), ('name', 'asset')},
+                'permissions': [('view_accountsecret', 'Can view asset account secret'), ('view_historyaccount', 'Can view asset history account'), ('view_historyaccountsecret', 'Can view asset history account secret'), ('verify_account', 'Can verify account'), ('push_account', 'Can push account'), ('remove_account', 'Can remove account')],
             },
         ),
         migrations.CreateModel(
-            name='HistoricalAccount',
+            name='AccountBackupAutomation',
             fields=[
-                ('id', models.UUIDField(db_index=True, default=uuid.uuid4)),
-                ('secret_type', models.CharField(
-                    choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
-                             ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
-                    verbose_name='Secret type')),
-                ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
-                ('version', models.IntegerField(default=0, verbose_name='Version')),
-                ('history_id', models.AutoField(primary_key=True, serialize=False)),
-                ('history_date', models.DateTimeField(db_index=True)),
-                ('history_change_reason', models.CharField(max_length=100, null=True)),
-                ('history_type',
-                 models.CharField(choices=[('+', 'Created'), ('~', 'Changed'), ('-', 'Deleted')], max_length=1)),
-                ('history_user',
-                 models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+',
-                                   to=settings.AUTH_USER_MODEL)),
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('is_periodic', models.BooleanField(default=False, verbose_name='Periodic run')),
+                ('interval', models.IntegerField(blank=True, default=24, null=True, verbose_name='Interval')),
+                ('crontab', models.CharField(blank=True, max_length=128, null=True, verbose_name='Crontab')),
+                ('types', models.JSONField(default=list)),
+                ('backup_type', models.CharField(choices=[('email', 'Email'), ('object_storage', 'SFTP')], default='email', max_length=128, verbose_name='Backup type')),
+                ('is_password_divided_by_email', models.BooleanField(default=True, verbose_name='Password divided')),
+                ('is_password_divided_by_obj_storage', models.BooleanField(default=True, verbose_name='Password divided')),
+                ('zip_encrypt_password', common.db.fields.EncryptCharField(blank=True, max_length=4096, null=True, verbose_name='Zip encrypt password')),
             ],
             options={
-                'verbose_name': 'historical Account',
-                'verbose_name_plural': 'historical Accounts',
-                'ordering': ('-history_date', '-history_id'),
-                'get_latest_by': ('history_date', 'history_id'),
+                'verbose_name': 'Account backup plan',
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='AccountBackupExecution',
+            fields=[
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('date_start', models.DateTimeField(auto_now_add=True, verbose_name='Date start')),
+                ('timedelta', models.FloatField(default=0.0, null=True, verbose_name='Time')),
+                ('snapshot', models.JSONField(blank=True, default=dict, encoder=common.db.encoder.ModelJSONFieldEncoder, null=True, verbose_name='Account backup snapshot')),
+                ('trigger', models.CharField(choices=[('manual', 'Manual trigger'), ('timing', 'Timing trigger')], default='manual', max_length=128, verbose_name='Trigger mode')),
+                ('reason', models.CharField(blank=True, max_length=1024, null=True, verbose_name='Reason')),
+                ('is_success', models.BooleanField(default=False, verbose_name='Is success')),
+            ],
+            options={
+                'verbose_name': 'Account backup execution',
+                'ordering': ('-date_start',),
             },
-            bases=(simple_history.models.HistoricalChanges, models.Model),
         ),
         migrations.CreateModel(
             name='AccountTemplate',
@@ -96,23 +95,96 @@ class Migration(migrations.Migration):
                 ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
                 ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
                 ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('org_id',
-                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
+                ('secret_strategy', models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy')),
+                ('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
                 ('name', models.CharField(max_length=128, verbose_name='Name')),
                 ('username', models.CharField(blank=True, db_index=True, max_length=128, verbose_name='Username')),
-                ('secret_type', models.CharField(
-                    choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
-                             ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
-                    verbose_name='Secret type')),
-                ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
+                ('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
                 ('privileged', models.BooleanField(default=False, verbose_name='Privileged')),
                 ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('auto_push', models.BooleanField(default=False, verbose_name='Auto push')),
+                ('push_params', models.JSONField(default=dict, verbose_name='Push params')),
             ],
             options={
                 'verbose_name': 'Account template',
-                'permissions': [('view_accounttemplatesecret', 'Can view asset account template secret'),
-                                ('change_accounttemplatesecret', 'Can change asset account template secret')],
-                'unique_together': {('name', 'org_id')},
+                'permissions': [('view_accounttemplatesecret', 'Can view asset account template secret')],
             },
         ),
+        migrations.CreateModel(
+            name='ChangeSecretRecord',
+            fields=[
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('old_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Old secret')),
+                ('new_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='New secret')),
+                ('date_started', models.DateTimeField(blank=True, null=True, verbose_name='Date started')),
+                ('date_finished', models.DateTimeField(blank=True, null=True, verbose_name='Date finished')),
+                ('status', models.CharField(default='pending', max_length=16, verbose_name='Status')),
+                ('error', models.TextField(blank=True, null=True, verbose_name='Error')),
+            ],
+            options={
+                'verbose_name': 'Change secret record',
+                'ordering': ('-date_created',),
+            },
+        ),
+        migrations.CreateModel(
+            name='GatheredAccount',
+            fields=[
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('present', models.BooleanField(default=True, verbose_name='Present')),
+                ('date_last_login', models.DateTimeField(null=True, verbose_name='Date login')),
+                ('username', models.CharField(blank=True, db_index=True, max_length=32, verbose_name='Username')),
+                ('address_last_login', models.CharField(default='', max_length=39, verbose_name='Address login')),
+            ],
+            options={
+                'verbose_name': 'Gather asset accounts',
+                'ordering': ['asset'],
+            },
+        ),
+        migrations.CreateModel(
+            name='HistoricalAccount',
+            fields=[
+                ('id', models.UUIDField(db_index=True, default=uuid.uuid4)),
+                ('_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
+                ('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
+                ('version', models.IntegerField(default=0, verbose_name='Version')),
+                ('history_id', models.AutoField(primary_key=True, serialize=False)),
+                ('history_date', models.DateTimeField(db_index=True)),
+                ('history_change_reason', models.CharField(max_length=100, null=True)),
+                ('history_type', models.CharField(choices=[('+', 'Created'), ('~', 'Changed'), ('-', 'Deleted')], max_length=1)),
+            ],
+            options={
+                'verbose_name': 'historical Account',
+                'verbose_name_plural': 'historical Accounts',
+                'ordering': ('-history_date', '-history_id'),
+                'get_latest_by': ('history_date', 'history_id'),
+            },
+            bases=(simple_history.models.HistoricalChanges, models.Model),
+        ),
+        migrations.CreateModel(
+            name='VirtualAccount',
+            fields=[
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('alias', models.CharField(choices=[('@INPUT', 'Manual input'), ('@USER', 'Dynamic user'), ('@ANON', 'Anonymous account'), ('@SPEC', 'Specified account')], max_length=128, verbose_name='Alias')),
+                ('secret_from_login', models.BooleanField(default=None, null=True, verbose_name='Secret from login')),
+            ],
+            options={'verbose_name': 'Virtual account'},
+        ),
     ]

apps/accounts/migrations/0002_auto_20220616_0021.py

@@ -1,44 +1,103 @@
-# Generated by Django 3.2.14 on 2022-12-28 10:39
+# Generated by Django 4.1.13 on 2024-05-09 03:16
 
-import common.db.encoder
-import common.db.fields
-from django.conf import settings
-from django.db import migrations, models
 import django.db.models.deletion
-import uuid
+from django.db import migrations, models
+
+import common.db.fields
 
 
 class Migration(migrations.Migration):
+
+    initial = True
+
     dependencies = [
-        ('assets', '0106_auto_20221228_1838'),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('assets', '0001_initial'),
         ('accounts', '0001_initial'),
     ]
 
     operations = [
         migrations.CreateModel(
-            name='AccountBackupAutomation',
+            name='AccountBaseAutomation',
             fields=[
-                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
-                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
-                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
-                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('org_id',
-                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('name', models.CharField(max_length=128, verbose_name='Name')),
-                ('is_periodic', models.BooleanField(default=False, verbose_name='Periodic perform')),
-                ('interval', models.IntegerField(blank=True, default=24, null=True, verbose_name='Cycle perform')),
-                ('crontab', models.CharField(blank=True, max_length=128, null=True, verbose_name='Regularly perform')),
-                ('types', models.JSONField(default=list)),
-                ('recipients', models.ManyToManyField(blank=True, related_name='recipient_escape_route_plans',
-                                                      to=settings.AUTH_USER_MODEL, verbose_name='Recipient')),
             ],
             options={
-                'verbose_name': 'Account backup plan',
-                'ordering': ['name'],
-                'unique_together': {('name', 'org_id')},
+                'verbose_name': 'Account automation task',
+                'proxy': True,
+                'indexes': [],
+                'constraints': [],
             },
-        )
+            bases=('assets.baseautomation',),
+        ),
+        migrations.CreateModel(
+            name='AutomationExecution',
+            fields=[
+            ],
+            options={
+                'verbose_name': 'Automation execution',
+                'verbose_name_plural': 'Automation executions',
+                'permissions': [('view_changesecretexecution', 'Can view change secret execution'), ('add_changesecretexecution', 'Can add change secret execution'), ('view_gatheraccountsexecution', 'Can view gather accounts execution'), ('add_gatheraccountsexecution', 'Can add gather accounts execution'), ('view_pushaccountexecution', 'Can view push account execution'), ('add_pushaccountexecution', 'Can add push account execution')],
+                'proxy': True,
+                'indexes': [],
+                'constraints': [],
+            },
+            bases=('assets.automationexecution',),
+        ),
+        migrations.CreateModel(
+            name='ChangeSecretAutomation',
+            fields=[
+                ('baseautomation_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='assets.baseautomation')),
+                ('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
+                ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
+                ('secret_strategy', models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy')),
+                ('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
+                ('ssh_key_change_strategy', models.CharField(choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'), ('set_jms', 'Replace (Replace only keys pushed by JumpServer) ')], default='add', max_length=16, verbose_name='SSH key change strategy')),
+            ],
+            options={
+                'verbose_name': 'Change secret automation',
+            },
+            bases=('accounts.accountbaseautomation', models.Model),
+        ),
+        migrations.CreateModel(
+            name='GatherAccountsAutomation',
+            fields=[
+                ('baseautomation_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='assets.baseautomation')),
+                ('is_sync_account', models.BooleanField(blank=True, default=False, verbose_name='Is sync account')),
+            ],
+            options={
+                'verbose_name': 'Gather account automation',
+            },
+            bases=('accounts.accountbaseautomation',),
+        ),
+        migrations.CreateModel(
+            name='PushAccountAutomation',
+            fields=[
+                ('baseautomation_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='assets.baseautomation')),
+                ('secret_type', models.CharField(choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'), ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16, verbose_name='Secret type')),
+                ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
+                ('secret_strategy', models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy')),
+                ('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
+                ('ssh_key_change_strategy', models.CharField(choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'), ('set_jms', 'Replace (Replace only keys pushed by JumpServer) ')], default='add', max_length=16, verbose_name='SSH key change strategy')),
+                ('triggers', models.JSONField(default=list, max_length=16, verbose_name='Triggers')),
+                ('username', models.CharField(max_length=128, verbose_name='Username')),
+                ('action', models.CharField(max_length=16, verbose_name='Action')),
+            ],
+            options={
+                'verbose_name': 'Push asset account',
+            },
+            bases=('accounts.accountbaseautomation', models.Model),
+        ),
+        migrations.CreateModel(
+            name='VerifyAccountAutomation',
+            fields=[
+                ('baseautomation_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='assets.baseautomation')),
+            ],
+            options={
+                'verbose_name': 'Verify asset account',
+            },
+            bases=('accounts.accountbaseautomation',),
+        ),
+        migrations.AlterUniqueTogether(
+            name='virtualaccount',
+            unique_together={('alias', 'org_id')},
+        ),
     ]

apps/accounts/migrations/0003_automation.py

@@ -1,198 +1,116 @@
-# Generated by Django 3.2.16 on 2022-12-30 08:08
+# Generated by Django 4.1.13 on 2024-05-09 03:16
 
-import uuid
-
-import django.db.models.deletion
 from django.conf import settings
 from django.db import migrations, models
-
-import common.db.encoder
-import common.db.fields
+import django.db.models.deletion
 
 
 class Migration(migrations.Migration):
+
+    initial = True
+
     dependencies = [
-        ('assets', '0107_automation'),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('assets', '0001_initial'),
+        ('terminal', '0001_initial'),
         ('accounts', '0002_auto_20220616_0021'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
-        migrations.CreateModel(
-            name='AccountBaseAutomation',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Account automation task',
-                'proxy': True,
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('assets.baseautomation',),
+        migrations.AddField(
+            model_name='historicalaccount',
+            name='history_user',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='+', to=settings.AUTH_USER_MODEL),
         ),
-        migrations.CreateModel(
-            name='AutomationExecution',
-            fields=[
-            ],
-            options={
-                'verbose_name': 'Automation execution',
-                'verbose_name_plural': 'Automation executions',
-                'permissions': [('view_changesecretexecution', 'Can view change secret execution'),
-                                ('add_changesecretexecution', 'Can add change secret execution'),
-                                ('view_gatheraccountsexecution', 'Can view gather accounts execution'),
-                                ('add_gatheraccountsexecution', 'Can add gather accounts execution')],
-                'proxy': True,
-                'indexes': [],
-                'constraints': [],
-            },
-            bases=('assets.automationexecution',),
+        migrations.AddField(
+            model_name='gatheredaccount',
+            name='asset',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='assets.asset', verbose_name='Asset'),
         ),
-        migrations.CreateModel(
-            name='PushAccountAutomation',
-            fields=[
-                ('baseautomation_ptr',
-                 models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True,
-                                      primary_key=True, serialize=False, to='assets.baseautomation')),
-                ('secret_type', models.CharField(
-                    choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
-                             ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
-                    verbose_name='Secret type')),
-                ('secret_strategy', models.CharField(choices=[('specific', 'Specific password'),
-                                                              ('random_one', 'All assets use the same random password'),
-                                                              ('random_all',
-                                                               'All assets use different random password')],
-                                                     default='specific', max_length=16,
-                                                     verbose_name='Secret strategy')),
-                ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
-                ('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
-                ('ssh_key_change_strategy', models.CharField(
-                    choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'),
-                             ('set_jms', 'Replace (The key generated by JumpServer) ')], default='add', max_length=16,
-                    verbose_name='SSH key change strategy')),
-                ('triggers', models.JSONField(default=list, max_length=16, verbose_name='Triggers')),
-                ('username', models.CharField(max_length=128, verbose_name='Username')),
-                ('action', models.CharField(max_length=16, verbose_name='Action')),
-            ],
-            options={
-                'verbose_name': 'Push asset account',
-            },
-            bases=('accounts.accountbaseautomation', models.Model),
+        migrations.AddField(
+            model_name='changesecretrecord',
+            name='account',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, to='accounts.account'),
         ),
-
-        migrations.CreateModel(
-            name='GatherAccountsAutomation',
-            fields=[
-                ('baseautomation_ptr',
-                 models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True,
-                                      primary_key=True, serialize=False, to='assets.baseautomation')),
-            ],
-            options={
-                'verbose_name': 'Gather asset accounts',
-            },
-            bases=('accounts.accountbaseautomation',),
+        migrations.AddField(
+            model_name='changesecretrecord',
+            name='asset',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, to='assets.asset'),
         ),
-        migrations.CreateModel(
-            name='VerifyAccountAutomation',
-            fields=[
-                ('baseautomation_ptr',
-                 models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True,
-                                      primary_key=True, serialize=False, to='assets.baseautomation')),
-            ],
-            options={
-                'verbose_name': 'Verify asset account',
-            },
-            bases=('accounts.accountbaseautomation',),
+        migrations.AddField(
+            model_name='changesecretrecord',
+            name='execution',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='accounts.automationexecution'),
         ),
-        migrations.CreateModel(
-            name='ChangeSecretRecord',
-            fields=[
-                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
-                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
-                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
-                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('old_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Old secret')),
-                ('new_secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='New secret')),
-                ('date_started', models.DateTimeField(blank=True, null=True, verbose_name='Date started')),
-                ('date_finished', models.DateTimeField(blank=True, null=True, verbose_name='Date finished')),
-                ('status', models.CharField(default='pending', max_length=16, verbose_name='Status')),
-                ('error', models.TextField(blank=True, null=True, verbose_name='Error')),
-                ('account',
-                 models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, to='accounts.account')),
-                ('asset', models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, to='assets.asset')),
-                ('execution',
-                 models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='accounts.automationexecution')),
-            ],
-            options={
-                'verbose_name': 'Change secret record',
-            },
+        migrations.AddField(
+            model_name='accounttemplate',
+            name='platforms',
+            field=models.ManyToManyField(blank=True, related_name='account_templates', to='assets.platform', verbose_name='Platforms'),
         ),
-        migrations.CreateModel(
-            name='AccountBackupExecution',
-            fields=[
-                ('org_id',
-                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('date_start', models.DateTimeField(auto_now_add=True, verbose_name='Date start')),
-                ('timedelta', models.FloatField(default=0.0, null=True, verbose_name='Time')),
-                ('plan_snapshot',
-                 models.JSONField(blank=True, default=dict, encoder=common.db.encoder.ModelJSONFieldEncoder, null=True,
-                                  verbose_name='Account backup snapshot')),
-                ('trigger', models.CharField(choices=[('manual', 'Manual trigger'), ('timing', 'Timing trigger')],
-                                             default='manual', max_length=128, verbose_name='Trigger mode')),
-                ('reason', models.CharField(blank=True, max_length=1024, null=True, verbose_name='Reason')),
-                ('is_success', models.BooleanField(default=False, verbose_name='Is success')),
-                ('plan', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='execution',
-                                           to='accounts.accountbackupautomation', verbose_name='Account backup plan')),
-            ],
-            options={
-                'verbose_name': 'Account backup execution',
-                'ordering': ('-date_start',),
-            },
+        migrations.AddField(
+            model_name='accounttemplate',
+            name='su_from',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='su_to', to='accounts.accounttemplate', verbose_name='Su from'),
         ),
-        migrations.CreateModel(
-            name='ChangeSecretAutomation',
-            fields=[
-                ('baseautomation_ptr',
-                 models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True,
-                                      primary_key=True, serialize=False, to='assets.baseautomation')),
-                ('secret_type', models.CharField(
-                    choices=[('password', 'Password'), ('ssh_key', 'SSH key'), ('access_key', 'Access key'),
-                             ('token', 'Token'), ('api_key', 'API key')], default='password', max_length=16,
-                    verbose_name='Secret type')),
-                ('secret_strategy', models.CharField(choices=[('specific', 'Specific password'),
-                                                              ('random_one', 'All assets use the same random password'),
-                                                              ('random_all',
-                                                               'All assets use different random password')],
-                                                     default='specific', max_length=16,
-                                                     verbose_name='Secret strategy')),
-                ('secret', common.db.fields.EncryptTextField(blank=True, null=True, verbose_name='Secret')),
-                ('password_rules', models.JSONField(default=dict, verbose_name='Password rules')),
-                ('ssh_key_change_strategy', models.CharField(
-                    choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'),
-                             ('set_jms', 'Replace (The key generated by JumpServer) ')], default='add', max_length=16,
-                    verbose_name='SSH key change strategy')),
-                ('recipients',
-                 models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Recipient')),
-            ],
-            options={
-                'verbose_name': 'Change secret automation',
-            },
-            bases=('accounts.accountbaseautomation', models.Model),
+        migrations.AddField(
+            model_name='accountbackupexecution',
+            name='plan',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='execution', to='accounts.accountbackupautomation', verbose_name='Account backup plan'),
         ),
-        migrations.AlterModelOptions(
-            name='automationexecution',
-            options={'permissions': [('view_changesecretexecution', 'Can view change secret execution'),
-                                     ('add_changesecretexecution', 'Can add change secret execution'),
-                                     ('view_gatheraccountsexecution', 'Can view gather accounts execution'),
-                                     ('add_gatheraccountsexecution', 'Can add gather accounts execution'),
-                                     ('view_pushaccountexecution', 'Can view push account execution'),
-                                     ('add_pushaccountexecution', 'Can add push account execution')],
-                     'verbose_name': 'Automation execution', 'verbose_name_plural': 'Automation executions'},
+        migrations.AddField(
+            model_name='accountbackupautomation',
+            name='obj_recipients_part_one',
+            field=models.ManyToManyField(blank=True, related_name='obj_recipient_part_one_plans', to='terminal.replaystorage', verbose_name='Object storage recipient part one'),
         ),
-        migrations.AlterModelOptions(
-            name='changesecretrecord',
-            options={'ordering': ('-date_started',), 'verbose_name': 'Change secret record'},
+        migrations.AddField(
+            model_name='accountbackupautomation',
+            name='obj_recipients_part_two',
+            field=models.ManyToManyField(blank=True, related_name='obj_recipient_part_two_plans', to='terminal.replaystorage', verbose_name='Object storage recipient part two'),
+        ),
+        migrations.AddField(
+            model_name='accountbackupautomation',
+            name='recipients_part_one',
+            field=models.ManyToManyField(blank=True, related_name='recipient_part_one_plans', to=settings.AUTH_USER_MODEL, verbose_name='Recipient part one'),
+        ),
+        migrations.AddField(
+            model_name='accountbackupautomation',
+            name='recipients_part_two',
+            field=models.ManyToManyField(blank=True, related_name='recipient_part_two_plans', to=settings.AUTH_USER_MODEL, verbose_name='Recipient part two'),
+        ),
+        migrations.AddField(
+            model_name='account',
+            name='asset',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='accounts', to='assets.asset', verbose_name='Asset'),
+        ),
+        migrations.AddField(
+            model_name='account',
+            name='su_from',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='su_to', to='accounts.account', verbose_name='Su from'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='gatheredaccount',
+            unique_together={('username', 'asset')},
+        ),
+        migrations.AddField(
+            model_name='gatheraccountsautomation',
+            name='recipients',
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Recipient'),
+        ),
+        migrations.AddField(
+            model_name='changesecretautomation',
+            name='recipients',
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Recipient'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='accounttemplate',
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='accountbackupautomation',
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='account',
+            unique_together={('name', 'asset'), ('username', 'asset', 'secret_type')},
         ),
     ]

apps/accounts/migrations/0004_auto_20230106_1507.py

@@ -1,23 +0,0 @@
-# Generated by Django 3.2.16 on 2023-01-06 07:07
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0003_automation'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='changesecretautomation',
-            name='secret_strategy',
-            field=models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy'),
-        ),
-        migrations.AlterField(
-            model_name='pushaccountautomation',
-            name='secret_strategy',
-            field=models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy'),
-        ),
-    ]

apps/accounts/migrations/0005_alter_changesecretrecord_options.py

@@ -1,17 +0,0 @@
-# Generated by Django 3.2.16 on 2023-01-10 06:45
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0004_auto_20230106_1507'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='changesecretrecord',
-            options={'ordering': ('-date_created',), 'verbose_name': 'Change secret record'},
-        ),
-    ]

apps/accounts/migrations/0006_gatheredaccount.py

@@ -1,38 +0,0 @@
-# Generated by Django 3.2.16 on 2023-02-07 04:41
-
-from django.db import migrations, models
-import django.db.models.deletion
-import uuid
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('assets', '0108_alter_platform_charset'),
-        ('accounts', '0005_alter_changesecretrecord_options'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='GatheredAccount',
-            fields=[
-                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
-                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
-                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
-                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('present', models.BooleanField(default=True, verbose_name='Present')),
-                ('date_last_login', models.DateTimeField(null=True, verbose_name='Date last login')),
-                ('username', models.CharField(blank=True, db_index=True, max_length=32, verbose_name='Username')),
-                ('address_last_login', models.CharField(default='', max_length=39, verbose_name='Address last login')),
-                ('asset', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='assets.asset', verbose_name='Asset')),
-            ],
-            options={
-                'verbose_name': 'Gather account',
-                'ordering': ['asset'],
-                'unique_together': {('username', 'asset')},
-            },
-        ),
-    ]

apps/accounts/migrations/0007_alter_account_options.py

@@ -1,23 +0,0 @@
-# Generated by Django 3.2.16 on 2023-02-16 11:07
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('accounts', '0006_gatheredaccount'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='account',
-            options={'permissions': [
-                ('view_accountsecret', 'Can view asset account secret'),
-                ('view_historyaccount', 'Can view asset history account'),
-                ('view_historyaccountsecret', 'Can view asset history account secret'),
-                ('verify_account', 'Can verify account'),
-                ('push_account', 'Can push account'),
-                ('remove_account', 'Can remove account'),
-            ], 'verbose_name': 'Account'},
-        ),
-    ]

apps/accounts/migrations/0008_alter_gatheredaccount_options.py

@@ -1,17 +0,0 @@
-# Generated by Django 3.2.16 on 2023-02-23 09:59
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0007_alter_account_options'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='gatheredaccount',
-            options={'ordering': ['asset'], 'verbose_name': 'Gather account automation'},
-        ),
-    ]

apps/accounts/migrations/0009_account_usernames_to_ids.py

@@ -1,69 +0,0 @@
-# Generated by Django 3.2.16 on 2023-03-07 07:36
-
-from django.db import migrations
-from django.db.models import Q
-
-
-def get_nodes_all_assets(apps, *nodes):
-    node_model = apps.get_model('assets', 'Node')
-    asset_model = apps.get_model('assets', 'Asset')
-    node_ids = set()
-    descendant_node_query = Q()
-    for n in nodes:
-        node_ids.add(n.id)
-        descendant_node_query |= Q(key__istartswith=f'{n.key}:')
-    if descendant_node_query:
-        _ids = node_model.objects.order_by().filter(descendant_node_query).values_list('id', flat=True)
-        node_ids.update(_ids)
-    return asset_model.objects.order_by().filter(nodes__id__in=node_ids).distinct()
-
-
-def get_all_assets(apps, snapshot):
-    node_model = apps.get_model('assets', 'Node')
-    asset_model = apps.get_model('assets', 'Asset')
-    asset_ids = snapshot.get('assets', [])
-    node_ids = snapshot.get('nodes', [])
-
-    nodes = node_model.objects.filter(id__in=node_ids)
-    node_asset_ids = get_nodes_all_assets(apps, *nodes).values_list('id', flat=True)
-    asset_ids = set(list(asset_ids) + list(node_asset_ids))
-    return asset_model.objects.filter(id__in=asset_ids)
-
-
-def migrate_account_usernames_to_ids(apps, schema_editor):
-    db_alias = schema_editor.connection.alias
-    execution_model = apps.get_model('accounts', 'AutomationExecution')
-    account_model = apps.get_model('accounts', 'Account')
-    executions = execution_model.objects.using(db_alias).all()
-    executions_update = []
-    for execution in executions:
-        snapshot = execution.snapshot
-        accounts = account_model.objects.none()
-        account_usernames = snapshot.get('accounts', [])
-        for asset in get_all_assets(apps, snapshot):
-            accounts = accounts | asset.accounts.all()
-        secret_type = snapshot.get('secret_type')
-        if secret_type:
-            ids = accounts.filter(
-                username__in=account_usernames,
-                secret_type=secret_type
-            ).values_list('id', flat=True)
-        else:
-            ids = accounts.filter(
-                username__in=account_usernames
-            ).values_list('id', flat=True)
-        snapshot['accounts'] = [str(_id) for _id in ids]
-        execution.snapshot = snapshot
-        executions_update.append(execution)
-
-    execution_model.objects.bulk_update(executions_update, ['snapshot'])
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('accounts', '0008_alter_gatheredaccount_options'),
-    ]
-
-    operations = [
-        migrations.RunPython(migrate_account_usernames_to_ids),
-    ]

apps/accounts/migrations/0010_gatheraccountsautomation_is_sync_account.py

@@ -1,22 +0,0 @@
-# Generated by Django 3.2.16 on 2023-03-23 08:39
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('accounts', '0009_account_usernames_to_ids'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='gatheraccountsautomation',
-            name='is_sync_account',
-            field=models.BooleanField(blank=True, default=False, verbose_name='Is sync account'),
-        ),
-        migrations.AddField(
-            model_name='account',
-            name='source_id',
-            field=models.CharField(max_length=128, null=True, blank=True, verbose_name='Source ID'),
-        ),
-    ]

apps/accounts/migrations/0011_auto_20230506_1443.py

@@ -1,29 +0,0 @@
-# Generated by Django 3.2.17 on 2023-05-06 06:43
-
-from django.db import migrations, models
-import django.db.models.deletion
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0010_gatheraccountsautomation_is_sync_account'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='accounttemplate',
-            name='su_from',
-            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='su_to', to='accounts.accounttemplate', verbose_name='Su from'),
-        ),
-        migrations.AlterField(
-            model_name='changesecretautomation',
-            name='ssh_key_change_strategy',
-            field=models.CharField(choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'), ('set_jms', 'Replace (Replace only keys pushed by JumpServer) ')], default='add', max_length=16, verbose_name='SSH key change strategy'),
-        ),
-        migrations.AlterField(
-            model_name='pushaccountautomation',
-            name='ssh_key_change_strategy',
-            field=models.CharField(choices=[('add', 'Append SSH KEY'), ('set', 'Empty and append SSH KEY'), ('set_jms', 'Replace (Replace only keys pushed by JumpServer) ')], default='add', max_length=16, verbose_name='SSH key change strategy'),
-        ),
-    ]

apps/accounts/migrations/0012_auto_20230621_1456.py

@@ -1,28 +0,0 @@
-# Generated by Django 3.2.19 on 2023-06-21 06:56
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0011_auto_20230506_1443'),
-    ]
-
-    operations = [
-        migrations.RenameField(
-            model_name='account',
-            old_name='secret',
-            new_name='_secret',
-        ),
-        migrations.RenameField(
-            model_name='accounttemplate',
-            old_name='secret',
-            new_name='_secret',
-        ),
-        migrations.RenameField(
-            model_name='historicalaccount',
-            old_name='secret',
-            new_name='_secret',
-        ),
-    ]

apps/accounts/migrations/0013_account_backup_recipients.py

@@ -1,77 +0,0 @@
-# Generated by Django 4.1.10 on 2023-08-03 08:28
-from django.conf import settings
-from django.db import migrations, models
-
-import common.db.encoder
-
-
-def migrate_recipients(apps, schema_editor):
-    account_backup_model = apps.get_model('accounts', 'AccountBackupAutomation')
-    execution_model = apps.get_model('accounts', 'AccountBackupExecution')
-    for account_backup in account_backup_model.objects.all():
-        recipients = list(account_backup.recipients.all())
-        if not recipients:
-            continue
-        account_backup.recipients_part_one.set(recipients)
-
-    objs = []
-    for execution in execution_model.objects.all():
-        snapshot = execution.snapshot
-        recipients = snapshot.pop('recipients', {})
-        snapshot.update({'recipients_part_one': recipients, 'recipients_part_two': {}})
-        objs.append(execution)
-    execution_model.objects.bulk_update(objs, ['snapshot'])
-
-
-def migrate_snapshot(apps, schema_editor):
-    model = apps.get_model('accounts', 'AccountBackupExecution')
-    objs = []
-    for execution in model.objects.all():
-        execution.snapshot = execution.plan_snapshot
-        objs.append(execution)
-    model.objects.bulk_update(objs, ['snapshot'])
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('accounts', '0012_auto_20230621_1456'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='recipients_part_one',
-            field=models.ManyToManyField(
-                blank=True, related_name='recipient_part_one_plans',
-                to=settings.AUTH_USER_MODEL, verbose_name='Recipient part one'
-            ),
-        ),
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='recipients_part_two',
-            field=models.ManyToManyField(
-                blank=True, related_name='recipient_part_two_plans',
-                to=settings.AUTH_USER_MODEL, verbose_name='Recipient part two'
-            ),
-        ),
-        migrations.AddField(
-            model_name='accountbackupexecution',
-            name='snapshot',
-            field=models.JSONField(
-                default=dict, encoder=common.db.encoder.ModelJSONFieldEncoder,
-                null=True, blank=True, verbose_name='Account backup snapshot'
-            ),
-        ),
-        migrations.RunPython(migrate_snapshot),
-        migrations.RunPython(migrate_recipients),
-        migrations.RemoveField(
-            model_name='accountbackupexecution',
-            name='plan_snapshot',
-        ),
-        migrations.RemoveField(
-            model_name='accountbackupautomation',
-            name='recipients',
-        ),
-
-    ]

apps/accounts/migrations/0014_virtualaccount.py

@@ -1,30 +0,0 @@
-# Generated by Django 4.1.10 on 2023-08-01 09:12
-
-from django.db import migrations, models
-import uuid
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0013_account_backup_recipients'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='VirtualAccount',
-            fields=[
-                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
-                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
-                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
-                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('alias', models.CharField(choices=[('@INPUT', 'Manual input'), ('@USER', 'Dynamic user'), ('@ANON', 'Anonymous account')], max_length=128, verbose_name='Alias')),
-                ('secret_from_login', models.BooleanField(default=None, null=True, verbose_name='Secret from login')),
-            ],
-            options={
-                'unique_together': {('alias', 'org_id')},
-            },
-        ),
-    ]

apps/accounts/migrations/0015_auto_20230825_1120.py

@@ -1,34 +0,0 @@
-# Generated by Django 4.1.10 on 2023-08-25 03:19
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('assets', '0122_auto_20230803_1553'),
-        ('accounts', '0014_virtualaccount'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='accounttemplate',
-            name='auto_push',
-            field=models.BooleanField(default=False, verbose_name='Auto push'),
-        ),
-        migrations.AddField(
-            model_name='accounttemplate',
-            name='platforms',
-            field=models.ManyToManyField(related_name='account_templates', to='assets.platform', verbose_name='Platforms', blank=True),
-        ),
-        migrations.AddField(
-            model_name='accounttemplate',
-            name='push_params',
-            field=models.JSONField(default=dict, verbose_name='Push params'),
-        ),
-        migrations.AddField(
-            model_name='accounttemplate',
-            name='secret_strategy',
-            field=models.CharField(choices=[('specific', 'Specific secret'), ('random', 'Random generate')], default='specific', max_length=16, verbose_name='Secret strategy'),
-        ),
-    ]

apps/accounts/migrations/0016_accounttemplate_password_rules.py

@@ -1,18 +0,0 @@
-# Generated by Django 4.1.10 on 2023-09-18 08:09
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0015_auto_20230825_1120'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='accounttemplate',
-            name='password_rules',
-            field=models.JSONField(default=dict, verbose_name='Password rules'),
-        ),
-    ]

apps/accounts/migrations/0017_alter_automationexecution_options.py

@@ -1,25 +0,0 @@
-# Generated by Django 4.1.10 on 2023-10-24 05:59
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('accounts', '0016_accounttemplate_password_rules'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='automationexecution',
-            options={
-                'permissions': [
-                    ('view_changesecretexecution', 'Can view change secret execution'),
-                    ('add_changesecretexecution', 'Can add change secret execution'),
-                    ('view_gatheraccountsexecution', 'Can view gather accounts execution'),
-                    ('add_gatheraccountsexecution', 'Can add gather accounts execution'),
-                    ('view_pushaccountexecution', 'Can view push account execution'),
-                    ('add_pushaccountexecution', 'Can add push account execution')
-                ],
-                'verbose_name': 'Automation execution', 'verbose_name_plural': 'Automation executions'},
-        ),
-    ]

apps/accounts/migrations/0018_accountbackupautomation_backup_type_and_more.py

@@ -1,45 +0,0 @@
-# Generated by Django 4.1.10 on 2023-11-03 07:10
-
-import common.db.fields
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('terminal', '0067_alter_replaystorage_type'),
-        ('accounts', '0017_alter_automationexecution_options'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='backup_type',
-            field=models.CharField(choices=[('email', 'Email'), ('object_storage', 'Object Storage')], default='email', max_length=128),
-        ),
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='is_password_divided_by_email',
-            field=models.BooleanField(default=True),
-        ),
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='is_password_divided_by_obj_storage',
-            field=models.BooleanField(default=True),
-        ),
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='obj_recipients_part_one',
-            field=models.ManyToManyField(blank=True, related_name='obj_recipient_part_one_plans', to='terminal.replaystorage', verbose_name='Object Storage Recipient part one'),
-        ),
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='obj_recipients_part_two',
-            field=models.ManyToManyField(blank=True, related_name='obj_recipient_part_two_plans', to='terminal.replaystorage', verbose_name='Object Storage Recipient part two'),
-        ),
-        migrations.AddField(
-            model_name='accountbackupautomation',
-            name='zip_encrypt_password',
-            field=common.db.fields.EncryptCharField(blank=True, max_length=4096, null=True, verbose_name='Zip Encrypt Password'),
-        ),
-    ]

apps/accounts/migrations/0019_gatheraccountsautomation_recipients.py

@@ -1,20 +0,0 @@
-# Generated by Django 4.1.10 on 2023-10-31 06:12
-
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('accounts', '0018_accountbackupautomation_backup_type_and_more'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='gatheraccountsautomation',
-            name='recipients',
-            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Recipient'),
-        ),
-    ]

apps/accounts/migrations/0020_alter_accountbackupautomation_backup_type_and_more.py

@@ -1,28 +0,0 @@
-# Generated by Django 4.1.10 on 2023-11-16 02:13
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('accounts', '0019_gatheraccountsautomation_recipients'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='accountbackupautomation',
-            name='backup_type',
-            field=models.CharField(choices=[('email', 'Email'), ('object_storage', 'SFTP')], default='email', max_length=128, verbose_name='Backup Type'),
-        ),
-        migrations.AlterField(
-            model_name='accountbackupautomation',
-            name='is_password_divided_by_email',
-            field=models.BooleanField(default=True, verbose_name='Is Password Divided'),
-        ),
-        migrations.AlterField(
-            model_name='accountbackupautomation',
-            name='is_password_divided_by_obj_storage',
-            field=models.BooleanField(default=True, verbose_name='Is Password Divided'),
-        ),
-    ]

apps/accounts/models/automations/backup_account.py

@@ -8,7 +8,7 @@ from django.db import models
 from django.db.models import F
 from django.utils.translation import gettext_lazy as _
 
-from accounts.const.automation import AccountBackupType
+from accounts.const import AccountBackupType
 from common.const.choices import Trigger
 from common.db import fields
 from common.db.encoder import ModelJSONFieldEncoder
@@ -24,9 +24,9 @@ logger = get_logger(__file__)
 class AccountBackupAutomation(PeriodTaskModelMixin, JMSOrgBaseModel):
     types = models.JSONField(default=list)
     backup_type = models.CharField(max_length=128, choices=AccountBackupType.choices,
-                                   default=AccountBackupType.email.value, verbose_name=_('Backup Type'))
-    is_password_divided_by_email = models.BooleanField(default=True, verbose_name=_('Is Password Divided'))
-    is_password_divided_by_obj_storage = models.BooleanField(default=True, verbose_name=_('Is Password Divided'))
+                                   default=AccountBackupType.email.value, verbose_name=_('Backup type'))
+    is_password_divided_by_email = models.BooleanField(default=True, verbose_name=_('Password divided'))
+    is_password_divided_by_obj_storage = models.BooleanField(default=True, verbose_name=_('Password divided'))
     recipients_part_one = models.ManyToManyField(
         'users.User', related_name='recipient_part_one_plans', blank=True,
         verbose_name=_("Recipient part one")
@@ -37,14 +37,15 @@ class AccountBackupAutomation(PeriodTaskModelMixin, JMSOrgBaseModel):
     )
     obj_recipients_part_one = models.ManyToManyField(
         'terminal.ReplayStorage', related_name='obj_recipient_part_one_plans', blank=True,
-        verbose_name=_("Object Storage Recipient part one")
+        verbose_name=_("Object storage recipient part one")
     )
     obj_recipients_part_two = models.ManyToManyField(
         'terminal.ReplayStorage', related_name='obj_recipient_part_two_plans', blank=True,
-        verbose_name=_("Object Storage Recipient part two")
+        verbose_name=_("Object storage recipient part two")
+    )
+    zip_encrypt_password = fields.EncryptCharField(
+        max_length=4096, blank=True, null=True, verbose_name=_('Zip encrypt password')
     )
-    zip_encrypt_password = fields.EncryptCharField(max_length=4096, blank=True, null=True,
-                                                   verbose_name=_('Zip Encrypt Password'))
 
     def __str__(self):
         return f'{self.name}({self.org_id})'

apps/accounts/models/automations/change_secret.py

@@ -2,7 +2,7 @@ from django.db import models
 from django.utils.translation import gettext_lazy as _
 
 from accounts.const import (
-    AutomationTypes
+    AutomationTypes, ChangeSecretRecordStatusChoice
 )
 from common.db import fields
 from common.db.models import JMSBaseModel
@@ -40,7 +40,10 @@ class ChangeSecretRecord(JMSBaseModel):
     new_secret = fields.EncryptTextField(blank=True, null=True, verbose_name=_('New secret'))
     date_started = models.DateTimeField(blank=True, null=True, verbose_name=_('Date started'))
     date_finished = models.DateTimeField(blank=True, null=True, verbose_name=_('Date finished'))
-    status = models.CharField(max_length=16, default='pending', verbose_name=_('Status'))
+    status = models.CharField(
+        max_length=16, verbose_name=_('Status'),
+        default=ChangeSecretRecordStatusChoice.pending.value
+    )
     error = models.TextField(blank=True, null=True, verbose_name=_('Error'))
 
     class Meta:

apps/accounts/models/automations/gather_account.py

@@ -12,10 +12,10 @@ __all__ = ['GatherAccountsAutomation', 'GatheredAccount']
 
 class GatheredAccount(JMSOrgBaseModel):
     present = models.BooleanField(default=True, verbose_name=_("Present"))
-    date_last_login = models.DateTimeField(null=True, verbose_name=_("Date last login"))
+    date_last_login = models.DateTimeField(null=True, verbose_name=_("Date login"))
     asset = models.ForeignKey('assets.Asset', on_delete=models.CASCADE, verbose_name=_("Asset"))
     username = models.CharField(max_length=32, blank=True, db_index=True, verbose_name=_('Username'))
-    address_last_login = models.CharField(max_length=39, default='', verbose_name=_("Address last login"))
+    address_last_login = models.CharField(max_length=39, default='', verbose_name=_("Address login"))
 
     @property
     def address(self):
@@ -41,7 +41,7 @@ class GatheredAccount(JMSOrgBaseModel):
         Account.objects.bulk_create(account_objs)
 
     class Meta:
-        verbose_name = _('Gather account automation')
+        verbose_name = _("Gather asset accounts")
         unique_together = [
             ('username', 'asset'),
         ]
@@ -72,4 +72,4 @@ class GatherAccountsAutomation(AccountBaseAutomation):
         super().save(*args, **kwargs)
 
     class Meta:
-        verbose_name = _("Gather asset accounts")
+        verbose_name = _('Gather account automation')

apps/accounts/models/base.py

@@ -137,16 +137,13 @@ class BaseAccount(VaultModelMixin, JMSOrgBaseModel):
         else:
             return None
 
-    @property
-    def private_key_path(self):
+    def get_private_key_path(self, path):
         if self.secret_type != SecretType.SSH_KEY \
                 or not self.secret \
                 or not self.private_key:
             return None
-        project_dir = settings.PROJECT_DIR
-        tmp_dir = os.path.join(project_dir, 'tmp')
         key_name = '.' + md5(self.private_key.encode('utf-8')).hexdigest()
-        key_path = os.path.join(tmp_dir, key_name)
+        key_path = os.path.join(path, key_name)
         if not os.path.exists(key_path):
             # https://github.com/ansible/ansible-runner/issues/544
             # ssh requires OpenSSH format keys to have a full ending newline.
@@ -158,6 +155,12 @@ class BaseAccount(VaultModelMixin, JMSOrgBaseModel):
             os.chmod(key_path, 0o400)
         return key_path
 
+    @property
+    def private_key_path(self):
+        project_dir = settings.PROJECT_DIR
+        tmp_dir = os.path.join(project_dir, 'tmp')
+        return self.get_private_key_path(tmp_dir)
+
     def get_private_key(self):
         if not self.private_key:
             return None

apps/accounts/models/template.py

@@ -29,7 +29,6 @@ class AccountTemplate(LabeledMixin, BaseAccount, SecretWithRandomMixin):
         )
         permissions = [
             ('view_accounttemplatesecret', _('Can view asset account template secret')),
-            ('change_accounttemplatesecret', _('Can change asset account template secret')),
         ]
 
     def __str__(self):

apps/accounts/models/virtual.py

@@ -15,6 +15,7 @@ class VirtualAccount(JMSOrgBaseModel):
 
     class Meta:
         unique_together = [('alias', 'org_id')]
+        verbose_name = _('Virtual account')
 
     @property
     def name(self):

apps/accounts/notifications.py

@@ -1,6 +1,7 @@
 from django.template.loader import render_to_string
 from django.utils.translation import gettext_lazy as _
 
+from accounts.models import ChangeSecretRecord
 from common.tasks import send_mail_attachment_async, upload_backup_to_obj_storage
 from notifications.notifications import UserMessage
 from terminal.models.component.storage import ReplayStorage
@@ -98,3 +99,35 @@ class GatherAccountChangeMsg(UserMessage):
     def gen_test_msg(cls):
         user = User.objects.first()
         return cls(user, {})
+
+
+class ChangeSecretFailedMsg(UserMessage):
+    subject = _('Change secret or push account failed information')
+
+    def __init__(self, name, execution_id, user, asset_account_errors: list):
+        self.name = name
+        self.execution_id = execution_id
+        self.asset_account_errors = asset_account_errors
+        super().__init__(user)
+
+    def get_html_msg(self) -> dict:
+        context = {
+            'name': self.name,
+            'recipient': self.user,
+            'execution_id': self.execution_id,
+            'asset_account_errors': self.asset_account_errors
+        }
+        message = render_to_string('accounts/change_secret_failed_info.html', context)
+
+        return {
+            'subject': str(self.subject),
+            'message': message
+        }
+
+    @classmethod
+    def gen_test_msg(cls):
+        name = 'test'
+        user = User.objects.first()
+        record = ChangeSecretRecord.objects.first()
+        execution_id = str(record.execution_id)
+        return cls(name, execution_id, user, [])

apps/accounts/serializers/account/account.py

@@ -31,7 +31,9 @@ class AccountCreateUpdateSerializerMixin(serializers.Serializer):
         default=False, label=_("Push now"), write_only=True
     )
     params = serializers.JSONField(
-        decoder=None, encoder=None, required=False, style={'base_template': 'textarea.html'}
+        decoder=None, encoder=None, required=False,
+        style={'base_template': 'textarea.html'},
+        label=_('Params'),
     )
     on_invalid = LabeledChoiceField(
         choices=AccountInvalidPolicy.choices, default=AccountInvalidPolicy.ERROR,
@@ -81,7 +83,7 @@ class AccountCreateUpdateSerializerMixin(serializers.Serializer):
     def get_template_attr_for_account(template):
         # Set initial data from template
         field_names = [
-            'name', 'username', 'secret',
+            'name', 'username', 'secret', 'push_params',
             'secret_type', 'privileged', 'is_active'
         ]
 
@@ -90,7 +92,10 @@ class AccountCreateUpdateSerializerMixin(serializers.Serializer):
             value = getattr(template, name, None)
             if value is None:
                 continue
-            attrs[name] = value
+            if name == 'push_params':
+                attrs['params'] = value
+            else:
+                attrs[name] = value
         attrs['secret'] = template.get_secret()
         return attrs
 
@@ -431,8 +436,11 @@ class AssetAccountBulkSerializer(
 
 class AccountSecretSerializer(SecretReadableMixin, AccountSerializer):
     class Meta(AccountSerializer.Meta):
+        fields = AccountSerializer.Meta.fields + ['spec_info']
         extra_kwargs = {
+            **AccountSerializer.Meta.extra_kwargs,
             'secret': {'write_only': False},
+            'spec_info': {'label': _('Spec info')},
         }
 
 

apps/accounts/serializers/account/backup.py

@@ -35,8 +35,7 @@ class AccountBackupSerializer(PeriodTaskSerializerMixin, BulkOrgResourceModelSer
         ]
         extra_kwargs = {
             'name': {'required': True},
-            'periodic_display': {'label': _('Periodic perform')},
-            'executed_amount': {'label': _('Executed amount')},
+            'executed_amount': {'label': _('Executions')},
             'recipients': {
                 'label': _('Recipient'),
                 'help_text': _('Currently only mail sending is supported')

apps/accounts/serializers/account/base.py

@@ -9,26 +9,34 @@ from common.serializers import ResourceLabelsMixin
 from common.serializers.fields import EncryptedField, LabeledChoiceField
 from orgs.mixins.serializers import BulkOrgResourceModelSerializer
 
-__all__ = ['AuthValidateMixin', 'BaseAccountSerializer']
+__all__ = ["AuthValidateMixin", "BaseAccountSerializer"]
 
 
 class AuthValidateMixin(serializers.Serializer):
     secret_type = LabeledChoiceField(
-        choices=SecretType.choices, label=_('Secret type'), default='password'
+        choices=SecretType.choices, label=_("Secret type"), default="password"
     )
     secret = EncryptedField(
-        label=_('Secret'), required=False, max_length=40960, allow_blank=True,
-        allow_null=True, write_only=True,
+        label=_("Secret"),
+        required=False,
+        max_length=40960,
+        allow_blank=True,
+        allow_null=True,
+        write_only=True,
     )
     passphrase = serializers.CharField(
-        allow_blank=True, allow_null=True, required=False, max_length=512,
-        write_only=True, label=_('Key password')
+        allow_blank=True,
+        allow_null=True,
+        required=False,
+        max_length=512,
+        write_only=True,
+        label=_("Passphrase"),
     )
 
     @staticmethod
     def handle_secret(secret, secret_type, passphrase=None):
         if not secret:
-            return ''
+            return ""
         if secret_type == SecretType.PASSWORD:
             validate_password_for_ansible(secret)
             return secret
@@ -40,17 +48,15 @@ class AuthValidateMixin(serializers.Serializer):
             return secret
 
     def clean_auth_fields(self, validated_data):
-        secret_type = validated_data.get('secret_type')
-        passphrase = validated_data.get('passphrase')
-        secret = validated_data.pop('secret', None)
-        validated_data['secret'] = self.handle_secret(
-            secret, secret_type, passphrase
-        )
-        for field in ('secret',):
+        secret_type = validated_data.get("secret_type")
+        passphrase = validated_data.get("passphrase")
+        secret = validated_data.pop("secret", None)
+        validated_data["secret"] = self.handle_secret(secret, secret_type, passphrase)
+        for field in ("secret",):
             value = validated_data.get(field)
             if not value:
                 validated_data.pop(field, None)
-        validated_data.pop('passphrase', None)
+        validated_data.pop("passphrase", None)
 
     def create(self, validated_data):
         self.clean_auth_fields(validated_data)
@@ -61,23 +67,34 @@ class AuthValidateMixin(serializers.Serializer):
         return super().update(instance, validated_data)
 
 
-class BaseAccountSerializer(AuthValidateMixin, ResourceLabelsMixin, BulkOrgResourceModelSerializer):
+class BaseAccountSerializer(
+    AuthValidateMixin, ResourceLabelsMixin, BulkOrgResourceModelSerializer
+):
     class Meta:
         model = BaseAccount
-        fields_mini = ['id', 'name', 'username']
+        fields_mini = ["id", "name", "username"]
         fields_small = fields_mini + [
-            'secret_type', 'secret', 'passphrase',
-            'privileged', 'is_active', 'spec_info',
+            "secret_type",
+            "secret",
+            "passphrase",
+            "privileged",
+            "is_active",
+            "spec_info",
         ]
-        fields_other = ['created_by', 'date_created', 'date_updated', 'comment']
-        fields = fields_small + fields_other + ['labels']
+        fields_other = ["created_by", "date_created", "date_updated", "comment"]
+        fields = fields_small + fields_other + ["labels"]
         read_only_fields = [
-            'spec_info', 'date_verified', 'created_by', 'date_created',
+            "spec_info",
+            "date_verified",
+            "created_by",
+            "date_created",
         ]
         extra_kwargs = {
-            'spec_info': {'label': _('Spec info')},
-            'username': {'help_text': _(
-                "Tip: If no username is required for authentication, fill in `null`, "
-                "If AD account, like `username@domain`"
-            )},
+            "spec_info": {"label": _("Spec info")},
+            "username": {
+                "help_text": _(
+                    "* If no username is required for authentication, enter null.  "
+                    "For AD accounts, use the format username@domain."
+                )
+            },
         }

apps/accounts/serializers/account/template.py

@@ -35,6 +35,7 @@ class AccountTemplateSerializer(BaseAccountSerializer):
             'su_from'
         ]
         extra_kwargs = {
+            **BaseAccountSerializer.Meta.extra_kwargs,
             'secret_strategy': {'help_text': _('Secret generation strategy for account creation')},
             'auto_push': {'help_text': _('Whether to automatically push the account to the asset')},
             'platforms': {
@@ -64,6 +65,9 @@ class AccountTemplateSerializer(BaseAccountSerializer):
 
 class AccountTemplateSecretSerializer(SecretReadableMixin, AccountTemplateSerializer):
     class Meta(AccountTemplateSerializer.Meta):
+        fields = AccountTemplateSerializer.Meta.fields + ['spec_info']
         extra_kwargs = {
+            **AccountTemplateSerializer.Meta.extra_kwargs,
             'secret': {'write_only': False},
+            'spec_info': {'label': _('Spec info')},
         }

apps/accounts/serializers/automations/base.py

@@ -21,10 +21,12 @@ __all__ = [
 class BaseAutomationSerializer(PeriodTaskSerializerMixin, BulkOrgResourceModelSerializer):
     assets = ObjectRelatedField(many=True, required=False, queryset=Asset.objects, label=_('Assets'))
     nodes = ObjectRelatedField(many=True, required=False, queryset=Node.objects, label=_('Nodes'))
+    is_periodic = serializers.BooleanField(default=False, required=False, label=_("Periodic perform"))
 
     class Meta:
         read_only_fields = [
-            'date_created', 'date_updated', 'created_by', 'periodic_display', 'executed_amount'
+            'date_created', 'date_updated', 'created_by',
+            'periodic_display', 'executed_amount'
         ]
         fields = read_only_fields + [
             'id', 'name', 'is_periodic', 'interval', 'crontab', 'comment',
@@ -33,8 +35,7 @@ class BaseAutomationSerializer(PeriodTaskSerializerMixin, BulkOrgResourceModelSe
         extra_kwargs = {
             'name': {'required': True},
             'type': {'read_only': True},
-            'periodic_display': {'label': _('Periodic perform')},
-            'executed_amount': {'label': _('Executed amount')},
+            'executed_amount': {'label': _('Executions')},
         }
 
     def validate_name(self, name):

apps/accounts/serializers/automations/change_secret.py

@@ -4,7 +4,8 @@ from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
 from accounts.const import (
-    AutomationTypes, SecretType, SecretStrategy, SSHKeyStrategy
+    AutomationTypes, SecretType, SecretStrategy,
+    SSHKeyStrategy, ChangeSecretRecordStatusChoice
 )
 from accounts.models import (
     Account, ChangeSecretAutomation,
@@ -21,6 +22,7 @@ logger = get_logger(__file__)
 __all__ = [
     'ChangeSecretAutomationSerializer',
     'ChangeSecretRecordSerializer',
+    'ChangeSecretRecordViewSecretSerializer',
     'ChangeSecretRecordBackUpSerializer',
     'ChangeSecretUpdateAssetSerializer',
     'ChangeSecretUpdateNodeSerializer',
@@ -52,10 +54,13 @@ class ChangeSecretAutomationSerializer(AuthValidateMixin, BaseAutomationSerializ
             'ssh_key_change_strategy', 'passphrase', 'recipients', 'params'
         ]
         extra_kwargs = {**BaseAutomationSerializer.Meta.extra_kwargs, **{
-            'accounts': {'required': True},
+            'accounts': {'required': True, 'help_text': _('Please enter your account username')},
             'recipients': {'label': _('Recipient'), 'help_text': _(
                 "Currently only mail sending is supported"
             )},
+            'params': {'help_text': _(
+                "Secret parameter settings, currently only effective for assets of the host type."
+            )},
         }}
 
     @property
@@ -104,7 +109,10 @@ class ChangeSecretAutomationSerializer(AuthValidateMixin, BaseAutomationSerializ
 class ChangeSecretRecordSerializer(serializers.ModelSerializer):
     is_success = serializers.SerializerMethodField(label=_('Is success'))
     asset = ObjectRelatedField(queryset=Asset.objects, label=_('Asset'))
-    account = ObjectRelatedField(queryset=Account.objects, label=_('Account'))
+    account = ObjectRelatedField(
+        queryset=Account.objects, label=_('Account'),
+        attrs=("id", "name", "username")
+    )
     execution = ObjectRelatedField(
         queryset=AutomationExecution.objects, label=_('Automation task execution')
     )
@@ -119,7 +127,16 @@ class ChangeSecretRecordSerializer(serializers.ModelSerializer):
 
     @staticmethod
     def get_is_success(obj):
-        return obj.status == 'success'
+        return obj.status == ChangeSecretRecordStatusChoice.success.value
+
+
+class ChangeSecretRecordViewSecretSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = ChangeSecretRecord
+        fields = [
+            'id', 'old_secret', 'new_secret',
+        ]
+        read_only_fields = fields
 
 
 class ChangeSecretRecordBackUpSerializer(serializers.ModelSerializer):
@@ -145,7 +162,7 @@ class ChangeSecretRecordBackUpSerializer(serializers.ModelSerializer):
 
     @staticmethod
     def get_is_success(obj):
-        if obj.status == 'success':
+        if obj.status == ChangeSecretRecordStatusChoice.success.value:
             return _("Success")
         return _("Failed")
 

apps/accounts/serializers/automations/push_account.py

@@ -7,7 +7,6 @@ from .change_secret import (
 
 
 class PushAccountAutomationSerializer(ChangeSecretAutomationSerializer):
-
     class Meta(ChangeSecretAutomationSerializer.Meta):
         model = PushAccountAutomation
         fields = [

apps/accounts/tasks/automation.py

@@ -36,14 +36,14 @@ def execute_account_automation_task(pid, trigger, tp):
         instance.execute(trigger)
 
 
-def record_task_activity_callback(self, record_id, *args, **kwargs):
+def record_task_activity_callback(self, record_ids, *args, **kwargs):
     from accounts.models import ChangeSecretRecord
     with tmp_to_root_org():
-        record = get_object_or_none(ChangeSecretRecord, id=record_id)
-    if not record:
+        records = ChangeSecretRecord.objects.filter(id__in=record_ids)
+    if not records:
         return
-    resource_ids = [record.id]
-    org_id = record.execution.org_id
+    resource_ids = [str(i.id) for i in records]
+    org_id = records[0].execution.org_id
     return resource_ids, org_id
 
 
@@ -51,22 +51,26 @@ def record_task_activity_callback(self, record_id, *args, **kwargs):
     queue='ansible', verbose_name=_('Execute automation record'),
     activity_callback=record_task_activity_callback
 )
-def execute_automation_record_task(record_id, tp):
+def execute_automation_record_task(record_ids, tp):
     from accounts.models import ChangeSecretRecord
+    task_name = gettext_noop('Execute automation record')
+
     with tmp_to_root_org():
-        instance = get_object_or_none(ChangeSecretRecord, pk=record_id)
-    if not instance:
-        logger.error("No automation record found: {}".format(record_id))
+        records = ChangeSecretRecord.objects.filter(id__in=record_ids)
+
+    if not records:
+        logger.error('No automation record found: {}'.format(record_ids))
         return
 
-    task_name = gettext_noop('Execute automation record')
+    record = records[0]
+    record_map = {f'{record.asset_id}-{record.account_id}': str(record.id) for record in records}
     task_snapshot = {
-        'secret': instance.new_secret,
-        'secret_type': instance.execution.snapshot.get('secret_type'),
-        'accounts': [str(instance.account_id)],
-        'assets': [str(instance.asset_id)],
         'params': {},
-        'record_id': record_id,
+        'record_map': record_map,
+        'secret': record.new_secret,
+        'secret_type': record.execution.snapshot.get('secret_type'),
+        'assets': [str(instance.asset_id) for instance in records],
+        'accounts': [str(instance.account_id) for instance in records],
     }
-    with tmp_to_org(instance.execution.org_id):
+    with tmp_to_org(record.execution.org_id):
         quickstart_automation_by_snapshot(task_name, tp, task_snapshot)

apps/accounts/tasks/remove_account.py

@@ -55,7 +55,7 @@ def clean_historical_accounts():
     history_model = Account.history.model
     history_id_mapper = defaultdict(list)
 
-    ids = history_model.objects.values('id').annotate(count=Count('id', distinct=True)) \
+    ids = history_model.objects.values('id').annotate(count=Count('id')) \
         .filter(count__gte=limit).values_list('id', flat=True)
 
     if not ids:

apps/accounts/tasks/template.py

@@ -29,7 +29,8 @@ def template_sync_related_accounts(template_id, user_id=None):
     name = template.name
     username = template.username
     secret_type = template.secret_type
-    print(f'\033[32m>>> 开始同步模版名称、用户名、密钥类型到相关联的账号 ({datetime.now().strftime("%Y-%m-%d %H:%M:%S")})')
+    print(
+        f'\033[32m>>> 开始同步模板名称、用户名、密钥类型到相关联的账号 ({datetime.now().strftime("%Y-%m-%d %H:%M:%S")})')
     with tmp_to_org(org_id):
         for account in accounts:
             account.name = name

apps/accounts/templates/accounts/asset_account_change_info.html

@@ -1,10 +1,10 @@
 {% load i18n %}
 
-
+<h3>{% trans 'Gather account change information' %}</h3>
 <table style="width: 100%; border-collapse: collapse; max-width: 100%; text-align: left; margin-top: 20px;">
     <caption></caption>
     <tr style="background-color: #f2f2f2;">
-        <th style="border: 1px solid #ddd; padding: 10px; font-weight: bold;">{% trans 'Asset' %}</th>
+        <th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Asset' %}</th>
         <th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Added account' %}</th>
         <th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Deleted account' %}</th>
     </tr>

apps/accounts/templates/accounts/change_secret_failed_info.html

@@ -0,0 +1,36 @@
+{% load i18n %}
+
+<h3>{% trans 'Task name' %}: {{ name }}</h3>
+<h3>{% trans 'Task execution id' %}: {{ execution_id }}</h3>
+<p>{% trans 'Respectful' %} {{ recipient }}</p>
+<p>{% trans 'Hello! The following is the failure of changing the password of your assets or pushing the account. Please check and handle it in time.' %}</p>
+<table style="width: 100%; border-collapse: collapse; max-width: 100%; text-align: left; margin-top: 20px;">
+    <caption></caption>
+    <thead>
+    <tr style="background-color: #f2f2f2;">
+        <th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Asset' %}</th>
+        <th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Account' %}</th>
+        <th style="border: 1px solid #ddd; padding: 10px;">{% trans 'Error' %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    {% for asset_name, account_username, error in asset_account_errors %}
+        <tr>
+            <td style="border: 1px solid #ddd; padding: 10px;">{{ asset_name }}</td>
+            <td style="border: 1px solid #ddd; padding: 10px;">{{ account_username }}</td>
+            <td style="border: 1px solid #ddd; padding: 10px;">
+                <div style="
+                max-width: 90%;
+                white-space: nowrap;
+                overflow: hidden;
+                text-overflow: ellipsis;
+                display: block;"
+                     title="{{ error }}"
+                >
+                    {{ error }}
+                </div>
+            </td>
+        </tr>
+    {% endfor %}
+    </tbody>
+</table>

apps/acls/apps.py

@@ -4,4 +4,4 @@ from django.utils.translation import gettext_lazy as _
 
 class AclsConfig(AppConfig):
     name = 'acls'
-    verbose_name = _('Acls')
+    verbose_name = _('App Acls')

apps/acls/const.py

@@ -6,5 +6,5 @@ class ActionChoices(models.TextChoices):
     reject = 'reject', _('Reject')
     accept = 'accept', _('Accept')
     review = 'review', _('Review')
-    warning = 'warning', _('Warning')
-    notice = 'notice', _('Notifications')
+    warning = 'warning', _('Warn')
+    notice = 'notice', _('Notify')

apps/acls/migrations/0001_initial.py

@@ -1,75 +1,129 @@
-# Generated by Django 3.1 on 2021-03-11 09:53
-
-import uuid
+# Generated by Django 4.1.13 on 2024-05-09 03:16
 
+import common.db.fields
 import django.core.validators
-import django.db.models.deletion
-from django.conf import settings
 from django.db import migrations, models
+import uuid
 
 
 class Migration(migrations.Migration):
+
     initial = True
 
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
         migrations.CreateModel(
-            name='LoginACL',
+            name='CommandFilterACL',
             fields=[
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
                 ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
                 ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('name', models.CharField(max_length=128, verbose_name='Name')),
-                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first',
-                                                 validators=[django.core.validators.MinValueValidator(1),
-                                                             django.core.validators.MaxValueValidator(100)],
-                                                 verbose_name='Priority')),
-                ('is_active', models.BooleanField(default=True, verbose_name='Active')),
                 ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
-                ('ip_group', models.JSONField(default=list, verbose_name='Login IP')),
-                ('action',
-                 models.CharField(choices=[('reject', 'Reject'), ('allow', 'Allow')], default='reject', max_length=64,
-                                  verbose_name='Action')),
-                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='login_acls',
-                                           to=settings.AUTH_USER_MODEL, verbose_name='User')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority')),
+                ('action', models.CharField(default='reject', max_length=64, verbose_name='Action')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Active')),
+                ('users', common.db.fields.JSONManyToManyField(default=dict, to='users.User', verbose_name='Users')),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('assets', common.db.fields.JSONManyToManyField(default=dict, to='assets.Asset', verbose_name='Assets')),
+                ('accounts', models.JSONField(default=list, verbose_name='Accounts')),
             ],
             options={
+                'verbose_name': 'Command acl',
                 'ordering': ('priority', '-is_active', 'name'),
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='CommandGroup',
+            fields=[
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('type', models.CharField(choices=[('command', 'Command'), ('regex', 'Regex')], default='command', max_length=16, verbose_name='Type')),
+                ('content', models.TextField(help_text='One command per line', verbose_name='Content')),
+                ('ignore_case', models.BooleanField(default=True, verbose_name='Ignore case')),
+            ],
+            options={
+                'verbose_name': 'Command group',
+            },
+        ),
+        migrations.CreateModel(
+            name='ConnectMethodACL',
+            fields=[
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority')),
+                ('action', models.CharField(default='reject', max_length=64, verbose_name='Action')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Active')),
+                ('users', common.db.fields.JSONManyToManyField(default=dict, to='users.User', verbose_name='Users')),
+                ('connect_methods', models.JSONField(default=list, verbose_name='Connect methods')),
+            ],
+            options={
+                'verbose_name': 'Connect method acl',
+                'ordering': ('priority', '-is_active', 'name'),
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='LoginACL',
+            fields=[
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
+                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority')),
+                ('action', models.CharField(default='reject', max_length=64, verbose_name='Action')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Active')),
+                ('users', common.db.fields.JSONManyToManyField(default=dict, to='users.User', verbose_name='Users')),
+                ('rules', models.JSONField(default=dict, verbose_name='Rule')),
+            ],
+            options={
+                'verbose_name': 'Login acl',
+                'ordering': ('priority', '-is_active', 'name'),
+                'abstract': False,
             },
         ),
         migrations.CreateModel(
             name='LoginAssetACL',
             fields=[
-                ('org_id',
-                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('created_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by')),
+                ('updated_by', models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by')),
                 ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
                 ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('name', models.CharField(max_length=128, verbose_name='Name')),
-                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first',
-                                                 validators=[django.core.validators.MinValueValidator(1),
-                                                             django.core.validators.MaxValueValidator(100)],
-                                                 verbose_name='Priority')),
-                ('is_active', models.BooleanField(default=True, verbose_name='Active')),
                 ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
-                ('users', models.JSONField(verbose_name='User')),
-                ('system_users', models.JSONField(verbose_name='System User')),
-                ('assets', models.JSONField(verbose_name='Asset')),
-                ('action',
-                 models.CharField(choices=[('login_confirm', 'Login confirm')], default='login_confirm', max_length=64,
-                                  verbose_name='Action')),
-                ('reviewers',
-                 models.ManyToManyField(blank=True, related_name='review_login_asset_acls', to=settings.AUTH_USER_MODEL,
-                                        verbose_name='Reviewers')),
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('org_id', models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
+                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(100)], verbose_name='Priority')),
+                ('action', models.CharField(default='reject', max_length=64, verbose_name='Action')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Active')),
+                ('users', common.db.fields.JSONManyToManyField(default=dict, to='users.User', verbose_name='Users')),
+                ('name', models.CharField(max_length=128, verbose_name='Name')),
+                ('assets', common.db.fields.JSONManyToManyField(default=dict, to='assets.Asset', verbose_name='Assets')),
+                ('accounts', models.JSONField(default=list, verbose_name='Accounts')),
+                ('rules', models.JSONField(default=dict, verbose_name='Rule')),
             ],
             options={
+                'verbose_name': 'Login asset acl',
                 'ordering': ('priority', '-is_active', 'name'),
-                'unique_together': {('name', 'org_id')},
+                'abstract': False,
             },
         ),
     ]

apps/acls/migrations/0002_auto_20210926_1047.py

@@ -1,98 +1,54 @@
-# Generated by Django 3.1.12 on 2021-09-26 02:47
-import django
+# Generated by Django 4.1.13 on 2024-05-09 03:16
+
 from django.conf import settings
-from django.db import migrations, models, transaction
-
-LOGIN_CONFIRM_ZH = '登录复核'
-LOGIN_CONFIRM_EN = 'Login confirm'
-
-DEFAULT_TIME_PERIODS = [{'id': i, 'value': '00:00~00:00'} for i in range(7)]
-
-
-def has_zh(name: str) -> bool:
-    for i in name:
-        if u'\u4e00' <= i <= u'\u9fff':
-            return True
-    return False
-
-
-def migrate_login_confirm(apps, schema_editor):
-    login_acl_model = apps.get_model("acls", "LoginACL")
-    login_confirm_model = apps.get_model("authentication", "LoginConfirmSetting")
-
-    with transaction.atomic():
-        for instance in login_confirm_model.objects.filter(is_active=True):
-            user = instance.user
-            reviewers = instance.reviewers.all()
-            login_confirm = LOGIN_CONFIRM_ZH if has_zh(user.name) else LOGIN_CONFIRM_EN
-            date_created = instance.date_created.strftime('%Y-%m-%d %H:%M:%S')
-            if reviewers.count() == 0:
-                continue
-            data = {
-
-                'user': user,
-                'name': f'{user.name}-{login_confirm} ({date_created})',
-                'created_by': instance.created_by,
-                'action': 'confirm',
-                'rules': {'ip_group': ['*'], 'time_period': DEFAULT_TIME_PERIODS}
-            }
-            instance = login_acl_model.objects.create(**data)
-            instance.reviewers.set(reviewers)
-
-
-def migrate_ip_group(apps, schema_editor):
-    login_acl_model = apps.get_model("acls", "LoginACL")
-    updates = list()
-    with transaction.atomic():
-        for instance in login_acl_model.objects.exclude(action='confirm'):
-            instance.rules = {'ip_group': instance.ip_group, 'time_period': DEFAULT_TIME_PERIODS}
-            updates.append(instance)
-        login_acl_model.objects.bulk_update(updates, ['rules', ])
+from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
+
+    initial = True
+
     dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
         ('acls', '0001_initial'),
-        ('authentication', '0004_ssotoken'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
-        migrations.AlterField(
-            model_name='loginacl',
-            name='action',
-            field=models.CharField(choices=[('reject', 'Reject'), ('allow', 'Allow'), ('confirm', 'Login confirm')],
-                                   default='reject', max_length=64, verbose_name='Action'),
+        migrations.AddField(
+            model_name='loginassetacl',
+            name='reviewers',
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
         ),
         migrations.AddField(
             model_name='loginacl',
             name='reviewers',
-            field=models.ManyToManyField(blank=True, related_name='login_confirm_acls',
-                                         to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
-        ),
-        migrations.AlterField(
-            model_name='loginacl',
-            name='user',
-            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE,
-                                    related_name='login_acls', to=settings.AUTH_USER_MODEL, verbose_name='User'),
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
         ),
         migrations.AddField(
-            model_name='loginacl',
-            name='rules',
-            field=models.JSONField(default=dict, verbose_name='Rule'),
+            model_name='connectmethodacl',
+            name='reviewers',
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
         ),
-        migrations.RunPython(migrate_login_confirm),
-        migrations.RunPython(migrate_ip_group),
-        migrations.RemoveField(
-            model_name='loginacl',
-            name='ip_group',
+        migrations.AlterUniqueTogether(
+            name='commandgroup',
+            unique_together={('org_id', 'name')},
         ),
-        migrations.AlterModelOptions(
-            name='loginacl',
-            options={'ordering': ('priority', '-is_active', 'name'), 'verbose_name': 'Login acl'},
+        migrations.AddField(
+            model_name='commandfilteracl',
+            name='command_groups',
+            field=models.ManyToManyField(related_name='command_filters', to='acls.commandgroup', verbose_name='Command group'),
         ),
-        migrations.AlterModelOptions(
+        migrations.AddField(
+            model_name='commandfilteracl',
+            name='reviewers',
+            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
+        ),
+        migrations.AlterUniqueTogether(
             name='loginassetacl',
-            options={'ordering': ('priority', '-is_active', 'name'), 'verbose_name': 'Login asset acl'},
+            unique_together={('name', 'org_id')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='commandfilteracl',
+            unique_together={('name', 'org_id')},
         ),
     ]

apps/acls/migrations/0003_auto_20211130_1037.py

@@ -1,20 +0,0 @@
-# Generated by Django 3.1.13 on 2021-11-30 02:37
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('acls', '0002_auto_20210926_1047'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='loginacl',
-            options={'ordering': ('priority', '-is_active', 'name'), 'verbose_name': 'Login acl'},
-        ),
-        migrations.AlterModelOptions(
-            name='loginassetacl',
-            options={'ordering': ('priority', '-is_active', 'name'), 'verbose_name': 'Login asset acl'},
-        ),
-    ]

apps/acls/migrations/0004_auto_20220831_1658.py

@@ -1,33 +0,0 @@
-# Generated by Django 3.2.13 on 2022-08-31 08:58
-
-from django.db import migrations, models
-
-
-def migrate_system_users_to_accounts(apps, schema_editor):
-    login_asset_acl_model = apps.get_model('acls', 'LoginAssetACL')
-    qs = login_asset_acl_model.objects.all()
-    login_asset_acls = []
-    for instance in qs:
-        instance.accounts = instance.system_users
-        login_asset_acls.append(instance)
-    login_asset_acl_model.objects.bulk_update(login_asset_acls, ['accounts'])
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('acls', '0003_auto_20211130_1037'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='loginassetacl',
-            name='accounts',
-            field=models.JSONField(verbose_name='Account'),
-        ),
-        migrations.RunPython(migrate_system_users_to_accounts),
-        migrations.RemoveField(
-            model_name='loginassetacl',
-            name='system_users',
-        ),
-
-    ]

apps/acls/migrations/0005_auto_20221201_1846.py

@@ -1,34 +0,0 @@
-# Generated by Django 3.2.14 on 2022-12-01 10:46
-
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('acls', '0004_auto_20220831_1658'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='loginacl',
-            name='action',
-            field=models.CharField(default='reject', max_length=64, verbose_name='Action'),
-        ),
-        migrations.AlterField(
-            model_name='loginacl',
-            name='reviewers',
-            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
-        ),
-        migrations.AlterField(
-            model_name='loginassetacl',
-            name='action',
-            field=models.CharField(default='reject', max_length=64, verbose_name='Action'),
-        ),
-        migrations.AlterField(
-            model_name='loginassetacl',
-            name='reviewers',
-            field=models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Reviewers'),
-        ),
-    ]

apps/acls/migrations/0006_commandfilteracl_commandgroup.py

@@ -1,70 +0,0 @@
-# Generated by Django 3.2.14 on 2022-12-01 11:39
-
-import uuid
-
-import django.core.validators
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('acls', '0005_auto_20221201_1846'),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name='CommandGroup',
-            fields=[
-                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
-                ('updated_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Updated by')),
-                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
-                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('org_id',
-                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('name', models.CharField(max_length=128, verbose_name='Name')),
-                ('type', models.CharField(choices=[('command', 'Command'), ('regex', 'Regex')], default='command',
-                                          max_length=16, verbose_name='Type')),
-                ('content', models.TextField(help_text='One line one command', verbose_name='Content')),
-                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
-                ('ignore_case', models.BooleanField(default=True, verbose_name='Ignore case')),
-            ],
-            options={
-                'verbose_name': 'Command filter rule',
-                'unique_together': {('org_id', 'name')},
-            },
-        ),
-        migrations.CreateModel(
-            name='CommandFilterACL',
-            fields=[
-                ('org_id',
-                 models.CharField(blank=True, db_index=True, default='', max_length=36, verbose_name='Organization')),
-                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
-                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
-                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
-                ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')),
-                ('name', models.CharField(max_length=128, verbose_name='Name')),
-                ('priority', models.IntegerField(default=50, help_text='1-100, the lower the value will be match first',
-                                                 validators=[django.core.validators.MinValueValidator(1),
-                                                             django.core.validators.MaxValueValidator(100)],
-                                                 verbose_name='Priority')),
-                ('action', models.CharField(default='reject', max_length=64, verbose_name='Action')),
-                ('is_active', models.BooleanField(default=True, verbose_name='Active')),
-                ('comment', models.TextField(blank=True, default='', verbose_name='Comment')),
-                ('users', models.JSONField(verbose_name='User')),
-                ('accounts', models.JSONField(verbose_name='Account')),
-                ('assets', models.JSONField(verbose_name='Asset')),
-                ('commands', models.ManyToManyField(to='acls.CommandGroup', verbose_name='Commands')),
-                (
-                    'reviewers',
-                    models.ManyToManyField(blank=True, to=settings.AUTH_USER_MODEL, verbose_name='Reviewers')),
-            ],
-            options={
-                'verbose_name': 'Command acl',
-                'ordering': ('priority', '-is_active', 'name'),
-                'unique_together': {('name', 'org_id')},
-            },
-        ),
-    ]

apps/acls/migrations/0007_auto_20221202_1048.py

@@ -1,21 +0,0 @@
-# Generated by Django 3.2.14 on 2022-12-02 02:48
-
-from django.db import migrations
-
-
-def migrate_login_type(apps, schema_editor):
-    login_asset_model = apps.get_model('acls', 'LoginAssetACL')
-    login_asset_model.objects.filter(action='login_confirm').update(action='review')
-
-    login_system_model = apps.get_model('acls', 'LoginACL')
-    login_system_model.objects.filter(action='confirm').update(action='review')
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('acls', '0006_commandfilteracl_commandgroup'),
-    ]
-
-    operations = [
-        migrations.RunPython(migrate_login_type),
-    ]

apps/acls/migrations/0008_commandgroup_comment.py

@@ -1,33 +0,0 @@
-# Generated by Django 3.2.14 on 2022-12-02 04:25
-
-from django.db import migrations
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('acls', '0007_auto_20221202_1048'),
-    ]
-
-    operations = [
-        migrations.AlterModelOptions(
-            name='commandgroup',
-            options={'verbose_name': 'Command group'},
-        ),
-        migrations.RenameField(
-            model_name='commandfilteracl',
-            old_name='commands',
-            new_name='command_groups',
-        ),
-        migrations.AlterModelOptions(
-            name='commandfilteracl',
-            options={'ordering': ('priority', '-is_active', 'name'), 'verbose_name': 'Command acl'},
-        ),
-        migrations.AlterModelOptions(
-            name='loginacl',
-            options={'ordering': ('priority', '-is_active', 'name'), 'verbose_name': 'Login acl'},
-        ),
-        migrations.AlterModelOptions(
-            name='loginassetacl',
-            options={'ordering': ('priority', '-is_active', 'name'), 'verbose_name': 'Login asset acl'},
-        ),
-    ]

apps/acls/migrations/0009_auto_20221220_1956.py

@@ -1,53 +0,0 @@
-# Generated by Django 3.2.14 on 2022-12-20 11:56
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('acls', '0008_commandgroup_comment'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='commandfilteracl',
-            name='updated_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by'),
-        ),
-        migrations.AddField(
-            model_name='loginacl',
-            name='updated_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by'),
-        ),
-        migrations.AddField(
-            model_name='loginassetacl',
-            name='updated_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by'),
-        ),
-        migrations.AlterField(
-            model_name='commandfilteracl',
-            name='created_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by'),
-        ),
-        migrations.AlterField(
-            model_name='commandgroup',
-            name='created_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by'),
-        ),
-        migrations.AlterField(
-            model_name='commandgroup',
-            name='updated_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Updated by'),
-        ),
-        migrations.AlterField(
-            model_name='loginacl',
-            name='created_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by'),
-        ),
-        migrations.AlterField(
-            model_name='loginassetacl',
-            name='created_by',
-            field=models.CharField(blank=True, max_length=128, null=True, verbose_name='Created by'),
-        ),
-    ]

apps/acls/migrations/0010_alter_commandfilteracl_command_groups.py

@@ -1,18 +0,0 @@
-# Generated by Django 3.2.16 on 2023-01-10 06:45
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ('acls', '0009_auto_20221220_1956'),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name='commandfilteracl',
-            name='command_groups',
-            field=models.ManyToManyField(to='acls.CommandGroup', verbose_name='Command group'),
-        ),
-    ]

apps/acls/migrations/0011_auto_20230425_1704.py

@@ -1,44 +0,0 @@
-# Generated by Django 3.2.17 on 2023-04-25 09:04
-
-from django.db import migrations, models
-
-import common.db.fields
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('acls', '0010_alter_commandfilteracl_command_groups'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='commandfilteracl',
-            name='new_accounts',
-            field=models.JSONField(default=list, verbose_name='Accounts'),
-        ),
-        migrations.AddField(
-            model_name='commandfilteracl',
-            name='new_assets',
-            field=common.db.fields.JSONManyToManyField(default=dict, to='assets.Asset', verbose_name='Assets'),
-        ),
-        migrations.AddField(
-            model_name='commandfilteracl',
-            name='new_users',
-            field=common.db.fields.JSONManyToManyField(default=dict, to='users.User', verbose_name='Users'),
-        ),
-        migrations.AddField(
-            model_name='loginassetacl',
-            name='new_accounts',
-            field=models.JSONField(default=list, verbose_name='Accounts')
-        ),
-        migrations.AddField(
-            model_name='loginassetacl',
-            name='new_assets',
-            field=common.db.fields.JSONManyToManyField(default=dict, to='assets.Asset', verbose_name='Assets'),
-        ),
-        migrations.AddField(
-            model_name='loginassetacl',
-            name='new_users',
-            field=common.db.fields.JSONManyToManyField(default=dict, to='users.User', verbose_name='Users'),
-        ),
-    ]