ignore

.dockerignore

@@ -8,4 +8,4 @@ celerybeat.pid
 ### Vagrant ###
 .vagrant/
 apps/xpack/.git
-.history/
+

.github/ISSUE_TEMPLATE/----.md

@@ -3,10 +3,7 @@ name: 需求建议
 about: 提出针对本项目的想法和建议
 title: "[Feature] "
 labels: 类型:需求
-assignees: 
-  - ibuler
-  - baijiangjie
-
+assignees: ibuler
 
 ---
 

.github/ISSUE_TEMPLATE/bug---.md

@@ -3,9 +3,7 @@ name: Bug 提交
 about: 提交产品缺陷帮助我们更好的改进
 title: "[Bug] "
 labels: 类型:bug
-assignees: 
-   - wojiushixiaobai
-   - baijiangjie
+assignees: wojiushixiaobai
 
 ---
 

.github/ISSUE_TEMPLATE/question.md

@@ -3,9 +3,7 @@ name: 问题咨询
 about: 提出针对本项目安装部署、使用及其他方面的相关问题
 title: "[Question] "
 labels: 类型:提问
-assignees: 
-  - wojiushixiaobai
-  - baijiangjie
+assignees: wojiushixiaobai
 
 ---
 

.gitignore

@@ -43,4 +43,3 @@ releashe
 /apps/script.py
 data/*
 test.py
-.history/

Dockerfile

@@ -55,7 +55,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
     && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
     && apt-get -y install --no-install-recommends ${TOOLS} \
     && mkdir -p /root/.ssh/ \
-    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
+    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config \
     && echo "set mouse-=a" > ~/.vimrc \
     && echo "no" | dpkg-reconfigure dash \
     && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \

Dockerfile.loong64

@@ -53,7 +53,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
     && apt-get -y install --no-install-recommends ${DEPENDENCIES} \
     && apt-get -y install --no-install-recommends ${TOOLS} \
     && mkdir -p /root/.ssh/ \
-    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \
+    && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null" > /root/.ssh/config \
     && echo "set mouse-=a" > ~/.vimrc \
     && echo "no" | dpkg-reconfigure dash \
     && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \
@@ -76,8 +76,8 @@ RUN --mount=type=cache,target=/root/.cache/pip \
     && pip install --upgrade setuptools wheel \
     && pip install https://download.jumpserver.org/pypi/simple/cryptography/cryptography-38.0.4-cp39-cp39-linux_loongarch64.whl \
     && pip install https://download.jumpserver.org/pypi/simple/greenlet/greenlet-1.1.2-cp39-cp39-linux_loongarch64.whl \
-    && pip install https://download.jumpserver.org/pypi/simple/PyNaCl/PyNaCl-1.5.0-cp39-cp39-linux_loongarch64.whl \
-    && pip install https://download.jumpserver.org/pypi/simple/grpcio/grpcio-1.54.0-cp39-cp39-linux_loongarch64.whl \
+    && pip install $(grep 'PyNaCl' requirements/requirements.txt) \
+    && GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=true pip install grpcio \
     && pip install $(grep -E 'jms|jumpserver' requirements/requirements.txt) -i ${PIP_JMS_MIRROR} \
     && pip install -r requirements/requirements.txt
 

README.md

@@ -54,7 +54,6 @@ JumpServer 是广受欢迎的开源堡垒机，是符合 4A 规范的专业运
 
 - [快速入门](https://docs.jumpserver.org/zh/v3/quick_start/)
 - [产品文档](https://docs.jumpserver.org)
-- [在线学习](https://edu.fit2cloud.com/page/2635362)
 - [知识库](https://kb.fit2cloud.com/categories/jumpserver)
 
 ## 案例研究

apps/accounts/api/account/account.py

@@ -1,22 +1,20 @@
 from django.shortcuts import get_object_or_404
 from rest_framework.decorators import action
-from rest_framework.generics import ListAPIView, CreateAPIView
+from rest_framework.generics import ListAPIView
 from rest_framework.response import Response
-from rest_framework.status import HTTP_200_OK
 
 from accounts import serializers
 from accounts.filters import AccountFilterSet
 from accounts.models import Account
 from assets.models import Asset, Node
-from common.api import ExtraFilterFieldsMixin
-from common.permissions import UserConfirmation, ConfirmType, IsValidUser
+from common.permissions import UserConfirmation, ConfirmType
 from common.views.mixins import RecordViewLogMixin
 from orgs.mixins.api import OrgBulkModelViewSet
 from rbac.permissions import RBACPermission
 
 __all__ = [
     'AccountViewSet', 'AccountSecretsViewSet',
-    'AccountHistoriesSecretAPI', 'AssetAccountBulkCreateApi',
+    'AccountHistoriesSecretAPI'
 ]
 
 
@@ -30,7 +28,7 @@ class AccountViewSet(OrgBulkModelViewSet):
     rbac_perms = {
         'partial_update': ['accounts.change_account'],
         'su_from_accounts': 'accounts.view_account',
-        'clear_secret': 'accounts.change_account',
+        'username_suggestions': 'accounts.view_account',
     }
 
     @action(methods=['get'], detail=False, url_path='su-from-accounts')
@@ -50,10 +48,7 @@ class AccountViewSet(OrgBulkModelViewSet):
         serializer = serializers.AccountSerializer(accounts, many=True)
         return Response(data=serializer.data)
 
-    @action(
-        methods=['get'], detail=False, url_path='username-suggestions',
-        permission_classes=[IsValidUser]
-    )
+    @action(methods=['get'], detail=False, url_path='username-suggestions')
     def username_suggestions(self, request, *args, **kwargs):
         asset_ids = request.query_params.get('assets')
         node_keys = request.query_params.get('keys')
@@ -76,12 +71,6 @@ class AccountViewSet(OrgBulkModelViewSet):
         usernames = common + others
         return Response(data=usernames)
 
-    @action(methods=['patch'], detail=False, url_path='clear-secret')
-    def clear_secret(self, request, *args, **kwargs):
-        account_ids = request.data.get('account_ids', [])
-        self.model.objects.filter(id__in=account_ids).update(secret=None)
-        return Response(status=HTTP_200_OK)
-
 
 class AccountSecretsViewSet(RecordViewLogMixin, AccountViewSet):
     """
@@ -98,21 +87,7 @@ class AccountSecretsViewSet(RecordViewLogMixin, AccountViewSet):
     }
 
 
-class AssetAccountBulkCreateApi(CreateAPIView):
-    serializer_class = serializers.AssetAccountBulkSerializer
-    rbac_perms = {
-        'POST': 'accounts.add_account',
-    }
-
-    def create(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        serializer.is_valid(raise_exception=True)
-        data = serializer.create(serializer.validated_data)
-        serializer = serializers.AssetAccountBulkSerializerResultSerializer(data, many=True)
-        return Response(data=serializer.data, status=HTTP_200_OK)
-
-
-class AccountHistoriesSecretAPI(ExtraFilterFieldsMixin, RecordViewLogMixin, ListAPIView):
+class AccountHistoriesSecretAPI(RecordViewLogMixin, ListAPIView):
     model = Account.history.model
     serializer_class = serializers.AccountHistorySerializer
     http_method_names = ['get', 'options']
@@ -124,10 +99,6 @@ class AccountHistoriesSecretAPI(ExtraFilterFieldsMixin, RecordViewLogMixin, List
     def get_object(self):
         return get_object_or_404(Account, pk=self.kwargs.get('pk'))
 
-    @staticmethod
-    def filter_spm_queryset(resource_ids, queryset):
-        return queryset.filter(history_id__in=resource_ids)
-
     def get_queryset(self):
         account = self.get_object()
         histories = account.history.all()

apps/accounts/api/account/task.py

@@ -24,16 +24,15 @@ class AccountsTaskCreateAPI(CreateAPIView):
     def perform_create(self, serializer):
         data = serializer.validated_data
         accounts = data.get('accounts', [])
-        params = data.get('params')
         account_ids = [str(a.id) for a in accounts]
 
         if data['action'] == 'push':
-            task = push_accounts_to_assets_task.delay(account_ids, params)
+            task = push_accounts_to_assets_task.delay(account_ids)
         else:
             account = accounts[0]
             asset = account.asset
-            if not asset.auto_config['ansible_enabled'] or \
-                    not asset.auto_config['ping_enabled']:
+            if not asset.auto_info['ansible_enabled'] or \
+                not asset.auto_info['ping_enabled']:
                 raise NotSupportedTemporarilyError()
             task = verify_accounts_connectivity_task.delay(account_ids)
 

apps/accounts/api/account/template.py

@@ -1,13 +1,13 @@
 from django_filters import rest_framework as drf_filters
 
+from assets.const import Protocol
 from accounts import serializers
 from accounts.models import AccountTemplate
-from assets.const import Protocol
-from common.drf.filters import BaseFilterSet
-from common.permissions import UserConfirmation, ConfirmType
-from common.views.mixins import RecordViewLogMixin
 from orgs.mixins.api import OrgBulkModelViewSet
 from rbac.permissions import RBACPermission
+from common.permissions import UserConfirmation, ConfirmType
+from common.views.mixins import RecordViewLogMixin
+from common.drf.filters import BaseFilterSet
 
 
 class AccountTemplateFilterSet(BaseFilterSet):
@@ -27,8 +27,6 @@ class AccountTemplateFilterSet(BaseFilterSet):
                 continue
             _st = protocol_secret_type_map[p].get('secret_types', [])
             secret_types.update(_st)
-        if not secret_types:
-            secret_types = ['password']
         queryset = queryset.filter(secret_type__in=secret_types)
         return queryset
 

apps/accounts/api/automations/gather_accounts.py

@@ -1,11 +1,13 @@
 # -*- coding: utf-8 -*-
 #
+from django.utils.translation import ugettext_lazy as _
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.response import Response
 
 from accounts import serializers
 from accounts.const import AutomationTypes
+from accounts.const import Source
 from accounts.filters import GatheredAccountFilterSet
 from accounts.models import GatherAccountsAutomation
 from accounts.models import GatheredAccount
@@ -48,12 +50,22 @@ class GatheredAccountViewSet(OrgBulkModelViewSet):
         'default': serializers.GatheredAccountSerializer,
     }
     rbac_perms = {
-        'sync_accounts': 'assets.add_gatheredaccount',
+        'sync_account': 'assets.add_gatheredaccount',
     }
 
-    @action(methods=['post'], detail=False, url_path='sync-accounts')
-    def sync_accounts(self, request, *args, **kwargs):
-        gathered_account_ids = request.data.get('gathered_account_ids')
-        gathered_accounts = self.model.objects.filter(id__in=gathered_account_ids)
-        self.model.sync_accounts(gathered_accounts)
+    @action(methods=['post'], detail=True, url_path='sync')
+    def sync_account(self, request, *args, **kwargs):
+        gathered_account = super().get_object()
+        asset = gathered_account.asset
+        username = gathered_account.username
+        accounts = asset.accounts.filter(username=username)
+
+        if accounts.exists():
+            accounts.update(source=Source.COLLECTED)
+        else:
+            asset.accounts.model.objects.create(
+                asset=asset, username=username,
+                name=f'{username}-{_("Collected")}',
+                source=Source.COLLECTED
+            )
         return Response(status=status.HTTP_201_CREATED)

apps/accounts/automations/change_secret/custom/ssh/main.yml

@@ -1,40 +0,0 @@
-- hosts: custom
-  gather_facts: no
-  vars:
-    ansible_connection: local
-
-  tasks:
-    - name: Test privileged account
-      ssh_ping:
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_secret_type: "{{ jms_account.secret_type }}"
-        login_private_key_path: "{{ jms_account.private_key_path }}"
-      register: ping_info
-
-    - name: Change asset password
-      custom_command:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_secret_type: "{{ jms_account.secret_type }}"
-        login_private_key_path: "{{ jms_account.private_key_path }}"
-        name: "{{ account.username }}"
-        password: "{{ account.secret }}"
-        commands: "{{ params.commands }}"
-        first_conn_delay_time: "{{ first_conn_delay_time | default(0.5) }}"
-      when: ping_info is succeeded
-      register: change_info
-
-    - name: Verify password
-      ssh_ping:
-        login_user: "{{ account.username }}"
-        login_password: "{{ account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-      when:
-        - ping_info is succeeded
-        - change_info is succeeded

apps/accounts/automations/change_secret/custom/ssh/manifest.yml

@@ -1,19 +0,0 @@
-id: change_secret_by_ssh
-name: "{{ 'SSH account change secret' | trans }}"
-category:
-  - device
-  - host
-type:
-  - all
-method: change_secret
-params:
-  - name: commands
-    type: list
-    label: '自定义命令'
-    default: [ '' ]
-    help_text: '自定义命令中如需包含账号的 账号、密码、SSH 连接的用户密码 字段，<br />请使用 &#123;username&#125;、&#123;password&#125;、&#123;login_password&#125;格式，执行任务时会进行替换 。<br />比如针对 Cisco 主机进行改密，一般需要配置五条命令：<br />1. enable<br />2. &#123;login_password&#125;<br />3. configure terminal<br />4. username &#123;username&#125; privilege 0 password &#123;password&#125; <br />5. end'
-
-i18n:
-  SSH account change secret:
-    zh: SSH 账号改密
-    ja: SSH アカウントのパスワード変更

apps/accounts/automations/change_secret/database/mongodb/manifest.yml

@@ -1,11 +1,6 @@
 id: change_secret_mongodb
-name: "{{ 'MongoDB account change secret' | trans }}"
+name: Change secret for MongoDB
 category: database
 type:
   - mongodb
 method: change_secret
-
-i18n:
-  MongoDB account change secret:
-    zh: MongoDB 账号改密
-    ja: MongoDB アカウントのパスワード変更

apps/accounts/automations/change_secret/database/mysql/manifest.yml

@@ -1,12 +1,7 @@
 id: change_secret_mysql
-name: "{{ 'MySQL account change secret' | trans }}"
+name: Change secret for MySQL
 category: database
 type:
   - mysql
   - mariadb
 method: change_secret
-
-i18n:
-  MySQL account change secret:
-    zh: MySQL 账号改密
-    ja: MySQL アカウントのパスワード変更

apps/accounts/automations/change_secret/database/oracle/manifest.yml

@@ -1,11 +1,6 @@
 id: change_secret_oracle
-name: "{{ 'Oracle account change secret' | trans }}"
+name: Change secret for Oracle
 category: database
 type:
   - oracle
 method: change_secret
-
-i18n:
-  Oracle account change secret:
-    zh: Oracle 账号改密
-    ja: Oracle アカウントのパスワード変更

apps/accounts/automations/change_secret/database/postgresql/manifest.yml

@@ -1,11 +1,6 @@
 id: change_secret_postgresql
-name: "{{ 'PostgreSQL account change secret' | trans }}"
+name: Change secret for PostgreSQL
 category: database
 type:
   - postgresql
 method: change_secret
-
-i18n:
-  PostgreSQL account change secret:
-    zh: PostgreSQL 账号改密
-    ja: PostgreSQL アカウントのパスワード変更

apps/accounts/automations/change_secret/database/sqlserver/manifest.yml

@@ -1,11 +1,6 @@
 id: change_secret_sqlserver
-name: "{{ 'SQLServer account change secret' | trans }}"
+name: Change secret for SQLServer
 category: database
 type:
   - sqlserver
 method: change_secret
-
-i18n:
-  SQLServer account change secret:
-    zh: SQLServer 账号改密
-    ja: SQLServer アカウントのパスワード変更

apps/accounts/automations/change_secret/host/aix/main.yml

@@ -18,18 +18,18 @@
 
     - name: remove jumpserver ssh key
       ansible.builtin.lineinfile:
-        dest: "{{ ssh_params.dest }}"
-        regexp: "{{ ssh_params.regexp }}"
+        dest: "{{ kwargs.dest }}"
+        regexp: "{{ kwargs.regexp }}"
         state: absent
       when:
       - account.secret_type == "ssh_key"
-      - ssh_params.strategy == "set_jms"
+      - kwargs.strategy == "set_jms"
 
     - name: Change SSH key
       ansible.builtin.authorized_key:
         user: "{{ account.username }}"
         key: "{{ account.secret }}"
-        exclusive: "{{ ssh_params.exclusive }}"
+        exclusive: "{{ kwargs.exclusive }}"
       when: account.secret_type == "ssh_key"
 
     - name: Refresh connection

apps/accounts/automations/change_secret/host/aix/manifest.yml

@@ -1,11 +1,6 @@
 id: change_secret_aix
-name: "{{ 'AIX account change secret' | trans }}"
+name: Change secret for aix
 category: host
 type:
   - AIX
 method: change_secret
-
-i18n:
-  AIX account change secret:
-    zh: AIX 账号改密
-    ja: AIX アカウントのパスワード変更

apps/accounts/automations/change_secret/host/posix/main.yml

@@ -18,18 +18,18 @@
 
     - name: remove jumpserver ssh key
       ansible.builtin.lineinfile:
-        dest: "{{ ssh_params.dest }}"
-        regexp: "{{ ssh_params.regexp }}"
+        dest: "{{ kwargs.dest }}"
+        regexp: "{{ kwargs.regexp }}"
         state: absent
       when:
         - account.secret_type == "ssh_key"
-        - ssh_params.strategy == "set_jms"
+        - kwargs.strategy == "set_jms"
 
     - name: Change SSH key
       ansible.builtin.authorized_key:
         user: "{{ account.username }}"
         key: "{{ account.secret }}"
-        exclusive: "{{ ssh_params.exclusive }}"
+        exclusive: "{{ kwargs.exclusive }}"
       when: account.secret_type == "ssh_key"
 
     - name: Refresh connection

apps/accounts/automations/change_secret/host/posix/manifest.yml

@@ -1,12 +1,7 @@
 id: change_secret_posix
-name: "{{ 'Posix account change secret' | trans }}"
+name: Change secret for posix
 category: host
 type:
   - unix
   - linux
 method: change_secret
-
-i18n:
-  Posix account change secret:
-    zh: Posix 账号改密
-    ja: Posix アカウントのパスワード変更

apps/accounts/automations/change_secret/host/windows/manifest.yml

@@ -1,12 +1,7 @@
 id: change_secret_local_windows
-name: "{{ 'Windows account change secret' | trans }}"
+name: Change secret local account for Windows
 version: 1
 method: change_secret
 category: host
 type:
   - windows
-
-i18n:
-  Windows account change secret:
-    zh: Windows 账号改密
-    ja: Windows アカウントのパスワード変更

apps/accounts/automations/change_secret/manager.py

@@ -42,7 +42,7 @@ class ChangeSecretManager(AccountBasePlaybookManager):
     def method_type(cls):
         return AutomationTypes.change_secret
 
-    def get_ssh_params(self, account, secret, secret_type):
+    def get_kwargs(self, account, secret, secret_type):
         kwargs = {}
         if secret_type != SecretType.SSH_KEY:
             return kwargs
@@ -76,11 +76,6 @@ class ChangeSecretManager(AccountBasePlaybookManager):
         accounts = accounts.filter(id__in=self.account_ids)
         if self.secret_type:
             accounts = accounts.filter(secret_type=self.secret_type)
-
-        if settings.CHANGE_AUTH_PLAN_SECURE_MODE_ENABLED:
-            accounts = accounts.filter(privileged=False).exclude(
-                username__in=['root', 'administrator']
-            )
         return accounts
 
     def host_callback(
@@ -111,7 +106,6 @@ class ChangeSecretManager(AccountBasePlaybookManager):
             print(f'Windows {asset} does not support ssh key push')
             return inventory_hosts
 
-        host['ssh_params'] = {}
         for account in accounts:
             h = deepcopy(host)
             secret_type = account.secret_type
@@ -130,7 +124,7 @@ class ChangeSecretManager(AccountBasePlaybookManager):
                 private_key_path = self.generate_private_key_path(new_secret, path_dir)
                 new_secret = self.generate_public_key(new_secret)
 
-            h['ssh_params'].update(self.get_ssh_params(account, new_secret, secret_type))
+            h['kwargs'] = self.get_kwargs(account, new_secret, secret_type)
             h['account'] = {
                 'name': account.name,
                 'username': account.username,

apps/accounts/automations/gather_accounts/database/mongodb/manifest.yml

@@ -1,11 +1,6 @@
 id: gather_accounts_mongodb
-name: "{{ 'MongoDB account gather' | trans }}"
+name: Gather account from MongoDB
 category: database
 type:
   - mongodb
 method: gather_accounts
-
-i18n:
-  MongoDB account gather:
-    zh: MongoDB 账号收集
-    ja: MongoDB アカウントの収集

apps/accounts/automations/gather_accounts/database/mysql/manifest.yml

@@ -1,12 +1,7 @@
 id: gather_accounts_mysql
-name: "{{ 'MySQL account gather' | trans }}"
+name: Gather account from MySQL
 category: database
 type:
   - mysql
   - mariadb
 method: gather_accounts
-
-i18n:
-  MySQL account gather:
-    zh: MySQL 账号收集
-    ja: MySQL アカウントの収集

apps/accounts/automations/gather_accounts/database/oracle/manifest.yml

@@ -1,11 +1,6 @@
 id: gather_accounts_oracle
-name: "{{ 'Oracle account gather' | trans }}"
+name: Gather account from Oracle
 category: database
 type:
   - oracle
 method: gather_accounts
-
-i18n:
-  Oracle account gather:
-    zh: Oracle 账号收集
-    ja: Oracle アカウントの収集

apps/accounts/automations/gather_accounts/database/postgresql/manifest.yml

@@ -1,11 +1,6 @@
 id: gather_accounts_postgresql
-name: "{{ 'PostgreSQL account gather' | trans }}"
+name: Gather account for PostgreSQL
 category: database
 type:
   - postgresql
 method: gather_accounts
-
-i18n:
-  PostgreSQL account gather:
-    zh: PostgreSQL 账号收集
-    ja: PostgreSQL アカウントの収集

apps/accounts/automations/gather_accounts/host/posix/manifest.yml

@@ -1,12 +1,7 @@
 id: gather_accounts_posix
-name: "{{ 'Posix account gather' | trans }}"
+name: Gather posix account
 category: host
 type:
   - linux
   - unix
 method: gather_accounts
-
-i18n:
-  Posix account gather:
-    zh: Posix 账号收集
-    ja: Posix アカウントの収集

apps/accounts/automations/gather_accounts/host/windows/manifest.yml

@@ -1,12 +1,7 @@
 id: gather_accounts_windows
-name: "{{ 'Windows account gather' | trans }}"
+name: Gather account windows
 version: 1
 method: gather_accounts
 category: host
 type:
   - windows
-
-i18n:
-  Windows account gather:
-    zh: Windows 账号收集
-    ja: Windows アカウントの収集

apps/accounts/automations/gather_accounts/manager.py

@@ -12,7 +12,6 @@ class GatherAccountsManager(AccountBasePlaybookManager):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.host_asset_mapper = {}
-        self.is_sync_account = self.execution.snapshot.get('is_sync_account')
 
     @classmethod
     def method_type(cls):
@@ -26,38 +25,26 @@ class GatherAccountsManager(AccountBasePlaybookManager):
     def filter_success_result(self, tp, result):
         result = GatherAccountsFilter(tp).run(self.method_id_meta_mapper, result)
         return result
-    @staticmethod
-    def generate_data(asset, result):
-        data = []
-        for username, info in result.items():
-            d = {'asset': asset, 'username': username, 'present': True}
-            if info.get('date'):
-                d['date_last_login'] = info['date']
-            if info.get('address'):
-                d['address_last_login'] = info['address'][:32]
-            data.append(d)
-        return data
 
-    def update_or_create_accounts(self, asset, result):
-        data = self.generate_data(asset, result)
+    @staticmethod
+    def update_or_create_gathered_accounts(asset, result):
         with tmp_to_org(asset.org_id):
-            gathered_accounts = []
             GatheredAccount.objects.filter(asset=asset, present=True).update(present=False)
-            for d in data:
-                username = d['username']
-                gathered_account, __ = GatheredAccount.objects.update_or_create(
+            for username, data in result.items():
+                d = {'asset': asset, 'username': username, 'present': True}
+                if data.get('date'):
+                    d['date_last_login'] = data['date']
+                if data.get('address'):
+                    d['address_last_login'] = data['address'][:32]
+                GatheredAccount.objects.update_or_create(
                     defaults=d, asset=asset, username=username,
                 )
-                gathered_accounts.append(gathered_account)
-            if not self.is_sync_account:
-                return
-            GatheredAccount.sync_accounts(gathered_accounts)
 
     def on_host_success(self, host, result):
         info = result.get('debug', {}).get('res', {}).get('info', {})
         asset = self.host_asset_mapper.get(host)
         if asset and info:
             result = self.filter_success_result(asset.type, info)
-            self.update_or_create_accounts(asset, result)
+            self.update_or_create_gathered_accounts(asset, result)
         else:
             logger.error("Not found info".format(host))

apps/accounts/automations/methods.py

@@ -1,6 +1,30 @@
 import os
+import copy
 
+from accounts.const import AutomationTypes
 from assets.automations.methods import get_platform_automation_methods
 
+
+def copy_change_secret_to_push_account(methods):
+    push_account = AutomationTypes.push_account
+    change_secret = AutomationTypes.change_secret
+    copy_methods = copy.deepcopy(methods)
+    for method in copy_methods:
+        if not method['id'].startswith(change_secret):
+            continue
+        copy_method = copy.deepcopy(method)
+        copy_method['method'] = push_account.value
+        copy_method['id'] = copy_method['id'].replace(
+            change_secret, push_account
+        )
+        copy_method['name'] = copy_method['name'].replace(
+            'Change secret', 'Push account'
+        )
+        methods.append(copy_method)
+    return methods
+
+
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-platform_automation_methods = get_platform_automation_methods(BASE_DIR)
+automation_methods = get_platform_automation_methods(BASE_DIR)
+
+platform_automation_methods = copy_change_secret_to_push_account(automation_methods)

apps/accounts/automations/push_account/database/mongodb/main.yml

@@ -1,58 +0,0 @@
-- hosts: mongodb
-  gather_facts: no
-  vars:
-    ansible_python_interpreter: /usr/local/bin/python
-
-  tasks:
-    - name: Test MongoDB connection
-      mongodb_ping:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_database: "{{ jms_asset.spec_info.db_name }}"
-        ssl: "{{ jms_asset.spec_info.use_ssl }}"
-        ssl_ca_certs: "{{ jms_asset.secret_info.ca_cert }}"
-        ssl_certfile: "{{ jms_asset.secret_info.client_key }}"
-        connection_options:
-          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
-      register: db_info
-
-    - name: Display MongoDB version
-      debug:
-        var: db_info.server_version
-      when: db_info is succeeded
-
-    - name: Change MongoDB password
-      mongodb_user:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_database: "{{ jms_asset.spec_info.db_name }}"
-        ssl: "{{ jms_asset.spec_info.use_ssl }}"
-        ssl_ca_certs: "{{ jms_asset.secret_info.ca_cert }}"
-        ssl_certfile: "{{ jms_asset.secret_info.client_key }}"
-        connection_options:
-          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
-        db: "{{ jms_asset.spec_info.db_name }}"
-        name: "{{ account.username }}"
-        password: "{{ account.secret }}"
-      when: db_info is succeeded
-      register: change_info
-
-    - name: Verify password
-      mongodb_ping:
-        login_user: "{{ account.username }}"
-        login_password: "{{ account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_database: "{{ jms_asset.spec_info.db_name }}"
-        ssl: "{{ jms_asset.spec_info.use_ssl }}"
-        ssl_ca_certs: "{{ jms_asset.secret_info.ca_cert }}"
-        ssl_certfile: "{{ jms_asset.secret_info.client_key }}"
-        connection_options:
-          - tlsAllowInvalidHostnames: "{{ jms_asset.spec_info.allow_invalid_cert}}"
-      when:
-        - db_info is succeeded
-        - change_info is succeeded

apps/accounts/automations/push_account/database/mongodb/manifest.yml

@@ -1,11 +0,0 @@
-id: push_account_mongodb
-name: "{{ 'MongoDB account push' | trans }}"
-category: database
-type:
-  - mongodb
-method: push_account
-
-i18n:
-  MongoDB account push:
-    zh: MongoDB 账号推送
-    ja: MongoDB アカウントのプッシュ

apps/accounts/automations/push_account/database/mysql/main.yml

@@ -1,43 +0,0 @@
-- hosts: mysql
-  gather_facts: no
-  vars:
-    ansible_python_interpreter: /usr/local/bin/python
-    db_name: "{{ jms_asset.spec_info.db_name }}"
-
-  tasks:
-    - name: Test MySQL connection
-      community.mysql.mysql_info:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        filter: version
-      register: db_info
-
-    - name: MySQL version
-      debug:
-        var: db_info.version.full
-
-    - name: Change MySQL password
-      community.mysql.mysql_user:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        name: "{{ account.username }}"
-        password: "{{ account.secret }}"
-        host: "%"
-        priv: "{{ account.username + '.*:USAGE' if db_name == '' else db_name + '.*:ALL' }}"
-      when: db_info is succeeded
-      register: change_info
-
-    - name: Verify password
-      community.mysql.mysql_info:
-        login_user: "{{ account.username }}"
-        login_password: "{{ account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        filter: version
-      when:
-        - db_info is succeeded
-        - change_info is succeeded

apps/accounts/automations/push_account/database/mysql/manifest.yml

@@ -1,12 +0,0 @@
-id: push_account_mysql
-name: "{{ 'MySQL account push' | trans }}"
-category: database
-type:
-  - mysql
-  - mariadb
-method: push_account
-
-i18n:
-  MySQL account push:
-    zh: MySQL 账号推送
-    ja: MySQL アカウントのプッシュ

apps/accounts/automations/push_account/database/oracle/main.yml

@@ -1,44 +0,0 @@
-- hosts: oracle
-  gather_facts: no
-  vars:
-    ansible_python_interpreter: /usr/local/bin/python
-
-  tasks:
-    - name: Test Oracle connection
-      oracle_ping:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_database: "{{ jms_asset.spec_info.db_name }}"
-        mode: "{{ jms_account.mode }}"
-      register: db_info
-
-    - name: Display Oracle version
-      debug:
-        var: db_info.server_version
-      when: db_info is succeeded
-
-    - name: Change Oracle password
-      oracle_user:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_database: "{{ jms_asset.spec_info.db_name }}"
-        mode: "{{ jms_account.mode }}"
-        name: "{{ account.username }}"
-        password: "{{ account.secret }}"
-      when: db_info is succeeded
-      register: change_info
-
-    - name: Verify password
-      oracle_ping:
-        login_user: "{{ account.username }}"
-        login_password: "{{ account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_database: "{{ jms_asset.spec_info.db_name }}"
-      when:
-        - db_info is succeeded
-        - change_info is succeeded

apps/accounts/automations/push_account/database/oracle/manifest.yml

@@ -1,11 +0,0 @@
-id: push_account_oracle
-name: "{{ 'Oracle account push' | trans }}"
-category: database
-type:
-  - oracle
-method: push_account
-
-i18n:
-  Oracle account push:
-    zh: Oracle 账号推送
-    ja: Oracle アカウントのプッシュ

apps/accounts/automations/push_account/database/postgresql/main.yml

@@ -1,46 +0,0 @@
-- hosts: postgre
-  gather_facts: no
-  vars:
-    ansible_python_interpreter: /usr/local/bin/python
-
-  tasks:
-    - name: Test PostgreSQL connection
-      community.postgresql.postgresql_ping:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_db: "{{ jms_asset.spec_info.db_name }}"
-      register: result
-      failed_when: not result.is_available
-
-    - name: Display PostgreSQL version
-      debug:
-        var: result.server_version.full
-      when: result is succeeded
-
-    - name: Change PostgreSQL password
-      community.postgresql.postgresql_user:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        db: "{{ jms_asset.spec_info.db_name }}"
-        name: "{{ account.username }}"
-        password: "{{ account.secret }}"
-        role_attr_flags: LOGIN
-      when: result is succeeded
-      register: change_info
-
-    - name: Verify password
-      community.postgresql.postgresql_ping:
-        login_user: "{{ account.username }}"
-        login_password: "{{ account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        db: "{{ jms_asset.spec_info.db_name }}"
-      when:
-        - result is succeeded
-        - change_info is succeeded
-      register: result
-      failed_when: not result.is_available

apps/accounts/automations/push_account/database/postgresql/manifest.yml

@@ -1,11 +0,0 @@
-id: push_account_postgresql
-name: "{{ 'PostgreSQL account push' | trans }}"
-category: database
-type:
-  - postgresql
-method: push_account
-
-i18n:
-  PostgreSQL account push:
-    zh: PostgreSQL 账号推送
-    ja: PostgreSQL アカウントのプッシュ

apps/accounts/automations/push_account/database/sqlserver/main.yml

@@ -1,69 +0,0 @@
-- hosts: sqlserver
-  gather_facts: no
-  vars:
-    ansible_python_interpreter: /usr/local/bin/python
-
-  tasks:
-    - name: Test SQLServer connection
-      community.general.mssql_script:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        name: '{{ jms_asset.spec_info.db_name }}'
-        script: |
-          SELECT @@version
-      register: db_info
-
-    - name: SQLServer version
-      set_fact:
-        info:
-          version: "{{ db_info.query_results[0][0][0][0].splitlines()[0] }}"
-    - debug:
-        var: info
-
-    - name: Check whether SQLServer User exist
-      community.general.mssql_script:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        name: '{{ jms_asset.spec_info.db_name }}'
-        script: "SELECT 1 from sys.sql_logins WHERE name='{{ account.username }}';"
-      when: db_info is succeeded
-      register: user_exist
-
-    - name: Change SQLServer password
-      community.general.mssql_script:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        name: '{{ jms_asset.spec_info.db_name }}'
-        script: "ALTER LOGIN {{ account.username }} WITH PASSWORD = '{{ account.secret }}'; select @@version"
-      when: user_exist.query_results[0] | length != 0
-      register: change_info
-
-    - name: Add SQLServer user
-      community.general.mssql_script:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        name: '{{ jms_asset.spec_info.db_name }}'
-        script: "CREATE LOGIN {{ account.username }} WITH PASSWORD = '{{ account.secret }}'; select @@version"
-      when: user_exist.query_results[0] | length == 0
-      register: change_info
-
-    - name: Verify password
-      community.general.mssql_script:
-        login_user: "{{ account.username }}"
-        login_password: "{{ account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        name: '{{ jms_asset.spec_info.db_name }}'
-        script: |
-          SELECT @@version
-      when:
-        - db_info is succeeded
-        - change_info is succeeded

apps/accounts/automations/push_account/database/sqlserver/manifest.yml

@@ -1,11 +0,0 @@
-id: push_account_sqlserver
-name: "{{ 'SQLServer account push' | trans }}"
-category: database
-type:
-  - sqlserver
-method: push_account
-
-i18n:
-  SQLServer account push:
-    zh: SQLServer 账号推送
-    ja: SQLServer アカウントのプッシュ

apps/accounts/automations/push_account/host/aix/main.yml

@@ -1,93 +0,0 @@
-- hosts: demo
-  gather_facts: no
-  tasks:
-    - name: Test privileged account
-      ansible.builtin.ping:
-
-    - name: Push user
-      ansible.builtin.user:
-        name: "{{ account.username }}"
-        shell: "{{ params.shell }}"
-        home: "{{ '/home/' + account.username }}"
-        groups: "{{ params.groups }}"
-        expires: -1
-        state: present
-
-    - name: "Add {{ account.username }} group"
-      ansible.builtin.group:
-        name: "{{ account.username }}"
-        state: present
-
-    - name: Check home dir exists
-      ansible.builtin.stat:
-        path: "{{ '/home/' + account.username }}"
-      register: home_existed
-
-    - name: Set home dir permission
-      ansible.builtin.file:
-        path: "{{ '/home/' + account.username }}"
-        owner: "{{ account.username }}"
-        group: "{{ account.username }}"
-        mode: "0700"
-      when:
-        - home_existed.stat.exists == true
-
-    - name: Add user groups
-      ansible.builtin.user:
-        name: "{{ account.username }}"
-        groups: "{{ params.groups }}"
-      when: params.groups
-
-    - name: Push user password
-      ansible.builtin.user:
-        name: "{{ account.username }}"
-        password: "{{ account.secret | password_hash('sha512') }}"
-        update_password: always
-      when: account.secret_type == "password"
-
-    - name: remove jumpserver ssh key
-      ansible.builtin.lineinfile:
-        dest: "{{ ssh_params.dest }}"
-        regexp: "{{ ssh_params.regexp }}"
-        state: absent
-      when:
-        - account.secret_type == "ssh_key"
-        - ssh_params.strategy == "set_jms"
-
-    - name: Push SSH key
-      ansible.builtin.authorized_key:
-        user: "{{ account.username }}"
-        key: "{{ account.secret }}"
-        exclusive: "{{ ssh_params.exclusive }}"
-      when: account.secret_type == "ssh_key"
-
-    - name: Set sudo setting
-      ansible.builtin.lineinfile:
-        dest: /etc/sudoers
-        state: present
-        regexp: "^{{ account.username }} ALL="
-        line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
-        validate: visudo -cf %s
-      when:
-        - params.sudo
-
-    - name: Refresh connection
-      ansible.builtin.meta: reset_connection
-
-    - name: Verify password
-      ansible.builtin.ping:
-      become: no
-      vars:
-        ansible_user: "{{ account.username }}"
-        ansible_password: "{{ account.secret }}"
-        ansible_become: no
-      when: account.secret_type == "password"
-
-    - name: Verify SSH key
-      ansible.builtin.ping:
-      become: no
-      vars:
-        ansible_user: "{{ account.username }}"
-        ansible_ssh_private_key_file: "{{ account.private_key_path }}"
-        ansible_become: no
-      when: account.secret_type == "ssh_key"

apps/accounts/automations/push_account/host/aix/manifest.yml

@@ -1,29 +0,0 @@
-id: push_account_aix
-name: "{{ 'Aix account push' | trans }}"
-category: host
-type:
-  - AIX
-method: push_account
-params:
-  - name: sudo
-    type: str
-    label: 'Sudo'
-    default: '/bin/whoami'
-    help_text: '使用逗号分隔多个命令，如: /bin/whoami,/sbin/ifconfig'
-
-  - name: shell
-    type: str
-    label: 'Shell'
-    default: '/bin/bash'
-
-  - name: groups
-    type: str
-    label: '用户组'
-    default: ''
-    help_text: '请输入用户组，多个用户组使用逗号分隔（需填写已存在的用户组）'
-
-i18n:
-  Aix account push:
-    zh: Aix 账号推送
-    ja: Aix アカウントのプッシュ
-

apps/accounts/automations/push_account/host/posix/main.yml

@@ -1,93 +0,0 @@
-- hosts: demo
-  gather_facts: no
-  tasks:
-    - name: Test privileged account
-      ansible.builtin.ping:
-
-    - name: Push user
-      ansible.builtin.user:
-        name: "{{ account.username }}"
-        shell: "{{ params.shell }}"
-        home: "{{ '/home/' + account.username }}"
-        groups: "{{ params.groups }}"
-        expires: -1
-        state: present
-
-    - name: "Add {{ account.username }} group"
-      ansible.builtin.group:
-        name: "{{ account.username }}"
-        state: present
-
-    - name: Check home dir exists
-      ansible.builtin.stat:
-        path: "{{ '/home/' + account.username }}"
-      register: home_existed
-
-    - name: Set home dir permission
-      ansible.builtin.file:
-        path: "{{ '/home/' + account.username }}"
-        owner: "{{ account.username }}"
-        group: "{{ account.username }}"
-        mode: "0700"
-      when:
-        - home_existed.stat.exists == true
-
-    - name: Add user groups
-      ansible.builtin.user:
-        name: "{{ account.username }}"
-        groups: "{{ params.groups }}"
-      when: params.groups
-
-    - name: Push user password
-      ansible.builtin.user:
-        name: "{{ account.username }}"
-        password: "{{ account.secret | password_hash('sha512') }}"
-        update_password: always
-      when: account.secret_type == "password"
-
-    - name: remove jumpserver ssh key
-      ansible.builtin.lineinfile:
-        dest: "{{ ssh_params.dest }}"
-        regexp: "{{ ssh_params.regexp }}"
-        state: absent
-      when:
-        - account.secret_type == "ssh_key"
-        - ssh_params.strategy == "set_jms"
-
-    - name: Push SSH key
-      ansible.builtin.authorized_key:
-        user: "{{ account.username }}"
-        key: "{{ account.secret }}"
-        exclusive: "{{ ssh_params.exclusive }}"
-      when: account.secret_type == "ssh_key"
-
-    - name: Set sudo setting
-      ansible.builtin.lineinfile:
-        dest: /etc/sudoers
-        state: present
-        regexp: "^{{ account.username }} ALL="
-        line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
-        validate: visudo -cf %s
-      when:
-        - params.sudo
-
-    - name: Refresh connection
-      ansible.builtin.meta: reset_connection
-
-    - name: Verify password
-      ansible.builtin.ping:
-      become: no
-      vars:
-        ansible_user: "{{ account.username }}"
-        ansible_password: "{{ account.secret }}"
-        ansible_become: no
-      when: account.secret_type == "password"
-
-    - name: Verify SSH key
-      ansible.builtin.ping:
-      become: no
-      vars:
-        ansible_user: "{{ account.username }}"
-        ansible_ssh_private_key_file: "{{ account.private_key_path }}"
-        ansible_become: no
-      when: account.secret_type == "ssh_key"

apps/accounts/automations/push_account/host/posix/manifest.yml

@@ -1,30 +0,0 @@
-id: push_account_posix
-name: "{{ 'Posix account push' | trans }}"
-category: host
-type:
-  - unix
-  - linux
-method: push_account
-params:
-  - name: sudo
-    type: str
-    label: 'Sudo'
-    default: '/bin/whoami'
-    help_text: '使用逗号分隔多个命令，如: /bin/whoami,/sbin/ifconfig'
-
-  - name: shell
-    type: str
-    label: 'Shell'
-    default: '/bin/bash'
-    help_text: ''
-
-  - name: groups
-    type: str
-    label: '用户组'
-    default: ''
-    help_text: '请输入用户组，多个用户组使用逗号分隔（需填写已存在的用户组）'
-
-i18n:
-  Posix account push:
-    zh: Posix 账号推送
-    ja: Posix アカウントのプッシュ

apps/accounts/automations/push_account/host/windows/main.yml

@@ -1,30 +0,0 @@
-- hosts: demo
-  gather_facts: no
-  tasks:
-    - name: Test privileged account
-      ansible.windows.win_ping:
-
-#    - name: Print variables
-#      debug:
-#        msg: "Username: {{ account.username }}, Password: {{ account.secret }}"
-
-    - name: Push user password
-      ansible.windows.win_user:
-        fullname: "{{ account.username}}"
-        name: "{{ account.username }}"
-        password: "{{ account.secret }}"
-        password_never_expires: yes
-        groups: "{{ params.groups }}"
-        groups_action: add
-        update_password: always
-      when: account.secret_type == "password"
-
-    - name: Refresh connection
-      ansible.builtin.meta: reset_connection
-
-    - name: Verify password
-      ansible.windows.win_ping:
-      vars:
-        ansible_user: "{{ account.username }}"
-        ansible_password: "{{ account.secret }}"
-      when: account.secret_type == "password"

apps/accounts/automations/push_account/host/windows/manifest.yml

@@ -1,18 +0,0 @@
-id: push_account_local_windows
-name: "{{ 'Windows account push' | trans }}"
-version: 1
-method: push_account
-category: host
-type:
-  - windows
-params:
-  - name: groups
-    type: str
-    label: '用户组'
-    default: 'Users,Remote Desktop Users'
-    help_text: '请输入用户组，多个用户组使用逗号分隔（需填写已存在的用户组）'
-
-i18n:
-  Windows account push:
-    zh: Windows 账号推送
-    ja: Windows アカウントのプッシュ

apps/accounts/automations/push_account/manager.py

@@ -1,6 +1,6 @@
 from copy import deepcopy
 
-from accounts.const import AutomationTypes, SecretType, Connectivity
+from accounts.const import AutomationTypes, SecretType
 from assets.const import HostTypes
 from common.utils import get_logger
 from ..base.manager import AccountBasePlaybookManager
@@ -31,7 +31,6 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager):
             print(msg)
             return inventory_hosts
 
-        host['ssh_params'] = {}
         for account in accounts:
             h = deepcopy(host)
             secret_type = account.secret_type
@@ -50,7 +49,7 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager):
                 private_key_path = self.generate_private_key_path(new_secret, path_dir)
                 new_secret = self.generate_public_key(new_secret)
 
-            h['ssh_params'].update(self.get_ssh_params(account, new_secret, secret_type))
+            h['kwargs'] = self.get_kwargs(account, new_secret, secret_type)
             h['account'] = {
                 'name': account.name,
                 'username': account.username,
@@ -74,7 +73,6 @@ class PushAccountManager(ChangeSecretManager, AccountBasePlaybookManager):
             return
         account.secret = new_secret
         account.save(update_fields=['secret'])
-        account.set_connectivity(Connectivity.OK)
 
     def on_host_error(self, host, error, result):
         pass

apps/accounts/automations/verify_account/custom/main.yml

@@ -1,14 +0,0 @@
-- hosts: custom
-  gather_facts: no
-  vars:
-    ansible_connection: local
-
-  tasks:
-    - name: Verify account
-      ssh_ping:
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_user: "{{ account.username }}"
-        login_password: "{{ account.secret }}"
-        login_secret_type: "{{ jms_account.secret_type }}"
-        login_private_key_path: "{{ jms_account.private_key_path }}"

apps/accounts/automations/verify_account/custom/manifest.yml

@@ -1,13 +0,0 @@
-id: verify_account_by_ssh
-name: "{{ 'SSH account verify' | trans }}"
-category:
-  - device
-  - host
-type:
-  - all
-method: verify_account
-
-i18n:
-  SSH account verify:
-    zh: SSH 账号验证
-    ja: SSH アカウントの検証

apps/accounts/automations/verify_account/database/mongodb/manifest.yml

@@ -1,11 +1,6 @@
 id: verify_account_mongodb
-name: "{{ 'MongoDB account verify' | trans }}"
+name: Verify account from MongoDB
 category: database
 type:
   - mongodb
 method: verify_account
-
-i18n:
-  MongoDB account verify:
-    zh: MongoDB 账号验证
-    ja: MongoDB アカウントの検証

apps/accounts/automations/verify_account/database/mysql/manifest.yml

@@ -1,12 +1,7 @@
 id: verify_account_mysql
-name: "{{ 'MySQL account verify' | trans }}"
+name: Verify account from MySQL
 category: database
 type:
   - mysql
   - mariadb
 method: verify_account
-
-i18n:
-  MySQL account verify:
-    zh: MySQL 账号验证
-    ja: MySQL アカウントの検証

apps/accounts/automations/verify_account/database/oracle/manifest.yml

@@ -1,11 +1,6 @@
 id: verify_account_oracle
-name: "{{ 'Oracle account verify' | trans }}"
+name: Verify account from Oracle
 category: database
 type:
   - oracle
 method: verify_account
-
-i18n:
-  Oracle account verify:
-    zh: Oracle 账号验证
-    ja: Oracle アカウントの検証

apps/accounts/automations/verify_account/database/postgresql/manifest.yml

@@ -1,11 +1,6 @@
 id: verify_account_postgresql
-name: "{{ 'PostgreSQL account verify' | trans }}"
+name: Verify account for PostgreSQL
 category: database
 type:
   - postgresql
 method: verify_account
-
-i18n:
-  PostgreSQL account verify:
-    zh: PostgreSQL 账号验证
-    ja: PostgreSQL アカウントの検証

apps/accounts/automations/verify_account/database/sqlserver/manifest.yml

@@ -1,11 +1,6 @@
 id: verify_account_sqlserver
-name: "{{ 'SQLServer account verify' | trans }}"
+name: Verify account from SQLServer
 category: database
 type:
   - sqlserver
 method: verify_account
-
-i18n:
-  SQLServer account verify:
-    zh: SQLServer 账号验证
-    ja: SQLServer アカウントの検証

apps/accounts/automations/verify_account/host/posix/manifest.yml

@@ -1,12 +1,7 @@
 id: verify_account_posix
-name: "{{ 'Posix account verify' | trans }}"
+name: Verify posix account
 category: host
 type:
   - linux
   - unix
 method: verify_account
-
-i18n:
-  Posix account verify:
-    zh: Posix 账号验证
-    ja: Posix アカウントの検証

apps/accounts/automations/verify_account/host/windows/main.yml

@@ -1,9 +1,6 @@
 - hosts: windows
   gather_facts: no
   tasks:
-    - name: Refresh connection
-      ansible.builtin.meta: reset_connection
-
     - name: Verify account
       ansible.windows.win_ping:
       vars:

apps/accounts/automations/verify_account/host/windows/manifest.yml

@@ -1,12 +1,7 @@
 id: verify_account_windows
-name: "{{ 'Windows account verify' | trans }}"
+name: Verify account windows
 version: 1
 method: verify_account
 category: host
 type:
   - windows
-
-i18n:
-    Windows account verify:
-        zh: Windows 账号验证
-        ja: Windows アカウントの検証

apps/accounts/const/account.py

@@ -18,10 +18,3 @@ class AliasAccount(TextChoices):
 class Source(TextChoices):
     LOCAL = 'local', _('Local')
     COLLECTED = 'collected', _('Collected')
-    TEMPLATE = 'template', _('Template')
-
-
-class AccountInvalidPolicy(TextChoices):
-    SKIP = 'skip', _('Skip')
-    UPDATE = 'update', _('Update')
-    ERROR = 'error', _('Failed')

apps/accounts/migrations/0010_gatheraccountsautomation_is_sync_account.py

@@ -1,22 +0,0 @@
-# Generated by Django 3.2.16 on 2023-03-23 08:39
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ('accounts', '0009_account_usernames_to_ids'),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name='gatheraccountsautomation',
-            name='is_sync_account',
-            field=models.BooleanField(blank=True, default=False, verbose_name='Is sync account'),
-        ),
-        migrations.AddField(
-            model_name='account',
-            name='source_id',
-            field=models.CharField(max_length=128, null=True, blank=True, verbose_name='Source ID'),
-        ),
-    ]

apps/accounts/models/account.py

@@ -53,7 +53,6 @@ class Account(AbsConnectivity, BaseAccount):
     version = models.IntegerField(default=0, verbose_name=_('Version'))
     history = AccountHistoricalRecords(included_fields=['id', 'secret', 'secret_type', 'version'])
     source = models.CharField(max_length=30, default=Source.LOCAL, verbose_name=_('Source'))
-    source_id = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Source ID'))
 
     class Meta:
         verbose_name = _('Account')

apps/accounts/models/automations/change_secret.py

@@ -28,6 +28,7 @@ class ChangeSecretMixin(models.Model):
         default=SSHKeyStrategy.add, verbose_name=_('SSH key change strategy')
     )
 
+    accounts: list[str]  # account usernames
     get_all_assets: callable  # get all assets
 
     class Meta:

apps/accounts/models/automations/gather_account.py

@@ -1,9 +1,7 @@
 from django.db import models
-from django.db.models import Q
 from django.utils.translation import ugettext_lazy as _
 
-from accounts.const import AutomationTypes, Source
-from accounts.models import Account
+from accounts.const import AutomationTypes
 from orgs.mixins.models import JMSOrgBaseModel
 from .base import AccountBaseAutomation
 
@@ -21,25 +19,6 @@ class GatheredAccount(JMSOrgBaseModel):
     def address(self):
         return self.asset.address
 
-    @staticmethod
-    def sync_accounts(gathered_accounts):
-        account_objs = []
-        for gathered_account in gathered_accounts:
-            asset_id = gathered_account.asset_id
-            username = gathered_account.username
-            accounts = Account.objects.filter(
-                Q(asset_id=asset_id, username=username) |
-                Q(asset_id=asset_id, name=username)
-            )
-            if accounts.exists():
-                continue
-            account = Account(
-                asset_id=asset_id, username=username,
-                name=username, source=Source.COLLECTED
-            )
-            account_objs.append(account)
-        Account.objects.bulk_create(account_objs)
-
     class Meta:
         verbose_name = _('Gather account automation')
         unique_together = [
@@ -52,17 +31,6 @@ class GatheredAccount(JMSOrgBaseModel):
 
 
 class GatherAccountsAutomation(AccountBaseAutomation):
-    is_sync_account = models.BooleanField(
-        default=False, blank=True, verbose_name=_("Is sync account")
-    )
-
-    def to_attr_json(self):
-        attr_json = super().to_attr_json()
-        attr_json.update({
-            'is_sync_account': self.is_sync_account,
-        })
-        return attr_json
-
     def save(self, *args, **kwargs):
         self.type = AutomationTypes.gather_accounts
         super().save(*args, **kwargs)

apps/accounts/models/automations/push_account.py

@@ -51,8 +51,7 @@ class PushAccountAutomation(ChangeSecretMixin, AccountBaseAutomation):
     def to_attr_json(self):
         attr_json = super().to_attr_json()
         attr_json.update({
-            'username': self.username,
-            'params': self.params,
+            'username': self.username
         })
         return attr_json
 

apps/accounts/serializers/account/account.py

@@ -1,179 +1,75 @@
-import uuid
-
-from django.db import IntegrityError
-from django.db.models import Q
 from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers
-from rest_framework.validators import UniqueTogetherValidator
 
-from accounts.const import SecretType, Source, AccountInvalidPolicy
+from accounts.const import SecretType, Source
 from accounts.models import Account, AccountTemplate
 from accounts.tasks import push_accounts_to_assets_task
 from assets.const import Category, AllTypes
 from assets.models import Asset
-from common.serializers import SecretReadableMixin
+from common.serializers import SecretReadableMixin, BulkModelSerializer
 from common.serializers.fields import ObjectRelatedField, LabeledChoiceField
-from common.utils import get_logger
-from .base import BaseAccountSerializer, AuthValidateMixin
-
-logger = get_logger(__name__)
+from .base import BaseAccountSerializer
 
 
-class AccountCreateUpdateSerializerMixin(serializers.Serializer):
-    template = serializers.PrimaryKeyRelatedField(
-        queryset=AccountTemplate.objects,
-        required=False, label=_("Template"), write_only=True
-    )
-    push_now = serializers.BooleanField(
-        default=False, label=_("Push now"), write_only=True
-    )
-    params = serializers.JSONField(
-        decoder=None, encoder=None, required=False, style={'base_template': 'textarea.html'}
-    )
-    on_invalid = LabeledChoiceField(
-        choices=AccountInvalidPolicy.choices, default=AccountInvalidPolicy.ERROR,
-        write_only=True, label=_('Exist policy')
-    )
-    _template = None
-
-    class Meta:
-        fields = ['template', 'push_now', 'params', 'on_invalid']
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.set_initial_value()
-
-    def set_initial_value(self):
-        if not getattr(self, 'initial_data', None):
-            return
-        if isinstance(self.initial_data, dict):
-            initial_data = [self.initial_data]
-        else:
-            initial_data = self.initial_data
-
-        for data in initial_data:
-            if not data.get('asset') and not self.instance:
-                raise serializers.ValidationError({'asset': UniqueTogetherValidator.missing_message})
-            asset = data.get('asset') or self.instance.asset
-            self.from_template_if_need(data)
-            self.set_uniq_name_if_need(data, asset)
+class AccountSerializerCreateValidateMixin:
+    from_id: str
+    template: bool
+    push_now: bool
+    replace_attrs: callable
 
     def to_internal_value(self, data):
-        self.from_template_if_need(data)
-        return super().to_internal_value(data)
+        from_id = data.pop('id', None)
+        ret = super().to_internal_value(data)
+        self.from_id = from_id
+        return ret
 
-    def set_uniq_name_if_need(self, initial_data, asset):
-        name = initial_data.get('name')
-        if name is not None:
-            return
-        if not name:
-            name = initial_data.get('username')
-        if self.instance and self.instance.name == name:
-            return
-        if Account.objects.filter(name=name, asset=asset).exists():
-            name = name + '_' + uuid.uuid4().hex[:4]
-        initial_data['name'] = name
+    def set_secret(self, attrs):
+        _id = self.from_id
+        template = attrs.pop('template', None)
 
-    def from_template_if_need(self, initial_data):
-        if isinstance(initial_data, str):
-            return
+        if _id and template:
+            account_template = AccountTemplate.objects.get(id=_id)
+            attrs['secret'] = account_template.secret
+        elif _id and not template:
+            account = Account.objects.get(id=_id)
+            attrs['secret'] = account.secret
+        return attrs
 
-        template_id = initial_data.pop('template', None)
-        if not template_id:
-            return
-
-        if isinstance(template_id, (str, uuid.UUID)):
-            template = AccountTemplate.objects.filter(id=template_id).first()
-        else:
-            template = template_id
-        if not template:
-            raise serializers.ValidationError({'template': 'Template not found'})
-
-        self._template = template
-        # Set initial data from template
-        ignore_fields = ['id', 'date_created', 'date_updated', 'org_id']
-        field_names = [
-            field.name for field in template._meta.fields
-            if field.name not in ignore_fields
-        ]
-        attrs = {}
-        for name in field_names:
-            value = getattr(template, name, None)
-            if value is None:
-                continue
-            attrs[name] = value
-        initial_data.update(attrs)
+    def validate(self, attrs):
+        attrs = super().validate(attrs)
+        return self.set_secret(attrs)
 
     @staticmethod
-    def push_account_if_need(instance, push_now, params, stat):
-        if not push_now or stat not in ['created', 'updated']:
+    def push_account(instance, push_now):
+        if not push_now:
             return
-        push_accounts_to_assets_task.delay([str(instance.id)], params)
-
-    def get_validators(self):
-        _validators = super().get_validators()
-        if getattr(self, 'initial_data', None) is None:
-            return _validators
-
-        on_invalid = self.initial_data.get('on_invalid')
-        if on_invalid == AccountInvalidPolicy.ERROR and not self.parent:
-            return _validators
-        _validators = [v for v in _validators if not isinstance(v, UniqueTogetherValidator)]
-        return _validators
-
-    @staticmethod
-    def do_create(vd):
-        on_invalid = vd.pop('on_invalid', None)
-
-        q = Q()
-        if vd.get('name'):
-            q |= Q(name=vd['name'])
-        if vd.get('username'):
-            q |= Q(username=vd['username'], secret_type=vd.get('secret_type'))
-
-        instance = Account.objects.filter(asset=vd['asset']).filter(q).first()
-        # 不存在这个资产，不用关系策略
-        if not instance:
-            instance = Account.objects.create(**vd)
-            return instance, 'created'
-
-        if on_invalid == AccountInvalidPolicy.SKIP:
-            return instance, 'skipped'
-        elif on_invalid == AccountInvalidPolicy.UPDATE:
-            for k, v in vd.items():
-                setattr(instance, k, v)
-            instance.save()
-            return instance, 'updated'
-        else:
-            raise serializers.ValidationError('Account already exists')
-
-    def generate_source_data(self, validated_data):
-        template = self._template
-        if template is None:
-            return
-        validated_data['source'] = Source.TEMPLATE
-        validated_data['source_id'] = str(template.id)
+        push_accounts_to_assets_task.delay([str(instance.id)])
 
     def create(self, validated_data):
         push_now = validated_data.pop('push_now', None)
-        params = validated_data.pop('params', None)
-        self.generate_source_data(validated_data)
-        instance, stat = self.do_create(validated_data)
-        self.push_account_if_need(instance, push_now, params, stat)
+        instance = super().create(validated_data)
+        self.push_account(instance, push_now)
         return instance
 
     def update(self, instance, validated_data):
         # account cannot be modified
         validated_data.pop('username', None)
-        validated_data.pop('on_invalid', None)
         push_now = validated_data.pop('push_now', None)
-        params = validated_data.pop('params', None)
-        validated_data['source_id'] = None
         instance = super().update(instance, validated_data)
-        self.push_account_if_need(instance, push_now, params, 'updated')
+        self.push_account(instance, push_now)
         return instance
 
 
+class AccountSerializerCreateMixin(AccountSerializerCreateValidateMixin, BulkModelSerializer):
+    template = serializers.BooleanField(
+        default=False, label=_("Template"), write_only=True
+    )
+    push_now = serializers.BooleanField(
+        default=False, label=_("Push now"), write_only=True
+    )
+    has_secret = serializers.BooleanField(label=_("Has secret"), read_only=True)
+
+
 class AccountAssetSerializer(serializers.ModelSerializer):
     platform = ObjectRelatedField(read_only=True)
     category = LabeledChoiceField(choices=Category.choices, read_only=True, label=_('Category'))
@@ -181,11 +77,11 @@ class AccountAssetSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Asset
-        fields = ['id', 'name', 'address', 'type', 'category', 'platform', 'auto_config']
+        fields = ['id', 'name', 'address', 'type', 'category', 'platform', 'auto_info']
 
     def to_internal_value(self, data):
         if isinstance(data, dict):
-            i = data.get('id') or data.get('pk')
+            i = data.get('id')
         else:
             i = data
 
@@ -195,10 +91,9 @@ class AccountAssetSerializer(serializers.ModelSerializer):
             raise serializers.ValidationError(_('Asset not found'))
 
 
-class AccountSerializer(AccountCreateUpdateSerializerMixin, BaseAccountSerializer):
+class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
     asset = AccountAssetSerializer(label=_('Asset'))
     source = LabeledChoiceField(choices=Source.choices, label=_("Source"), read_only=True)
-    has_secret = serializers.BooleanField(label=_("Has secret"), read_only=True)
     su_from = ObjectRelatedField(
         required=False, queryset=Account.objects, allow_null=True, allow_empty=True,
         label=_('Su from'), attrs=('id', 'name', 'username')
@@ -207,182 +102,27 @@ class AccountSerializer(AccountCreateUpdateSerializerMixin, BaseAccountSerialize
     class Meta(BaseAccountSerializer.Meta):
         model = Account
         fields = BaseAccountSerializer.Meta.fields + [
-            'su_from', 'asset', 'version',
-            'source', 'source_id', 'connectivity',
-        ] + AccountCreateUpdateSerializerMixin.Meta.fields
-        read_only_fields = BaseAccountSerializer.Meta.read_only_fields + [
-            'source', 'source_id', 'connectivity'
+            'su_from', 'asset', 'template', 'version',
+            'push_now', 'source', 'connectivity',
         ]
         extra_kwargs = {
             **BaseAccountSerializer.Meta.extra_kwargs,
-            'name': {'required': False},
+            'name': {'required': False, 'allow_null': True},
         }
 
+    def validate_name(self, value):
+        if not value:
+            value = self.initial_data.get('username')
+        return value
+
     @classmethod
     def setup_eager_loading(cls, queryset):
         """ Perform necessary eager loading of data. """
-        queryset = queryset.prefetch_related(
-            'asset', 'asset__platform',
-            'asset__platform__automation'
-        )
+        queryset = queryset \
+            .prefetch_related('asset', 'asset__platform', 'asset__platform__automation')
         return queryset
 
 
-class AssetAccountBulkSerializerResultSerializer(serializers.Serializer):
-    asset = serializers.CharField(read_only=True, label=_('Asset'))
-    state = serializers.CharField(read_only=True, label=_('State'))
-    error = serializers.CharField(read_only=True, label=_('Error'))
-    changed = serializers.BooleanField(read_only=True, label=_('Changed'))
-
-
-class AssetAccountBulkSerializer(
-    AccountCreateUpdateSerializerMixin, AuthValidateMixin, serializers.ModelSerializer
-):
-    assets = serializers.PrimaryKeyRelatedField(queryset=Asset.objects, many=True, label=_('Assets'))
-
-    class Meta:
-        model = Account
-        fields = [
-            'name', 'username', 'secret', 'secret_type',
-            'privileged', 'is_active', 'comment', 'template',
-            'on_invalid', 'push_now', 'assets',
-        ]
-        extra_kwargs = {
-            'name': {'required': False},
-            'secret_type': {'required': False},
-        }
-
-    def set_initial_value(self):
-        if not getattr(self, 'initial_data', None):
-            return
-        initial_data = self.initial_data
-        self.from_template_if_need(initial_data)
-
-    @staticmethod
-    def get_filter_lookup(vd):
-        return {
-            'username': vd['username'],
-            'secret_type': vd['secret_type'],
-            'asset': vd['asset'],
-        }
-
-    @staticmethod
-    def get_uniq_name(vd):
-        return vd['name'] + '-' + uuid.uuid4().hex[:4]
-
-    @staticmethod
-    def _handle_update_create(vd, lookup):
-        ori = Account.objects.filter(**lookup).first()
-        if ori and ori.secret == vd.get('secret'):
-            return ori, False, 'skipped'
-
-        instance, value = Account.objects.update_or_create(defaults=vd, **lookup)
-        state = 'created' if value else 'updated'
-        return instance, True, state
-
-    @staticmethod
-    def _handle_skip_create(vd, lookup):
-        instance, value = Account.objects.get_or_create(defaults=vd, **lookup)
-        state = 'created' if value else 'skipped'
-        return instance, value, state
-
-    @staticmethod
-    def _handle_err_create(vd, lookup):
-        instance, value = Account.objects.get_or_create(defaults=vd, **lookup)
-        if not value:
-            raise serializers.ValidationError(_('Account already exists'))
-        return instance, True, 'created'
-
-    def perform_create(self, vd, handler):
-        lookup = self.get_filter_lookup(vd)
-        try:
-            instance, changed, state = handler(vd, lookup)
-        except IntegrityError:
-            vd['name'] = self.get_uniq_name(vd)
-            instance, changed, state = handler(vd, lookup)
-        return instance, changed, state
-
-    def get_create_handler(self, on_invalid):
-        if on_invalid == 'update':
-            handler = self._handle_update_create
-        elif on_invalid == 'skip':
-            handler = self._handle_skip_create
-        else:
-            handler = self._handle_err_create
-        return handler
-
-    def perform_bulk_create(self, vd):
-        assets = vd.pop('assets')
-        on_invalid = vd.pop('on_invalid', 'skip')
-        secret_type = vd.get('secret_type', 'password')
-
-        if not vd.get('name'):
-            vd['name'] = vd.get('username')
-
-        create_handler = self.get_create_handler(on_invalid)
-        asset_ids = [asset.id for asset in assets]
-        secret_type_supports = Asset.get_secret_type_assets(asset_ids, secret_type)
-
-        _results = {}
-        for asset in assets:
-            if asset not in secret_type_supports:
-                _results[asset] = {
-                    'error': _('Asset does not support this secret type: %s') % secret_type,
-                    'state': 'error',
-                }
-                continue
-
-            vd = vd.copy()
-            vd['asset'] = asset
-            try:
-                instance, changed, state = self.perform_create(vd, create_handler)
-                _results[asset] = {
-                    'changed': changed, 'instance': instance.id, 'state': state
-                }
-            except serializers.ValidationError as e:
-                _results[asset] = {'error': e.detail[0], 'state': 'error'}
-            except Exception as e:
-                logger.exception(e)
-                _results[asset] = {'error': str(e), 'state': 'error'}
-
-        results = [{'asset': asset, **result} for asset, result in _results.items()]
-        state_score = {'created': 3, 'updated': 2, 'skipped': 1, 'error': 0}
-        results = sorted(results, key=lambda x: state_score.get(x['state'], 4))
-
-        if on_invalid != 'error':
-            return results
-
-        errors = []
-        errors.extend([result for result in results if result['state'] == 'error'])
-        for result in results:
-            if result['state'] != 'skipped':
-                continue
-            errors.append({
-                'error': _('Account has exist'),
-                'state': 'error',
-                'asset': str(result['asset'])
-            })
-        if errors:
-            raise serializers.ValidationError(errors)
-        return results
-
-    @staticmethod
-    def push_accounts_if_need(results, push_now):
-        if not push_now:
-            return
-        accounts = [str(v['instance']) for v in results if v.get('instance')]
-        push_accounts_to_assets_task.delay(accounts)
-
-    def create(self, validated_data):
-        push_now = validated_data.pop('push_now', False)
-        self.generate_source_data(validated_data)
-        results = self.perform_bulk_create(validated_data)
-        self.push_accounts_if_need(results, push_now)
-        for res in results:
-            res['asset'] = str(res['asset'])
-        return results
-
-
 class AccountSecretSerializer(SecretReadableMixin, AccountSerializer):
     class Meta(AccountSerializer.Meta):
         extra_kwargs = {
@@ -392,7 +132,6 @@ class AccountSecretSerializer(SecretReadableMixin, AccountSerializer):
 
 class AccountHistorySerializer(serializers.ModelSerializer):
     secret_type = LabeledChoiceField(choices=SecretType.choices, label=_('Secret type'))
-    id = serializers.IntegerField(label=_('ID'), source='history_id', read_only=True)
 
     class Meta:
         model = Account.history.model
@@ -418,7 +157,3 @@ class AccountTaskSerializer(serializers.Serializer):
         queryset=Account.objects, required=False, allow_empty=True, many=True
     )
     task = serializers.CharField(read_only=True)
-    params = serializers.JSONField(
-        decoder=None, encoder=None, required=False,
-        style={'base_template': 'textarea.html'}
-    )

apps/accounts/serializers/account/base.py

@@ -13,10 +13,10 @@ __all__ = ['AuthValidateMixin', 'BaseAccountSerializer']
 
 class AuthValidateMixin(serializers.Serializer):
     secret_type = LabeledChoiceField(
-        choices=SecretType.choices, label=_('Secret type'), default='password'
+        choices=SecretType.choices, required=True, label=_('Secret type')
     )
     secret = EncryptedField(
-        label=_('Secret'), required=False, max_length=40960, allow_blank=True,
+        label=_('Secret/Password'), required=False, max_length=40960, allow_blank=True,
         allow_null=True, write_only=True,
     )
     passphrase = serializers.CharField(
@@ -77,5 +77,6 @@ class BaseAccountSerializer(AuthValidateMixin, BulkOrgResourceModelSerializer):
             'date_verified', 'created_by', 'date_created',
         ]
         extra_kwargs = {
+            'name': {'required': True},
             'spec_info': {'label': _('Spec info')},
         }

apps/accounts/serializers/account/template.py

@@ -1,8 +1,4 @@
-from django.db.transaction import atomic
-from django.db.utils import IntegrityError
-
-from accounts.models import AccountTemplate, Account
-from assets.models import Asset
+from accounts.models import AccountTemplate
 from common.serializers import SecretReadableMixin
 from .base import BaseAccountSerializer
 
@@ -11,77 +7,17 @@ class AccountTemplateSerializer(BaseAccountSerializer):
     class Meta(BaseAccountSerializer.Meta):
         model = AccountTemplate
 
-    @staticmethod
-    def account_save(data, account):
-        for field, value in data.items():
-            setattr(account, field, value)
-        try:
-            account.save(update_fields=list(data.keys()))
-        except IntegrityError:
-            pass
-
-    # TODO 数据库访问的太多了 后期优化
-    @atomic()
-    def bulk_update_accounts(self, instance, diff):
-        accounts = Account.objects.filter(source_id=instance.id)
-        if not accounts:
-            return
-
-        diff.pop('secret', None)
-        name = diff.pop('name', None)
-        username = diff.pop('username', None)
-        secret_type = diff.pop('secret_type', None)
-        update_accounts = []
-        for account in accounts:
-            for field, value in diff.items():
-                setattr(account, field, value)
-                update_accounts.append(account)
-
-        if update_accounts:
-            Account.objects.bulk_update(update_accounts, diff.keys())
-
-        if name:
-            for account in accounts:
-                data = {'name': name}
-                self.account_save(data, account)
-
-        if secret_type and username:
-            asset_ids_supports = self.get_asset_ids_supports(accounts, secret_type)
-            for account in accounts:
-                asset_id = account.asset_id
-                if asset_id not in asset_ids_supports:
-                    data = {'username': username}
-                    self.account_save(data, account)
-                    continue
-                data = {'username': username, 'secret_type': secret_type, 'secret': instance.secret}
-                self.account_save(data, account)
-        elif secret_type:
-            asset_ids_supports = self.get_asset_ids_supports(accounts, secret_type)
-            for account in accounts:
-                asset_id = account.asset_id
-                if asset_id not in asset_ids_supports:
-                    continue
-                data = {'secret_type': secret_type, 'secret': instance.secret}
-                self.account_save(data, account)
-        elif username:
-            for account in accounts:
-                data = {'username': username}
-                self.account_save(data, account)
-
-    @staticmethod
-    def get_asset_ids_supports(accounts, secret_type):
-        asset_ids = accounts.values_list('asset_id', flat=True)
-        secret_type_supports = Asset.get_secret_type_assets(asset_ids, secret_type)
-        return [asset.id for asset in secret_type_supports]
-
-    def update(self, instance, validated_data):
-        # diff = {
-        #     k: v for k, v in validated_data.items()
-        #     if getattr(instance, k) != v
-        # }
-        instance = super().update(instance, validated_data)
-        # self.bulk_update_accounts(instance, diff)
-        return instance
+    # @classmethod
+    # def validate_required(cls, attrs):
+    #     # TODO 选择模版后检查一些必填项
+    #     required_field_dict = {}
+    #     error = _('This field is required.')
+    #     for k, v in cls().fields.items():
+    #         if v.required and k not in attrs:
+    #             required_field_dict[k] = error
+    #     if not required_field_dict:
+    #         return
+    #     raise serializers.ValidationError(required_field_dict)
 
 
 class AccountTemplateSecretSerializer(SecretReadableMixin, AccountTemplateSerializer):

apps/accounts/serializers/automations/change_secret.py

@@ -58,7 +58,6 @@ class ChangeSecretAutomationSerializer(AuthValidateMixin, BaseAutomationSerializ
                 "Currently only mail sending is supported"
             )},
         }}
-
     @property
     def model_type(self):
         return AutomationTypes.change_secret

apps/accounts/serializers/automations/gather_accounts.py

@@ -17,8 +17,7 @@ class GatherAccountAutomationSerializer(BaseAutomationSerializer):
     class Meta:
         model = GatherAccountsAutomation
         read_only_fields = BaseAutomationSerializer.Meta.read_only_fields
-        fields = BaseAutomationSerializer.Meta.fields \
-                 + ['is_sync_account'] + read_only_fields
+        fields = BaseAutomationSerializer.Meta.fields + read_only_fields
 
         extra_kwargs = BaseAutomationSerializer.Meta.extra_kwargs
 

apps/accounts/serializers/automations/push_account.py

@@ -7,10 +7,9 @@ from .change_secret import (
 
 
 class PushAccountAutomationSerializer(ChangeSecretAutomationSerializer):
-
     class Meta(ChangeSecretAutomationSerializer.Meta):
         model = PushAccountAutomation
-        fields = ['params'] + [
+        fields = [
             n for n in ChangeSecretAutomationSerializer.Meta.fields
             if n not in ['recipients']
         ]

apps/accounts/signal_handlers.py

@@ -8,8 +8,8 @@ logger = get_logger(__name__)
 
 
 @receiver(pre_save, sender=Account)
-def on_account_pre_save(sender, instance, **kwargs):
-    if instance.version == 0:
+def on_account_pre_save(sender, instance, created=False, **kwargs):
+    if created:
         instance.version = 1
     else:
         instance.version = instance.history.count()

apps/accounts/tasks/push_account.py

@@ -15,7 +15,7 @@ __all__ = [
     queue="ansible", verbose_name=_('Push accounts to assets'),
     activity_callback=lambda self, account_ids, *args, **kwargs: (account_ids, None)
 )
-def push_accounts_to_assets_task(account_ids, params=None):
+def push_accounts_to_assets_task(account_ids):
     from accounts.models import PushAccountAutomation
     from accounts.models import Account
 
@@ -26,7 +26,6 @@ def push_accounts_to_assets_task(account_ids, params=None):
     task_snapshot = {
         'accounts': [str(account.id) for account in accounts],
         'assets': [str(account.asset_id) for account in accounts],
-        'params': params or {},
     }
 
     tp = AutomationTypes.push_account

apps/accounts/urls.py

@@ -25,7 +25,6 @@ router.register(r'push-account-executions', api.PushAccountExecutionViewSet, 'pu
 router.register(r'push-account-records', api.PushAccountRecordViewSet, 'push-account-record')
 
 urlpatterns = [
-    path('accounts/bulk/', api.AssetAccountBulkCreateApi.as_view(), name='account-bulk-create'),
     path('accounts/tasks/', api.AccountsTaskCreateAPI.as_view(), name='account-task-create'),
     path('account-secrets/<uuid:pk>/histories/', api.AccountHistoriesSecretAPI.as_view(),
          name='account-secret-history'),

apps/acls/models/base.py

@@ -1,7 +1,7 @@
 from django.core.validators import MinValueValidator, MaxValueValidator
 from django.db import models
 from django.db.models import Q
-from django.utils.translation import gettext_lazy as _
+from django.utils.translation import ugettext_lazy as _
 
 from common.db.models import JMSBaseModel
 from common.utils import contains_ip

apps/acls/serializers/base.py

@@ -3,12 +3,11 @@ from rest_framework import serializers
 
 from acls.models.base import ActionChoices
 from common.serializers.fields import LabeledChoiceField, ObjectRelatedField
-from jumpserver.utils import has_valid_xpack_license
 from orgs.models import Organization
 from users.models import User
 
 common_help_text = _(
-    "With * indicating a match all. "
+    "Format for comma-delimited string, with * indicating a match all. "
 )
 
 
@@ -23,7 +22,7 @@ class ACLUsersSerializer(serializers.Serializer):
 
 class ACLAssestsSerializer(serializers.Serializer):
     address_group_help_text = _(
-        "With * indicating a match all. "
+        "Format for comma-delimited string, with * indicating a match all. "
         "Such as: "
         "192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, 2001:db8:2de::e13, 2001:db8:1a:1110::/64"
         " (Domain name support)"
@@ -52,26 +51,7 @@ class ACLAccountsSerializer(serializers.Serializer):
     )
 
 
-class ActionAclSerializer(serializers.Serializer):
-    action = LabeledChoiceField(
-        choices=ActionChoices.choices, default=ActionChoices.reject, label=_("Action")
-    )
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self.set_action_choices()
-
-    def set_action_choices(self):
-        action = self.fields.get("action")
-        if not action:
-            return
-        choices = action.choices
-        if not has_valid_xpack_license():
-            choices.pop(ActionChoices.review, None)
-        action._choices = choices
-
-
-class BaseUserAssetAccountACLSerializerMixin(ActionAclSerializer, serializers.Serializer):
+class BaseUserAssetAccountACLSerializerMixin(serializers.Serializer):
     users = ACLUsersSerializer(label=_('User'))
     assets = ACLAssestsSerializer(label=_('Asset'))
     accounts = ACLAccountsSerializer(label=_('Account'))
@@ -97,6 +77,9 @@ class BaseUserAssetAccountACLSerializerMixin(ActionAclSerializer, serializers.Se
     reviewers_amount = serializers.IntegerField(
         read_only=True, source="reviewers.count", label=_('Reviewers amount')
     )
+    action = LabeledChoiceField(
+        choices=ActionChoices.choices, default=ActionChoices.reject, label=_("Action")
+    )
 
     class Meta:
         fields_mini = ["id", "name"]

apps/acls/serializers/login_acl.py

@@ -1,10 +1,10 @@
 from django.utils.translation import ugettext as _
 from rest_framework import serializers
 
+from common.serializers.fields import ObjectRelatedField, LabeledChoiceField
 from common.serializers import BulkModelSerializer, MethodSerializer
-from common.serializers.fields import ObjectRelatedField
+from jumpserver.utils import has_valid_xpack_license
 from users.models import User
-from .base import ActionAclSerializer
 from .rules import RuleSerializer
 from ..models import LoginACL
 
@@ -13,15 +13,16 @@ __all__ = [
 ]
 
 common_help_text = _(
-    "With * indicating a match all. "
+    "Format for comma-delimited string, with * indicating a match all. "
 )
 
 
-class LoginACLSerializer(ActionAclSerializer, BulkModelSerializer):
+class LoginACLSerializer(BulkModelSerializer):
     user = ObjectRelatedField(queryset=User.objects, label=_("User"))
     reviewers = ObjectRelatedField(
         queryset=User.objects, label=_("Reviewers"), many=True, required=False
     )
+    action = LabeledChoiceField(choices=LoginACL.ActionChoices.choices, label=_('Action'))
     reviewers_amount = serializers.IntegerField(
         read_only=True, source="reviewers.count", label=_("Reviewers amount")
     )
@@ -43,5 +44,18 @@ class LoginACLSerializer(ActionAclSerializer, BulkModelSerializer):
             "is_active": {"default": True},
         }
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.set_action_choices()
+
+    def set_action_choices(self):
+        action = self.fields.get("action")
+        if not action:
+            return
+        choices = action.choices
+        if not has_valid_xpack_license():
+            choices.pop(LoginACL.ActionChoices.review, None)
+        action.choices = choices
+
     def get_rules_serializer(self):
         return RuleSerializer()

apps/acls/serializers/rules/rules.py

@@ -22,7 +22,7 @@ def ip_group_child_validator(ip_group_child):
 
 
 ip_group_help_text = _(
-    'With * indicating a match all. '
+    'Format for comma-delimited string, with * indicating a match all. '
     'Such as: '
     '192.168.10.1, 192.168.1.0/24, 10.1.1.1-10.1.1.20, 2001:db8:2de::e13, 2001:db8:1a:1110::/64 '
 )

apps/assets/api/asset/__init__.py

@@ -1,8 +1,7 @@
 from .asset import *
-from .cloud import *
-from .custom import *
-from .database import *
-from .device import *
 from .host import *
-from .permission import *
+from .database import *
 from .web import *
+from .cloud import *
+from .device import *
+from .permission import *

apps/assets/api/asset/asset.py

@@ -2,17 +2,15 @@
 #
 import django_filters
 from django.db.models import Q
-from django.shortcuts import get_object_or_404
 from django.utils.translation import gettext as _
 from rest_framework.decorators import action
 from rest_framework.response import Response
-from rest_framework.status import HTTP_200_OK
 
 from accounts.tasks import push_accounts_to_assets_task, verify_accounts_connectivity_task
 from assets import serializers
 from assets.exceptions import NotSupportedTemporarilyError
 from assets.filters import IpInFilterBackend, LabelFilterBackend, NodeFilterBackend
-from assets.models import Asset, Gateway, Platform
+from assets.models import Asset, Gateway
 from assets.tasks import test_assets_connectivity_manual, update_assets_hardware_info_manual
 from common.api import SuggestionMixin
 from common.drf.filters import BaseFilterSet
@@ -20,7 +18,6 @@ from common.utils import get_logger, is_uuid
 from orgs.mixins import generics
 from orgs.mixins.api import OrgBulkModelViewSet
 from ..mixin import NodeFilterMixin
-from ...notifications import BulkUpdatePlatformSkipAssetUserMsg
 
 logger = get_logger(__file__)
 __all__ = [
@@ -96,19 +93,20 @@ class AssetViewSet(SuggestionMixin, NodeFilterMixin, OrgBulkModelViewSet):
     model = Asset
     filterset_class = AssetFilterSet
     search_fields = ("name", "address")
-    ordering_fields = ('name', 'connectivity', 'platform', 'date_updated')
+    ordering = ("name", "connectivity")
     serializer_classes = (
         ("default", serializers.AssetSerializer),
         ("platform", serializers.PlatformSerializer),
         ("suggestion", serializers.MiniAssetSerializer),
         ("gateways", serializers.GatewaySerializer),
+        ("spec_info", serializers.SpecSerializer),
     )
     rbac_perms = (
         ("match", "assets.match_asset"),
         ("platform", "assets.view_platform"),
         ("gateways", "assets.view_gateway"),
         ("spec_info", "assets.view_asset"),
-        ("gathered_info", "assets.view_asset"),
+        ("info", "assets.view_asset"),
     )
     extra_filter_backends = [LabelFilterBackend, IpInFilterBackend, NodeFilterBackend]
 
@@ -126,6 +124,11 @@ class AssetViewSet(SuggestionMixin, NodeFilterMixin, OrgBulkModelViewSet):
         serializer = super().get_serializer(instance=asset.platform)
         return Response(serializer.data)
 
+    @action(methods=["GET"], detail=True, url_path="spec-info")
+    def spec_info(self, *args, **kwargs):
+        asset = super().get_object()
+        return Response(asset.spec_info)
+
     @action(methods=["GET"], detail=True, url_path="gateways")
     def gateways(self, *args, **kwargs):
         asset = self.get_object()
@@ -141,32 +144,6 @@ class AssetViewSet(SuggestionMixin, NodeFilterMixin, OrgBulkModelViewSet):
             return Response({'error': error}, status=400)
         return super().create(request, *args, **kwargs)
 
-    def filter_bulk_update_data(self):
-        bulk_data = []
-        skip_assets = []
-        for data in self.request.data:
-            pk = data.get('id')
-            platform = data.get('platform')
-            if not platform:
-                bulk_data.append(data)
-                continue
-            asset = get_object_or_404(Asset, pk=pk)
-            platform = get_object_or_404(Platform, **platform)
-            if platform.type == asset.type:
-                bulk_data.append(data)
-                continue
-            skip_assets.append(asset)
-        return bulk_data, skip_assets
-
-    def bulk_update(self, request, *args, **kwargs):
-        bulk_data, skip_assets = self.filter_bulk_update_data()
-        request._full_data = bulk_data
-        response = super().bulk_update(request, *args, **kwargs)
-        if response.status_code == HTTP_200_OK and skip_assets:
-            user = request.user
-            BulkUpdatePlatformSkipAssetUserMsg(user, skip_assets).publish()
-        return response
-
 
 class AssetsTaskMixin:
     def perform_assets_task(self, serializer):
@@ -177,8 +154,8 @@ class AssetsTaskMixin:
             task = update_assets_hardware_info_manual(assets)
         else:
             asset = assets[0]
-            if not asset.auto_config['ansible_enabled'] or \
-                    not asset.auto_config['ping_enabled']:
+            if not asset.auto_info['ansible_enabled'] or \
+                not asset.auto_info['ping_enabled']:
                 raise NotSupportedTemporarilyError()
             task = test_assets_connectivity_manual(assets)
         return task

apps/assets/api/asset/custom.py

@@ -1,16 +0,0 @@
-from assets.models import Custom, Asset
-from assets.serializers import CustomSerializer
-
-from .asset import AssetViewSet
-
-__all__ = ['CustomViewSet']
-
-
-class CustomViewSet(AssetViewSet):
-    model = Custom
-    perm_model = Asset
-
-    def get_serializer_classes(self):
-        serializer_classes = super().get_serializer_classes()
-        serializer_classes['default'] = CustomSerializer
-        return serializer_classes

apps/assets/api/asset/host.py

@@ -1,5 +1,8 @@
+from rest_framework.decorators import action
+from rest_framework.response import Response
+
 from assets.models import Host, Asset
-from assets.serializers import HostSerializer
+from assets.serializers import HostSerializer, HostInfoSerializer
 from .asset import AssetViewSet
 
 __all__ = ['HostViewSet']
@@ -12,4 +15,16 @@ class HostViewSet(AssetViewSet):
     def get_serializer_classes(self):
         serializer_classes = super().get_serializer_classes()
         serializer_classes['default'] = HostSerializer
+        serializer_classes['info'] = HostInfoSerializer
         return serializer_classes
+
+    @action(methods=["GET"], detail=True, url_path="info")
+    def info(self, *args, **kwargs):
+        asset = super().get_object()
+        serializer = self.get_serializer(asset.info)
+        data = serializer.data
+        data['asset'] = {
+            'id': asset.id, 'name': asset.name,
+            'address': asset.address
+        }
+        return Response(data)

apps/assets/api/category.py

@@ -3,7 +3,6 @@ from rest_framework.decorators import action
 from rest_framework.response import Response
 
 from common.api import JMSGenericViewSet
-from common.permissions import IsValidUser
 from assets.serializers import CategorySerializer, TypeSerializer
 from assets.const import AllTypes
 
@@ -15,7 +14,7 @@ class CategoryViewSet(ListModelMixin, JMSGenericViewSet):
         'default': CategorySerializer,
         'types': TypeSerializer
     }
-    permission_classes = (IsValidUser,)
+    permission_classes = ()
 
     def get_queryset(self):
         return AllTypes.categories()

apps/assets/api/mixin.py

@@ -8,15 +8,6 @@ from common.utils import lazyproperty, timeit
 
 
 class SerializeToTreeNodeMixin:
-    request: Request
-
-    @lazyproperty
-    def is_sync(self):
-        sync_paths = ['/api/v1/perms/users/self/nodes/all-with-assets/tree/']
-        for p in sync_paths:
-            if p == self.request.path:
-                return True
-        return False
 
     @timeit
     def serialize_nodes(self, nodes: List[Node], with_asset_amount=False):
@@ -26,16 +17,6 @@ class SerializeToTreeNodeMixin:
         else:
             def _name(node: Node):
                 return node.value
-
-        def _open(node):
-            if not self.is_sync:
-                # 异步加载资产树时，默认展开节点
-                return True
-            if not node.parent_key:
-                return True
-            else:
-                return False
-
         data = [
             {
                 'id': node.key,
@@ -43,7 +24,7 @@ class SerializeToTreeNodeMixin:
                 'title': _name(node),
                 'pId': node.parent_key,
                 'isParent': True,
-                'open': _open(node),
+                'open': True,
                 'meta': {
                     'data': {
                         "id": node.id,
@@ -57,23 +38,11 @@ class SerializeToTreeNodeMixin:
         ]
         return data
 
-    @lazyproperty
-    def support_types(self):
-        from assets.const import AllTypes
-        return AllTypes.get_types_values(exclude_custom=True)
-
-    def get_icon(self, asset):
-        if asset.type in self.support_types:
-            return asset.type
-        else:
-            return 'file'
-
     @timeit
     def serialize_assets(self, assets, node_key=None):
         sftp_enabled_platform = PlatformProtocol.objects \
             .filter(name='ssh', setting__sftp_enabled=True) \
-            .values_list('platform', flat=True) \
-            .distinct()
+            .values_list('platform', flat=True).distinct()
         if node_key is None:
             get_pid = lambda asset: getattr(asset, 'parent_key', '')
         else:
@@ -83,11 +52,11 @@ class SerializeToTreeNodeMixin:
             {
                 'id': str(asset.id),
                 'name': asset.name,
-                'title': f'{asset.address}\n{asset.comment}',
+                'title': asset.address,
                 'pId': get_pid(asset),
                 'isParent': False,
                 'open': False,
-                'iconSkin': self.get_icon(asset),
+                'iconSkin': asset.type,
                 'chkDisabled': not asset.is_active,
                 'meta': {
                     'type': 'asset',
@@ -95,8 +64,6 @@ class SerializeToTreeNodeMixin:
                         'platform_type': asset.platform.type,
                         'org_name': asset.org_name,
                         'sftp': asset.platform_id in sftp_enabled_platform,
-                        'name': asset.name,
-                        'address': asset.address
                     },
                 }
             }

apps/assets/api/platform.py

@@ -1,16 +1,10 @@
-from rest_framework import generics
-from rest_framework import serializers
-from rest_framework.decorators import action
-from rest_framework.response import Response
-
 from assets.const import AllTypes
-from assets.models import Platform, Node, Asset
+from assets.models import Platform
 from assets.serializers import PlatformSerializer
 from common.api import JMSModelViewSet
-from common.permissions import IsValidUser
 from common.serializers import GroupedChoiceSerializer
 
-__all__ = ['AssetPlatformViewSet', 'PlatformAutomationMethodsApi']
+__all__ = ['AssetPlatformViewSet']
 
 
 class AssetPlatformViewSet(JMSModelViewSet):
@@ -24,13 +18,12 @@ class AssetPlatformViewSet(JMSModelViewSet):
     rbac_perms = {
         'categories': 'assets.view_platform',
         'type_constraints': 'assets.view_platform',
-        'ops_methods': 'assets.view_platform',
-        'filter_nodes_assets': 'assets.view_platform'
+        'ops_methods': 'assets.view_platform'
     }
 
     def get_queryset(self):
         queryset = super().get_queryset()
-        queryset = queryset.filter(type__in=AllTypes.get_types_values())
+        queryset = queryset.filter(type__in=AllTypes.get_types())
         return queryset
 
     def get_object(self):
@@ -45,44 +38,3 @@ class AssetPlatformViewSet(JMSModelViewSet):
                 request, message={"detail": "Internal platform"}
             )
         return super().check_object_permissions(request, obj)
-
-    @action(methods=['post'], detail=False, url_path='filter-nodes-assets')
-    def filter_nodes_assets(self, request, *args, **kwargs):
-        node_ids = request.data.get('node_ids', [])
-        asset_ids = request.data.get('asset_ids', [])
-        nodes = Node.objects.filter(id__in=node_ids)
-        node_asset_ids = Node.get_nodes_all_assets(*nodes).values_list('id', flat=True)
-        direct_asset_ids = Asset.objects.filter(id__in=asset_ids).values_list('id', flat=True)
-        platform_ids = Asset.objects.filter(
-            id__in=set(list(direct_asset_ids) + list(node_asset_ids))
-        ).values_list('platform_id', flat=True)
-        platforms = Platform.objects.filter(id__in=platform_ids)
-        serializer = self.get_serializer(platforms, many=True)
-        return Response(serializer.data)
-
-
-class PlatformAutomationMethodsApi(generics.ListAPIView):
-    permission_classes = (IsValidUser,)
-
-    @staticmethod
-    def automation_methods():
-        return AllTypes.get_automation_methods()
-
-    def generate_serializer_fields(self):
-        data = self.automation_methods()
-        fields = {
-            i['id']: i['params_serializer'](label=i['name'])
-            if i['params_serializer'] else None
-            for i in data
-        }
-        return fields
-
-    def get_serializer_class(self):
-        fields = self.generate_serializer_fields()
-        serializer_name = 'AutomationMethodsSerializer'
-        return type(serializer_name, (serializers.Serializer,), fields)
-
-    def list(self, request, *args, **kwargs):
-        data = self.generate_serializer_fields()
-        serializer = self.get_serializer(data)
-        return Response(serializer.data)

apps/assets/api/tree.py

@@ -163,10 +163,8 @@ class CategoryTreeApi(SerializeToTreeNodeMixin, generics.ListAPIView):
         # 资源数量统计可选项 (asset, account)
         count_resource = self.request.query_params.get('count_resource', 'asset')
 
-        if not self.request.query_params.get('key'):
-            nodes = AllTypes.to_tree_nodes(include_asset, count_resource=count_resource)
-        elif include_asset:
+        if include_asset and self.request.query_params.get('key'):
             nodes = self.get_assets()
         else:
-            nodes = []
+            nodes = AllTypes.to_tree_nodes(include_asset, count_resource=count_resource)
         return Response(data=nodes)

apps/assets/automations/base/manager.py

@@ -41,28 +41,6 @@ class BasePlaybookManager:
         self.method_hosts_mapper = defaultdict(list)
         self.playbooks = []
         self.gateway_servers = dict()
-        params = self.execution.snapshot.get('params')
-        self.params = params or {}
-
-    def get_params(self, automation, method_type):
-        method_attr = '{}_method'.format(method_type)
-        method_params = '{}_params'.format(method_type)
-        method_id = getattr(automation, method_attr)
-        automation_params = getattr(automation, method_params)
-        serializer = self.method_id_meta_mapper[method_id]['params_serializer']
-
-        if serializer is None:
-            return {}
-
-        data = self.params.get(method_id)
-        if not data:
-            data = automation_params.get(method_id, {})
-        params = serializer(data).data
-        return {
-            field_name: automation_params.get(field_name, '')
-            if not params[field_name] else params[field_name]
-            for field_name in params
-        }
 
     @property
     def platform_automation_methods(self):
@@ -123,9 +101,8 @@ class BasePlaybookManager:
         return host
 
     def host_callback(self, host, automation=None, **kwargs):
-        method_type = self.__class__.method_type()
-        enabled_attr = '{}_enabled'.format(method_type)
-        method_attr = '{}_method'.format(method_type)
+        enabled_attr = '{}_enabled'.format(self.__class__.method_type())
+        method_attr = '{}_method'.format(self.__class__.method_type())
 
         method_enabled = automation and \
                          getattr(automation, enabled_attr) and \
@@ -137,7 +114,6 @@ class BasePlaybookManager:
             return host
 
         host = self.convert_cert_to_file(host, kwargs.get('path_dir'))
-        host['params'] = self.get_params(automation, method_type)
         return host
 
     @staticmethod
@@ -263,12 +239,10 @@ class BasePlaybookManager:
             jms_asset, jms_gateway = host['jms_asset'], host.get('gateway')
             if not jms_gateway:
                 continue
-
             server = SSHTunnelForwarder(
                 (jms_gateway['address'], jms_gateway['port']),
                 ssh_username=jms_gateway['username'],
                 ssh_password=jms_gateway['secret'],
-                ssh_pkey=jms_gateway['private_key_path'],
                 remote_bind_address=(jms_asset['address'], jms_asset['port'])
             )
             try:
@@ -278,8 +252,8 @@ class BasePlaybookManager:
                 print('\033[31m %s \033[0m\n' % err_msg)
                 not_valid.append(k)
             else:
-                host['ansible_host'] = jms_asset['address'] = '127.0.0.1'
-                host['ansible_port'] = jms_asset['port'] = server.local_bind_port
+                jms_asset['address'] = '127.0.0.1'
+                jms_asset['port'] = server.local_bind_port
                 servers.append(server)
 
         # 网域不可连接的，就不继续执行此资源的后续任务了

apps/assets/automations/gather_facts/database/mongodb/manifest.yml

@@ -1,11 +1,6 @@
 id: gather_facts_mongodb
-name: "{{ 'Gather facts from MongoDB' | trans }}"
+name: Gather facts from MongoDB
 category: database
 type:
   - mongodb
 method: gather_facts
-i18n:
-  Gather facts from MongoDB:
-    zh: 从 MongoDB 获取信息
-    en: Gather facts from MongoDB
-    ja: MongoDBから事実を取得する

apps/assets/automations/gather_facts/database/mysql/manifest.yml

@@ -1,12 +1,7 @@
 id: gather_facts_mysql
-name: "{{ 'Gather facts from MySQL' | trans }}"
+name: Gather facts from MySQL
 category: database
 type:
   - mysql
   - mariadb
 method: gather_facts
-i18n:
-  Gather facts from MySQL:
-    zh: 从 MySQL 获取信息
-    en: Gather facts from MySQL
-    ja: MySQLから事実を取得する

apps/assets/automations/gather_facts/database/oracle/manifest.yml

@@ -1,11 +1,6 @@
 id: gather_facts_oracle
-name: "{{ 'Gather facts from Oracle' | trans }}"
+name: Gather facts from Oracle
 category: database
 type:
   - oracle
 method: gather_facts
-i18n:
-  Gather facts from Oracle:
-    zh: 从 Oracle 获取信息
-    en: Gather facts from Oracle
-    ja: Oracleから事実を取得する

apps/assets/automations/gather_facts/database/postgresql/manifest.yml

@@ -1,11 +1,6 @@
 id: gather_facts_postgresql
-name: "{{ 'Gather facts for PostgreSQL' | trans }}"
+name: Gather facts for PostgreSQL
 category: database
 type:
   - postgresql
 method: gather_facts
-i18n:
-  Gather facts for PostgreSQL:
-    zh: 从 PostgreSQL 获取信息
-    en: Gather facts for PostgreSQL
-    ja: PostgreSQLから事実を取得する

apps/assets/automations/gather_facts/host/posix/manifest.yml

@@ -1,12 +1,7 @@
 id: gather_facts_posix
-name: "{{ 'Gather posix facts' | trans }}"
+name: Gather posix facts
 category: host
 type:
   - linux
   - unix
 method: gather_facts
-i18n:
-  Gather posix facts:
-    zh: 从 Posix 主机获取信息
-    en: Gather posix facts
-    ja: Posixから事実を取得する

apps/assets/automations/gather_facts/host/windows/manifest.yml

@@ -1,12 +1,7 @@
 id: gather_facts_windows
-name: "{{ 'Gather facts windows' | trans }}"
+name: Gather facts windows
 version: 1
 method: gather_facts
 category: host
 type:
   - windows
-i18n:
-  Gather facts windows:
-    zh: 从 Windows 获取信息
-    en: Gather facts windows
-    ja: Windowsから事実を取得する

apps/assets/automations/gather_facts/manager.py

@@ -29,7 +29,7 @@ class GatherFactsManager(BasePlaybookManager):
         asset = self.host_asset_mapper.get(host)
         if asset and info:
             info = self.format_asset_info(asset.type, info)
-            asset.gathered_info = info
-            asset.save(update_fields=['gathered_info'])
+            asset.info = info
+            asset.save(update_fields=['info'])
         else:
             logger.error("Not found info: {}".format(host))

apps/assets/automations/methods.py

@@ -1,9 +1,8 @@
-import json
 import os
+import yaml
+import json
 from functools import partial
 
-from common.utils.yml import yaml_load_with_i18n
-
 
 def check_platform_method(manifest, manifest_path):
     required_keys = ['category', 'method', 'name', 'id', 'type']
@@ -22,15 +21,6 @@ def check_platform_methods(methods):
             raise ValueError("Duplicate id: {}".format(_id))
 
 
-def generate_serializer(data):
-    from common.serializers import create_serializer_class
-    params = data.pop('params', None)
-    if not params:
-        return None
-    serializer_name = data['id'].title().replace('_', '') + 'Serializer'
-    return create_serializer_class(serializer_name, params)
-
-
 def get_platform_automation_methods(path):
     methods = []
     for root, dirs, files in os.walk(path, topdown=False):
@@ -40,10 +30,9 @@ def get_platform_automation_methods(path):
                 continue
 
             with open(path, 'r') as f:
-                manifest = yaml_load_with_i18n(f)
+                manifest = yaml.safe_load(f)
                 check_platform_method(manifest, path)
                 manifest['dir'] = os.path.dirname(path)
-                manifest['params_serializer'] = generate_serializer(manifest)
             methods.append(manifest)
 
     check_platform_methods(methods)
@@ -57,12 +46,12 @@ def filter_key(manifest, attr, value):
     return value in manifest_value or 'all' in manifest_value
 
 
-def filter_platform_methods(category, tp_name, method=None, methods=None):
+def filter_platform_methods(category, tp, method=None, methods=None):
     methods = platform_automation_methods if methods is None else methods
     if category:
         methods = filter(partial(filter_key, attr='category', value=category), methods)
-    if tp_name:
-        methods = filter(partial(filter_key, attr='type', value=tp_name), methods)
+    if tp:
+        methods = filter(partial(filter_key, attr='type', value=tp), methods)
     if method:
         methods = filter(lambda x: x['method'] == method, methods)
     return methods

apps/assets/automations/ping/custom/main.yml

@@ -1,14 +0,0 @@
-- hosts: custom
-  gather_facts: no
-  vars:
-    ansible_connection: local
-
-  tasks:
-    - name: Test asset connection
-      ssh_ping:
-        login_user: "{{ jms_account.username }}"
-        login_password: "{{ jms_account.secret }}"
-        login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.port }}"
-        login_secret_type: "{{ jms_account.secret_type }}"
-        login_private_key_path: "{{ jms_account.private_key_path }}"

apps/assets/automations/ping/custom/manifest.yml

@@ -1,8 +0,0 @@
-id: ping_by_ssh
-name: Ping by SSH
-category:
-  - device
-  - host
-type:
-  - all
-method: ping

apps/assets/automations/ping/database/mongodb/manifest.yml

@@ -1,11 +1,6 @@
 id: mongodb_ping
-name: "{{ 'Ping MongoDB' | trans }}"
+name: Ping MongoDB
 category: database
 type:
   - mongodb
 method: ping
-i18n:
-  Ping MongoDB:
-    zh: 测试 MongoDB 可连接性
-    en: Ping MongoDB
-    ja: MongoDBにPingする

apps/assets/automations/ping/database/mysql/manifest.yml

@@ -1,12 +1,7 @@
 id: mysql_ping
-name: "{{ 'Ping MySQL' | trans }}"
+name: Ping MySQL
 category: database
 type:
   - mysql
   - mariadb
 method: ping
-i18n:
-  Ping MySQL:
-    zh: 测试 MySQL 可连接性
-    en: Ping MySQL
-    ja: MySQLにPingする